GLOBAL INSTITUTE OF TECHNOLOGY,

JAIPUR

RTU EXAM SOLUTION

Branch – CSE / IT
Data Communication and Computer Network
Paper Code – 4CS4-07
Date of Exam – 24/05/2019
Part –A
Answer 1. The International Standard Organization has a well-defined model for Communication
Systems known as Open System Interconnection, or the OSI Model. This layered model is a
conceptualized view of how one system should communicate with the other, using various protocols
defined in each layer. Further, each layer is designated to a well defined part of communication system.
For example, the Physical layer defines all the components of physical nature, i.e. wires, frequencies,
pulse codes, voltage transmission etc. of a communication system.

Answer 2. Difference Between Analog and Digital Signal

Analog and Digital are the different forms of signals. Signals are used to carry information from
one device to another. Analog signal is a continuous wave that keeps on changing over a time period.
Digital signal is discrete in nature. The fundamental difference between analog and digital signal is
that analog signal is represented by the sine waves whereas, the digital signal is represented by square
waves.
Answer .3. Error is a condition when the output information does not match with the transmission,
digital signals suffer from noise that can introduce errors in the binary bits travelling from one system
to other. That means a 0 bit may change to 1 or a 1 bit may change to 0.

Single bit error

In a frame, there is only one bit, anywhere though, which is corrupt.

Burst error
Frame contains more than1 consecutive bits corrupted.

Answer 4. A frame is a digital data transmission unit in computer networking and telecommunication.
In packet switched systems, a frame is a simple container for a single network packet. In other
telecommunications systems, a frame is a repeating structure supporting time-division multiplexing.
A frame typically includes frame synchronization features consisting of a sequence of bits or symbols
that indicate to the receiver the beginning and end of the payload data within the stream of symbols or
bits it receives. If a receiver is connected to the system during frame transmission, it ignores the data
until it detects a new frame synchronization sequence.

Answer 5.
Answer 6. A physical address is the hardware-level address used by the Ethernet interface to
communicate on the network. Every device must have a unique physical address. This is often referred
to as its MAC (Media Access Control) address. An Ethernet physical address is six bytes long
and consists of six hexadecimal numbers, usually se parated by colon characters (:)
Answer7.
Answer 8.

Answer 9. DNS has two types of messages: query and response. Both types have the same format.
The query message consists of a header and question records; the response message consists of a
header, question records, answer records, authoritative records, and additional records .

Part –B
Answer 1. TCP is a connection-oriented Layer 4 protocol that provides full-duplex, acknowledged,
and flow-controlled service to upper-layer protocols. It moves data in a continuous, unstructured byte
stream. Sequence numbers identify bytes within that stream. TCP can also support numerous
simultaneous upper-layer conversations.
The TCP packet format consists of these fields:

 Source Port and Destination Port fields (16 bits each) identify the end points of the connection.

 Sequence Number field (32 bits) specifies the number assigned to the first byte of data in the
current message. Under certain circumstances, it can also be used to identify an initial sequence
number to be used in the upcoming transmission.
 Acknowledgement Number field (32 bits) contains the value of the next sequence number that
the sender of the segment is expecting to receive, if the ACK control bit is set. Note that the
sequence number refers to the stream flowing in the same direction as the segment, while the
acknowledgement number refers to the stream flowing in the opposite direction from the segment.
 Data Offset (a.k.a. Header Length) field (variable length) tells how many 32-bit words are
contained in the TCP header. This information is needed because the Options field has variable
length, so the header length is variable too.
 Reserved field (6 bits) must be zero. This is for future use.
 Flags field (6 bits) contains the various flags:
URG—Indicates that some urgent data has been placed.
ACK—Indicates that acknowledgement number is valid.
PSH—Indicates that data should be passed to the application as soon as possible.
RST—Resets the connection.
SYN—Synchronizes sequence numbers to initiate a connection.
FIN—Means that the sender of the flag has finished sending data.
 Window field (16 bits) specifies the size of the sender's receive window (that is, buffer space
available for incoming data).
 Checksum field (16 bits) indicates whether the header was damaged in transit.
 Urgent pointer field (16 bits) points to the first urgent data byte in the packet.
 Options field (variable length) specifies various TCP options.
 Data field (variable length) contains upper-layer information.

TCP makes up for IP's deficiencies by providing reliable, stream-oriented connections. The protocol
suite gets its name because most TCP/IP protocols are based on TCP, which is in turn based on IP.
TCP and IP are the twin pillars of TCP/IP. TCP adds a great deal of functionality to the IP service.

TCP packets
TCP almost always operates in full-duplex mode (two independent byte streams traveling in opposite
directions). Only during the start and end of a connection will data be transferred in one direction and
not the other. TCP uses segments to determine whether the receiving host is ready to receive the data.

When the sending TCP host wants to establish connections, it sends a segment called a SYN to the
peer TCP protocol running on the receiving host. The receiving TCP returns a segment called an ACK
to acknowledge the successful receipt of the segment. The sending TCP sends another ACK segment
and then proceeds to send the data. This exchange of control information is referred to as a three-way
handshake.

TCP packets are very complex and incorporate several mechanisms to ensure connection state,
reliability, and flow control of data packets:

 Streams: TCP data is organized as a stream of bytes, much like a file.

