Computer Networks and the Internet Chapter 1 PDF

Summary

This chapter provides a broad overview of computer networks and the Internet. It covers basic hardware and software components, end systems, network applications, and the core of a computer network. It also explores topics such as delay, loss, and throughput of data, protocol layering, and service models.

Full Transcript

CHAPTER 1
Computer
Networks and
the Internet
Today’s Internet is arguably the largest engineered system ever created by mankind,
with hundreds of millions of connected computers, communication links, and
switches; with billions of users who connect via laptops, tablets, and smartphones;
and with an array of new Internet-connected “things” including game consoles, sur-
veillance systems, watches, eye glasses, thermostats, and cars. Given that the Inter-
net is so large and has so many diverse components and uses, is there any hope of
understanding how it works? Are there guiding principles and structure that can
provide a foundation for understanding such an amazingly large and complex sys-
tem? And if so, is it possible that it actually could be both interesting and fun to
learn about computer networks? Fortunately, the answer to all of these questions is
a resounding YES! Indeed, it’s our aim in this book to provide you with a modern
introduction to the dynamic field of computer networking, giving you the princi-
ples and practical insights you’ll need to understand not only today’s networks, but
tomorrow’s as well.
This first chapter presents a broad overview of computer networking and the
Internet. Our goal here is to paint a broad picture and set the context for the rest
of this book, to see the forest through the trees. We’ll cover a lot of ground in this
introductory chapter and discuss a lot of the pieces of a computer network, without
losing sight of the big picture.
We’ll structure our overview of computer networks in this chapter as follows.
After introducing some basic terminology and concepts, we’ll first examine the basic
hardware and software components that make up a network. We’ll begin at the net-
work’s edge and look at the end systems and network applications running in the
network. We’ll then explore the core of a computer network, examining the links
31
31

M01_KURO5469_08_GE_C01.indd 31 08/05/2021 13:49
 32 CHAPTER 1 COMPUTER NETWORKS AND THE INTERNET

and the switches that transport data, as well as the access networks and physical
media that connect end systems to the network core. We’ll learn that the Internet is
a network of networks, and we’ll learn how these networks connect with each other.
After having completed this overview of the edge and core of a computer net-
work, we’ll take the broader and more abstract view in the second half of this chap-
ter. We’ll examine delay, loss, and throughput of data in a computer network and
provide simple quantitative models for end-to-end throughput and delay: models
that take into account transmission, propagation, and queuing delays. We’ll then
introduce some of the key architectural principles in computer networking, namely,
protocol layering and service models. We’ll also learn that computer networks are
vulnerable to many different types of attacks; we’ll survey some of these attacks and
consider how computer networks can be made more secure. Finally, we’ll close this
chapter with a brief history of computer networking.

1.1 What Is the Internet?
In this book, we’ll use the public Internet, a specific computer network, as our prin-
cipal vehicle for discussing computer networks and their protocols. But what is the
Internet? There are a couple of ways to answer this question. First, we can describe
the nuts and bolts of the Internet, that is, the basic hardware and software components
that make up the Internet. Second, we can describe the Internet in terms of a network-
ing infrastructure that provides services to distributed applications. Let’s begin with
the nuts-and-bolts description, using Figure 1.1 to illustrate our discussion.

1.1.1 A Nuts-and-Bolts Description
The Internet is a computer network that interconnects billions of computing devices
throughout the world. Not too long ago, these computing devices were primarily
traditional desktop computers, Linux workstations, and so-called servers that store
and transmit information such as Web pages and e-mail messages. Increasingly,
however, users connect to the Internet with smartphones and tablets—today, close
to half of the world’s population are active mobile Internet users with the percentage
expected to increase to 75% by 2025 [Statista 2019]. Furthermore, nontraditional
Internet “things” such as TVs, gaming consoles, thermostats, home security systems,
home appliances, watches, eye glasses, cars, traffic control systems, and more are
being connected to the Internet. Indeed, the term computer network is beginning to
sound a bit dated, given the many nontraditional devices that are being hooked up to
the Internet. In Internet jargon, all of these devices are called hosts or end systems.
By some estimates, there were about 18 billion devices connected to the Internet in
2017, and the number will reach 28.5 billion by 2022 [Cisco VNI 2020].

M01_KURO5469_08_GE_C01.indd 32 08/05/2021 13:49
 1.1 WHAT IS THE INTERNET? 33

National or
Global ISP

Mobile Network

Datacenter Network

Datacenter Network

Local or
Home Network Regional ISP
Content Provider Network

Enterprise Network
Key:

Host Server Mobile Router Link-layer Base Smartphone Cell phone
(= end system) Computer switch station or tablet tower

Datacenter Workstation Traffic light Thermostat Fridge

Figure 1.1 ♦ Some pieces of the Internet

M01_KURO5469_08_GE_C01.indd 33 08/05/2021 13:49
 34 CHAPTER 1 COMPUTER NETWORKS AND THE INTERNET

End systems are connected together by a network of communication links and
packet switches. We’ll see in Section 1.2 that there are many types of communica-
tion links, which are made up of different types of physical media, including coaxial
cable, copper wire, optical fiber, and radio spectrum. Different links can transmit
data at different rates, with the transmission rate of a link measured in bits/second.
When one end system has data to send to another end system, the sending end system
segments the data and adds header bytes to each segment. The resulting packages
of information, known as packets in the jargon of computer networks, are then sent
through the network to the destination end system, where they are reassembled into
the original data.
A packet switch takes a packet arriving on one of its incoming communication
links and forwards that packet on one of its outgoing communication links. Packet
switches come in many shapes and flavors, but the two most prominent types in
today’s Internet are routers and link-layer switches. Both types of switches forward
packets toward their ultimate destinations. Link-layer switches are typically used in
access networks, while routers are typically used in the network core. The sequence
of communication links and packet switches traversed by a packet from the send-
ing end system to the receiving end system is known as a route or path through
the network. Cisco predicts annual global IP traffic will reach nearly five zettabytes
(1021 bytes) by 2022 [Cisco VNI 2020].
Packet-switched networks (which transport packets) are in many ways
similar to transportation networks of highways, roads, and intersections (which
transport vehicles). Consider, for example, a factory that needs to move a large
amount of cargo to some destination warehouse located thousands of kilometers
away. At the factory, the cargo is segmented and loaded into a fleet of trucks.
Each of the trucks then independently travels through the network of highways,
roads, and intersections to the destination warehouse. At the destination ware-
house, the cargo is unloaded and grouped with the rest of the cargo arriving
from the same shipment. Thus, in many ways, packets are analogous to trucks,
communication links are analogous to highways and roads, packet switches are
analogous to intersections, and end systems are analogous to buildings. Just as
a truck takes a path through the transportation network, a packet takes a path
through a computer network.
End systems access the Internet through Internet Service Providers (ISPs),
including residential ISPs such as local cable or telephone companies; corpo-
rate ISPs; university ISPs; ISPs that provide WiFi access in airports, hotels, cof-
fee shops, and other public places; and cellular data ISPs, providing mobile access
to our smartphones and other devices. Each ISP is in itself a network of packet
switches and communication links. ISPs provide a variety of types of network access
to the end systems, including residential broadband access such as cable modem
or DSL, high-speed local area network access, and mobile wireless access. ISPs
also provide Internet access to content providers, connecting servers directly to
the Internet. The Internet is all about connecting end systems to each other, so the

