Que : Classify the following IP address . 1) 90.12.54.34 .ii ) 208.8.6.

14
Ans.

Que Tell the purpose of ARP protocol ?

Ans. Most computer programs/applications use logical addresses (IP Addresses)  to send/receive messages.
However, the actual communication happens over the Physical Address (MAC Address) that is from layer 2 of the
OSI model. So our mission is to get the destination MAC Address which helps in communicating with other
devices. This is where ARP comes into the picture, its functionality is to translate IP addresses to Physical
Addresses.

The acronym ARP stands for Address Resolution Protocol which is one of the most important protocols of the
Data link layer in the OSI model. It is responsible to find the hardware address of a host from a known IP address.
There are three basic ARP terms.
ARP finds the hardware address, also known as the Media Access Control (MAC)  address, of a host from its known
IP address. 
How ARP Works?
Imagine a device that wants to communicate with others over the internet. What does ARP do? It broadcast a packet
to all the devices of the source network. The devices of the network peel the header of the data link layer from
the Protocol Data Unit (PDU) called frame and transfer the packet to the network layer (layer 3 of OSI) where the
network ID of the packet is validated with the destination IP’s network ID of the packet and if it’s equal then it
responds to the source with the MAC address of the destination, else the packet reaches the gateway of the network
and broadcasts packet to the devices it is connected with and validates their network ID. The above process
continues till the second last network device in the path reaches the destination where it gets validated and ARP, in
turn, responds with the destination MAC address.
1. ARP Cache: After resolving the MAC address, the ARP sends it to the source where it is stored in a table for
future reference. The subsequent communications can use the MAC address from the table.
2. ARP Cache Timeout: It indicates the time for which the MAC address in the ARP cache can reside.
3. ARP request: This is nothing but broadcasting a packet over the network to validate whether we came across
the destination MAC address or not. 
1. The physical address of the sender.
2. The IP address of the sender.
3. The physical address of the receiver is FF:FF:FF:FF:FF: FF or 1’s.
4. The IP address of the receiver.
4. ARP response/reply: It is the MAC address response that the source receives from the destination which aids
in further communication of the data. 
 CASE-1: 
 The sender is a host and wants to send a packet to another host on the same network.
 Use ARP to find another host’s physical address.
 CASE-2: 
  The sender is a host and wants to send a packet to another host on another network.
 The sender looks at its routing table.
 Find the IP address of the next hop (router) for this destination.
 Find the IP address of the next hop (router) for this destination.
 CASE-3: 
 The sender is a router and received a datagram destined for a host on another network.
 The router checks its routing table.
 Find the IP address of the next router.
 Use ARP to find the next router’s physical address. 
 CASE-4: 
 The sender is a router that has received a datagram destined for a host in the same network.
 Use ARP to find this host’s physical address. 
Note: An ARP request is broadcastand an ARP response is a Unicast. 

(c) List out the 3 types of Routing Protocol?

Ans.Routing is a process in which the layer 3 devices (either router or layer 3 switches) find the optimal path to
deliver a packet from one network to another. Dynamic routing protocols use metric, cost, and hop count to identify
the best path from the path available for the destination network. There are mainly 3 different classes of routing
protocols: 
1. Distance Vector Routing Protocol :
These protocols select the best path on the basis of hop counts to reach a destination network in a particular
direction. Dynamic protocol like RIP is an example of a distance vector routing protocol. Hop count is each router
that occurs in between the source and the destination network. The path with the least hop count will be chosen as
the best path.
2. 2. Link State Routing Protocol :
These protocols know more about Internetwork than any other distance vector routing protocol. These are also
known as SPF (Shortest Path First) protocol. OSPF is an example of link-state routing protocol. 
3. 3. Advanced Distance vector routing protocol :
It is also known as hybrid routing protocol which uses the concept of both distance vector and link-state routing
protocol. Enhanced Interior Gateway Routing Protocol (EIGRP)  is an example of this class of routing protocol.
EIGRP acts as a link-state routing protocol as it uses the concept of Hello protocol for neighbor discovery and
forming an adjacency. Also, partial updates are triggered when a change occurs. EIGRP acts as a distance-vector
routing protocol as it learned routes from directly connected neighbours.

(d) Explain transmission control protocol?

Ans.TCP (Transmission Control Protocol) is one of the main protocols of the Internet protocol suite. It lies between
the Application and Network Layers which are used in providing reliable delivery services. It is a connection-
oriented protocol for communications that helps in the exchange of messages between different devices over a
network. The Internet Protocol (IP), which establishes the technique for sending data packets between computers,
works with TCP.
Working of TCP

To make sure that each message reaches its target location intact, the TCP/IP model breaks down the data into small
bundles and afterward reassembles the bundles into the original message on the opposite end. Sending the
information in little bundles of information makes it simpler to maintain efficiency as opposed to sending
everything in one go. 
After a particular message is broken down into bundles, these bundles may travel along multiple routes if one route
is jammed but the destination remains the same.
For example, When a user requests a web page on the internet, somewhere in the world, the server processes that
request and sends back an HTML Page to that user. The server makes use of a protocol called the HTTP Protocol.
The HTTP then requests the TCP layer to set the required connection and send the HTML file.
Now, the TCP breaks the data into small packets and forwards it toward the Internet Protocol (IP) layer. The
packets are then sent to the destination through different routes.
The TCP layer in the user’s system waits for the transmission to get finished and acknowledges once all packets
have been received.

