COL334: Computer Networks (CSE, IITD, Semester-I-2020-21) Assignment-2

By: Pratik Pranav - 2018CS10368

Solution: We could easily observe DNS packets in the wireshark being transferred. We could easiy
observe the DNS server in the standard query respnse for www.cse.iitd.ac.in.
1. (a) DNS Server: 2409:4064:4db0:4fc5::3b
Time Taken: 11.943916147 seconds(Response Time) - 11.939556312 seconds(Query Time)
Time Taken: 0.004359835 seconds

Solution:
• Number of HTTP request that were generated are: 23(GET)
• I think data are received in raw bytes and then processed into HTML, CSS and JS as per need.
• I think first HTML and CSS data object appears during package transfer which implies that
(b)
they are rendered first or we can say simulataneously.
• After that comes the Javascript queries which are added to already build HTML and CSS
rendered pages. JavaScript is then added to the Webpage to make it more interactive.
• At last Images are received by the browser and then added to the webpage.

Solution:
• Around 1000 TCP packets were observed to and fro source.
• We could find the number of TCP connections by checking the number of SYNs/connections
(c) from my computer by adding tcp.flags.syn == 1 to above command then adding tcp.flags.ack
== 0 as the source host will also be sending back SYN,ACKs to accept those connections, so
to filter those out.
• After applying the above filter we get 6 TCP connections.

Solution: Yes, Several content objects are fetched over the same TCP connections as listed below:
• HTTP is an application layer protocol which normally works on underlying transport layer
protocol and TCP is commonly used. Same case is here.
(d) • Every item which is transferred over HTTP as could be seen wireshark trace is in turn is
transferring over TCP.
• The items that are transferred over HTTP include HTML, CSS, JS and images for rendering
the final webpage.

1 of 6
COL334: Computer Networks (CSE, IITD, Semester-I-2020-21) Assignment-2

Solution: Looking at first SYN, SYN/ACK, ACK

• Time Differences:
1. Timestamp at which first SYN was sent: 4.529099825 seconds
2. Timestamp at which first SYN/ACK was received: 4.642857252 seconds
3. Timestamp at which first ACK was sent: 4.642976792 seconds
4. Timestamp at which data is sent first time: 4.756410129 seconds
5. Time taken in handsake: 114 ms
6. Time taken from first SYN to first data packet received: 227 ms
(e) • Optimizations done by browsers to minimize overall page-load time:
1. Most importantly, Browsers do caching and memoization for some of the content on the
web page which greatly reduces the total time needed to load a web-page.
2. P2P resource sharing is considered another method which is optimizing the the delivery
of web-pages nowadays. Here, Each consumer already received the packets share them to
requires peer if a network connection is present between them which in place decreases the
page-load time.
3. Browser also reduces image transfer latency between networks by compressing while getting
them, also optimizes dependencies which includes just to load necessary plug-ins only,
removing multiple tracking softwares and reducing cookies sizes.

Solution:
1. Time for page to load:
• Timestamp at which DNS query for m.cricbuzz.com was sent: 2.54s
• Timestamp for last packet sent before Keep-Alive packets: 43.44s
(f) • Time taken to download the entire webpage: 43.44s-2.54s = 40.90s
2. Time taken to load above the fold:
• Timestamp at which DNS query for m.cricbuzz.com was sent: 2.54s
• Timestamp at which first TCP ACKed unseen segment was received: 8.75 s
• Above fold time: 5.21s

Solution:
1. Findings:
• No HTTP packets are observed in wireshark trace.
2. Observations after browsing through the wireshark trace:
(g) • I am not able to see the content of any HTML and Javascript being transferred as well.
• As per my observation, the packets sent by indianexpress.com is encrypted as a lot packets
initially are mentioning ’Encrypted Alert’.
• This encryption might be the main reason why we are not able to see the HTML and
Javascript content and one more type of protocol TLS is visible in wireshark trace which
is providing required privacy and data integrity between server and client.

2 of 6
COL334: Computer Networks (CSE, IITD, Semester-I-2020-21) Assignment-2

Solution:
• The data packets sent to the source from the indianexpress.com as mentioned in earlier answer
2. (a) is encrypted to a third party software like wireshark.
• However, Chrome must be decrypting it before showing it to us as web-page, That’s why I
think chrome is able to show all the content objects.

Solution:
1. Totally 503 content objects are downloaded to render the homepage of
www.indianexpress.com.
2. Yes, many of these objects are not from indianexpress.com. They mostly appears from
• Google Syndicate: It’s a Google platform (more specifically, a domain) used to store ad
content and other related sources for Google AdSense and DoubleClick. Also, it does not
use any client-side tracking methods. (Source : W ikipedia)
(b) • Double Click: Doubleclick is a business owned by Google that makes it money from online
advertisers and publishers.
• Taboola: It is also a private advertising company.
• Outbrain: Another advertising company.
3. Purpose of these objects:
• They are used to create personalized advertisement for the user.
• These ad-services also used to collect data from the user.

Solution:
• Throughput with cache enabled: Largest object that was downloaded was of 114 Kb and time
taken is around 264 ms(Only content download time). Throughput = 114*1000/264 kB/s =
431 kB/s
(c)
• Also now the largest object is of size 191 Kb which took around 331ms(Only content download
time). Throughput = 87.3*1000/331 kB/s = 263 kB/s
• I think second one should be the actual throughput of the network while first one is better due
to caching done by browser.

Solution:
• Indian Express have around 550 content objects which needed 5 MB of data, while NYtimes
have around 400 content objects which took needed 14 MB of data.
• Most of the content objects are add plugins and advertisements. Although there is fair amount
(d)
of share of HTML, CSS and JavaScript codes. These codes form the backbone of the page.
• Hence, Creating a websites requires handing a large number of content objects at once. Also,
These websites earn revenue mainly by advertisements which only increase the content object
needed to render a web page.

Solution: Yes, The idea of hosting a web-page on multiple domains is really good.
• It would decrease the delay caused by various factors like round trip delays and pipelining.
• It could also be helpful in case if some error occured at a domain. Single error at any domain
(e)
would not let the web-page going down.
• It would also betters the maintainence of web pages as components are distributed over multiple
domains.

3 of 6
COL334: Computer Networks (CSE, IITD, Semester-I-2020-21) Assignment-2

Solution:
1. Chrome is able to emulate different networks as mentioned above. I think chrome somehow
manages to throttle downlink throughput and uplink throughput and latency accorording to
the network specification provided. It does so by slowing the object content content removal
(f) from queue which in turn increases the observed queuing delay.
2. Each device has different computation capability depending upon its RAM, Storage etc. When
we design a software we must kept in mind that our product must be providing same user
experience across different devices. If we donot check that it might also happen that connection
timed out.

Solution:
1. Third party domain which I see being accesed are:
• securepubads.g.doubleclick.net
• imasdk.googleapis.com
• googleads.g.doubleclick.net
• pagead2.googlesyndication.com
• www.google − analytics.com
2. User specific information which I think is being sent to the websites are:
• Events: Events like which content or news article is being shared, which specific functions
(g) or options we click which includes ads, pop-ups etc.
• Number of users active on a website or a particular section on website.
• In case of Ecommerce-sites, User specific information like product impressions, product
clicks, viewing product details, adding a product to a shopping cart, initiating the checkout
process, transactions, refunds etc. are the info I think is maintained by google.
3. Information which I think is being used by third-party domains by cookies they set up are:
• They are used to track user like which specific types of ads a particular user is interested
in etc.
• They also provide website owner certain services like live chat etc.
4. No, I don’t have currently third parties cookies blocked in open browser however they are
blocked when I use incognito mode.

4 of 6
COL334: Computer Networks (CSE, IITD, Semester-I-2020-21) Assignment-2

Solution: We can filter the dhcp by checking UDP packets with port number 68 which in wireshark
could be obtained using udp.port==68.
1. DHCP is the protocol through which DHCP is operating.
2. Transaction Diagram:

3. (a)

(Source : W ikipedia)
3. Information about Transaction Diagram:
• Firstly, DHCP client broadcasts a DHCPDISCOVER message, using port 68.
• Then, the servers respond to the DHCPDISCOVER message with a DHCPOFFER mes-
sage which includes IP address as well.
• Then client accepts the offer and sends a DHCPREQUEST message to the server.
• Then Server replies with a DHCPACK message which creates the binding between the
client physical address and its IP address.
4. UDP is the protocol which is the necessary transport layer protocol on which DHCP is oper-
ating

Solution:
1. Working of DNS:
• (Source : Internet) Traceroute maps out nodes along the path from our computer to the
web server. It maps the route one node at a time, and records each of the “hops” to a node
on our screen.
(b)
• We then get the IP address of router in path as an ICMP message reply from router.
• Then, I could see my machine sending queries to DNS server and getting back responses as
well. Each query consists of the IP address received from router as (reverse of ip address).in-
addr.arpa
2. Underlying protocol used is UDP.

Solution: ICMP messages Traceroute seems to be involved with:

• ICMP is an protocol mostly used by routers to report errors, problems etc.
• I could see each of the replies from routers is using ICMP.
(c) • Routers are replying with ICMP messages of type 3 and code 3 if Destination is not reachable
and of type 11 and code 0 if Time To Live Exceeded in Transit.
• Above two messages are only ones to be received by my machine while tracerouting
www.google.com other messages include Source Quench message, Redirect messages and Pa-
rameter Problem messages.

5 of 6
COL334: Computer Networks (CSE, IITD, Semester-I-2020-21) Assignment-2

Solution:
• UDP seems to be used when we use videoconferencing app like zoom and youtube.
• UDP seems the best choice as well owing to its queries processing is fast as it only consist of a
(d)
single request followed by a single reply packet.
• Although UDP lacks reliability, as there is always some packet loss but some losses in video
streaming might not affect much owing to the query processing speed it provide.

6 of 6