Computer Networks Problem Solving - Assignment Example

PROBLEM SOLVING REPORT 3 Student’s Name Class Instructor Institution of Affiliation City Date Q1 (a) Advantages of UDP One advantage of User Data Packet (UDP) is that it allows applications to establish their own control. Since it does nothing else but sent packets between applications, it allows for the big data application to control the data flow. The control mechanism of how the application receives, and sends data is left to the customized designed. More methodologies can be defined by the application on how the flow and control of be data is designed to be, adding on top of the existing UDP protocol, the customized application protocols. The open platform offered by the UDP protocol can accommodate as many protocols as the application can have. Another advantage of UDP is in the structural design of its operation. With Remote procedure call approach, the UDP protocol is apt for big data application in that it offers a client – server kind of approach by which the volumes of data in a server can be accessed and broken down at client side into fitting the analysis of the big data. With encapsulation that is also tied to the User Datagram Protocol, the data being analyzed is secure and the functional approach of RPC goes a long way to ensure that. Disadvantages of UDP Nevertheless, there are demerits that are tied to this protocol when working with a big data application. First is the problem of time. Since with RPC processes get suspended in trying to fetch results from an application remotely located, it causes a delay in execution of other sequential data procedures that might be of necessity hence slowing down the big data application with idle processing time. Secondly, with absence of error correction mechanism exhibited by UDP protocol, the application would suffer from big error margins in extraction of data in case of errors in the transmission signal. Advantages of ATP Different from using the UDP, there is the connection oriented TCP protocol. The first advantage in using TCP to a big data application is the aspect of speed. Since TCP handles control of flow of data alongside error correction, the big data application wouldn’t have to initiate correction processes and thus would be lightweight with efficient algorithm and few processes running to do the extra tasks that are otherwise handled by TCP. In addition, the TCP exhibits reliable, sequence delivery of packets which would be ideal to better access method to the big data by indexing the search criteria of data that need analysis. Thus boosting efficiency and hence speed of handling the processes. Disadvantages. The setbacks for TCP however do exist in application to big data in that whereas many sockets access the same port and hence more than one may terminate at the same port, part of the data or processes may cause data loss and hence more complex design of application need to be incorporated to resolve such conflict. Q1 (b) This is answered on PowerPoint slides. Q2 Socket API is a service model that works on TCP protocol of the application layer. Sockets are defined as the created endpoints on both the sender and receiver that establish a service. Each socket is comprised of a host IP address and a 16 bit number that is local to the particular host, otherwise referred to as a port. The TCP connection management employs the use of API calls to communicate between the client and the server. They include: accept, bind, close, connect, listen, receive, send and socket. Their functionalities are as described below, each being executed depending on the previous state of service: Accept: This event is also referred to as acknowledge, abbreviated as ACK. It is a response issued by a local TCP entity to acknowledge a SENT request made by a client. This event happens when a client sends a connect request, and is responded when the finite state machine goes to the state SYN SENT. Upon arrival of the event SYN+ACK, the finite machine switches to the state Established and upon which data can then be sent or received. Bind: The Bind () socket call is initiated by the server to the client and it associates the client to a client can use the address parsed as argument to establish a connection. The bind system call is invoked when the address in focus is local as opposed to remote terminal. The bind call is followed by the listen system call, and takes in as arguments, the port and address pair. Close: This system call, is used to initiate the “closed” state in the finite state machine (FST). Its role is terminate all open connections either on the server side or the client side. On the server side, it is preceded by a write operation while on the client side it is preceded by a read operation. Connect: The functionality of this system call is to set the connection to an active open state. The event created by this call is user initiated system call and is received by the server. The connect system call originates from the client to the server which seeks to establish a connection. On the server side, the accept() call is blocked until the connection from the client is established. Listen: This system call operates on the server side, also the receiver. It is precedent to the ACCEPT system call and proceeds the BIND call. This call initiates a “passive” connection state on the server and the server waits for a connection to be established. (A. Tanenbaum, D. Weatherall, 2011,501) Receive: This call works with a control segment SYN to confirm the arrival of a connection. The FST is then switched to the SYN RCVD state and waits for an acknowledgment signal. Send. The function of this call is causes the state to change from LISTEN to SYN SENT in the finite state machine. The send primitive starts the transmission of data segment between the cline and the server. Socket: This primitive is used to establish an inter-process communication on both the client and the server side. It precedes all other system calls since information using the TCP protocol can only be established by use of sockets. Hence, it is initiated before the “connect” primitive is called to initiate the set up. The “socket ()” system call specifies the domain and the socket type before two processes can communicate with each other. To be precise, the two processes can communicate only if the sockets exchanged are of the same type. (A. Tanenbaum, D. Weatherall, 2011, 563) Q3 One of the possible causes of the data integrity errors to rise from 0.1% to 3% rate of data being discarded is a possibility of an embedded malware such as a virus that tries to illegally gain access to the network servers or client machines. The most common possibility is a worm embedded in the newly installed wiki software. The malware could be trying to access processes that are otherwise not at its User Access Level thereby causing the SNMP to reject such port addresses or data from being transmitted across the network. The second possible cause is an attempt to run a viral code on the Wiki pages created by a hacker on the Wiki site. Either by SQL injection or in an embedded program uploaded in one of the sites added or edited on the Wiki site, a malicious software may be spoofing the network for which case the firewall may be rejecting the packets or with wrong addressing the network devices may be rejecting the sent packets hence causing the data throughput to be reduced and hence increase in the error percentage. The third possibility of the increased error rate could be that the Wiki program installed could have compromised or use the same processes as the Address resolution protocol hence tampering with it. The proposed action to take is to check on the certificates for the Wiki software as to whether it is in line with the documented functionality, review the processes it uses to run and check whether it affects the system processes and try to isolate the processes. In case the behavior of the software or the processes it utilizes are of high security alert, then the software would be uninstalled and contact the vendor for a better release of the same. Also the entire network would have to be scanned for viruses and other malware that could have embedded themselves into the operating system of the network. For the unusual high rate of virus detection on a single particular lab machine, the initial possible cause is that there could be a lack of an antivirus on the machine, thus at every running of the machine, the virus which could have embedded itself onto the system software, executes itself and tries to send requests over the TCP for its regeneration. The second possibility is a dysfunctional antimalware that hasn’t been recently updated hence it fails to detect the particular malware that takes host of the network process thus increasing the traffic on that network node in which it is located. The third possibility is that the system firewall on the particular computer machine could have been turned off. The solutions for this are rather simple. First, is to check whether the firewall is off and turn it on then scan the whole computer, secondly, the system administrator would check whether there is an antivirus program installed in the first place. If there isn’t, then it would be advisable to install one. In case there is an active antivirus then an update would be necessary and in case this fails, changing the antispyware program then scanning the machine would suffice to eliminate the problem. If the problem persists upon trying these three measures, then a change in the operating system is inevitable. Concerning the increased queue length on the router from the recently installed VPN network, a likely cause of the problem could be the allocation of bandwidth in which the VPN network is allocated a large bandwidth hence creating a large data stream than the router can effectively handle. The second possible cause is web traffic from the new office. The capacity of users or volume of the data send over to the main servers could be tremendously high and could be more than what the design specification of the router, in terms of speed and bandwidth has been rated. The solutions that are at hand could first, to limit the bandwidth such that it correlates with the router capacity. That could mean installation of a firewall to control even the web traffic from known sites notorious in transmission large, especially multimedia files. The other option present would be to increase the router capacity such that it can accommodate the web traffic channeled from the newly established VPN. Q4 (a) The checksum data integrity check relies on a number of summed parity bits to detect an error in a packet message being transmitted. In checksum error detection and correction method, a group of parity bits are added to the end of a message regardless of their calculation method. Stronger checksums are sometimes used with running sum. Whereas random errors are hard to be introduced in such detection systems, for example, Fletcher’s checksum that combines product and running sum of the error position, they are not entirely eliminated, especially if there be a buggy hardware. Another error detection and correction method that is used in the transport layer is the Cyclic Redundant cycle abbreviated as CRC. Synonymous to the term polynomial code, the CRC scheme treats bit strings as representations of polynomials whose coefficients are either 1or 0 only. The polynomial is calculated using field theory with long division method used to detect error position. However, like in checksum method of error detection and correction, a transmission error in this method cannot also be corrected. (A. Tanenbaum, D. Weatherall, 2011, 214) Whereas the two methods highlighted above have proved some effectiveness in error detection and correction, they don’t comprehensively solve the issue of data security during transmission. Their use of raw bits make them prone to interception and with the known algorithms of computation, data can be accessed by hackers and read with ease. Thus, there arise a need for encryption of data. It is why then there is a need to use the Message Digest protocol to enhance the security of data over communication channels. The most employed is the MD5 scheme. The digests used in Message Authentication Codes are suitable for signing off the message such that the communication only happens between the intended two parties by the process of data encryption and public key management. (A. Tanenbaum, D. Weatherall, 2011, 802) Q (4) (b) In the case of the single student gaining access to the university DNS server and launching a MIM attack, other students easily noticed the threat that their log in details were insecure since the university could be using the secure DNS server, which stores in a database RR set pair with private zone public keys installed. Hence, the shift in zone of origin it would be easy and quick to note that the server address has been tampered with and the connection is no more secure. References Read More