1. TCP/IP Is About to Celebrate Its 30Th Anniversary

More TCP/IP

1. TCP/IP is about to celebrate its 30th anniversary.

Vinton G. Cerf and Robert E. Kahn. "A Protocol for Packet-Network

Interconnection." IEEE Transactions on Communications, May 1974.

2. IP Packet (see , September 1981)

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

|Version| IHL |Type of Service| Total Length |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Identification |Flags| Fragment Offset |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Time to Live | Protocol | Header Checksum |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Source Address |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Destination Address |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| TCP header, then your data ...... |

| |

3. IPv6 Packet (see , December

1998 which superseded rfc1883.txt, December 1995)

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

|Version| Traffic Class | Flow Label |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Payload Length | Next Header | Hop Limit |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| |

+ +

| |

+ Source Address +

| |

+ +

| |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| |

+ +

| |

+ Destination Address +

| |

+ +

| |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

4. Router arithmetic. If a router receives a continuous stream of 500-bit

TCP/IP packets on a 10-gigabit link, it must forward a packet every

50 nanoseconds. In making the forwarding decision, the router must find the

routing table entry that is the “best match” to the destination IP address.

Network Netmask Next hop

128.10.196.0/16) 255.255.0.0 10.0.0.87

128.10.197.0/20 255.255.240.0 10.0.0.32

128.10.198.0/22 255.255.252.0 10.0.0.56

128.10.198.0/24 255.255.255.0 10.0.0.33

128.10.200.0/24 255.255.255.0 10.0.0.12

128.10.201.0/25 255.255.255.128 10.0.0.87

To what next hop should a packet with IP address 128.10.199.64 be forwarded?

5. TCP/IP ASSUMES THAT ALL PACKET LOSSES IN A NETWORK ARE DUE TO CONGESION

(rather than packet corruption or misrouting). When buffers in routers

become full, routers silently discard packets.

6. Network congestion control. TCP relies on voluntary behavior by end systems

to avoid network congestion. End systems use an AIMD (Additive Increase,

Multiplicative Decrease) to limit transmission rate. The following is an

oversimplification.

As long as no packets are lost (no timeouts), slowly increase

transmission rate (Additive Increase):

a. Send out a "block" of 1 packet and wait for the ack.

b. Send out a "block" of 2 packets and wait for the acks.

c. Send out a "block" of 3 packets and wait for the acks.

d. Send out a "block" of 4 packets and wait for the acks.

e. Send out a "block" of 5 packets and wait for the acks.

...

p. send out a "block of 16 packets and wait for the acks.

If packet losses (timeout) occur, rapidly decrease transmission rate

(multiplicative decrease).

a. If timeout occurs on one or more packets in the block of

16 above, retransmit lost packets and then send out a

block of 8 new packets.

b. If timeout occurs on one or more packets in block of 8,

retransmit and then send out a block of 4 new packets.

c. If timeout occurs on one or more packets in block of 4,

retransmit and then send out a block of 2 new packets.

7. No congestion control on UDP traffic. Under heavy congestion, "bad" UPD

traffic could drive "good" TCP traffic to zero. To prevent this, routers

limit UDP traffic (e.g. when congestion occurs, limit UDP to 5o percent

of the total).

1. "Cookies" are small files that an HTTP server stores on a client computer.

HTTP is a "stateless" protocol (the server does not remember previous

requests from a client). Cookies are used to track the pages that you

visit, create shopping baskets, etc.