M01_KURO5469_08_GE_C01.indd 34 08/05/2021 13:50
 1.1 WHAT IS THE INTERNET? 35

ISPs that provide access to end systems must also be interconnected. These lower-
tier ISPs are thus interconnected through national and international upper-tier ISPs
and these upper-tier ISPs are connected directly to each other. An upper-tier ISP
consists of high-speed routers interconnected with high-speed fiber-optic links. Each
ISP network, whether upper-tier or lower-tier, is managed independently, runs the
IP protocol (see below), and conforms to certain naming and address conventions.
We’ll examine ISPs and their interconnection more closely in Section 1.3.
End systems, packet switches, and other pieces of the Internet run protocols that
control the sending and receiving of information within the Internet. The Transmission
Control Protocol (TCP) and the Internet Protocol (IP) are two of the most impor-
tant protocols in the Internet. The IP protocol specifies the format of the packets
that are sent and received among routers and end systems. The Internet’s principal
protocols are collectively known as TCP/IP. We’ll begin looking into protocols in
this introductory chapter. But that’s just a start—much of this book is concerned with
networking protocols!
Given the importance of protocols to the Internet, it’s important that everyone
agree on what each and every protocol does, so that people can create systems and
products that interoperate. This is where standards come into play. Internet standards
are developed by the Internet Engineering Task Force (IETF) [IETF 2020]. The IETF
standards documents are called requests for comments (RFCs). RFCs started out
as general requests for comments (hence the name) to resolve network and protocol
design problems that faced the precursor to the Internet [Allman 2011]. RFCs tend
to be quite technical and detailed. They define protocols such as TCP, IP, HTTP (for
the Web), and SMTP (for e-mail). There are currently nearly 9000 RFCs. Other bod-
ies also specify standards for network components, most notably for network links.
The IEEE 802 LAN Standards Committee [IEEE 802 2020], for example, specifies
the Ethernet and wireless WiFi standards.

1.1.2 A Services Description
Our discussion above has identified many of the pieces that make up the Internet.
But we can also describe the Internet from an entirely different angle—namely, as
an infrastructure that provides services to applications. In addition to traditional
applications such as e-mail and Web surfing, Internet applications include mobile
smartphone and tablet applications, including Internet messaging, mapping with
real-time road-traffic information, music streaming movie and television streaming,
online social media, video conferencing, multi-person games, and location-based
recommendation systems. The applications are said to be distributed applications,
since they involve multiple end systems that exchange data with each other. Impor-
tantly, Internet applications run on end systems—they do not run in the packet
switches in the network core. Although packet switches facilitate the exchange of
data among end systems, they are not concerned with the application that is the
source or sink of data.

M01_KURO5469_08_GE_C01.indd 35 08/05/2021 13:50
 36 CHAPTER 1 COMPUTER NETWORKS AND THE INTERNET

Let’s explore a little more what we mean by an infrastructure that provides
services to applications. To this end, suppose you have an exciting new idea for a dis-
tributed Internet application, one that may greatly benefit humanity or one that may
simply make you rich and famous. How might you go about transforming this idea
into an actual Internet application? Because applications run on end systems, you are
going to need to write programs that run on the end systems. You might, for example,
write your programs in Java, C, or Python. Now, because you are developing a dis-
tributed Internet application, the programs running on the different end systems will
need to send data to each other. And here we get to a central issue—one that leads
to the alternative way of describing the Internet as a platform for applications. How
does one program running on one end system instruct the Internet to deliver data to
another program running on another end system?
End systems attached to the Internet provide a socket interface that speci-
fies how a program running on one end system asks the Internet infrastructure to
deliver data to a specific destination program running on another end system. This
Internet socket interface is a set of rules that the sending program must follow so
that the Internet can deliver the data to the destination program. We’ll discuss the
Internet socket interface in detail in Chapter 2. For now, let’s draw upon a simple
analogy, one that we will frequently use in this book. Suppose Alice wants to send
a letter to Bob using the postal service. Alice, of course, can’t just write the letter
(the data) and drop the letter out her window. Instead, the postal service requires
that Alice put the letter in an envelope; write Bob’s full name, address, and zip
code in the center of the envelope; seal the envelope; put a stamp in the upper-
right-hand corner of the envelope; and finally, drop the envelope into an official
postal service mailbox. Thus, the postal service has its own “postal service inter-
face,” or set of rules, that Alice must follow to have the postal service deliver her
letter to Bob. In a similar manner, the Internet has a socket interface that the pro-
gram sending data must follow to have the Internet deliver the data to the program
that will receive the data.
The postal service, of course, provides more than one service to its custom-
ers. It provides express delivery, reception confirmation, ordinary use, and many
more services. In a similar manner, the Internet provides multiple services to its
applications. When you develop an Internet application, you too must choose one
of the Internet’s services for your application. We’ll describe the Internet’s ser-
vices in Chapter 2.
We have just given two descriptions of the Internet; one in terms of its hardware
and software components, the other in terms of an infrastructure for providing ser-
vices to distributed applications. But perhaps you are still confused as to what the
Internet is. What are packet switching and TCP/IP? What are routers? What kinds of
communication links are present in the Internet? What is a distributed application?
How can a thermostat or body scale be attached to the Internet? If you feel a bit over-
whelmed by all of this now, don’t worry—the purpose of this book is to introduce
you to both the nuts and bolts of the Internet and the principles that govern how and

M01_KURO5469_08_GE_C01.indd 36 08/05/2021 13:50
 1.1 WHAT IS THE INTERNET? 37

why it works. We’ll explain these important terms and questions in the following
sections and chapters.

1.1.3 What Is a Protocol?
Now that we’ve got a bit of a feel for what the Internet is, let’s consider another
important buzzword in computer networking: protocol. What is a protocol? What
does a protocol do?

A Human Analogy
It is probably easiest to understand the notion of a computer network protocol by
first considering some human analogies, since we humans execute protocols all of
the time. Consider what you do when you want to ask someone for the time of day.
A typical exchange is shown in Figure 1.2. Human protocol (or good manners, at

TCP
conn
Hi ectio
n req
uest

ly
n rep
Hi onn ectio
T CP c

GET
http
Got ://w
the ww.p
time ears
? ongl
obal
edit
ions.com

>
2:00 1, then the average rate at which bits arrive at
the queue exceeds the rate at which the bits can be transmitted from the queue. In this
unfortunate situation, the queue will tend to increase without bound and the queuing
delay will approach infinity! Therefore, one of the golden rules in traffic engineering
is: Design your system so that the traffic intensity is no greater than 1.
Now consider the case La/R ≤ 1. Here, the nature of the arriving traffic impacts
the queuing delay. For example, if packets arrive periodically—that is, one packet
arrives every L/R seconds—then every packet will arrive at an empty queue and
there will be no queuing delay. On the other hand, if packets arrive in bursts but
periodically, there can be a significant average queuing delay. For example, sup-
pose N packets arrive simultaneously every (L/R)N seconds. Then the first packet
transmitted has no queuing delay; the second packet transmitted has a queuing delay

M01_KURO5469_08_GE_C01.indd 69 08/05/2021 13:50
 70 CHAPTER 1 COMPUTER NETWORKS AND THE INTERNET

of L/R seconds; and more generally, the nth packet transmitted has a queuing delay
of (n - 1)L/R seconds. We leave it as an exercise for you to calculate the average
queuing delay in this example.
The two examples of periodic arrivals described above are a bit academic. Typically,
the arrival process to a queue is random; that is, the arrivals do not follow any pattern
and the packets are spaced apart by random amounts of time. In this more realistic case,
the quantity La/R is not usually sufficient to fully characterize the queuing delay statis-
tics. Nonetheless, it is useful in gaining an intuitive understanding of the extent of the
queuing delay. In particular, if the traffic intensity is close to zero, then packet arrivals
are few and far between and it is unlikely that an arriving packet will find another packet
in the queue. Hence, the average queuing delay will be close to zero. On the other hand,
when the traffic intensity is close to 1, there will be intervals of time when the arrival
rate exceeds the transmission capacity (due to variations in packet arrival rate), and
a queue will form during these periods of time; when the arrival rate is less than the
transmission capacity, the length of the queue will shrink. Nonetheless, as the traffic
intensity approaches 1, the average queue length gets larger and larger. The qualitative
dependence of average queuing delay on the traffic intensity is shown in Figure 1.18.
One important aspect of Figure 1.18 is the fact that as the traffic intensity
approaches 1, the average queuing delay increases rapidly. A small percentage
increase in the intensity will result in a much larger percentage-wise increase in
delay. Perhaps you have experienced this phenomenon on the highway. If you regu-
larly drive on a road that is typically congested, the fact that the road is typically
congested means that its traffic intensity is close to 1. If some event causes an even
slightly larger-than-usual amount of traffic, the delays you experience can be huge.
To really get a good feel for what queuing delays are about, you are encouraged
once again to visit the textbook Web site, which provides an interactive animation
for a queue. If you set the packet arrival rate high enough so that the traffic intensity
exceeds 1, you will see the queue slowly build up over time.
Average queuing delay

1
La/R

Figure 1.18 ♦ Dependence of average queuing delay on traffic intensity

M01_KURO5469_08_GE_C01.indd 70 08/05/2021 13:50
 1.4 DELAY, LOSS, AND THROUGHPUT IN PACKET-SWITCHED NETWORKS 71

Packet Loss
In our discussions above, we have assumed that the queue is capable of holding an
infinite number of packets. In reality a queue preceding a link has finite capacity,
although the queuing capacity greatly depends on the router design and cost. Because
the queue capacity is finite, packet delays do not really approach infinity as the traf-
fic intensity approaches 1. Instead, a packet can arrive to find a full queue. With no
place to store such a packet, a router will drop that packet; that is, the packet will be
lost. This overflow at a queue can again be seen in the interactive animation when
the traffic intensity is greater than 1.
From an end-system viewpoint, a packet loss will look like a packet having
been transmitted into the network core but never emerging from the network at the
destination. The fraction of lost packets increases as the traffic intensity increases.
Therefore, performance at a node is often measured not only in terms of delay, but
also in terms of the probability of packet loss. As we’ll discuss in the subsequent
chapters, a lost packet may be retransmitted on an end-to-end basis in order to ensure
that all data are eventually transferred from source to destination.

1.4.3 End-to-End Delay
Our discussion up to this point has focused on the nodal delay, that is, the delay at a
single router. Let’s now consider the total delay from source to destination. To get a
handle on this concept, suppose there are N - 1 routers between the source host and
the destination host. Let’s also suppose for the moment that the network is uncon-
gested (so that queuing delays are negligible), the processing delay at each router
and at the source host is dproc, the transmission rate out of each router and out of the
source host is R bits/sec, and the propagation on each link is dprop. The nodal delays
accumulate and give an end-to-end delay,

dend - end = N (dproc + dtrans + dprop) (1.2)

where, once again, dtrans = L/R, where L is the packet size. Note that Equation 1.2 is a
generalization of Equation 1.1, which did not take into account processing and propaga-
tion delays. We leave it to you to generalize Equation 1.2 to the case of heterogeneous
delays at the nodes and to the presence of an average queuing delay at each node.

Traceroute
To get a hands-on feel for end-to-end delay in a computer network, we can make use VideoNote
Using Traceroute to
of the Traceroute program. Traceroute is a simple program that can run in any Inter- discover network
net host. When the user specifies a destination hostname, the program in the source paths and measure
network delay
host sends multiple, special packets toward that destination. As these packets work
their way toward the destination, they pass through a series of routers. When a router
receives one of these special packets, it sends back to the source a short message that
contains the name and address of the router.

M01_KURO5469_08_GE_C01.indd 71 08/05/2021 13:50
 72 CHAPTER 1 COMPUTER NETWORKS AND THE INTERNET

More specifically, suppose there are N - 1 routers between the source and the
destination. Then the source will send N special packets into the network, with each
packet addressed to the ultimate destination. These N special packets are marked 1
through N, with the first packet marked 1 and the last packet marked N. When the
nth router receives the nth packet marked n, the router does not forward the packet
toward its destination, but instead sends a message back to the source. When the
destination host receives the Nth packet, it too returns a message back to the source.
The source records the time that elapses between when it sends a packet and when it
receives the corresponding return message; it also records the name and address of
the router (or the destination host) that returns the message. In this manner, the source
can reconstruct the route taken by packets flowing from source to destination, and the
source can determine the round-trip delays to all the intervening routers. Traceroute
actually repeats the experiment just described three times, so the source actually
sends 3 N packets to the destination. RFC 1393 describes Traceroute in detail.
Here is an example of the output of the Traceroute program, where the route was
being traced from the source host gaia.cs.umass.edu (at the University of Massachusetts)
to a host in the computer science department at the University of Sorbonne in Paris
(formerly the university was known as UPMC). The output has six columns: the first
column is the n value described above, that is, the number of the router along the route;
the second column is the name of the router; the third column is the address of the router
(of the form xxx.xxx.xxx.xxx); the last three columns are the round-trip delays for three
experiments. If the source receives fewer than three messages from any given router
(due to packet loss in the network), Traceroute places an asterisk just after the router
number and reports fewer than three round-trip times for that router.

1 gw-vlan-2451.cs.umass.edu (128.119.245.1) 1.899 ms 3.266 ms 3.280 ms
2 j-cs-gw-int-10-240.cs.umass.edu (10.119.240.254) 1.296 ms 1.276 ms
1.245 ms
3 n5-rt-1-1-xe-2-1-0.gw.umass.edu (128.119.3.33) 2.237 ms 2.217 ms
2.187 ms
4 core1-rt-et-5-2-0.gw.umass.edu (128.119.0.9) 0.351 ms 0.392 ms 0.380 ms
5 border1-rt-et-5-0-0.gw.umass.edu (192.80.83.102) 0.345 ms 0.345 ms
0.344 ms
6 nox300gw1-umass-re.nox.org (192.5.89.101) 3.260 ms 0.416 ms 3.127 ms
7 nox300gw1-umass-re.nox.org (192.5.89.101) 3.165 ms 7.326 ms 7.311 ms
8 198.71.45.237 (198.71.45.237) 77.826 ms 77.246 ms 77.744 ms
9 renater-lb1-gw.mx1.par.fr.geant.net (62.40.124.70) 79.357 ms 77.729
79.152 ms
10 193.51.180.109 (193.51.180.109) 78.379 ms 79.936 80.042 ms
11 * 193.51.180.109 (193.51.180.109) 80.640 ms *
12 * 195.221.127.182 (195.221.127.182) 78.408 ms *
13 195.221.127.182 (195.221.127.182) 80.686 ms 80.796 ms 78.434 ms
14 r-upmc1.reseau.jussieu.fr (134.157.254.10) 78.399 ms * 81.353 ms

M01_KURO5469_08_GE_C01.indd 72 08/05/2021 13:50
 1.4 DELAY, LOSS, AND THROUGHPUT IN PACKET-SWITCHED NETWORKS 73

In the trace above, there are 14 routers between the source and the destination. Most
of these routers have a name, and all of them have addresses. For example, the
name of Router 4 is core1-rt-et-5-2-0.gw.umass.edu and its address is
128.119.0.9. Looking at the data provided for this same router, we see that in
the first of the three trials the round-trip delay between the source and the router
was 0.351 msec. The round-trip delays for the subsequent two trials were 0.392
and 0.380 msec. These round-trip delays include all of the delays just discussed,
including transmission delays, propagation delays, router processing delays, and
queuing delay.
Because the queuing delay is varying with time, the round-trip delay of
packet n sent to a router n can sometimes be longer than the round-trip delay of
packet n+1 sent to router n+1. Indeed, we observe this phenomenon in the above
example: the delay to Router 12 is smaller than the delay to Router 11! Also note
the big increase in the round-trip delay when going from router 7 to router 8. This
is due to a transatlantic fiber-optic link between routers 7 and 8, giving rise to a
relatively large propagation delay. There are a number of free software programs
that provide a graphical interface to Traceroute; one of our favorites is PingPlotter
[PingPlotter 2020].

End System, Application, and Other Delays
In addition to processing, transmission, and propagation delays, there can be addi-
tional significant delays in the end systems. For example, an end system wanting
to transmit a packet into a shared medium (e.g., as in a WiFi or cable modem sce-
nario) may purposefully delay its transmission as part of its protocol for sharing the
medium with other end systems; we’ll consider such protocols in detail in Chapter 6.
Another important delay is media packetization delay, which is present in Voice-
over-IP (VoIP) applications. In VoIP, the sending side must first fill a packet with
encoded digitized speech before passing the packet to the Internet. This time to fill a
packet—called the packetization delay—can be significant and can impact the user-
perceived quality of a VoIP call. This issue will be further explored in a homework
problem at the end of this chapter.

1.4.4 Throughput in Computer Networks
In addition to delay and packet loss, another critical performance measure in com-
puter networks is end-to-end throughput. To define throughput, consider transferring
a large file from Host A to Host B across a computer network. This transfer might
be, for example, a large video clip from one computer to another. The instantaneous
throughput at any instant of time is the rate (in bits/sec) at which Host B is receiving
the file. (Many applications display the instantaneous throughput during downloads
in the user interface—perhaps you have observed this before! You might like to try

M01_KURO5469_08_GE_C01.indd 73 08/05/2021 13:50
 74 CHAPTER 1 COMPUTER NETWORKS AND THE INTERNET

measuring the end-to-end delay and download throughput between your and servers
around the Internet using the speedtest application [Speedtest 2020].) If the file con-
sists of F bits and the transfer takes T seconds for Host B to receive all F bits, then
the average throughput of the file transfer is F/T bits/sec. For some applications,
such as Internet telephony, it is desirable to have a low delay and an instantaneous
throughput consistently above some threshold (for example, over 24 kbps for some
Internet telephony applications and over 256 kbps for some real-time video applica-
tions). For other applications, including those involving file transfers, delay is not
critical, but it is desirable to have the highest possible throughput.
To gain further insight into the important concept of throughput, let’s consider
a few examples. Figure 1.19(a) shows two end systems, a server and a client, con-
nected by two communication links and a router. Consider the throughput for a file
transfer from the server to the client. Let Rs denote the rate of the link between the
server and the router; and Rc denote the rate of the link between the router and
the client. Suppose that the only bits being sent in the entire network are those
from the server to the client. We now ask, in this ideal scenario, what is the server-
to-client throughput? To answer this question, we may think of bits as fluid and com-
munication links as pipes. Clearly, the server cannot pump bits through its link at a
rate faster than Rs bps; and the router cannot forward bits at a rate faster than Rc bps.
If Rs 6 Rc, then the bits pumped by the server will “flow” right through the router
and arrive at the client at a rate of Rs bps, giving a throughput of Rs bps. If, on the
other hand, Rc 6 Rs, then the router will not be able to forward bits as quickly as it
receives them. In this case, bits will only leave the router at rate Rc, giving an end-
to-end throughput of Rc. (Note also that if bits continue to arrive at the router at rate
Rs, and continue to leave the router at Rc, the backlog of bits at the router waiting
for transmission to the client will grow and grow—a most undesirable situation!)

Rs Rc

Server Client
a.

R1 R2 RN

Server Client
b.

Figure 1.19 ♦ Throughput for a file transfer from server to client

M01_KURO5469_08_GE_C01.indd 74 08/05/2021 13:50
 1.4 DELAY, LOSS, AND THROUGHPUT IN PACKET-SWITCHED NETWORKS 75

Thus, for this simple two-link network, the throughput is min{Rc, Rs}, that is, it is the
transmission rate of the bottleneck link. Having determined the throughput, we can
now approximate the time it takes to transfer a large file of F bits from server to cli-
ent as F/min{Rs, Rc}. For a specific example, suppose that you are downloading an
MP3 file of F = 32 million bits, the server has a transmission rate of Rs = 2 Mbps,
and you have an access link of Rc = 1 Mbps. The time needed to transfer the file is
then 32 seconds. Of course, these expressions for throughput and transfer time are
only approximations, as they do not account for store-and-forward and processing
delays as well as protocol issues.
Figure 1.19(b) now shows a network with N links between the server and the
client, with the transmission rates of the N links being R1, R2, c, RN. Applying
the same analysis as for the two-link network, we find that the throughput for a file
transfer from server to client is min{R1, R2, c, RN}, which is once again the trans-
mission rate of the bottleneck link along the path between server and client.
Now consider another example motivated by today’s Internet. Figure 1.20(a)
shows two end systems, a server and a client, connected to a computer network.
Consider the throughput for a file transfer from the server to the client. The server is
connected to the network with an access link of rate Rs and the client is connected to
the network with an access link of rate Rc. Now suppose that all the links in the core
of the communication network have very high transmission rates, much higher than
Rs and Rc. Indeed, today, the core of the Internet is over-provisioned with high speed
links that experience little congestion. Also suppose that the only bits being sent in
the entire network are those from the server to the client. Because the core of the
computer network is like a wide pipe in this example, the rate at which bits can flow
from source to destination is again the minimum of Rs and Rc, that is, throughput =
min{Rs, Rc}. Therefore, the constraining factor for throughput in today’s Internet is
typically the access network.
For a final example, consider Figure 1.20(b) in which there are 10 servers and
10 clients connected to the core of the computer network. In this example, there are
10 simultaneous downloads taking place, involving 10 client-server pairs. Suppose
that these 10 downloads are the only traffic in the network at the current time. As
shown in the figure, there is a link in the core that is traversed by all 10 downloads.
Denote R for the transmission rate of this link R. Let’s suppose that all server access
links have the same rate Rs, all client access links have the same rate Rc, and the
transmission rates of all the links in the core—except the one common link of rate
R—are much larger than Rs, Rc, and R. Now we ask, what are the throughputs of
the downloads? Clearly, if the rate of the common link, R, is large—say a hundred
times larger than both Rs and Rc—then the throughput for each download will once
again be min{Rs, Rc}. But what if the rate of the common link is of the same order
as Rs and Rc? What will the throughput be in this case? Let’s take a look at a spe-
cific example. Suppose Rs = 2 Mbps, Rc = 1 Mbps, R = 5 Mbps, and the com-
mon link divides its transmission rate equally among the 10 downloads. Then the