 Reliable delivery: Sequence numbers are used to coordinate which data has been transmitted and
received. TCP will arrange for retransmission if it determines that data has been lost.
 Network adaptation: TCP will dynamically learn the delay characteristics of a network and adjust
its operation to maximize throughput without overloading the network.
 Flow control: TCP manages data buffers and coordinates traffic so its buffers will never overflow.
Fast senders will be stopped periodically to keep up with slower receivers.
 Round-trip time estimation: TCP continuously monitors the exchange of data packets, develops
an estimate of how long it should take to receive an acknowledgement, and automatically
retransmits if this time is exceeded.

Answer 2. The Line Coding schemes are categorized as shown in the following figure:

I. Unipolar Scheme:
In a unipolar scheme, all the signal levels are on one side of the time axis, either above or below.
NRZ (Non-Return-to-Zero): Traditionally, a unipolar scheme was designed as a non-return-to- zero
(NRZ) scheme in which the positive voltage defines bit 1 and the zero voltage defines bit O. It is called
NRZ because the signal does not return to zero at the middle of the bit. The following figure shows a
unipolar NRZ scheme.

Compared with its polar counterpart, the normalized power (power needed to send 1 bit per unit line
resistance) is double that for polar NRZ. For this reason, this scheme is normally not used in data
communications today.

II. Polar Schemes

In polar schemes, the voltages are on the both sides of the time axis. For example, the voltage level for
0 can be positive and the voltage level for I can be negative.
a). Non-Return-to-Zero (NRZ):
In polar NRZ encoding, we use two levels of voltage amplitude. We can have two versions of polar
NRZ: NRZ-Land NRZ-I, as shown in the following Figure. The figure also shows the value of r, the
average baud rate, and the bandwidth.
In polar NRZ encoding, we use two levels of voltage amplitude. We can have two versions of polar
NRZ: NRZ-Land NRZ-I, as shown in the following Figure. The figure also shows the value of r, the
average baud rate, and the bandwidth.

In the first variation, NRZ-L (NRZ-Level), the level of the voltage determines the value of the bit. In
the second variation, NRZ-I (NRZ-Invert), the change or lack of change in the level of the voltage
determines the value of the bit. If there is no change, the bit is 0; if there is a change, the bit is 1.

b). Return to Zero (RZ):

The main problem with NRZ encoding occurs when the sender and receiver clocks are not
synchronized. The receiver does not know when one bit has ended and the next bit is starting. One
solution is the return-to-zero (RZ) scheme, which uses three values: positive, negative, and zero. In RZ,
the signal changes not between bits but during the bit. In the following figure, we see that the signal
goes to 0 in the middle of each bit. It remains there until the beginning of the next bit.

c). Biphase Manchester and Differential Manchester:

The idea of RZ (transition at the middle of the bit) and the idea of NRZ-L are combined into the
Manchester scheme. In Manchester encoding, the duration of the bit is divided into two halves. The
voltage remains at one level during the first half and moves to the other level in the second half. The
transition at the middle of the bit provides synchronization.

Differential Manchester, on the other hand, combines the ideas of RZ and NRZ-I. There is always a
transition at the middle of the bit, but the bit values are determined at the beginning of the bit. If the
next bit is 0, there is a transition; if the next bit is 1, there is none. The following figure shows both
Manchester and differential Manchester encoding.
The Manchester scheme overcomes several problems associated with NRZ-L, and differential
Manchester overcomes several problems associated with NRZ-I. First, there is no baseline wandering.
There is no DC component because each bit has a positive and negative voltage contribution. The only
drawback is the signal rate. The signal rate for Manchester and differential Manchester is double that
for NRZ. The reason is that there is always one transition at the middle of the bit and maybe one
transition at the end of each bit.

Characteristics of Line coding

The different characteristics of Line Coding Technique are as follows:

1. Signal Element versus Data Element:

A data element is the smallest entity that can represent a piece of information. This is the bit. In digital
data communications, a signal element carries data elements. A signal element is the shortest unit (time
wise) of a digital signal. In other words, data elements are what we need to send; signal elements are
what we can send. Data elements are being carried; signal elements are the carriers.
We define a ratio r which is the number of data elements carried by each signal element. The shows
several situations with different values of r.

In part a of the figure, one data element is carried by one signal element (r = 1). In part b of the figure,
we need two signal elements (two transitions) to carry each data element (r =1/2). In part c of the figure,
a signal element carries two data elements (r = 2). In part d, a group of 4 bits is being carried by a
group of three signal elements (r = 4/3). For every line coding scheme r value should be defined.
2. Data Rate versus Signal Rate:

The data rate defines the number of data elements (bits) sent in 1s. The unit is bits per second (bps).
The signal rate is the number of signal elements sent in 1s. The unit is the baud. The data rate is
sometimes called the bit rate; the signal rate is sometimes called the pulse rate, the modulation rate, or
the baud rate.
One goal in data communications is to increase the data rate while decreasing the signal rate. Increasing
the data rate increases the speed of transmission; decreasing the signal rate decreases the bandwidth
requirement.

3. Bandwidth:
Digital signal that carries information is non-periodic. The bandwidth of a non-periodic signal is
continuous with an infinite range. However, most digital signals we encounter in real life have a
bandwidth with finite values. In other words, the bandwidth is theoretically infinite, but many of the
components have such a small amplitude that they can be ignored. The effective bandwidth is finite.

4. Baseline Wandering:
In decoding a digital signal, the receiver calculates a running average of the received signal power.
This average is called the baseline. The incoming signal power is evaluated against this baseline to
determine the value of the data element. A long string of Os or 1s can cause a drift in the baseline
(baseline wandering) and make it difficult for the receiver to decode correctly. A good line coding
scheme needs to prevent baseline wandering.

