CS75 Network Protocols
David Morgan
Santa Monica College



Grade reports

Course outline

General Information

RFC lookup

Linux links

Remote Unix access with

TCP/IP Pocket
Reference Guide
 - IPv4 version
 - IPv6 version

netcat Pocket Reference Guide

TCP/IP - Intro to the IP Protocols

"ip" command doc

Network calculators:
  here's one
  and another

IP addresses

IP packet delivery

MAC address assignments

Sockets: socket programming

Sockets: sample programs
 - letter-upgrader server
 - letter-upgrader's client

 - upper-echoback server
 - client for echo-back server

 - web (file-send) server
 - client for file-send server


Fundamental Unix Commands

Fedora vs Enterprise

vi - the Visual Editor

tcpdump filters

Sockets: socket programming

Sockets: sample programs
 - letter-upgrader server
 - letter-upgrader's client

 - upper-echoback server
 - client for echo-back server

 - web (file-send) server
 - client for file-send server

DNS - various resources

Slide presentations

Technical overview:


Nuts & bolts

More nuts, more bolts


Interfaces & Routes

IP Addresses

Suites & layers

Protocol interrlationships

Point-to-point protocol

Ethernet, a protocol example

ARP address resolution

proxy ARP


packet injection - hping




nmap - port scanner



udp protocol

tcp protocol

Networks: services

Networks: sockets

Port forwarding methods


Apache (web server)

HTTP protocol

BIND (name server)

DNS protocol

dhcpd (address server)

DHCP protocol

DHCP denial-or-service

IP-over-IP tunneling

Samba (MS fileshare client) 

SMB (MS fileshare) protocol



socket demo



Section 1653 10:00am-12:05pm Sat Bus 263

This Website (http://homepage.smc.edu/morgan_david/cs75/cs75.htm) will be used to communicate with you. Announcements, grade reports, and assignments will be posted here. The site can be viewed from an internet-connected browser anywhere. You are responsible for awareness of the information posted here.

Final - will be posted here. (6/14)

Heartbleed demo - from the "know-how" show on twit.tv, one of many shows there. The demo starts at about the 45-minute mark in the video. (And your host is actually a priest.) (6/14)

Projects due - in class June 7. (5/29)

TCP congestion control


Benjamin Franklin - questionably attributable quotations
 - if you trade liberty for security you'll have neither
 - 3 people can keep a secret if 2 of them are dead (5/17)

Scholarship opportunity - full time student, computer security orientation, app deadline June 15. (5/16)

Homework - course outline
 - section 8 homework, Steve Gibson podcasts on tcp, rfc2011 framing shortcomings
 -  section 12 reading, textbook on tcp
 - section 12 homework, online simulation and lecture (5/17)

TCP-related reading posted - currently in course outline section 12. These are the sections about the TCP topics I want us to discuss. (5/10)

I captured a zero-window segment! - what are zero-window segments for?? You heard about them when you listened to the talks in the course outline's section 8 homework. (5/5)

Remaining quick project talks - from the "back row" guys. The guys who didn't talk 2 weeks ago and we forgot to have them talk last Saturday. Let's do that this coming Saturday. (5/5)

Use of the fork( ) system function without accompanying exec( ) to allow concurrent servers:

"There are two typical uses of fork:

"A process makes a copy of itself so that one copy can handle one operation while the other copy does another task. This is typical for network servers....

"A process wants to execute another program. Since the only way to create a new process is by calling fork, the process first calls fork to make a copy of itself, and then one of the copies (typically the child process) calls exec ... to replace itself with the new program. This is typical for programs such as shells."

   UNIX Network Programming, Stevens, Fenner, Rudoff, Addison-Wesley, 2004

Instructional emphasis is usually on the second use, where there is an exec( ) function call in the mix, along with the fork( ). But sometimes, you actually want the child to be a copy of the parent unchanged in terms of its code, not some other program. Network servers that want to be able to honor/handle/process multiple "hits" are a good example. They are programmed to be so-called concurrent, rather than iterative:

With concurrent service every connection gets its own process; and since you can have multiple processes, you can have multiple connections. All clients at the other ends of these connections will be receiving service simultaneously. Most real-world network servers are concurrent. When a website is being visited by five visitors for example, there are six copies of the serving program (perhaps apache). One program, six processes. Five of them are doing whatever the server does, for a single client. The other one is waiting (blocked at the accept( ) call) to hear from a further client that might ring the doorbell. (4/11)

No class meeting April 19 - have a good spring break. See you April 26. (4/11)

Project status reports - on April 26 give a 5 minute status report to the class telling what you have done. (4/11)

Birth of the internet - at UCLA's Boelter Hall room 3420. Here, of optional and casual interest (but hey! it's interesting!) is a BBC radio interview about it (first 9 minutes). (4/9)

A survey - whose purpose is to help us improve the computer science department.
The survey is available through Friday, April 11 at midnight. Please take the survey if you care to. (4/5)

Hacker volunteers sought by L.A. Hacks, for big confab at UCLA in 2 weeks. (4/2)

We will talk about TFTP - trivial file transfer protocol, as its name suggests, is a minimalistic protocol for file transfer. It is an application layer protocol, and employs UDP as its underlying transport protocol. It is not the protocol of choice for transferring files. The reasons for studying it are 1) it is simple enough that you can look at a capture of it and know what your looking at, so it serves as a good sample to represent protocols generally, and 2) it has some features that presage those we will see in TCP and other more complicated protocols. (3/30)

I wonder - how many plans have gone bad?
                 what happens when a UDP client talks to a server that isn't there??
                 what happens when a TCP client talks to a server that isn't there???
Do you? (3/29)

Homework - do the reading in course outline section 6 about ICMP. (3/29)

3 protocols of increasing complexity. We showed the first one in the slides last Saturday. It assumes a perfect world. Non-stop sending and receiving and nothing ever goes wrong. Second protocol provides that after sending, sender refrain from sending further until what was just send gets an acknowledgement from the receiver. Third protocol has sender and receiver count and label each item sent, sender retransmitting anything that doesn't get a timely  acknowledgement and receiver discarding possible duplicates (receiving a second copy of an item already received and handled). This is the protocol that was the basis of our discussion of state diagrams last Saturday (though our state diagram for this protocol included only the 4 states that are part of "ordinary" operation, none of those that represent "extraordinary" circumstances like a timeout or receipt of a duplicate. (3/23)

Homework - see the Homework column of section 5 of the course outline.

New items added to course outline - I call your attention to section 5. There are 2 in-class exercises, one for point-to-point protocol and one for proxy arp. We will do those, in part or whole, next class. There is also a proxy-arp homework that will be assigned this coming Saturday for you to do over the following week. (3/19)

pppd catpure file - please see the now-posted capture file showing what happens during establishment of a point-to-point protocol link, as done in class last Saturday. Find the link to the capture file in the Homework column of the course outline's section 4. (3/17)

Material related to SNMP (simple network management protocol) provided by Vincent Leveque.

 - a slide presentation from Vincent
 - a slide presentation summarizing SNMP from Cisco 
 - a tool "SNMP object navigator"
 - some lab instructions
 - a capture file (zipped))

Vincent will talk about SNMP in class March 29. (3/16)

Homework and amended course outline for this week - see the additions made after today's class meeting in the Reading and Homework columns, section 3. Revisit the Reading links about netcat in section 1. Note there are multiple versions of netcat and variants not all syntax-identical! See the netcat cheat sheet. (3/8)

Class projects - please choose a provisional topic. Be prepared to state verbally what it is in class 3/15, and turn in a more detailed write-up to me on 3/22.

I personally am interested in learning about a few things maybe somebody would like to pursue:

GlusterFS - it's a distributed file system. That is, it integrates and presents as a single filesystem some filesystem pieces that are physically here-and-there on various computers. What about the way communication is done so as to be able to make it look unitary?? That's a protocol question. The non-protocol aspects of Gluser are also interesting and suitable for a project.

scapy - "Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more." Play with it and tell us about it if you are interested.

socat - it's a little multipurpose relay !! it's a netcat++ !! What's that?? A couple of examples here

decrypting encrypted traffic with Wireshark - after class last week I saw a Wireshark menu option labeled "decode" and concluded that it does not mean decrypt but rather analytically break down the fields for meaningful display. If Wireshark, or anything else, were free to decrypt encrypted data then it wouldn't be encrypted. However, I believe Wireshark, like anything else, can decrypt traffic given the key. So if it's your traffic (you have the symmetric key, or the private key) you can equip Wireshark to decrypt it and display it, and Wireshark can do that. I think. Want to investigate? 


Homework - see Homework column of course outline section 2. (3/7)

Homework - some reading and another tool to look at
read - textbook chapters 1 and 3. Much of this is review of topics covered in CS70, with elaboration.
 Chapter 1 - a good review of network architecture and operation as embodied in:

Chapter 3 - the link layer, starring ethernet. Read sections 3.1-3.4 (stopping at p 102); 3.7-3.8; 3.10-03.11
tool - do your own research on netcat (nc). Start here:
 slides, at link entitled "netcat" below left, which we will discuss

Textbook author Richard Stevens' sock program, for linux - this downloadable binary version seems to work. This site offers an updated version in source code form. (9/16)

Sample network used for examples in Stevens first edition:

Class projects - later in the semester I will ask you to choose a protocol or technology that interests you, define some related project, do it, and embody the result in a presentation to the class and/or write-up of some kind. It's loose. I don't want to be specific, either about topic nor scale. You please be specific, once you think about something you want to learn. Don't do a project that will be just schoolwork to you. Make it something that you think is cool. (Do you like zigbee?) These are user-defined projects.

If you are interested in what projects students chose when this class was taught in Summer 2008 there is information about it on the website for that class. It remains online at


See the entry entitiled "Project topics" dated 7/21. Start thinking about what you like now.

Procedures for using class laptops

A Remote Unix system is available for your use.

Using ssh (secure shell). ssh is an important tool you will use for interacting with remote computers. For that you will need an ssh client. There are a number of ssh client alternatives.

Running linux at home.



ethernet header ip header tcp header

Here are some headers, and here they are again.


No wireless access in the classroom - to our class LAN. Our LAN is wired-only. It contains no wireless access point and the provided laptops used in class are not configured to operate as wireless clients. Though there is a wireless network signal found in the classroom, it connects elsewhere to a different, unrelated network that limits users to using http (that is, browsing) and nothing more. Your own device connected to that LAN won't be able to participate in activities performed on the class LAN by the provided laptops. Feel free to connect your own device to the foreign LAN if you are seeking an http avenue to the web as opposed to the internet. That is often sufficient and useful. However do not ask questions about that LAN any more than you would about the one in your favorite coffee-house, library, airport, shopping mall, basement, or office. For class, they are urelated and unsupported.

Welcome - you may view (almost) all of the presentations shown in class via the links to them as pdf files at the bottome of the column at left. See also the brief class syllabus, at the link entitled "Syllabus," upper left. The textbook is identified there. Its first 2 chapters relate to the first night's discussion. Please read them before next week. The next topic, fundamental commands, is the subject of Chapter 4. Please preview them.



Eniac - 1946

Milestone in the history of computation

Did you get the 'L'?


data link:
Point-to-point protocol










echo (port 7)

discard (port 9)

chargen (port 19)

security protocols:
ssh - secure shell

ppp over ssh





(to be formally assigned individually; consider them unassigned till then)

ethernet frames

MAC addresses

tcpdump/wireshark (in-class)

capture arp/ping session (in-class)

wireshark sniffer

tcpdump filters

install "sock"

netcat -simple

enable xinetd protocols


"arp" and "arping"

port behavior

packet injection with hping

tcp dataflow tracking

xinetd (in-class)

nmap scanner

port-forward  lab (in class)