Prof.

Zhou Li Intro to Computer Networks

Spring 2024 EECS148/CompSci132

Homework 2.2
Due on Apr 30, 11:59 PM, PT

1. (12 Points) HTTP

Assume that you want to click on a link to obtain a Web page. The IP address for this
link is not cached in your local host, so a DNS lookup is necessary to obtain the IP address
corresponding to that link. Suppose that n DNS servers are visited before your host receives
the IP address from DNS. The successive visits incur an RTT of RT T1 ,..., RT Tn . Further
suppose that the Web page contains one object(e.g. base file) but referencing 12 other objects
on the same server, like images, audio, etc. Let RT T0 denote the RTT between the local host
and the server containing objects above. Also assume that average distance from the host
to a server is 500Km. Assuming zero transmission time of the objects, how much time
elapses when the client clicks on the link until the client receives all the objects with:

(a) Non-persistent connection without parallel TCP connection

(b) Non-persistent connection with 4 parallel TCP connections
(c) Persistent connection without pipelining
(d) Persistent connection with pipelining

Tota amount of time to

get an
EP address is
RTT + RTTc +-- --RTTh

Also we need RTTo for setup the TCP and another RTTo for
connection
,
and
request receive the
objects .

(9)
-

= RTTIRTTzt -..
- RTTn + 26 RTTo

(b) 4 parrallel
/2
F =
3

RTTItRTTz + -..
- RTTh + I RTTo +. 2 S RTTo - .

=
RTTIRTTz + ...
- RTTh + SRTTo

2
:It is persistent
.

in we don't have to close the TCP

request connection
: RTTIRTTI -..
- RTTh + IRTTof 12RTTo
=
RTTI + RTTz + + RTTh + -

14 RtTo
d) - pipelining
,

i RTT , + RTTz +. -fRTTa + IRTTo + RTTo .

c RTTI + RTTz +. -

+ RTTn + 3 RTTo
.

1
2. (11 Points) HTTP/1.1 v.s. HTTP/2
Assume that a webpage consists of an HTML file (http://www.uci.edu/index.html), one
video, and one image. The laptop initiating the request does not initially know the IP
address of www.uci.edu, necessitating a DNS query to the local DNS server as the first step.
The Round-Trip Time (RTT) between the laptop and the local DNS server is denoted as
RT TD , assuming the local DNS server has the cached record of www.uci.edu. Let RT Tcs be
the RTT between the laptop and the UCI webserver. The HTML file is small enough that its
transmission delay is negligible. The video is large, requiring 4 TCP segments (each of the
maximum segment size, MSS Bytes), and the image that follows fits into 2 TCP segments.
The transmission delay for each segment of the video and image is 41 ·RT Tcs . The transmission
delays for all other messages are considered negligible.
Assumptions:

• No packet loss occurs during the transmission.

• Ignore the e↵ects of TCP window scaling.
• Ignore any processing delays.
• All TCP segments are of either negligible or maximum (MSS) size, as specified.

Questions:

(a) Below is a detailed table illustrating all DNS, HTTP, and TCP messages exchanged from
the moment the domain www.uci.edu is resolved (t1 ). Assume HTTP/1.1 is used, with
persistent HTTP and pipelining. Please calculate the time intervals, and fill in the table
below.

Table 1: Timing of DNS, HTTP, and TCP Messages

Time Interval Event Description
t1 DNS Query to local DNS server
t , +RTTD DNS Response received (IP resolved)
(same as above) tit RTTis HTTP GET Request for HTML file
t , + RTTD + RTTcs HTTP Response (HTML file received)
+ It RTTp + RTTcs HTTP GET Requests for Video and Image (pipelined)
ti + RTTp + RTTcs + #RTTcs Video segment 1 received
t + RTTh + RTTcs +
RITes
Video segment 2 received
- + RTTD + RTTcs
, + ERTTc
Video segment 3 received
ti + RTTp + RTTcs + RTTCs Video segment 4 received
t +RTTp RTTcs Image segment 1 received
i
, + RTTcs +
+ Rites

to RTTo RTTcs + RTTcs

+ + Rites
+ Image segment 2 received
(same as above) tit RTTp + 5 RTT 2 .
Webpage fully loaded and displayed
<S

(b) If we change HTTP/1.1 to HTTP/2, and assume each TCP segment fits a frame, what
are the durations for the video and the image to be downloaded?

We take the time for downloading video as Ol for image

,
as 02
.

GRTTcs + #RTTcs + #RTTcs + #RTTcs + #RTTcs + #RTTcs

01 =
= E RITy

O2 GRTTcs + #RTTcs + #RTTcs + #RITcs

=
RTTc =

/
3. (10 Points) SMTP and Phishing Email Analysis
Review the following raw SMTP source file of an email. Analyze the headers and the content
to answer the questions below.