5.DC Components:
When the voltage level in a digital signal is constant for a while, the spectrum creates very low
frequencies (results of Fourier analysis). These frequencies around zero, called DC (direct-current)
components, present problems for a system that cannot pass low frequencies or a system that uses
electrical coupling (via a transformer).

6. Self-synchronization:
To correctly interpret the signals received from the sender, the receiver's bit intervals must correspond
exactly to the sender's bit intervals. If the receiver clock is faster or slower, the bit intervals are not
matched and the receiver might misinterpret the signals. The following figure represents the
synchronization problem.

7. Built-in Error Detection:

It is desirable to have a built-in error-detecting capability in the generated code to detect some of or
all the errors that occurred during transmission. Some encoding schemes that we will discuss have this
capability to some extent.

8. Immunity to Noise and Interference:

Another desirable code characteristic is a code that is immune to noise and other interferences.

9. Complexity:
A complex scheme is more costly to implement than a simple one. For example, a scheme that uses
four signal levels is more difficult to interpret than one that uses only two levels.

Answer 3. Conversion of Digital Data to Digital Signal involves three techniques:

1. Line Coding
2. Block Coding
3. Scrambling

Out of which Line coding is always needed, block coding and scrambling may or may not be needed.
Block coding helps in error detection and re-transmission of the signal. It is normally referred to as
mB/nB coding as it replaces each m-bit data group with an n-bit data group (where n>m). Thus, its adds
extra bits (redundancy bits) which helps in synchronization at receiver’s and sender’s end and also
providing some kind of error detecting capability.

It normally involves three steps: division, substitution, and combination. In the division step,a sequence
of bits is divided into groups of m-bits. In the substitution step, we substitute an m-bit group for an n-
bit group. Finally, the n-bit groups are combined together to form a stream which has more bits than
the original bits.
Examples of mB/nB coding:
4B/5B (four binary/five binary ) –
This coding scheme is used in combination with NRZ-I. The problem with NRZ-I was that it has a
synchronization problem for long sequences of zeros. So, to overcome it we substitute the bit stream
from 4-bit to 5-bit data group before encoding it with NRZ-I. So that it does not have a long stream
of zeros. The block-coded stream does not have more than three consecutive zeros (see encoding table).

At the receiver, the NRZ-I encoded digital signal is first decoded into a stream of bits and then decoded
again to remove the redundancy bits.
Drawback – Though 4B/5B encoding solves the problem of synchronization,it increases the signal rate
of NRZ-L.Moreover,it does not solve the DC component problem of NRZ-L.
8B/10B (eight binary/ten binary) –
This encoding is similar to 4B/5B encoding except that a group of 8 bits of data is now substituted by
a 10-bit code and it provides greater error detection capability than 4B/5B.
It is actually a combination of 5B/6B and 3B/4B encoding.The most five significant bits of a 10-bit
block is fed into the 5B/6B encoder; the least 3 significant bits is fed into a 3B/4B encoder. The split
is done to simplify the mapping table.

A group of 8 bits can have 2^8 different combinations while a group of 10 bits can have 2^10 different
combinations. This means that there are 2^10-2^8=768 redundant groups that are not used for 8B/10B
encoding and can be used for error detection and disparity check.
Thus, this technique is better than 4B/5B because of better error-checking capability and better
synchronization.
Answer 4. To improve the efficiency of transmission (filling the pipe), multiple frames must be in
transition while waiting for acknowledgment. In Go-Back-N Automatic Repeat Request, we can send
several frames before receiving acknowledgments; we keep a copy of these frames until the
acknowledgments arrive.
Sequence Numbers
Frames from a sending station are numbered sequentially. If the header of the frame allows m bits for
the sequence number, the sequence numbers range from 0 to 2m- 1. For example, if m is 4, the only
sequence numbers are 0 through 15 inclusive. However, we can repeat the sequence. So the sequence
numbers are
0, 1,2,3,4,5,6, 7,8,9, 10, 11, 12, 13, 14, 15,0, 1,2,3,4,5,6,7,8,9,10, 11, ...

In other words, the sequence numbers are modulo-2 m.

Sliding Window
In this protocol (and the next), the sliding window is an abstract concept that defines the range of
sequence numbers that is the concern of the sender and receiver. In other words, the sender and receiver
need to deal with only part of the possible sequence numbers. The range which is the concern of the
sender is called the send sliding window; the range that is the concern of the receiver is called the
receiver sliding window.

The send window is an imaginary box covering the sequence numbers of the data frames which can be
in transit. In each window position, some of these sequence numbers define the frames that have been
sent; others define those that can be sent. The maximum size of the window is 2 m – 1. The size can be
fixed and set to the maximum value. The following figure shows a sliding window of size 15 (m=4) .

The window at any time divides the possible sequence numbers into four regions. The first region, from
the far left to the left wall of the window, defines the sequence numbers belonging to frames that are
already acknowledged. The sender does not worry about these frames and keeps no copies of them.
The second region, colored in the above figure- a, defines the range of sequence numbers belonging to
the frames that are sent and have an unknown status. The sender needs to wait to find out if these frames
have been received or were lost. We call these outstanding frames. The third range, white in the figure,
defines the range of sequence numbers for frames that can be sent; however, the corresponding data
packets have not yet been received from the network layer. Finally, the fourth region defines sequence
numbers that cannot be used until the window slides, as we see next.

The window itself is an abstraction; three variables define its size and location at any time. We call
these variables Sf(send window, the first outstanding frame), Sn (send window, the next frame to be
sent), and Ssize (send window, size). The variable Sf defines the sequence number of the first (oldest)
outstanding frame. The variable Sn holds the sequence number that will be assigned to the next frame
to be sent. Finally, the variable Ssize defines the size of the window, which is fixed in our protocol.

The Figure-b shows how a send window can slide one or more slots to the right when an
acknowledgment arrives from the other end. The acknowledgments in this protocol are cumulative,
meaning that more than one frame can be acknowledged by an ACK frame. In in the figure-b, frames
0, 1, and 2 are acknowledged, so the window has slid to the right three slots. Note that the value of Sf
is 3 because frame 3 is now the first outstanding frame.

The receive window makes sure that the correct data frames are received and that the correct
acknowledgments are sent. The size of the receive window is always I. The receiver is always looking
for the arrival of a specific frame. Any frame arriving out of order is discarded and needs to be resent.
The following figure shows the receive window.

Note that we need only one variable Rn (receive window, next frame expected) to define this
abstraction. The sequence numbers to the left of the window belong to the frames already received and
acknowledged; the sequence numbers to the right of this window define the frames that cannot be
received. Any received frame with a sequence number in these two regions is discarded. Only a frame
with a sequence number matching the value of Rn is accepted and acknowledged. The receive window
also slides, but only one slot at a time. When a correct frame is received (and a frame is received only
one at a time), the window slides.

Timers:
Although there can be a timer for each frame that is sent, in this protocol we use only one. The reason
is that the timer for the first outstanding frame always expires first; we send all outstanding frames when
this timer expires.
Acknowledgment:
The receiver sends a positive acknowledgment if a frame has arrived safe and sound and in order. If a
frame is damaged or is received out of order, the receiver is silent and will discard all subsequent
frames until it receives the one it is expecting. The silence of the receiver causes the timer of the
unacknowledged frame at the sender site to expire.
This, in turn, causes the sender to go back and resend all frames, beginning with the one with the
expired timer. The receiver does not have to acknowledge each frame received. It can send one
cumulative acknowledgment for several frames.

Resending a Frame:
When the timer expires, the sender resends all outstanding frames. For example, suppose the sender
has already sent frame 6, but the timer for frame 3 expires. This means that frame 3 has not been
acknowledged; the sender goes back and sends frames 3, 4, 5, and 6 again. That is why the protocol is
called Go-Back-N ARQ.

Design:
The following figure shows the design for this protocol. As we can see, multiple frames can be in transit
in the forward direction, and multiple acknowledgments in the reverse direction. The idea is similar to
Stop-and-Wait ARQ; the difference is that the send window allows us to have as many frames in
transition as there are slots in the send window.

Send Window Size:

We can now show why the size of the send window must be less than 2m. As an example, we choose
m =2, which means the size of the window can be 2m - 1, or 3. The following figure compares a window
size of 3 against a window size of 4. If the size of the window is 3 (less than 22) and all three
acknowledgments are lost, the frame timer expires and all three frames are resent. The receiver is now
expecting frame 3, not frame 0, so the duplicate frame is correctly discarded. On the other hand, if the
size of the window is 4 (equal to 22) and all acknowledgments are lost, the sender will send a duplicate
of frame 0. However, this time the window of the receiver expects to receive frame 0, so it accepts
frame 0, not as a duplicate, but as the first frame in the next cycle. This is an error.
Answer 5.

1. Address Resolution Protocol (ARP) –

Address Resolution Protocol is a communication protocol used for discovering physical address
associated with given network address. Typically, ARP is a network layer to data link layer mapping
process, which is used to discover MAC address for given Internet Protocol Address.
In order to send the data to destination, having IP address is necessary but not sufficient; we also need
the physical address of the destination machine. ARP is used to get the physical address (MAC address)
of destination machine.
Before sending the IP packet, the MAC address of destination must be known. If not so, then sender
broadcasts the ARP-discovery packet requesting the MAC address of intended destination. Since ARP-
discovery is broadcast, every host inside that network will get this message but the packet will be
discarded by everyone except that intended receiver host whose IP is associated. Now, this receiver will
send a unicast packet with its MAC address (ARP-reply) to the sender of ARP-discovery packet. After
the original sender receives the ARP-reply, it updates ARP-cache and start sending unicast message to
the destination.

Example – GATE CS 2005, Question 24 (ARP Based).

2. Reverse Address Resolution Protocol (RARP) –

Reverse ARP is a networking protocol used by a client machine in a local area network to request its
Internet Protocol address (IPv4) from the gateway-router’s ARP table. The network administrator
creates a table in gateway-router, which is used to map the MAC address to corresponding IP address.
When a new machine is setup or any machine which don’t have memory to store IP address, needs an
IP address for its own use. So the machine sends a RARP broadcast packet which contains its own
MAC address in both sender and receiver hardware address field.

A special host configured inside the local area network, called as RARP-server is responsible to reply
for these kind of broadcast packets. Now the RARP server attempt to find out the entry in IP to MAC
address mapping table. If any entry matches in table, RARP server send the response packet to the
requesting device along with IP address.
  LAN technologies like Ethernet, Ethernet II, Token Ring and Fiber Distributed Data Interface
(FDDI) support the Address Resolution Protocol.
 RARP is not being used in today’s networks. Because we have much great featured protocols like
BOOTP (Bootstrap Protocol) and DHCP( Dynamic Host Configuration Protocol).

Answer 6. The Transmission Control Protocol is the most common transport layer protocol. It works
together with IP and provides a reliable transport service between processes using the network layer
service provided by the IP protocol.

The various services provided by the TCP to the application layer are as follows:

1. Process-to-Process Communication –
TCP provides process to process communication, i.e, the transfer of data takes place between
individual processes executing on end systems. This is done using port numbers or port
addresses. Port numbers are 16 bit long that help identify which process is sending or receiving
data on a host.

2. Stream oriented –
This means that the data is sent and received as a stream of bytes(unlike UDP or IP that divides
the bits into datagrams or packets). However, the network layer, that provides service for the
TCP, sends packets of information not streams of bytes. Hence, TCP groups a nuber of bytes
together into a segmentand adds a header to each of these segments and then delivers these
segments to the network layer. At the network layer, each of these segments are encapsulated in
an IP packet for transmission. The TCP header has information that is required for control
purpose which will be duscussed along with the segment structure.

3. Full duplex service –

This means that the communication can take place in both directions at the same time.

4. Connection oriented service –

Unlike UDP, TCP provides connection oriented service. It defines 3 different phases:
 Connection establishment
 Data transfer
 Connection termination
5. Reliability –
TCP is reliable as it uses checksum for error detection, attempts to recover lost or corrupted
packets by re-transmission, acknowledgement policy and timers. It uses features like byte number
and sequence number and acknowledgement number so as to ensure reliability. Also, it uses
congestion control mechanisms.

6. Multiplexing –
TCP does multiplexing and de-multiplexing at the sender and receiver ends respectively as a
number of logical connections can be established between port numbers over a physical
connection.

Answer 7. Network security is any activity designed to protect the usability and integrity of your
network and data. It includes both hardware and software technologies. Effective network security
manages access to the network. It targets a variety of threats and stops them from entering or spreading
on your network. It is protection of the access to files and directories in a computer network against
hacking, misuse and unauthorized changes to the system. An example of network security is an anti
virus system.
Computer networks that are involved in regular transactions and communication within the government,
individuals, or business require security. The most common and simple way of protecting a network
resource is by assigning it a unique name and a corresponding password.
Types of Network Security Devices
Active Devices
These security devices block the surplus traffic. Firewalls, antivirus scanning devices, and content
filtering devices are the examples of such devices.
Passive Devices
These devices identify and report on unwanted traffic, for example, intrusion detection appliances.
Preventative Devices
These devices scan the networks and identify potential security problems. For example, penetration
testing devices and vulnerability assessment appliances.
Unified Threat Management (UTM)
These devices serve as all-in-one security devices. Examples include firewalls, content filtering, web
caching, etc.
Firewalls
A firewall is a network security system that manages and regulates the network traffic based on some
protocols. A firewall establishes a barrier between a trusted internal network and the internet.
Firewalls exist both as software that run on a hardware and as hardware appliances. Firewalls that are
hardware-based also provide other functions like acting as a DHCP server for that network.
Most personal computers use software-based firewalls to secure data from threats from the internet.
Many routers that pass data between networks contain firewall components and conversely, many
firewalls can perform basic routing functions.
Firewalls are commonly used in private networks or intranets to prevent unauthorized access from the
internet. Every message entering or leaving the intranet goes through the firewall to be examined for
security measures.
An ideal firewall configuration consists of both hardware and software based devices. A firewall also
helps in providing remote access to a private network through secure authentication certificates and
logins.
Hardware and Software Firewalls
Hardware firewalls are standalone products. These are also found in broadband routers. Most hardware
firewalls provide a minimum of four network ports to connect other computers. For larger networks −
e.g., for business purpose − business networking firewall solutions are available.
Software firewalls are installed on your computers. A software firewall protects your computer from
internet threats.
Antivirus
An antivirus is a tool that is used to detect and remove malicious software. It was originally designed
to detect and remove viruses from computers.
Modern antivirus software provide protection not only from virus, but also from worms, Trojan-horses,
adwares, spywares, keyloggers, etc. Some products also provide protection from malicious URLs,
spam, phishing attacks, botnets, DDoS attacks, etc.
Content Filtering
Content filtering devices screen unpleasant and offensive emails or webpages. These are used as a part
of firewalls in corporations as well as in personal computers. These devices generate the message
"Access Denied" when someone tries to access any unauthorized web page or email.
Content is usually screened for pornographic content and also for violence- or hate-oriented content.
Organizations also exclude shopping and job related contents.
Content filtering can be divided into the following categories −
Web filtering
Screening of Web sites or pages
E-mail filtering
Screening of e-mail for spam
Other objectionable content
Intrusion Detection Systems
Intrusion Detection Systems, also known as Intrusion Detection and Prevention Systems, are the
appliances that monitor malicious activities in a network, log information about such activities, take
steps to stop them, and finally report them.Intrusion detection systems help in sending an alarm against
any malicious activity in the network, drop the packets, and reset the connection to save the IP address
from any blockage. Intrusion detection systems can also perform the following actions −
Correct Cyclic Redundancy Check (CRC) errors, Prevent TCP sequencing issues and
Clean up unwanted transport and network layer options .