Features of TCP/IP

Some of the most prominent features of Transmission control protocol are

1. Segment Numbering System
 TCP keeps track of the segments being transmitted or received by assigning numbers to each and every
single one of them.
 A specific Byte Number is assigned to data bytes that are to be transferred while segments are
assigned sequence numbers.
 Acknowledgment Numbers are assigned to received segments.
2. Connection Oriented
 It means sender and receiver are connected to each other till the completion of the process.
 The order of the data is maintained i.e. order remains same before and after transmission.
3. Full Duplex
 In TCP data can be transmitted from receiver to the sender or vice – versa at the same time.
 It increases efficiency of data flow between sender and receiver. 
4. Flow Control
 Flow control limits the rate at which a sender transfers data. This is done to ensure reliable delivery.
 The receiver continually hints to the sender on how much data can be received (using a sliding window)
5. Error Control
 TCP implements an error control mechanism for reliable data transfer
 Error control is byte-oriented
 Segments are checked for error detection
 Error Control includes – Corrupted Segment & Lost Segment Management, Out-of-order segments,
Duplicate segments, etc.
6. Congestion Control
 TCP takes into account the level of congestion in the network
 Congestion level is determined by the amount of data sent by a sender
Advantages
 It is a reliable protocol.
 It provides an error-checking mechanism as well as one for recovery.
 It gives flow control.
 It makes sure that the data reaches the proper destination in the exact order that it was sent.
 Open Protocol, not owned by any organization or individual.
 It assigns an IP address to each computer on the network and a domain name to each site thus making
each device site to be distinguishable over the network.
(e) Define HTTP and FTP.
Ans.

What is FTP?

The term FTP is a short form for File Transfer Protocol. FTP is a type of internet standard that basically allows
different devices (computers) to upload as well as download data files on the internet. The FTP sites consist of various
types of files (images, video, texts, graphics, etc.). The FTP files came into existence when data security was not the
primary concern. FTP is now pretty old, and various news protocols have now replaced it.

The FTP provides support for two types of Transmission Control Protocols (TCP)- the first one is the data port or data
connection (port 20) for transferring files. The second one here is the command port or control connection (port 21)
for the authentication of the user.

What is HTTP?

The term HTTP is a short form for HyperText Transfer Protocol. HTTP is basically the backbone of the world wide
web (WWW). It is basically an internet standard that assists in the process of transferring various web pages all over
the internet. HTTP helps in defining how a web browser responds to all of its web requests.

All the web addresses of the web pages consist of a domain name and protocol along with their path to the main web
page. A majority of the web addresses consist of http:// in their respective URLs that show the HTTP protocol.

The working of HTTP is basically like the combined functions of SMTP and FTP. Also, HTTP makes use of the TCP.

Parameters FTP HTTP

Full-Form The term FTP is a short form for File The term HTTP is a short form for HyperText
Transfer Protocol. Transfer Protocol.

Meaning FTP refers to the set of rules that basically HTTP refers to a set of rules that determines
allows the process of uploading and the process of transfer of various web pages
downloading files from a computer to the over various computers present on the
internet. internet.

Support It provides support for the control It provides support for the connection of data.
connection as well as the data connection.

Use of TCP It makes use of the TCP. The FTP runs on It also makes use of the TCP. The HTTP runs
port 20 and port 21 of TCP. on port 80 of TCP.

Nature of URLs The URLs that use the FTP protocol begin The URLs that use the HTTP protocol begin
with FTP. with HTTP.
 Requirement of It always requires authentication. The HTTP requires no authentication.
Authentication

Efficiency of File It can easily transfer large files with chunks It is capable of efficiently transferring various
Transfer of data. small files.

Utilization of The computers that receive the transferred The files that a computer/ device receives
Computer Memory files via the internet save them in their over the internet do not get saved in its
memory. memory.

Maintenance of This protocol is not stateless. Thus, it This protocol is stateless in nature.
States maintains the state.

Type of Band HTTP provides support for an out-band FTP provides support for an in-band type of
Transfer type of transfer. transfer.

Uses We use FTP for downloading as well as We use HTTP for providing various web
uploading files between a server and a pages from the web browser to the web
client over the internet. server.

Type of TCP FTP makes use of a persistent connection of HTTP can easily make use of both- persistent
Connection TCP for its control connection and a non- as well as the non-persistent type of TCP
persistent one for its data connection. connection.

(a) List and Explain Different Networking Devices?

Ans. Network Devices: Network devices, also known as networking hardware, are physical devices that allow
hardware on a computer network to communicate and interact with one another. For example Repeater, Hub,
Bridge, Switch, Routers, Gateway, Brouter, and NIC, etc.
1. Repeater – A repeater operates at the physical layer. Its job is to regenerate the signal over the same network
before the signal becomes too weak or corrupted to extend the length to which the signal can be transmitted over
the same network. An important point to be noted about repeaters is that they not only amplify the signal but also
regenerate it. When the signal becomes weak, they copy it bit by bit and regenerate it at its star topology connectors
connecting following the original strength. It is a 2-port device. 
2. Hub –  A hub is a basically multi-port repeater. A hub connects multiple wires coming from different branches,
for example, the connector in star topology which connects different stations. Hubs cannot filter data, so data
packets are sent to all connected devices.  In other words, the collision domain of all hosts connected through Hub
remains one.  Also, they do not have the intelligence to find out the best path for data packets which leads to
inefficiencies and wastage. 
3. Bridge – A bridge operates at the data link layer. A bridge is a repeater, with add on the functionality of filtering
content by reading the MAC addresses of the source and destination. It is also used for interconnecting two LANs
working on the same protocol. It has a single input and single output port, thus making it a 2 port device.
4. Switch – A switch is a multiport bridge with a buffer and a design that can boost its efficiency(a large number of
ports imply less traffic) and performance. A switch is a data link layer device.  The switch can perform error
checking before forwarding data, which makes it very efficient as it does not forward packets that have errors and
forward good packets selectively to the correct port only.  In other words, the switch divides the collision domain of
hosts, but the broadcast domain remains the same. 
5. Routers – A router is a device like a switch that routes data packets based on their IP addresses. The router is
mainly a Network Layer device. Routers normally connect LANs and WANs and have a dynamically updating
 routing table based on which they make decisions on routing the data packets. The router divides the broadcast
domains of hosts connected through it.
6. Gateway – A gateway, as the name suggests, is a passage to connect two networks that may work upon different
networking models. They work as messenger agents that take data from one system, interpret it, and transfer it to
another system. Gateways are also called protocol converters and can operate at any network layer. Gateways are
generally more complex than switches or routers. A gateway is also called a protocol converter. 
7. Brouter – It is also known as the bridging router is a device that combines features of both bridge and router. It
can work either at the data link layer or a network layer. Working as a router, it is capable of routing packets across
networks and working as the bridge, it is capable of filtering local area network traffic. 
8. NIC – NIC or network interface card is a network adapter that is used to connect the computer to the network. It
is installed in the computer to establish a LAN.  It has a unique id that is written on the chip, and it has a connector
to connect the cable to it. The cable acts as an interface between the computer and the router or modem. NIC card is
a layer 2 device which means that it works on both the physical and data link layers of the network model.  
(b) Distinguish between Hub and Switch.
Ans