M01_KURO5469_08_GE_C01.indd 75 08/05/2021 13:50
 76 CHAPTER 1 COMPUTER NETWORKS AND THE INTERNET

Server 10 Servers

Rs

Bottleneck
link of
capacity R

Rc

Client 10 Clients
a. b.

Figure 1.20 ♦ End-to-end throughput: (a) Client downloads a file from
server; (b) 10 clients downloading with 10 servers

bottleneck for each download is no longer in the access network, but is now instead
the shared link in the core, which only provides each download with 500 kbps of
throughput. Thus, the end-to-end throughput for each download is now reduced to
500 kbps.
The examples in Figure 1.19 and Figure 1.20(a) show that throughput depends
on the transmission rates of the links over which the data flows. We saw that when
there is no other intervening traffic, the throughput can simply be approximated as
the minimum transmission rate along the path between source and destination. The
example in Figure 1.20(b) shows that more generally the throughput depends not
only on the transmission rates of the links along the path, but also on the interven-
ing traffic. In particular, a link with a high transmission rate may nonetheless be the
bottleneck link for a file transfer if many other data flows are also passing through
that link. We will examine throughput in computer networks more closely in the
homework problems and in the subsequent chapters.

M01_KURO5469_08_GE_C01.indd 76 08/05/2021 13:50
 1.5 PROTOCOL LAYERS AND THEIR SERVICE MODELS 77

1.5 Protocol Layers and Their Service Models
From our discussion thus far, it is apparent that the Internet is an extremely com-
plicated system. We have seen that there are many pieces to the Internet: numerous
applications and protocols, various types of end systems, packet switches, and vari-
ous types of link-level media. Given this enormous complexity, is there any hope of
organizing a network architecture, or at least our discussion of network architecture?
Fortunately, the answer to both questions is yes.

1.5.1 Layered Architecture
Before attempting to organize our thoughts on Internet architecture, let’s look
for a human analogy. Actually, we deal with complex systems all the time in our
everyday life. Imagine if someone asked you to describe, for example, the air-
line system. How would you find the structure to describe this complex system
that has ticketing agents, baggage checkers, gate personnel, pilots, airplanes,
air traffic control, and a worldwide system for routing airplanes? One way to
describe this system might be to describe the series of actions you take (or oth-
ers take for you) when you fly on an airline. You purchase your ticket, check
your bags, go to the gate, and eventually get loaded onto the plane. The plane
takes off and is routed to its destination. After your plane lands, you deplane at
the gate and claim your bags. If the trip was bad, you complain about the flight
to the ticket agent (getting nothing for your effort). This scenario is shown in
Figure 1.21.

Ticket (purchase) Ticket (complain)

Baggage (check) Baggage (claim)

Gates (load) Gates (unload)

Runway takeoff Runway landing

Airplane routing Airplane routing

Airplane routing

Figure 1.21 ♦ Taking an airplane trip: actions

M01_KURO5469_08_GE_C01.indd 77 08/05/2021 13:50
 78 CHAPTER 1 COMPUTER NETWORKS AND THE INTERNET

Ticket (purchase) Ticket (complain) Ticket

Baggage (check) Baggage (claim) Baggage

Gates (load) Gates (unload) Gate

Runway takeoff Runway landing Takeoff/Landing

Airplane routing Airplane routing Airplane routing Airplane routing Airplane routing

Departure airport Intermediate air-traffic Arrival airport
control centers

Figure 1.22 ♦ Horizontal layering of airline functionality

Already, we can see some analogies here with computer networking: You are
being shipped from source to destination by the airline; a packet is shipped from
source host to destination host in the Internet. But this is not quite the analogy we
are after. We are looking for some structure in Figure 1.21. Looking at Figure 1.21,
we note that there is a ticketing function at each end; there is also a baggage func-
tion for already-ticketed passengers, and a gate function for already-ticketed and
already-baggage-checked passengers. For passengers who have made it through the
gate (that is, passengers who are already ticketed, baggage-checked, and through the
gate), there is a takeoff and landing function, and while in flight, there is an airplane-
routing function. This suggests that we can look at the functionality in Figure 1.21 in
a horizontal manner, as shown in Figure 1.22.
Figure 1.22 has divided the airline functionality into layers, providing a frame-
work in which we can discuss airline travel. Note that each layer, combined with the
layers below it, implements some functionality, some service. At the ticketing layer
and below, airline-counter-to-airline-counter transfer of a person is accomplished. At
the baggage layer and below, baggage-check-to-baggage-claim transfer of a person
and bags is accomplished. Note that the baggage layer provides this service only to an
already-ticketed person. At the gate layer, departure-gate-to-arrival-gate transfer of
a person and bags is accomplished. At the takeoff/landing layer, runway-to-runway
transfer of people and their bags is accomplished. Each layer provides its service
by (1) performing certain actions within that layer (for example, at the gate layer,
loading and unloading people from an airplane) and by (2) using the services of the
layer directly below it (for example, in the gate layer, using the runway-to-runway
passenger transfer service of the takeoff/landing layer).
A layered architecture allows us to discuss a well-defined, specific part of a
large and complex system. This simplification itself is of considerable value by
providing modularity, making it much easier to change the implementation of the
service provided by the layer. As long as the layer provides the same service to the
layer above it, and uses the same services from the layer below it, the remainder of
the system remains unchanged when a layer’s implementation is changed. (Note

M01_KURO5469_08_GE_C01.indd 78 08/05/2021 13:50
 1.5 PROTOCOL LAYERS AND THEIR SERVICE MODELS 79

that changing the implementation of a service is very different from changing the
service itself!) For example, if the gate functions were changed (for instance, to have
people board and disembark by height), the remainder of the airline system would
remain unchanged since the gate layer still provides the same function (loading and
unloading people); it simply implements that function in a different manner after the
change. For large and complex systems that are constantly being updated, the ability
to change the implementation of a service without affecting other components of the
system is another important advantage of layering.