PART –C
Answer 1. OSI stands for Open Systems Interconnection. It has been developed by ISO –
‘International Organization of Standardization‘, in the year 1974. It is a 7 layer architecture with
each layer having specific functionality to perform. All these 7 layers work collaboratively to transmit
the data from one person to another across the globe.

1. Physical Layer (Layer 1) :

The lowest layer of the OSI reference model is the physical layer. It is responsible for the actual physical
connection between the devices. The physical layer contains information in the form of bits. It is
responsible for the actual physical connection between the devices. When receiving data, this layer will
get the signal received and convert it into 0s and 1s and send them to the Data Link layer, which will
put the frame back together.

The functions of the physical layer are :

1. Bit synchronization: The physical layer provides the synchronization of the bits by providing a
clock. This clock controls both sender and receiver thus providing synchronization at bit level.
2. Bit rate control: The Physical layer also defines the transmission rate i.e. the number of bits sent
per second.
 3. Physical topologies: Physical layer specifies the way in which the different, devices/nodes are
arranged in a network i.e. bus, star or mesh topolgy.
4. Transmission mode: Physical layer also defines the way in which the data flows between the
two connected devices. The various transmission modes possible are: Simplex, half-duplex and
full-duplex.
* Hub, Repeater, Modem, Cables are Physical Layer devices. Network Layer, Data Link Layer and
Physical Layer are also known as Lower Layers or Hardware Layers.

2. Data Link Layer (DLL) (Layer 2) : The data link layer is responsible for the node to node delivery
of the message. The main function of this layer is to make sure data transfer is error free from one node
to another, over the physical layer. When a packet arrives in a network, it is the responsibility of DLL
to transmit it to the Host using its MAC address.
Data Link Layer is divided into two sub layers :
1. Logical Link Control (LLC)
2. Media Access Control (MAC)
The packet received from Network layer is further divided into frames depending on the frame size of
NIC(Network Interface Card). DLL also encapsulates Sender and Receiver’s MAC address in the
header.
The Receiver’s MAC address is obtained by placing an ARP(Address Resolution Protocol) request onto
the wire asking “Who has that IP address?” and the destination host will reply with its MAC address.
The functions of the data Link layer are :
1. Framing: Framing is a function of the data link layer. It provides a way for a sender to transmit
a set of bits that are meaningful to the receiver. This can be accomplished by attaching special bit
patterns to the beginning and end of the frame.
2. Physical addressing: After creating frames, Data link layer adds physical addresses (MAC
address) of sender and/or receiver in the header of each frame.
3. Error control: Data link layer provides the mechanism of error control in which it detects and
retransmits damaged or lost frames.
4. Flow Control: The data rate must be constant on both sides else the data may get corrupted thus
, flow control coordinates that amount of data that can be sent before receiving acknowledgement.
5. Access control: When a single communication channel is shared by multiple devices, MAC sub-
layer of data link layer helps to determine which device has control over the channel at a given
time.
* Packet in Data Link layer is referred as Frame. Data Link layer is handled by the NIC (Network
Interface Card) and device drivers of host machines. Switch & Bridge are Data Link Layer devices.

3. Network Layer (Layer 3) :Network layer works for the transmission of data from one host to the
other located in different networks. It also takes care of packet routing i.e. selection of the shortest path
to transmit the packet, from the number of routes available. The sender & receiver’s IP address are
placed in the header by network layer.
The functions of the Network layer are :

1. Routing: The network layer protocols determine which route is suitable from source to
destination. This function of network layer is known as routing.
2. Logical Addressing: In order to identify each device on internetwork uniquely, network layer
defines an addressing scheme. The sender & receiver’s IP address are placed in the header by
network layer. Such an address distinguishes each device uniquely and universally.
* Segment in Network layer is referred as Packet. Network layer is implemented by networking devices
such as routers.

4. Transport Layer (Layer 4) :

Transport layer provides services to application layer and takes services from network layer. The data
in the transport layer is referred to as Segments. It is responsible for the End to End delivery of the
complete message. Transport layer also provides the acknowledgment of the successful data
transmission and re-transmits the data if an error is found.• At sender’s side:
Transport layer receives the formatted data from the upper layers, performs Segmentation and also
implements Flow & Error control to ensure proper data transmission. It also adds Source and
Destination port number in its header and forwards the segmented data to the Network Layer.

Note: The sender need to know the port number associated with the receiver’s application.
Generally, this destination port number is configured, either by default or manually. For example, when
a web application makes a request to a web server, it typically uses port number 80, because this is the
default port assigned to web applications. Many applications have default port assigned.

• At receiver’s side: Transport Layer reads the port number from its header and forwards the Data
which it has received to the respective application. It also performs sequencing and reassembling of
the segmented data.
The functions of the transport layer are :
1. Segmentation and Reassembly: This layer accepts the message from the (session) layer , breaks
the message into smaller units . Each of the segment produced has a header associated with it.
The transport layer at the destination station reassembles the message.
2. Service Point Addressing: In order to deliver the message to correct process, transport layer
header includes a type of address called service point address or port address. Thus by specifying
this address, transport layer makes sure that the message is delivered to the correct process.
The services provided by transport layer :
1. Connection Oriented Service: It is a three-phase process which include
– Connection Establishment
– Data Transfer
– Termination / disconnection
In this type of transmission, the receiving device sends an acknowledgment, back to the source
after a packet or group of packet is received. This type of transmission is reliable and secure.
2. Connection less service: It is a one phase process and includes Data Transfer. In this type of
transmission, the receiver does not acknowledge receipt of a packet. This approach allows for
much faster communication between devices. Connection oriented Service is more reliable than
connection less Service.
* Data in the Transport Layer is called as Segments. Transport layer is operated by the Operating
System. It is a part of the OS and communicates with the Application Layer by making system
calls.Transport Layer is called as Heart of OSI model.

5. Session Layer (Layer 5) :This layer is responsible for establishment of connection, maintenance of
sessions, authentication and also ensures security.The functions of the session layer are :

1. Session establishment, maintenance and termination: The layer allows the two processes to
establish, use and terminate a connection.
2. Synchronization : This layer allows a process to add checkpoints which are considered as
synchronization points into the data. These synchronization point help to identify the error so that
the data is re-synchronized properly, and ends of the messages are not cut prematurely and data
loss is avoided.
3. Dialog Controller : The session layer allows two systems to start communication with each other
in half-duplex or full-duplex.

**All the below 3 layers(including Session Layer) are integrated as a single layer in TCP/IP model as
“Application Layer”.Implementation of these 3 layers is done by the network application itself. These
are also known as Upper Layers or Software Layers.
6. Presentation Layer (Layer 6) :Presentation layer is also called the Translation layer.The data from
the application layer is extracted here and manipulated as per the required format to transmit over the
network.
The functions of the presentation layer are :
1. Translation : For example, ASCII to EBCDIC.
2. Encryption/ Decryption : Data encryption translates the data into another form or code. The
encrypted data is known as the cipher text and the decrypted data is known as plain text. A key
value is used for encrypting as well as decrypting data.
3. Compression: Reduces the number of bits that need to be transmitted on the network.

7. Application Layer (Layer 7) :At the very top of the OSI Reference Model stack of layers, we find
Application layer which is implemented by the network applications. These applications produce the
data, which has to be transferred over the network. This layer also serves as a window for the
application services to access the network and for displaying the received information to the user.
Ex: Application – Browsers, Skype Messenger etc.

The functions of the Application layer are :

1. Network Virtual Terminal

2. FTAM-File transfer access and management
3. Mail Services
4. Directory Services
OSI model acts as a reference model and is not implemented in Internet because of its late invention.
Current model being used is the TCP/IP model.
Answer 2. ALOHA is a system for coordinating and arbitrating access to a shared communication
Networks channel. It was developed in the 1970s by Norman Abramson and his colleagues at the
University of Hawaii. The original system used for ground based radio broadcasting, but the system has
been implemented in satellite communication systems.

A shared communication system like ALOHA requires a method of handling collisions that occur when
two or more systems attempt to transmit on the channel at the same time. In the ALOHA system, a node
transmits whenever data is available to send. If another node transmits at the same time, a collision
occurs, and the frames that were transmitted are lost. However, a node can listen to broadcasts on the
medium, even its own, and determine whether the frames were transmitted.
Aloha is a multiple access protocol at the data link layer and proposes how multiple terminals access
the medium without interference or collision. Roberts(1972) developed a protocol that would increase
the capacity of aloha two fold. The Slotted Aloha protocol involves dividing the time interval into
discrete slots and each slot interval corresponds to the time period of one frame. This method requires
synchronization between the sending nodes to prevent collisions.

There are two different versions of ALOHA

Pure ALOHA
• In pure ALOHA, the stations transmit frames whenever they have data to send.
• When two or more stations transmit simultaneously, there is collision and the frames are destroyed.
• In pure ALOHA, whenever any station transmits a frame, it expects the acknowledgement from the
receiver.
• If acknowledgement is not received within specified time, the station assumes that the frame (or
acknowledgement) has been destroyed.
• If the frame is destroyed because of collision the station waits for a random amount of time and sends
it again. This waiting time must be random otherwise same frames will collide again and again.
• Therefore pure ALOHA dictates that when time-out period passes, each station must wait for a random
amount of time before resending its frame. This randomness will help avoid more collisions.
• Figure shows an example of frame collisions in pure ALOHA.

• In fig there are four stations that .contended with one another for access to shared channel. All these
stations are transmitting frames. Some of these frames collide because multiple frames are in contention
for the shared channel. Only two frames, frame 1.1 and frame 2.2 survive. All other frames are
destroyed.
• Whenever two frames try to occupy the channel at the same time, there will be a collision and both
will be damaged. If first bit of a new frame overlaps with just the last bit of a frame almost finished,
both frames will be totally destroyed and both will have to be retransmitted.

Answer 3. A distance-vector routing (DVR) protocol requires that a router inform its neighbors of
topology changes periodically. Historically known as the old ARPANET routing algorithm (or known
as Bellman-Ford algorithm).
Bellman Ford Basics – Each router maintains a Distance Vector table containing the distance between
itself and ALL possible destination nodes. Distances,based on a chosen metric, are computed using
information from the neighbors’ distance vectors.
Information kept by DV router -
 Each router has an ID
 Associated with each link connected to a router,
 there is a link cost (static or dynamic).
 Intermediate hops
Distance Vector Table Initialization -
 Distance to itself = 0
 Distance to ALL other routers = infinity number.

Distance Vector Algorithm –

1. A router transmits its distance vector to each of its neighbors in a routing packet.
2. Each router receives and saves the most recently received distance vector from each of its
neighbors.
3. A router recalculates its distance vector when:
 It receives a distance vector from a neighbor containing different information than before.
 It discovers that a link to a neighbor has gone down.
The DV calculation is based on minimizing the cost to each destination
Dx(y) = Estimate of least cost from x to y
C(x,v) = Node x knows cost to each neighbor v
Dx = [Dx(y): y ∈ N ] = Node x maintains distance vector
Node x also maintains its neighbors' distance vectors
– For each neighbor v, x maintains Dv = [Dv(y): y ∈ N ]
Note –
 From time-to-time, each node sends its own distance vector estimate to neighbors.
 When a node x receives new DV estimate from any neighbor v, it saves v’s distance vector and
it updates its own DV using B-F equation:
 Dx(y) = min { C(x,v) + Dv(y)} for each node y ∈ N

Example – Consider 3-routers X, Y and Z as shown in figure. Each router have their routing table.
Every routing table will contain distance to the destination nodes.

Consider router X , X will share it routing table to neighbors and neighbors will share it routing table
to it to X and distance from node X to destination will be calculated using bellmen- ford equation.
Dx(y) = min { C(x,v) + Dv(y)} for each node y ∈ N
As we can see that distance will be less going from X to Z when Y is intermediate node(hop) so it will
be update in routing table X.
Similarly for Z also –

Finally the routing table for all –

Advantages of Distance Vector routing –
 It is simpler to configure and maintain than link state routing.
Disadvantages of Distance Vector routing –
 It is slower to converge than link state.
 It is at risk from the count-to-infinity problem.
 It creates more traffic than link state since a hop count change must be propagated to all routers
and processed on each router. Hop count updates take place on a periodic basis, even if there are
no changes in the network topology, so bandwidth-wasting broadcasts still occur.
 For larger networks, distance vector routing results in larger routing tables than link state since
each router must know about all other routers. This can also lead to congestion on WAN links.
Note – Distance Vector routing uses UDP(User datagram protocol) for transportation.

Answer 4. Leaky Bucket : The leaky bucket is used to implement traffic policing and traffic
shaping in Ethernet and cellular data networks. The algorithm can also be used to control metered-
bandwidth Internet connections to prevent going over the allotted bandwidth for a month, thereby
avoiding extra charges.

The algorithm works similarly to the way an actual leaky bucket holds water: The leaky bucket takes
data and collects it up to a maximum capacity. Data in the bucket is only released from the bucket at a
set rate and size of packet. When the bucket runs out of data, the leaking stops. If incoming data
would overfill the bucket, then the packet is considered to be non-conformant and is not added to the
bucket. Data is added to the bucket as space becomes available for conforming packets.

Main working steps

1. When the host has to send a packet , packet is thrown in bucket.

2. Bucket leaks at constant rate.
3. Bursty traffic is converted into uniform traffic by leaky bucket.
4. In practice bucket is a finite queue outputs at finite rate.
Token Bucket :

Main working steps

1. In this token bucket holds tokens generated at regular intervals of time.

2. Bucket has maximum capacity.
3.
4. If
If there
there is
is a
a ready packet
no token , a token
in bucket, is removed
packet can notfrom Bucket and packet is send.
be send.

Main advantage of token Bucket over leaky bucket -

1.If bucket is full in token Bucket , token are discard not packets.

While in leaky bucket , packets are discarded.

2. token Bucket can send Large bursts can faster rate while leaky bucket always sends
packets at constant rate.

Answer 5. The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed,
collaborative, hypermedia information systems. This is the foundation for data communication for the
World Wide Web (i.e. internet) since 1990. HTTP is a generic and stateless protocol which can be
used for other purposes as well using extensions of its request methods, error codes, and headers.

Basically, HTTP is a TCP/IP based communication protocol, that is used to deliver data (HTML files,
image files, query results, etc.) on the World Wide Web. The default port is TCP 80, but other ports
can be used as well. It provides a standardized way for computers to communicate with each other.
HTTP specification specifies how clients' request data will be constructed and sent to the server, and
how the servers respond to these requests.

Basic Features :
There are three basic features that make HTTP a simple but powerful protocol:

 HTTP is connectionless: The HTTP client, i.e., a browser initiates an HTTP request and after
a request is made, the client waits for the response. The server processes the request and sends
 a response back after which client disconnect the connection. So client and server knows about
each other during current request and response only. Further requests are made on new
connection like client and server are new to each other.

 HTTP is media independent: It means, any type of data can be sent by HTTP as long as both
the client and the server know how to handle the data content. It is required for the client as
well as the server to specify the content type using appropriate MIME-type.

 HTTP is stateless: As mentioned above, HTTP is connectionless and it is a direct result of

HTTP being a stateless protocol. The server and client are aware of each other only during a
current request. Afterwards, both of them forget about each other. Due to this nature of the
protocol, neither the client nor the browser can retain information between different requests
across the web pages.
HTTP/1.0 uses a new connection for each request/response exchange, where as HTTP/1.1 connection
may be used for one or more request/response exchanges.

Basic Architecture
The following diagram shows a very basic architecture of a web application and depicts where HTTP

The HTTP protocol is a request/response protocol based on the client/server based architecture where
web browsers, robots and search engines, etc. act like HTTP clients, and the Web server acts as a
server. Client: The HTTP client sends a request to the server in the form of a request method, URI,
and protocol version, followed by a MIME-like message containing request modifiers, client
information, and possible body content over a TCP/IP connection.

Server: The HTTP server responds with a status line, including the message's protocol version and a
success or error code, followed by a MIME-like message containing server information, entity meta
information, and possible entity-body content.