HUB SWITCH

While switch is operated on Data link layer of OSI

Hub is operated on Physical layer of OSI model.
Model.

While switch is a Unicast, multicast and broadcast type

Hub is a broadcast type transmission.
transmission.

Hub have 4/12 ports. While switch can have 24 to 48 ports.

While in switch, different ports have own collision

In hub, there is only one collision domain.
domain.

Hub is a half duplex transmission mode. While switch is a full duplex transmission mode.

In hub, Packet filtering is not provided. While in switch, Packet filtering is provided.

Hub cannot be used as a repeater. While switch can be used as a repeater.

Hub is not an intelligent device that sends message to While switch is an intelligent device that sends
all ports hence it is comparatively inexpensive. message to selected destination so it is expensive.

Hub is simply old type of device and is not generally While switch is very sophisticated device and widely
used. used.

Hacking of systems attached to hub is complex. Hacking of systems attached to switch is little easy.

Speed of original hub 10Mbps and modern internet hub

Maximum speed is 10Mbps to 100Mbps.
is 100Mbps.

Hubs are used in LANs. Switch is used in LANs.

Cheaper as compared to switch. Expensive as compared to HUB.

 (b) Briefly explain about VLANS?
Ans. Virtual LAN (VLAN) is a concept in which we can divide the devices logically on layer 2 (data link layer).
Generally, layer 3 devices divide the broadcast domain but the broadcast domain can be divided by switches using
the concept of VLAN. 
A broadcast domain is a network segment in which if a device broadcast a packet then all the devices in the same
broadcast domain will receive it. The devices in the same broadcast domain will receive all the broadcast packets
but it is limited to switches only as routers don’t forward out the broadcast packet. To forward out the packets to
different VLAN (from one VLAN to another) or broadcast domains, inter Vlan routing is needed. Through VLAN,
different small-size sub-networks are created which are comparatively easy to handle. 
VLAN ranges:
 VLAN 0, 4095: These are reserved VLAN which cannot be seen or used.
 VLAN 1: It is the default VLAN of switches. By default, all switch ports are in VLAN. This VLAN
can’t be deleted or edit but can be used.
 VLAN 2-1001: This is a normal VLAN range. We can create, edit and delete these VLAN.
 VLAN 1002-1005: These are CISCO defaults for fddi and token rings. These VLAN can’t be deleted.
 Vlan 1006-4094: This is the extended range of Vlan.

Some of the key features of VLANs include:

 VLAN tagging: VLAN tagging is a way to identify and distinguish VLAN traffic from other network
traffic. This is typically done by adding a VLAN tag to the Ethernet frame header.
 VLAN membership: VLAN membership determines which devices are assigned to which VLANs.
Devices can be assigned to VLANs based on port, MAC address, or other criteria.
 VLAN trunking: VLAN trunking allows multiple VLANs to be carried over a single physical link.
This is typically done using a protocol such as IEEE 802.1Q.
 VLAN management: VLAN management involves configuring and managing VLANs, including
assigning devices to VLANs, configuring VLAN tags, and configuring VLAN trunking.
Types of connections in VLAN –
There are three ways to connect devices on a VLAN, the type of connections are based on the connected devices i.e.
whether they are VLAN-aware(A device that understands VLAN formats and VLAN membership) or VLAN-
unaware(A device that doesn’t understand VLAN format and VLAN membership).
1. Trunk Link –
All connected devices to a trunk link must be VLAN-aware. All frames on this should have a special
header attached to it called tagged frames.
2. Access link –
It connects VLAN-unaware devices to a VLAN-aware bridge. All frames on the access link must be
untagged.
3. Hybrid link –
It is a combination of the Trunk link and Access link. Here both VLAN-unaware and VLAN-aware
devices are attached and it can have both tagged and untagged frames. 
(a) Explain ARP Packet format with Diagram.
Ans ARP is a communication mechanism that is used to translate a network address, such as an IP address, to a
physical (MAC) address on a local network. ARP packets are transmitted and received on a network to achieve
this mapping. An ARP packet’s format, also known as an ARP packet header, has numerous fields required to
describe the type of ARP message, the addresses being resolved, and other communication-related information.  
ARP Packet Format
The ARP packet format is used for ARP requests and replies and consists of multiple fields including hardware
type, protocol type, hardware and protocol size, operation, sender and target hardware, and IP addresses. These
fields work together to help devices on a network find and communicate with each other.
 (b)  