Protocol Layering
But enough about airlines. Let’s now turn our attention to network protocols. To
provide structure to the design of network protocols, network designers organize
protocols—and the network hardware and software that implement the protocols—
in layers. Each protocol belongs to one of the layers, just as each function in the
airline architecture in Figure 1.22 belonged to a layer. We are again interested in
the services that a layer offers to the layer above—the so-called service model of
a layer. Just as in the case of our airline example, each layer provides its service by
(1) performing certain actions within that layer and by (2) using the services of the
layer directly below it. For example, the services provided by layer n may include
reliable delivery of messages from one edge of the network to the other. This might
be implemented by using an unreliable edge-to-edge message delivery service of
layer n - 1, and adding layer n functionality to detect and retransmit lost messages.
A protocol layer can be implemented in software, in hardware, or in a combina-
tion of the two. Application-layer protocols—such as HTTP and SMTP—are almost
always implemented in software in the end systems; so are transport-layer protocols.
Because the physical layer and data link layers are responsible for handling commu-
nication over a specific link, they are typically implemented in a network interface
card (for example, Ethernet or WiFi interface cards) associated with a given link. The
network layer is often a mixed implementation of hardware and software. Also note
that just as the functions in the layered airline architecture were distributed among
the various airports and flight control centers that make up the system, so too is a
layer n protocol distributed among the end systems, packet switches, and other com-
ponents that make up the network. That is, there’s often a piece of a layer n protocol
in each of these network components.
Protocol layering has conceptual and structural advantages [RFC 3439]. As
we have seen, layering provides a structured way to discuss system components.
Modularity makes it easier to update system components. We mention, however,
that some researchers and networking engineers are vehemently opposed to layering
[Wakeman 1992]. One potential drawback of layering is that one layer may duplicate
lower-layer functionality. For example, many protocol stacks provide error recovery
on both a per-link basis and an end-to-end basis. A second potential drawback is that
functionality at one layer may need information (for example, a timestamp value)
that is present only in another layer; this violates the goal of separation of layers.

M01_KURO5469_08_GE_C01.indd 79 08/05/2021 13:50
 80 CHAPTER 1 COMPUTER NETWORKS AND THE INTERNET

Application

Transport

Network

Link

Physical

Five-layer
Internet
protocol stack

Figure 1.23 ♦ The Internet protocol stack

When taken together, the protocols of the various layers are called the protocol
stack. The Internet protocol stack consists of five layers: the physical, link, network,
transport, and application layers, as shown in Figure 1.23. If you examine the Table
of Contents, you will see that we have roughly organized this book using the lay-
ers of the Internet protocol stack. We take a top-down approach, first covering the
application layer and then proceeding downward.

Application Layer
The application layer is where network applications and their application-layer pro-
tocols reside. The Internet’s application layer includes many protocols, such as the
HTTP protocol (which provides for Web document request and transfer), SMTP
(which provides for the transfer of e-mail messages), and FTP (which provides for
the transfer of files between two end systems). We’ll see that certain network func-
tions, such as the translation of human-friendly names for Internet end systems like
www.ietf.org to a 32-bit network address, are also done with the help of a specific appli-
cation-layer protocol, namely, the domain name system (DNS). We’ll see in Chap-
ter 2 that it is very easy to create and deploy our own new application-layer protocols.
An application-layer protocol is distributed over multiple end systems, with the
application in one end system using the protocol to exchange packets of information
with the application in another end system. We’ll refer to this packet of information
at the application layer as a message.

Transport Layer
The Internet’s transport layer transports application-layer messages between application
endpoints. In the Internet, there are two transport protocols, TCP and UDP, either of
which can transport application-layer messages. TCP provides a connection-oriented
service to its applications. This service includes guaranteed delivery of application-layer

M01_KURO5469_08_GE_C01.indd 80 08/05/2021 13:50
 1.5 PROTOCOL LAYERS AND THEIR SERVICE MODELS 81

messages to the destination and flow control (that is, sender/receiver speed matching).
TCP also breaks long messages into shorter segments and provides a congestion-control
mechanism, so that a source throttles its transmission rate when the network is con-
gested. The UDP protocol provides a connectionless service to its applications. This is a
no-frills service that provides no reliability, no flow control, and no congestion control.
In this book, we’ll refer to a transport-layer packet as a segment.

Network Layer
The Internet’s network layer is responsible for moving network-layer packets known
as datagrams from one host to another. The Internet transport-layer protocol (TCP
or UDP) in a source host passes a transport-layer segment and a destination address
to the network layer, just as you would give the postal service a letter with a destina-
tion address. The network layer then provides the service of delivering the segment
to the transport layer in the destination host.
The Internet’s network layer includes the celebrated IP protocol, which defines
the fields in the datagram as well as how the end systems and routers act on these
fields. There is only one IP protocol, and all Internet components that have a network
layer must run the IP protocol. The Internet’s network layer also contains routing
protocols that determine the routes that datagrams take between sources and destina-
tions. The Internet has many routing protocols. As we saw in Section 1.3, the Internet
is a network of networks, and within a network, the network administrator can run
any routing protocol desired. Although the network layer contains both the IP pro-
tocol and numerous routing protocols, it is often simply referred to as the IP layer,
reflecting the fact that IP is the glue that binds the Internet together.

Link Layer
The Internet’s network layer routes a datagram through a series of routers between
the source and destination. To move a packet from one node (host or router) to the
next node in the route, the network layer relies on the services of the link layer. In
particular, at each node, the network layer passes the datagram down to the link
layer, which delivers the datagram to the next node along the route. At this next node,
the link layer passes the datagram up to the network layer.
The services provided by the link layer depend on the specific link-layer protocol
that is employed over the link. For example, some link-layer protocols provide reli-
able delivery, from transmitting node, over one link, to receiving node. Note that this
reliable delivery service is different from the reliable delivery service of TCP, which
provides reliable delivery from one end system to another. Examples of link-layer pro-
tocols include Ethernet, WiFi, and the cable access network’s DOCSIS protocol. As
datagrams typically need to traverse several links to travel from source to destination,
a datagram may be handled by different link-layer protocols at different links along its
route. For example, a datagram may be handled by Ethernet on one link and by PPP on

M01_KURO5469_08_GE_C01.indd 81 08/05/2021 13:50
 82 CHAPTER 1 COMPUTER NETWORKS AND THE INTERNET

the next link. The network layer will receive a different service from each of the dif-
ferent link-layer protocols. In this book, we’ll refer to the link-layer packets as frames.

Physical Layer
While the job of the link layer is to move entire frames from one network element to
an adjacent network element, the job of the physical layer is to move the individual
bits within the frame from one node to the next. The protocols in this layer are again
link dependent and further depend on the actual transmission medium of the link (for
example, twisted-pair copper wire, single-mode fiber optics). For example, Ether-
net has many physical-layer protocols: one for twisted-pair copper wire, another for
coaxial cable, another for fiber, and so on. In each case, a bit is moved across the link
in a different way.

1.5.2 Encapsulation
Figure 1.24 shows the physical path that data takes down a sending end system’s
protocol stack, up and down the protocol stacks of an intervening link-layer switch

Source

Message M Application
Segment Ht M Transport
Datagram Hn Ht M Network
Frame H l Hn Ht M Link
Physical
H l Hn Ht M Link H l Hn Ht M
Physical

Link-layer switch

Router
Destination

M Application
Ht M Transport Hn Ht M Network Hn Ht M
Hn Ht M Network H l Hn Ht M Link H l Hn Ht M
H l Hn Ht M Link Physical
Physical

Figure 1.24 ♦ Hosts, routers, and link-layer switches; each contains a
different set of layers, reflecting their differences in functionality

M01_KURO5469_08_GE_C01.indd 82 08/05/2021 13:50
 1.5 PROTOCOL LAYERS AND THEIR SERVICE MODELS 83

and router, and then up the protocol stack at the receiving end system. As we dis-
cuss later in this book, routers and link-layer switches are both packet switches.
Similar to end systems, routers and link-layer switches organize their network-
ing hardware and software into layers. But routers and link-layer switches do not
implement all of the layers in the protocol stack; they typically implement only
the bottom layers. As shown in Figure 1.24, link-layer switches implement lay-
ers 1 and 2; routers implement layers 1 through 3. This means, for example, that
Internet routers are capable of implementing the IP protocol (a layer 3 protocol),
while link-layer switches are not. We’ll see later that while link-layer switches do
not recognize IP addresses, they are capable of recognizing layer 2 addresses, such
as Ethernet addresses. Note that hosts implement all five layers; this is consistent
with the view that the Internet architecture puts much of its complexity at the edges
of the network.
Figure 1.24 also illustrates the important concept of encapsulation. At the
sending host, an application-layer message (M in Figure 1.24) is passed to the
transport layer. In the simplest case, the transport layer takes the message and
appends additional information (so-called transport-layer header information, Ht
in Figure 1.24) that will be used by the receiver-side transport layer. The appli-
cation-layer message and the transport-layer header information together consti-
tute the transport-layer segment. The transport-layer segment thus encapsulates
the application-layer message. The added information might include information
allowing the receiver-side transport layer to deliver the message up to the appro-
priate application, and error-detection bits that allow the receiver to determine
whether bits in the message have been changed in route. The transport layer then
passes the segment to the network layer, which adds network-layer header infor-
mation (Hn in Figure 1.24) such as source and destination end system addresses,
creating a network-layer datagram. The datagram is then passed to the link
layer, which (of course!) will add its own link-layer header information and cre-
ate a link-layer frame. Thus, we see that at each layer, a packet has two types of
fields: header fields and a payload field. The payload is typically a packet from
the layer above.
A useful analogy here is the sending of an interoffice memo from one corpo-
rate branch office to another via the public postal service. Suppose Alice, who is in
one branch office, wants to send a memo to Bob, who is in another branch office.
The memo is analogous to the application-layer message. Alice puts the memo
in an interoffice envelope with Bob’s name and department written on the front
of the envelope. The interoffice envelope is analogous to a transport-layer seg-
ment—it contains header information (Bob’s name and department number) and it
encapsulates the application-layer message (the memo). When the sending branch-
office mailroom receives the interoffice envelope, it puts the interoffice enve-
lope inside yet another envelope, which is suitable for sending through the public
postal service. The sending mailroom also writes the postal address of the sending
and receiving branch offices on the postal envelope. Here, the postal envelope

M01_KURO5469_08_GE_C01.indd 83 08/05/2021 13:50
 84 CHAPTER 1 COMPUTER NETWORKS AND THE INTERNET

is analogous to the datagram—it encapsulates the transport-layer segment (the
interoffice envelope), which encapsulates the original message (the memo). The
postal service delivers the postal envelope to the receiving branch-office mail-
room. There, the process of de-encapsulation is begun. The mailroom extracts the
interoffice memo and forwards it to Bob. Finally, Bob opens the envelope and
removes the memo.
The process of encapsulation can be more complex than that described above.
For example, a large message may be divided into multiple transport-layer segments
(which might themselves each be divided into multiple network-layer datagrams).
At the receiving end, such a segment must then be reconstructed from its constituent
datagrams.

1.6 Networks Under Attack
The Internet has become mission critical for many institutions today, including large
and small companies, universities, and government agencies. Many individuals also
rely on the Internet for many of their professional, social, and personal activities.
Billions of “things,” including wearables and home devices, are currently being con-
nected to the Internet. But behind all this utility and excitement, there is a dark side,
a side where “bad guys” attempt to wreak havoc in our daily lives by damaging our
Internet-connected computers, violating our privacy, and rendering inoperable the
Internet services on which we depend.
The field of network security is about how the bad guys can attack computer
networks and about how we, soon-to-be experts in computer networking, can
defend networks against those attacks, or better yet, design new architectures
that are immune to such attacks in the first place. Given the frequency and vari-
ety of existing attacks as well as the threat of new and more destructive future
attacks, network security has become a central topic in the field of computer
networking. One of the features of this textbook is that it brings network security
issues to the forefront.
Since we don’t yet have expertise in computer networking and Internet pro-
tocols, we’ll begin here by surveying some of today’s more prevalent security-
related problems. This will whet our appetite for more substantial discussions in the
upcoming chapters. So we begin here by simply asking, what can go wrong? How
are computer networks vulnerable? What are some of the more prevalent types of
attacks today?

The Bad Guys Can Put Malware into Your Host Via the Internet
We attach devices to the Internet because we want to receive/send data from/to the
Internet. This includes all kinds of good stuff, including Instagram posts, Internet

M01_KURO5469_08_GE_C01.indd 84 08/05/2021 13:50
 1.6 NETWORKS UNDER ATTACK 85

search results, streaming music, video conference calls, streaming movies, and
so on. But, unfortunately, along with all that good stuff comes malicious stuff—
collectively known as malware—that can also enter and infect our devices. Once
malware infects our device it can do all kinds of devious things, including delet-
ing our files and installing spyware that collects our private information, such
as social security numbers, passwords, and keystrokes, and then sends this (over
the Internet, of course!) back to the bad guys. Our compromised host may also
be enrolled in a network of thousands of similarly compromised devices, col-
lectively known as a botnet, which the bad guys control and leverage for spam
e-mail distribution or distributed denial-of-service attacks (soon to be discussed)
against targeted hosts.
Much of the malware out there today is self-replicating: once it infects one host,
from that host it seeks entry into other hosts over the Internet, and from the newly
infected hosts, it seeks entry into yet more hosts. In this manner, self-replicating mal-
ware can spread exponentially fast.

The Bad Guys Can Attack Servers and Network Infrastructure
Another broad class of security threats are known as denial-of-service (DoS)
attacks. As the name suggests, a DoS attack renders a network, host, or other piece
of infrastructure unusable by legitimate users. Web servers, e-mail servers, DNS
servers (discussed in Chapter 2), and institutional networks can all be subject to DoS
attacks. The site Digital Attack Map allows use to visualize the top daily DoS attacks
worldwide [DAM 2020]. Most Internet DoS attacks fall into one of three categories:

Vulnerability attack. This involves sending a few well-crafted messages to a
vulnerable application or operating system running on a targeted host. If the right
sequence of packets is sent to a vulnerable application or operating system, the
service can stop or, worse, the host can crash.
Bandwidth flooding. The attacker sends a deluge of packets to the targeted
host—so many packets that the target’s access link becomes clogged, preventing
legitimate packets from reaching the server.
Connection flooding. The attacker establishes a large number of half-open or
fully open TCP connections (TCP connections are discussed in Chapter 3) at the
target host. The host can become so bogged down with these bogus connections
that it stops accepting legitimate connections.

Let’s now explore the bandwidth-flooding attack in more detail. Recalling our
delay and loss analysis discussion in Section 1.4.2, it’s evident that if the server
has an access rate of R bps, then the attacker will need to send traffic at a rate of
approximately R bps to cause damage. If R is very large, a single attack source
may not be able to generate enough traffic to harm the server. Furthermore, if all

M01_KURO5469_08_GE_C01.indd 85 08/05/2021 13:50
 86 CHAPTER 1 COMPUTER NETWORKS AND THE INTERNET

zombie
zombie

“start Victim
attack” zombie

Attacker

zombie

zombie

Figure 1.25 ♦ A distributed denial-of-service attack

the traffic emanates from a single source, an upstream router may be able to detect
the attack and block all traffic from that source before the traffic gets near the
server. In a distributed DoS (DDoS) attack, illustrated in Figure 1.25, the attacker
controls multiple sources and has each source blast traffic at the target. With this
approach, the aggregate traffic rate across all the controlled sources needs to be
approximately R to cripple the service. DDoS attacks leveraging botnets with thou-
sands of comprised hosts are a common occurrence today [DAM 2020]. DDos
attacks are much harder to detect and defend against than a DoS attack from a
single host.
We encourage you to consider the following question as you work your way
through this book: What can computer network designers do to defend against
DoS attacks? We will see that different defenses are needed for the three types of
DoS attacks.

The Bad Guys Can Sniff Packets
Many users today access the Internet via wireless devices, such as WiFi-connected
laptops or handheld devices with cellular Internet connections (covered in Chapter 7).
While ubiquitous Internet access is extremely convenient and enables marvelous
new applications for mobile users, it also creates a major security vulnerability—by
placing a passive receiver in the vicinity of the wireless transmitter, that receiver

M01_KURO5469_08_GE_C01.indd 86 08/05/2021 13:50
 1.6 NETWORKS UNDER ATTACK 87

can obtain a copy of every packet that is transmitted! These packets can contain all
kinds of sensitive information, including passwords, social security numbers, trade
secrets, and private personal messages. A passive receiver that records a copy of
every packet that flies by is called a packet sniffer.
Sniffers can be deployed in wired environments as well. In wired broadcast
environments, as in many Ethernet LANs, a packet sniffer can obtain copies of
broadcast packets sent over the LAN. As described in Section 1.2, cable access
technologies also broadcast packets and are thus vulnerable to sniffing. Further-
more, a bad guy who gains access to an institution’s access router or access link
to the Internet may be able to plant a sniffer that makes a copy of every packet
going to/from the organization. Sniffed packets can then be analyzed offline for
sensitive information.
Packet-sniffing software is freely available at various Web sites and as commer-
cial products. Professors teaching a networking course have been known to assign
lab exercises that involve writing a packet-sniffing and application-layer data recon-
struction program. Indeed, the Wireshark [Wireshark 2020] labs associated with this
text (see the introductory Wireshark lab at the end of this chapter) use exactly such
a packet sniffer!
Because packet sniffers are passive—that is, they do not inject packets into the
channel—they are difficult to detect. So, when we send packets into a wireless chan-
nel, we must accept the possibility that some bad guy may be recording copies of our
packets. As you may have guessed, some of the best defenses against packet sniffing
involve cryptography. We will examine cryptography as it applies to network secu-
rity in Chapter 8.

The Bad Guys Can Masquerade as Someone You Trust
It is surprisingly easy (you will have the knowledge to do so shortly as you proceed
through this text!) to create a packet with an arbitrary source address, packet content,
and destination address and then transmit this hand-crafted packet into the Internet,
which will dutifully forward the packet to its destination. Imagine the unsuspecting
receiver (say an Internet router) who receives such a packet, takes the (false) source
address as being truthful, and then performs some command embedded in the pack-
et’s contents (say modifies its forwarding table). The ability to inject packets into the
Internet with a false source address is known as IP spoofing, and is but one of many
ways in which one user can masquerade as another user.
To solve this problem, we will need end-point authentication, that is, a mech-
anism that will allow us to determine with certainty if a message originates from
where we think it does. Once again, we encourage you to think about how this
can be done for network applications and protocols as you progress through the
chapters of this book. We will explore mechanisms for end-point authentication
in Chapter 8.

M01_KURO5469_08_GE_C01.indd 87 08/05/2021 13:50
 88 CHAPTER 1 COMPUTER NETWORKS AND THE INTERNET

In closing this section, it’s worth considering how the Internet got to be such
an insecure place in the first place. The answer, in essence, is that the Internet was
originally designed to be that way, based on the model of “a group of mutually trust-
ing users attached to a transparent network” [Blumenthal 2001]—a model in which
(by definition) there is no need for security. Many aspects of the original Internet
architecture deeply reflect this notion of mutual trust. For example, the ability for
one user to send a packet to any other user is the default rather than a requested/
granted capability, and user identity is taken at declared face value, rather than being
authenticated by default.
But today’s Internet certainly does not involve “mutually trusting users.” None-
theless, today’s users still need to communicate when they don’t necessarily trust
each other, may wish to communicate anonymously, may communicate indirectly
through third parties (e.g., Web caches, which we’ll study in Chapter 2, or mobility-
assisting agents, which we’ll study in Chapter 7), and may distrust the hardware,
software, and even the air through which they communicate. We now have many
security-related challenges before us as we progress through this book: We should
seek defenses against sniffing, end-point masquerading, man-in-the-middle attacks,
DDoS attacks, malware, and more. We should keep in mind that communication
among mutually trusted users is the exception rather than the rule. Welcome to the
world of modern computer networking!

1.7 History of Computer Networking and
the Internet
Sections 1.1 through 1.6 presented an overview of the technology of computer net-
working and the Internet. You should know enough now to impress your family and
friends! However, if you really want to be a big hit at the next cocktail party, you
should sprinkle your discourse with tidbits about the fascinating history of the Inter-
net [Segaller 1998].

1.7.1 The Development of Packet Switching: 1961–1972
The field of computer networking and today’s Internet trace their beginnings
back to the early 1960s, when the telephone network was the world’s dominant
communication network. Recall from Section 1.3 that the telephone network uses
circuit switching to transmit information from a sender to a receiver—an appro-
priate choice given that voice is transmitted at a constant rate between sender
and receiver. Given the increasing importance of computers in the early 1960s
and the advent of timeshared computers, it was perhaps natural to consider how
to hook computers together so that they could be shared among geographically

M01_KURO5469_08_GE_C01.indd 88