Received: from mail.example.com (mail.example.com [192.0.2.1])

by recipient.mailserver.com with ESMTPS id 1234abcd
for <john.doe@recipient.com>; Wed, 18 Apr 2024 09:00:00 +0000 (UTC)
Date: Wed, 18 Apr 2024 08:50:00 +0000 a) host name : "mail example , com" ,

From: Jane Doe <jane.doe@example.com>

To: John Doe <john.doe@recipient.com>
Subject: Meeting Reminder Ipaddi
Protocol Secure"
com" Server
"Extended Simplean
.
a
using
Message-ID: <CA1234@examaple.com> Transfer with identifier"1234abed"
this email is intended sent to
MIME-Version: 1.0 recipient "John doe aprecipient, com" ,

on "Wed 10 Apr
and this email is
Content-Type: text/plain; charset="utf-8"
Il
accepted by server
20269 00 : 00 ,
:

Content-Transfer-Encoding: quoted-printable + ooo

(UTC)
Hello John,

Just a reminder about our meeting scheduled for 20th April 2024 at 10:00 AM.
Please let me know if you need to reschedule.
b) the email
Best, clearly
, We
use the time email was accepted by server , subtracts sent

Jane by the client , it happened in same

day same time zone , so 9 : 00 : 00 -
8: 50 : 00

mightthe “Received”delay quene It might be block in

10 min due to the in server
(a) What information can delay
= It .
.

you derive from header about the path taken by either server
this email? of sender and recipient.
(b) Compare the timestamps in the “Received” headers and the “Date” header. What can
you infer about the delay in email transmission?
(c) What is the content type of the email?
(2) the content
type
The following is another rawof
the email is "text/plain"
charset is ,

SMTP source file of an email. However, this email is suspected

"nef-8"
for encoding thetext
.

to be a phishing attempt. Analyze the headers and the content to answer the questions below
and identify any red flags that might suggest it is a phishing email.

Received: from unknown (HELO mail.example.net) ([198.51.100.2])

by recipient.mailserver.com with SMTP; Thu, 19 Apr 2024 12:30:00 +0000
Return-Path: <accounts@example.com>
Received: from [203.0.113.5] (port=587 helo=mail.phishy.net)
by mail.example.net with esmtpsa (TLS1.2) id 5678efgh
for <john.doe@recipient.com>; Thu, 19 Apr 2024 12:20:00 +0000
Date: Thu, 19 Apr 2024 12:20:00 +0000
From: Example Support <support@example.com>
To: John Doe <john.doe@recipient.com>
Subject: Urgent Security Alert for Your Account
Message-ID: <CB5678@phishy.net>
MIME-Version: 1.0
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWw+DQo8aGVhZD48dGl0bGU+QWNjb3VudCBTZWN1cm
l0eSBOb3RpY2U8L3RpdGxlPjwvaGVhZD4NCjxib2R5Pg0K
PHA+RGVhciBKb2huLA0KPHA+V2UgaGF2ZSBkZXRlY3RlZC
B1bnVzdWFsIGFjdGl2aXR5IGluIHlvdXIgYWNjb3VudCBh
bmQgdXJnZW50bHkgcmVxdWlyZSB5b3UgdG8gdXBkYXRlIH
lvdXIgcGFzc3dvcmQgaW1tZWRpYXRlbHkuIFBsZWFzZSBj

3
bGljayBvbiB0aGUgbGluayBiZWxvdyB0byBjb25maXJtIH
lvdXIgaWRlbnRpdHk6IDxhIGhyZWY9Imh0dHA6Ly9tYWx3
YXJlLmV4YW1wbGUuY29tIj5DbGljayBIZXJlPC9hPjwvc
D4NCjxwPlRoYW5rIHlvdSw8YnI+RXhhbXBsZSBTdXBwb3
J0IFRlYW08L3A+DQo8L2JvZHk+DQo8L2h0bWw+

(d) What discrepancies or unusual patterns can you spot in the “Received” headers that
might suggest this email is not legitimate?
(e) The email body includes HTML content encoded in base64, and we have decoded the
content shown below. What red flags are associated with the hyperlink?
<html>
<head><title>Account Security Notice</title></head>
<body>
<p>Dear John,</p>
<p>We have detected unusual activity in your account
and urgently require you to update your password immediately.
Please click on the link below to confirm your identity:
<a href="http://malware.example.com">Click Here</a></p>
<p>Thank you,<br>Example Support Team</p>
</body>
</html>

i 1 "from unknown" , and IP address doesn't match withthe email address

2
. The return path is somewhat differentfrom the address
3
. "mail example com" and "mail net" in two received headers
phishy
, ,
,
,

are inconsistent
4 It uses different server and different protocols,

(e) the link of "http : //malware example com" is suspicious ,

the text of "Click here" is the emails

typical phishing

4
 Des -max[in]
>

Dpzp > max[n , En ?