Hardware type: This is 16 bits field defining the type of the network on which ARP is running. Ethernet is
given type 1. 
Protocol type: This is 16 bits field defining the protocol. The value of this field for the IPv4 protocol is 0800H.
Hardware length: This is an 8 bits field defining the length of the physical address in bytes. Ethernet is the value
6.
Protocol length: This is an 8 bits field defining the length of the logical address in bytes. For the IPv4 protocol, the
value is 4.
Operation (request or reply): This is a 16 bits field defining the type of packet. Packet types are ARP request (1),
and ARP reply (2).
Sender hardware address: This is a variable length field defining the physical address of the sender. For example,
for Ethernet, this field is 6 bytes long.
Sender protocol address: This is also a variable length field defining the logical address of the sender For the IP
protocol, this field is 4 bytes long.
Target hardware address: This is a variable length field defining the physical address of the target. For Ethernet,
this field is 6 bytes long. For the ARP request messages, this field is all Os because the sender does not know the
physical address of the target.
Target protocol address: This is also a variable length field defining the logical address of the target. For the IPv4
protocol, this field is 4 bytes long.

(c) Discuss IP and ICMP Protocol.

Ans The ICMP stands for Internet Control Message Protocol. It is a network layer protocol. It is used for error
handling in the network layer, and it is primarily used on network devices such as routers. As different types of errors
can exist in the network layer, so ICMP can be used to report these errors and to debug those errors.

For example, some sender wants to send the message to some destination, but the router couldn't send the message to
the destination. In this case, the router sends the message to the sender that I could not send the message to that
destination.

The IP protocol does not have any error-reporting or error-correcting mechanism, so it uses a message to convey the
information. For example, if someone sends the message to the destination, the message is somehow stolen between
the sender and the destination. If no one reports the error, then the sender might think that the message has reached the
destination. If someone in-between reports the error, then the sender will resend the message very quickly.
Position of ICMP in the network layer

The ICMP resides in the IP layer, as shown in the below diagram.

Messages

The ICMP messages are usually divided into two categories:

o Error-reporting messages

The error-reporting message means that the router encounters a problem when it processes an IP packet then it reports
a message.

o Query messages

The query messages are those messages that help the host to get the specific information of another host. For example,
suppose there are a client and a server, and the client wants to know whether the server is live or not, then it sends the
ICMP message to the server.

ICMP Message Format

The message format has two things; one is a category that tells us which type of message it is. If the message is of
error type, the error message contains the type and the code. The type defines the type of message while the code
defines the subtype of the message.

The ICMP message contains the following fields:

 o Type: It is an 8-bit field. It defines the ICMP message type. The values range from 0 to 127 are defined for
ICMPv6, and the values from 128 to 255 are the informational messages.
o Code: It is an 8-bit field that defines the subtype of the ICMP message
o Checksum: It is a 16-bit field to detect whether the error exists in the message or not.

(d) Differentiate between IPV4 and IPV6..

Ans

IPv4 IPv6

IPv4 has a 32-bit address length IPv6 has a 128-bit address length

It Supports Manual and DHCP address

It supports Auto and renumbering address configuration
configuration

In IPv4 end to end, connection integrity is

In IPv6 end-to-end, connection integrity is Achievable
Unachievable

The address space of IPv6 is quite large it can produce

It can generate 4.29×109 address space
3.4×1038 address space

The Security feature is dependent on the

IPSEC is an inbuilt security feature in the IPv6 protocol
application

Address representation of IPv4 is in decimal Address Representation of IPv6 is in hexadecimal

Fragmentation performed by Sender and

In IPv6 fragmentation is performed only by the sender
forwarding routers

In IPv4 Packet flow identification is not In IPv6 packet flow identification are Available and uses the
available flow label field in the header

In IPv4 checksum field is available In IPv6 checksum field is not available

In IPv6 multicast and anycast message transmission scheme is

It has a broadcast Message Transmission Scheme
available
IPv4 IPv6

In IPv4 Encryption and Authentication facility In IPv6 Encryption and Authentication are provided 
not provided  

IPv6 has a header of 40 bytes fixed 

IPv4 has a header of 20-60 bytes.
 

IPv4 can be converted to IPv6 Not all IPv6 can be converted to IPv4

IPv4 consists of 4 fields which are separated by

IPv6 consists of 8 fields, which are separated by a colon (:)
addresses dot (.)

IPv4’s  IP addresses are divided into five

different classes. Class A , Class B, Class C, IPv6 does not have any classes of the IP address.
Class Da , Class E.

IPv4 supports VLSM(Variable Length subnet

IPv6 does not support VLSM.
mask).

Example of IPv6:
Example of IPv4:  66.94.29.13
2001:0000:3238:DFE1:0063:0000:0000:FEFB

Que (a) Explain IP Header format in Detail?

 IPv4 short for Internet Protocol Version 4 is the fourth version of the Internet Protocol (IP).
 IP is responsible to deliver data packets from the source host to the destination host.
 This delivery is solely based on the IP Addresses in the packet headers.
 IPv4 is the first major version of IP.
 IPv4 is a connectionless protocol for use on packet-switched networks.
IPv4 Header-
 
The following diagram represents the IPv4 header-
1. Version-
 
 Version is a 4 bit field that indicates the IP version used.
 The most popularly used IP versions are version-4 (IPv4) and version-6 (IPv6).
 Only IPv4 uses the above header.
 So, this field always contains the decimal value 4.
NOTES
It is important to note-
 Datagrams belonging to different versions have different structures.
 So, they are parsed differently.
 IPv4 datagrams are parsed by version-4 parsers.
 IPv6 datagrams are parsed by version-6 parsers.
2. Header Length-
 
 Header length is a 4 bit field that contains the length of the IP header.
 It helps in knowing from where the actual data begins.
 
Minimum And Maximum Header Length-
 
 The length of IP header always lies in the range-
[20 bytes , 60 bytes]

 
 The initial 5 rows of the IP header are always used.
 So, minimum length of IP header = 5 x 4 bytes = 20 bytes.
 The size of the 6th row representing the Options field vary.
 The size of Options field can go up to 40 bytes.
 So, maximum length of IP header = 20 bytes + 40 bytes = 60 bytes.
Concept of Scaling Factor-
 
 Header length is a 4 bit field.
 So, the range of decimal values that can be represented is [0, 15].
 But the range of header length is [20, 60].
 So, to represent the header length, we use a scaling factor of 4.
 
3. Type Of Service-
 
 Type of service is a 8 bit field that is used for Quality of Service (QoS).
 The datagram is marked for giving a certain treatment using this field.
 
4. Total Length-
 Total length is a 16 bit field that contains the total length of the datagram (in bytes).
 

Total length = Header length + Payload length

 
 Minimum total length of datagram = 20 bytes (20 bytes header + 0 bytes data)
 Maximum total length of datagram = Maximum value of 16 bit word = 65535 bytes
 
5. Identification-
 
 Identification is a 16 bit field.
 It is used for the identification of the fragments of an original IP datagram.
 
When an IP datagram is fragmented,
 Each fragmented datagram is assigned the same identification number.
 This number is useful during the re assembly of fragmented datagrams.
 It helps to identify to which IP datagram, the fragmented datagram belongs to.
 
6. DF Bit-
 
 DF bit stands for Do Not Fragment bit.
 Its value may be 0 or 1.
 
When DF bit is set to 0,
 It grants the permission to the intermediate devices to fragment the datagram if required.
When DF bit is set to 1,
 It indicates the intermediate devices not to fragment the IP datagram at any cost.
 If network requires the datagram to be fragmented to travel further but settings does not allow its
fragmentation, then it is discarded.
 An error message is sent to the sender saying that the datagram has been discarded due to its settings.
 
7. MF Bit-
 
 MF bit stands for More Fragments bit.
 Its value may be 0 or 1.
 
When MF bit is set to 0,
 It indicates to the receiver that the current datagram is either the last fragment in the set or that it is the only
fragment.
When MF bit is set to 1,
 It indicates to the receiver that the current datagram is a fragment of some larger datagram.
 More fragments are following.
 MF bit is set to 1 on all the fragments except the last one.
 
8. Fragment Offset-
 
 Fragment Offset is a 13 bit field.
 It indicates the position of a fragmented datagram in the original unfragmented IP datagram.
 The first fragmented datagram has a fragment offset of zero.
9. Time To Live-
 
 Time to live (TTL) is a 8 bit field.
 It indicates the maximum number of hops a datagram can take to reach the destination.
 The main purpose of TTL is to prevent the IP datagrams from looping around forever in a routing loop.
he value of TTL is decremented by 1 when-
 Datagram takes a hop to any intermediate device having network layer.
 Datagram takes a hop to the destination.
 
If the value of TTL becomes zero before reaching the destination, then datagram is discarded.
10. Protocol-
 Protocol is a 8 bit field.
 It tells the network layer at the destination host to which protocol the IP datagram belongs to.
 In other words, it tells the next level protocol to the network layer at the destination side.
 Protocol number of ICMP is 1, IGMP is 2, TCP is 6 and UDP is 17.
 

Why Protocol Number Is A Part Of IP Header?

 
Consider-
 An IP datagram is sent by the sender to the receiver.
 When datagram reaches at the router, it’s buffer is already full.
 
In such a case,
 Router does not discard the datagram directly.
 Before discarding, router checks the next level protocol number mentioned in its IP header.
 If the datagram belongs to TCP, then it tries to make room for the datagram in its buffer.
 It creates a room by eliminating one of the datagrams having lower priority.
 This is because it knows that TCP is a reliable protocol and if it discards the datagram, then it will be sent
again by the sender.
 The order in which router eliminate the datagrams from its buffer is-
ICMP > IGMP > UDP > TCP
 
If protocol number would have been inside the datagram, then-
 Router could not look into it.
 This is because router has only three layers- physical layer, data link layer and network layer.
11. Header Checksum-
 
 Header checksum is a 16 bit field.
 It contains the checksum value of the entire header.
 The checksum value is used for error checking of the header.
 
At each hop,
 The header checksum is compared with the value contained in this field.
 If header checksum is found to be mismatched, then the datagram is discarded.
 Router updates the checksum field whenever it modifies the datagram header.
 
The fields that may be modified are-
1. TTL
2. Options
3. Datagram Length
4. Header Length
5. Fragment Offset

12. Source IP Address-
 
 Source IP Address is a 32 bit field.
 It contains the logical address of the sender of the datagram.
 
13. Destination IP Address-
 
 Destination IP Address is a 32 bit field.
 It contains the logical address of the receiver of the datagram.
 
14. Options-
 
 Options is a field whose size vary from 0 bytes to 40 bytes.
 This field is used for several purposes such as-
1. Record route
2. Source routing
3. Padding
 

or

 Version: the first field tells us which IP version we are using, only IPv4 uses this header so you will always
find decimal value 4 here.
 Header Length: this 4 bit field tells us the length of the IP header in 32 bit increments. The minimum length
of an IP header is 20 bytes so with 32 bit increments, you would see value of 5 here. The maximum value we
can create with 4 bits is 15 so with 32 bit increments, that would be a header length of 60 bytes. This field is
also called the Internet Header Length (IHL).
 Type of Service: this is used for QoS (Quality of Service). There are 8 bits that we can use to mark the packet
which we can use to give the packet a certain treatment. You can read more about this field in my  IP
precedence and DSCP lesson.
 Total Length: this 16-bit field indicates the entire size of the IP packet (header and data) in bytes. The
minimum size is 20 bytes (if you have no data) and the maximum size is 65.535 bytes, that’s the highest value
you can create with 16 bits.
 Identification: If the IP packet is fragmented then each fragmented packet will use the same 16 bit
identification number to identify to which IP packet they belong to.
 IP Flags: These 3 bits are used for fragmentation:
o The first bit is always set to 0.
o The second bit is called the DF (Don’t Fragment) bit and indicates that this packet should not be
fragmented.
o The third bit is called the MF (More Fragments) bit and is set on all fragmented packets except the
last one.
 Fragment Offset: this 13 bit field specifies the position of the fragment in the original fragmented IP packet.
 Time to Live: Everytime an IP packet passes through a router, the time to live field is decremented by 1.
Once it hits 0 the router will drop the packet and sends an ICMP time exceeded message to the sender. The
time to live field has 8 bits and is used to prevent packets from looping around forever (if you have a routing
loop).
 Protocol: this 8 bit field tells us which protocol is enapsulated in the IP packet, for example TCP has value 6
and UDP has value 17.
 Header Checksum: this 16 bit field is used to store a checksum of the header. The receiver can use the
checksum to check if there are any errors in the header.
 Source Address: here you will find the 32 bit source IP address.
 Destination Address: and here’s the 32 bit destination IP address.
  IP Option: this field is not used often, is optional and has a variable length based on the options that were
used. When you use this field, the value in the header length field will increase. An example of a possible
option is “source route” where the sender requests for a certain routing path.

(b) The contents of IGMP message in Hexadecimal notation are

1100 EE EF 00 00 00 answer the following questions.
i) Write the type?
ii) Identify the checksum?
iii) Tell a group ID?

Que Compare ICMPV4 and ICMPV6.

ICMPv4 Message ICMPv6 Equivalent
Destination Unreachable-Network Unreachable (Type 3, Destination Unreachable-No Route to Destination (Type 1,
Code 0) Code 0)
Destination Unreachable-Host Unreachable (Type 3, Destination Unreachable-Address Unreachable (Type 1,
Code 1) Code 3)
Destination Unreachable-Protocol Unreachable (Type 3, Parameter Problem-Unrecognized Next Header Type
Code 2) Encountered (Type 4, Code 1)
Destination Unreachable-Port Unreachable (Type 3,
Destination Unreachable-Port Unreachable (Type 1, Code 4)
Code 3)
Destination Unreachable-Fragmentation Needed and DF
Packet Too Big (Type 2, Code 0)
Set (Type 3, Code 4) (as specified in RFC 1191)
Destination Unreachable-Communication with
Destination Unreachable-Communication with Destination
Destination Host Administratively Prohibited (Type 3,
Administratively Prohibited (Type 1, Code 1)
Code 10)
Source Quench (Type 4, Code 0) This message is not present in IPv6.
Neighbor Discovery Redirect message (Type 137, Code 0).
Redirect (Type 5, Code 0)
For more information, see Chapter 6, "Neighbor Discovery."
Time Exceeded-TTL Exceeded in Transit (Type 11, Time Exceeded-Hop Limit Exceeded in Transit (Type 3,
Code 0) Code 0)
Time Exceeded-Fragment Reassembly Time Exceeded Time Exceeded-Fragment Reassembly Time Exceeded
(Type 11, Code 1) (Type 3, Code 1)
Parameter Problem (Type 12, Code 0) Parameter Problem (Type 4, Code 0 or Code 2)
 (a) Explain RARP in detail?
The Reverse Address Resolution Protocol (RARP) is a networking protocol that is used to map a physical (MAC)
address to an Internet Protocol (IP) address. It is the reverse of the more commonly used Address Resolution
Protocol (ARP), which maps an IP address to a MAC address.
RARP was developed in the early days of computer networking as a way to provide IP addresses to diskless
workstations or other devices that could not store their own IP addresses. With RARP, the device would broadcast
its MAC address and request an IP address, and a RARP server on the network would respond with the
corresponding IP address.
While RARP was widely used in the past, it has largely been replaced by newer protocols such as DHCP (Dynamic
Host Configuration Protocol), which provides more flexibility and functionality in assigning IP addresses
dynamically. However, RARP is still used in some specialized applications, such as booting embedded systems and
configuring network devices with pre-assigned IP addresses.
RARP is abbreviation of Reverse Address Resolution Protocol which is a protocol based on computer
networking which is employed by a client computer to request its IP address from a gateway server’s Address
Resolution Protocol table or cache. The network administrator creates a table in gateway-router, which is used
to map the MAC address to corresponding IP address. 
This protocol is used to communicate data between two points in a server. The client doesn’t necessarily need
prior knowledge the server identities capable of serving its request. Media Access Control (MAC)
addresses requires individual configuration on the servers done by an administrator. RARP limits to the serving
of IP addresses only. 
When a replacement machine is set up, the machine may or might not have an attached disk that may
permanently store the IP Address so the RARP client program requests IP Address from the RARP server on the
router. The RARP server will return the IP address to the machine under the belief that an entry has been setup
within the router table. 
Working of RARP : 
The RARP is on the Network Access Layer and is employed to send data between two points in a very network.  
Each network participant has two unique addresses:- IP address (a logical address) and MAC address (the physical
address). 
The IP address gets assigned by software and after that the MAC address is constructed into the hardware.  
The RARP server that responds to RARP requests, can even be any normal computer within the network. However,
it must hold the data of all the MAC addresses with their assigned IP addresses. If a RARP request is received by
the network, only these RARP servers can reply to it. The info packet needs to be sent on very cheap layers of the
network. This implies that the packet is transferred to all the participants at the identical time. 
The client broadcasts a RARP request with an Ethernet broadcast address and with its own physical address. The
server responds by informing the client its IP address. 
Que Briefly explain about RTP?
Ans A protocol is designed to handle real-time traffic (like audio and video) of the Internet, is known as  Real Time
Transport Protocol (RTP). RTP must be used with UDP. It does not have any delivery mechanism like
multicasting or port numbers. RTP supports different formats of files like MPEG and MJPEG. It is very sensitive to
packet delays and less sensitive to packet loss. History of RTP : This protocol is developed by Internet
Engineering Task Force (IETF) of four members:
1. S. Casner (Packet Design)
2. V. Jacobson (Packet Design)
3. H. Schulzrinne (Columbia University)
4. R. Frederick (Blue Coat Systems Inc.)
RTP is first time published in 1996 and known as RFC 1889. And next it published in 2003 with name of RFC
3550. Applications of RTP :
1. RTP mainly helps in media mixing, sequencing and time-stamping.
2. Voice over Internet Protocol (VoIP)
3. Video Teleconferencing over Internet.
4. Internet Audio and video streaming.
RTP Header Format : The diagram of header format of RTP packet is shown below:
The header format of RTP is very simple and it covers all real-time applications. The explanation of each field of
header format is given below:
 Version : This 2-bit field defines version number. The current version is 2.
1. P – The length of this field is 1-bit. If value is 1, then it denotes presence of padding at end
of packet and if value is 0, then there is no padding.
2. X – The length of this field is also 1-bit. If value of this field is set to 1, then its indicates an
extra extension header between data and basic header and if value is 0 then, there is no
extra extension.
3. Contributor count – This 4-bit field indicates number of contributors. Here maximum
possible number of contributor is 15 as a 4-bit field can allows number from 0 to 15.
4. M – The length of this field is 1-bit and it is used as end marker by application to indicate
end of its data.
5. Payload types – This field is of length 7-bit to indicate type of payload. We list
applications of some common types of payload.
6. Sequence Number – The length of this field is 16 bits. It is used to give serial numbers to
RTP packets. It helps in sequencing. The sequence number for first packet is given a
random number and then every next packet’s sequence number is incremented by 1. This
field mainly helps in checking lost packets and order mismatch.
7. Time Stamp – The length of this field is 32-bit. It is used to find relationship between
times of different RTP packets. The timestamp for first packet is given randomly and then
time stamp for next packets given by sum of previous timestamp and time taken to produce
first byte of current packet. The value of 1 clock tick is varying from application to
application.
8. Synchronization Source Identifier – This is a 32-bit field used to identify and define the
source. The value for this source identifier is a random number that is chosen by source
itself. This mainly helps in solving conflict arises when two sources started with the same
sequencing number.
9. Contributor Identifier – This is also a 32-bit field used for source identification where
there is more than one source present in session. The mixer source use Synchronization
source identifier and other remaining sources (maximum 15) use Contributor identifier.
 (c) Explain the various error- reporting messages of IGMP.
Ans

Types of Error Reporting messages

The error reporting messages are broadly classified into the following categories:

o Destination unreachable

The destination unreachable error occurs when the packet does not reach the destination. Suppose the sender sends the
message, but the message does not reach the destination, then the intermediate router reports to the sender that the
destination is unreachable.

The above diagram shows the message format of the destination unreachable message. In the message format:

Type: It defines the type of message. The number 3 specifies that the destination is unreachable.

Code (0 to 15): It is a 4-bit number which identifies whether the message comes from some intermediate router or the
destination itself.

Note: If the destination creates the destination unreachable message then the code could be either 2 or 3.

Sometimes the destination does not want to process the request, so it sends the destination unreachable message to the
source. A router does not detect all the problems that prevent the delivery of a packet.

o Source quench

There is no flow control or congestion control mechanism in the network layer or the IP protocol. The sender is
concerned with only sending the packets, and the sender does not think whether the receiver is ready to receive those
packets or is there any congestion occurs in the network layer so that the sender can send a lesser number of packets,
so there is no flow control or congestion control mechanism. In this case, ICMP provides feedback, i.e., source
quench. Suppose the sender resends the packet at a higher rate, and the router is not able to handle the high data rate.
To overcome such a situation, the router sends a source quench message to tell the sender to send the packet at a lower
rate.
The above diagram shows the message format of the source quench message. It is a type 4 message, and code is zero.

Note: A source quench message informs the sender that the datagram has been discarded due to the congestion
occurs in the network layer.

So, the sender must either stop or slow down the sending of datagrams until the congestion is reduced. The router
sends one source-quench message for each datagram that is discarded due to the congestion in the network layer.

o Time exceeded

Sometimes the situation arises when there are many routers that exist between the sender and the receiver. When the
sender sends the packet, then it moves in a routing loop. The time exceeded is based on the time-to-live value. When
the packet traverses through the router, then each router decreases the value of TTL by one. Whenever a router
decreases a datagram with a time-to-live value to zero, then the router discards a datagram and sends the time
exceeded message to the original source.

Each of the MAC layers has different data units. For example, some layers can handle upto 1500 data units, and some
can handle upto 300 units. When the packet is sent from a layer having 1500 units to the layer having 300 units, then
the packet is divided into fragments; this process is known as fragmentation. These 1500 units are divided into 5
fragments, i.e., f1, f2, f3, f4, f5, and these fragments reach the destination in a sequence. If all the fragments are not
reached to the destination in a set time, they discard all the received fragments and send a time-exceeded message to
the original source.

In the case of fragmentation, the code will be different as compared to TTL. Let's observe the message format of time
exceeded.

The above message format shows that the type of time-exceeded is 11, and the code can be either 0 or 1. The code 0
represents TTL, while code 1 represents fragmentation. In a time-exceeded message, the code 0 is used by the routers
to show that the time-to-live value is reached to zero.

The code 1 is used by the destination to show that all the fragments do not reach within a set time.

Parameter problems

The router and the destination host can send a parameter problem message. This message conveys that some
parameters are not properly set.
The above diagram shows the message format of the parameter problem. The type of message is 12, and the code can
be 0 or 1.

When the packet is sent, then the routing table is gradually augmented and updated. The tool used to
achieve this is the redirection message. For example, A wants to send the packet to B, and there are two
routers exist between A and B. First, A sends the data to the router 1. The router 1 sends the IP packet to
router 2 and redirection message to A so that A can update its routing table.

(a) Describe real time traffic over the internet.

Ans.

(b) Discuss the term IGMP with neat Diagram?

AnsIGMP is acronym for Internet Group Management Protocol. IGMP is a communication protocol used by
hosts and adjacent routers for multicasting communication with IP networks and uses the resources efficiently to
transmit the message/data packets. Multicast communication can have single or multiple senders and receivers and
thus, IGMP can be used in streaming videos, gaming or web conferencing tools. This protocol is used on IPv4
networks and for using this on IPv6, multicasting is managed by Multicast Listener Discovery (MLD). Like other
network protocols, IGMP is used on network layer. MLDv1 is almost same in functioning as IGMPv2 and MLDv2
is almost similar to IGMPv3. The communication protocol, IGMPv1 was developed in 1989 at Stanford University.
IGMPv1 was updated to IGMPv2 in year 1997 and again updated to IGMPv3 in year 2002. 
Applications:
 Streaming – Multicast routing protocol are used for audio and video streaming over the network i.e.,
either one-to-many or many-to-many.
 Gaming – Internet group management protocol is often used in simulation games which has multiple
users over the network such as online games.
 Web Conferencing tools – Video conferencing is a new method to meet people from your own
convenience and IGMP connects to the users for conferencing and transfers the message/data packets
efficiently.
Types: There are 3 versions of IGMP. These versions are backward compatible. Following are the versions of
IGMP: 1. IGMPv1 : The version of IGMP communication protocol allows all the supporting hosts to join the
multicast groups using membership request and include some basic features. But, host cannot leave the group on
their own and have to wait for a timeout to leave the group. The message packet format in IGMPv1:
  
 Version – Set to 1.
 Type – 1 for Host Membership Query and Host Membership Report.
 Unused – 8-bits of zero which are of no use.
 Checksum – It is the one’s complement of the sum of IGMP messages.
 Group Address – The group address field is zero when sent and ignored when received in membership
query message. In a membership report message, the group address field takes the IP host group address
of the group being reported.
2. IGMPv2 : IGMPv2 is the revised version of IGMPv1 communication protocol. It has added functionality of
leaving the multicast group using group membership. The message packet format in IGMPv2:

 
Type:
0x11 for Membership Query
0x12 for IGMPv1 Membership Report
0x16 for IGMPv2 Membership Report
0x22 for IGMPv3 Membership Report
0x17 for Leave Group
 Max Response Time – This field is ignored for message types other than membership query. For
membership query type, it is the maximum time allowed before sending a response report. The value is
in units of 0.1 seconds.
 Checksum – It is the one’s complement of the sum of IGMP message.
 Group Address – It is set as 0 when sending a general query. Otherwise, multicast address for group-
specific or source-specific queries.
3. IGMPv3 : IGMPv2 was revised to IGMPv3 and added source-specific multicast and membership report
aggregation. These reports are sent to 224.0.0.22. The message packet format in IGMPv3:
   
 Max Response Time – This field is ignored for message types other than membership query. For
membership query type, it is the maximum time allowed before sending a response report. The value is
in units of 0.1 seconds.
 Checksum – It is the one’s complement of the one’s complement of the sum of IGMP message.
 Group Address – It is set as 0 when sending a general query. Otherwise, multicast address for group-
specific or source-specific queries.
 Resv – It is set zero of sent and ignored when received.
 S flag – It represents Suppress Router-side Processing flag. When the flag is set, it indicates to suppress
the timer updates that multicast routers perform upon receiving any query.
 QRV – It represents Querier’s Robustness Variable. Routers keeps on retrieving the QRV value from
the most recently received query as their own value until the most recently received QRV is zero.
 QQIC – It represents Querier’s Query Interval Code.
 Number of sources – It represents the number of source addresses present in the query. For general
query or group-specific query, this field is zero and for group-and-source-specific query, this field is
non-zero.
 Source Address[i] – It represents the IP unicast address for N fields.
Working: IGMP works on devices that are capable of handling multicast groups and dynamic multicasting. These
devices allows the host to join or leave the membership in the multicast group. These devices also allows to add and
remove clients from the group. This communication protocol is operated between host and local multicast router.
When a multicast group is created, the multicast group address is in range of class D (224-239) IP addresses and is
forwarded as destination IP address in the
packet. 

L2 or Level-2 devices such as switches are used in between host and multicast router for IGMP snooping. IGMP
snooping is a process to listen to the IGMP network traffic in controlled manner. Switch receives the message from
host and forwards the membership report to the local multicast router. The multicast traffic is further forwarded to
remote routers from local multicast routers using PIM (Protocol Independent Multicast) so that clients can receive
the message/data packets. Clients wishing to join the network sends join message in the query and switch intercepts
the message and adds the ports of clients to its multicast routing table. 
Advantages:
 IGMP communication protocol efficiently transmits the multicast data to the receivers and so, no junk
packets are transmitted to the host which shows optimized performance.
 Bandwidth is consumed totally as all the shared links are connected.
 Hosts can leave a multicast group and join another.
Disadvantages:
 It does not provide good efficiency in filtering and security.
 Due to lack of TCP, network congestion can occur.
 IGMP is vulnerable to some attacks such as DOS attack (Denial-Of-Service).