2. Cookies can be created in a variety of ways. This example uses JavaScript.

If you request the web page:

your browser makes a TCP connection to port 80 on astro.temple.edu and sends

a request similar to the following:

GET /~stafford/lanwatch/cookie.html HTTP/1.1

Host: astro.temple.edu

3. The web server on astro responds with the following web page containing a

JavaScript statement (document.cookie=...)requesting the creation of a

cookie:

HTTP/1.1 200 OK

Date: Sat, 03 Jan 2004 17:10:05 GMT

Last-Modified: Sat, 03 Jan 2004 17:08:03 GMT

Content-Length: 709

Content-Type: text/html

<html>

<head>

document.cookie="History=GotCookiePage;

expires=Fri, 28-Feb-2004 00:00:00 GMT";

</SCRIPT>

</head>

<body>

This web page creates a cookie "History=GotCookiePage" using

JavaScript. Use "View -> Source" to see the JavaScript statement.

Use the search command on your computer to see if you can find

a file containing the string "GotCookiePage".

If you later get a different web page from the same directory

(e.g.

your browser will send the cookie "History=GotCookiePage"

back to the server.

</body>

</html>

4. Because of the "document.cookie" statement, you browser creates a file (the

cookie) that contains (vertical bars added):

History|GotCookiePage|astro.temple.edu/~stafford/lanwatch/...

5. If you return to the site and get another web page from the same directory,

such as

your browser automatically includes the cookie as part of the request:

GET /~stafford/lanwatch/short.html HTTP/1.1

Host: astro.temple.edu

Cookie: History=GotCookiePage

6. As a result, the http server at astro.temple.edu can track the pages that

you visit in the /~stafford/lanwatch directory. By using additional

parameters when the cookie is created, astro can ask that the cookie be

returned:

a. For any page requested in the /~stafford/lanwatch directory (the default)

b. For any page requested in any /~stafford directory or subdirectory

c. For any page requested from unix.temple.edu.

d. For any page requested from the temple.edu domain.

7. Third party cookies. If you point your browser at

DealTime returns a web page that asks your browser to create a "DealTime"

cookie. However, the returned web page also contains JavaScript that

generates the following HTML statement:

<img src="

When you load the web page from DealTime you also load the picture from

DoubleClick. When your browser requests the picture from DoubleClick,

DoubleClick asks your browser to create a DoubleClick cookie. Because this

cookie request was generated by a third party (not the client or the

server), it is called a "third party" cookie.

The downloaded image is an advertisement for Dell computers. If you click

on the image, your load the web page The Dell web page sets

its own "Dell" cookie but, using the image trick, allows DoubleClick to add

another "third party" cookie to your growing collection of cookies. Now

DealTime can only retrieve DealTime cookies, and Dell can only retrieve Dell

cookies, but DoubleClick can retrieve both is its DoublClick cookies and

"track" your movement from DealTime to Dell (and to any other DealTime

client site).

8. Pop-up adds can be hazardous to your privacy.

E-MAIL

1. The following shows the Mail headers for an E-mail advertisement I recently

received. (Note the strange encoding of the subject - iso-8859-1 is the

Latin1 (8-bit ASCII) character code.

Return-Path: <>

Received: from po-smtp2.temple.edu (po-smtp2.temple.edu [155.247.166.196])

by po-c.temple.edu (Mirapoint Messaging Server MOS 3.3.7-GR)

with ESMTP id AGB58998;

Wed, 31 Dec 2003 12:15:31 -0500 (EST)

Received: from micronet.fr (a80-126-213-57.adsl.xs4all.nl [80.126.213.57])

by po-smtp2.temple.edu (Mirapoint Messaging Server MOS 3.3.7-GR)

with ESMTP id ARA22108;

Wed, 31 Dec 2003 12:15:30 -0500 (EST)

To:

MIME-Version: 1.0

Message-ID: <462b01c3cfc1$1de35e8a$f4ada92b@2d9txt9>

From: "Augustus D. Chambers" <>

Subject: =?iso-8859-

1?b?Q29tZSBnZXQgeW91ciBwcmVzY3JpcHQvaW9ucywgT25saW5lIQ==?=

Date: Wed, 31 Dec 2003 17:13:09 +0000

Content-Type: multipart/alternative;

boundary="----=_NextPart_000_0123_ABF2B8CA.6D74120E"

2. The mail body is more interesting. It is basically a hyperlink (between

the <A> and </A> tags) containing an image. If you click on the image, the

<A> tag will load the default web page from and pass

the server the string “rid=1098”. By using a different string in each mail

message, it is easy to determine which E-mail recipients have “clicked” on

the image. It is not quit so obvious that, by using different names for the

image (e.g. <IMG src=" it is possible

to determine which recipients have read (or even just previewed) the E-mail.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<HTML>

<HEAD>

</HEAD>

<BODY>

From: Augustus D. Chambers [

Sent: Wednesday, December 31, 2003 12:13 PM

To:

Subject: Come get your prescript/ions, Online!

</A>

</CENTER>

</BODY>

</HTML>

History of the Internet

Feb 1966 - Bob Taylor, Director of Information Processing Techniques Office

(IPTO) at the Advanced Research Projects Agency (ARPA) secures one

million dollars to build an experimental "packet" network.

Jul 1968 - Larry Roberts finishes the ARPAnet RFP.

Dec 1968 - Contract awarded to BBN (Bolt, Beranek and Newman) of Cambridge,

Mass.

Sep 1969 - First IMP (Interface Message Processor) installed at UCLA.

Dec 1969 - Four node ARPANet (UCLA, SRI (Stanford Research Institute), UC Santa

Barbara, and the University of Utah with 50-kilobit links.

1972 - Ray Tomlinson at BBN combines a mail program (for user on a single

machine) with a file transfer program for computers on a network and

invents E-mail (including the name@host form for an address).

1973 - Three fourths of all traffic on ARPAnet is E-mail.

May 1973 - Three megabit Ethernet successfully demonstrated at Xerox PARC.

at the Net at the University of Hawaii.

May 1974 - Paper by Vinton Cerf and Bob Kahn describe what would evolve into

TCP/IP. The great innovation was to shift the responsibility for

reliability from the network (the IMP's and the Network Control

Protocol) to the end systems.

Mar 1978 - Decision made to divide TCP into TCP and IP. IP contains only the

information that routers need to be aware of.

1979 - A total of 61 APRANET sites, but only 15 located at Universities.

1981 - CSNET (Computer Science research NETwork) built with funds from NSF

to provide network services to computer science faculty with no

connection to ARPAnet.

Sep 1981 - First IBM PC delivered.

1982 - SUN founded to produce workstations based on Berkeley Unix. Ethernet

hardware and TCP/IP software are included.

Jan 1983 - Arpanet switches from IMPs and the Network Control Program to

TCP/IP.

1983 - The 113 ARPANET nodes split into two networks with 45 remaining on

ARPANET and 68 going to MILNET.

1985 - Five supercomputer centers connected by an NSF backbone. Any

regional network such as PREPNet (Pennsylvania Research and Economic

Partnership Network) that could connect to a supercomputer center

was welcome to use the backbone (and its connection to ARPANET and

other networks).

1988 - OSI protocol stack complete. Adopted by most national governments

(including the US) and most major computer manufacturers (IBM, DEC,

and HP)

1988 - NSF backbone upgraded to T1 (1.544mb/s) speeds.

1989 - ARPANET dies as the remain nodes are connected to NSFNet.

1990 - Tim Berners Lee creates the World Wide Web by developing URL's,

HTTP, and HTML at CERN in Switzerland.

Jun 1992 - Congressman Rick Boucher submits an amendment to the NSF act of

1950 to allow commercial use of the Internet.

1993 - Mosaic browser developed by Mark Andreessen and others at

the University of Illinois at Urbana-Champaign (UIUC). Within

a year two million people are using it to access "web pages"

over the Internet.

Oct 1994 - Beta version of Netscape Navigator (a Mosaic clone) released to

the Internet. Within 18 months the installed base grew to 65

million users.

May 1995 - Bill Gates writes his famous memo, "The Coming Internet Tidal Wave".