4. (12 Points) P2P and CS Amin
F 25x10 Mbits Ms 30Mbps 1
= . 5
Mbps = =

Suppose there is a task of distributing a file of F = 25 Gbits to N peers using both a server
and a peer-to-peer (P2P) distribution method. The server has an upload rate of us = 30
Mbps, and each peer has a download rate of di = 1.5 Mbps and an upload rate of u. For
various values of N and u:

• Peer upload rates, u = 600 Kbps, 800 Kbps, and 1.2 Mbps.
• Number of peers, N = 20, 200, 2000.

(a) Calculate and chart the minimum distribution time (keep 3 significant digits) for each
combination of N and u for both client-server and P2P distribution. Your chart should
follow the example chart below:

Table 2: Example Chart

# Peers (N) Peer Upload Rate (u, Mbps) Client-Server Time (hrs) P2P Distribution Time (hrs)
20 0.6 4 62, 4 67.

20 0.8 9 62 - 462
20 1.2 4
. 62 462
200 0.6 46, 2
9 . 25

200 0.8 46 . 2 7130

200 1.2 46 : 2 5 . 14
462 11 2
2000 0.6 .

2000 0.8 462 8 .

51

5 71
2000 1.2 482 .

(b) Discuss how changes in the number of peers and their upload rates a↵ect the overall
distribution time and network load. In particular, why P2P model is more efficient
when the number of peers increase?
As number increases, the PrP distribution time will increase but increases
peer ,
slower than Client-Server Time .
And as peer upload rate increase , the distribution
time decreases the load decrease
/

In PrD network which means

every peer contributes bandwidth to system ,
,

that the internet has more to deal with download &

capacity · upload
When
N is large , pup is more
efficient ,
let's telle Peer Upload Rate = 0 . 6 , for ESTime
,
it increase from 62hree 46 2hrs 462hrs Increase from
4 : . +
,
as N 2 - 200 + 2000
,
but PrP
time increase from 4062 his - 925hrs 12 hrs which shows obvious
73 When encounter
+ ,
advantage over
large amount
of number of people-

Alse , The scatability of PrP enables it to

bring more service
capacity as .
well

5
5. (15 Points) DNS
You are provided with the output of a dig command query for the domain “srv.qifanz.com”.
Analyze the provided dig result and answer the questions below.

; <<>> DiG 9.18.18-0ubuntu0.22.04.2-Ubuntu <<>> srv.qifanz.com

;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49886
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;srv.qifanz.com. IN A

;; ANSWER SECTION:
srv.qifanz.com. 300 IN CNAME qifanz-srv.dsp-lab.eng.uci.edu.
qifanz-srv.dsp-lab.eng.uci.edu. 43200 IN A 128.195.180.83

;; AUTHORITY SECTION:
uci.edu. 43200 IN NS ns2.service.uci.edu.
uci.edu. 43200 IN NS ns1.service.uci.edu.

;; ADDITIONAL SECTION:
ns1.service.uci.edu. 43200 IN A 128.200.1.201
ns2.service.uci.edu. 43200 IN A 128.200.192.202

;; Query time: 7 msec

;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Fri Apr 19 00:06:38 PDT 2024
;; MSG SIZE rcvd: 179

(a) To resolve “srv.qifanz.com”, how many levels of name servers are involved during the
recursive resolution process?
(b) Is this query transmitted over TCP or UDP?
(c) What type of DNS record was queried for “srv.qifanz.com”? Is it an alias or canonical
name? If it is an alias name, what is the canonical name and what is the IP address
associated with the canonical name?
(d) Identify the name servers in the dig result. Which domain they are authoritative for?
What is the TTL for those results? Discuss the significance of the TTL values found in
the ANSWER and AUTHORITY sections.
(e) What is the query time about this DNS query?
1)
gifanz comNS
I

2 : roofNSt . comNs + .

(b) In OPT PSEUDOSECTION , it shows it was transmitted by UpP.

(2) In Question section , the type type , and it is an alias
is A name , the
canonical name of that is
gifanz-stu dsp-lab eng uni edu
. , . , .

And from the next line have for gifanz-stu dsp-lab eng
which means the "value" is the
, we 6 A
type - , , uni edu
c
,

IP address 128 195 180 83

: : . .
(d) Let's focus on the
Authority section , NS-type DNS record is
present here
.

meaning the value is hostname of authoritative name server for this domain.
U Is

So the server name is use. service , uci edu

. and "ns1 service , uciede".

And these two hostnames of servers are authoritative to "ucicedu" S

the time in DNS cache is

the TTL is 43200 (S) .
(Name has shorter TTL ,
showing ,
short

volatile information The TTL ip has

showing it was
to be predicted as .
answers
significant difference
Since TTL means the time that record can be stored
than that in
authority .
answer section ,
the
in Cache : where as the TTL in
"Authority" section pertains to mapping info of domain
name to its authoritative name servers
.

e) time imsec
query ,
: