CS 725/825 Computer Networks, IT 725 Network Technology

Assignment 4

Due: Wednesday, November 19, 2025, 2:10 pm (start of the class)

Problems:

  1. (10 points) This question focuses on the concept of Autonomous System (AS) and Autonomous System Number (ASN). Find a tool (an online one is fine, it does not have to be a command line utility) that allows you to retrieve AS information and answer the following questions:
    1. What are the ASNs of ASs controlled by the University of New Hampshire System (usnh.edu)?
    2. List the IPv4 and IPv6 prefixes that are included in the University of New Hampshire System's ASs.
    3. Which ASs is the University of New Hampshire System System ASs connected to?

    Note: if you are not familiar with our university organizational structure, USNH is the umbrella organization that administers all public universities of the state, including UNH.

    There are many online tools to help with this question and you are encouraged to explore them. As starting points, check: https://bgpview.io/, https://ipinfo.io/, and https://bgp.he.net BGP Toolkit at Hurricane Electric Internet Services.

  2. (10 points) Run traceroute from a computer on the UNH network (e.g., from agate) to www.uvm.edu. List the ASs and their ASNs encountered along the way. (traceroute will not be able to get all the way to the node that serves www.uvm.edu but you will get close enough to answer the question)
  3. (20 points) Consider the trace https://www.cloudshark.org/captures/bcbaddbc071e that captures an HTTPS session, and answer the questions below. The trace captures encrypted traffic, so normally you would not be able to see the application layer payload. The HTTPS request captured in the trace was made by the command line utility curl with the environment variable SSLKEYLOGFILE set to make curl output the session key to a file. As a side note, many browsers and networking libraries can be made to output session keys for network traffic debugging purposes. If you are curious, see this article for more details (the method that they describe works for most standard applications, including curl). The session key was then uploaded to CloudShark together with the trace to enable payload decryption. If you are curious how the same trace looks without access to the key, check https://www.cloudshark.org/captures/b0b8a2079600.
    1. The session keylog has been uploaded to a third-party website. Does that in some way compromise the security of either the client or the server? Obviously, the content of the session is now visible to everyone, but how about any past or future sessions? Or sessions with other clients or servers? Is there a danger of Man-in-the-Middle attack?
    2. What is the version of TLS used in the HTTPS transaction captured in the trace?
    3. How many packets does it take to establish the TLS session (i.e., past the 3-way handshake all the way to the packet that carries the HTTP HEAD request)?
    4. Draw and annotate a sequence (ladder) diagram showing the packets used to establish the TLS session.
    5. Which packets contain the server certificate(s)?
    6. Who issued the certificate(s)?
    7. After the secure connection is established, the client starts communicating using HTTP/2. How does the client know that the server is capable of handling HTTP/2?
    8. How many HTTP/2 streams are used during the captured session? What is their purpose?
    9. Does the server support HTTP/3? How is that indicated?
    10. In which packet does the client notify the server that the TLS connection is being closed?
  4. (10 points) The UNH Cybersecurity Training Module (see two screenshots below) makes the following dangerously wrong claims regarding sites served using HTTPS:

    5. Outline answers to the following questions:

    1. What protection does HTTPS actually provide?
    2. Why is a site served using HTTPS not guaranteed to be "secure" or "legit"?
    3. What additional steps do you have to make to ascertain the legitimacy of a site served using HTTPS?
    4. Outline how one would set up a malicious site that would be considered "secure" or "legit" based on the UNH Cybersecurity Training?

Programming assignment:

  1. (50 points) The goal of this assignment is to study the latency overhead introduced by various protocols. The assignment focuses on a simple request/response transaction implemented using various protocols and, specifically, on the question of how many network round-trip times (RTTs) does it take to complete such a transaction. While other components contribute to the overall transaction latency, RTT tends to dominate. This question can be answered by analyzing the protocols in question; however, in this assignment, you are expected to study it experimentally. You will implement a simple client-server system using different protocols. In every case, the client makes a simple request to a server, the server responds with a small amount of arbitrary data, the client receives it, and measures the time the entire transaction took, i.e., including, the server processing time and, if applicable, the time it took to establish and close the connection.

    2. Experiment with six protocols:

    1. ICMP
    2. UDP
    3. TCP
    4. TLS over TCP
    5. HTTP (which runs over TCP)
    6. HTTPS (HTTP over TLS over TCP)
    Both request and response should be no more than a few tens of bytes in length, not including the protocol overhead. For all protocols except for ICMP (use ping for that), you need to write both client and server side. It is fine to use libraries for TLS/HTTP/HTTPS. For the HTTP/HTTPS server, you may want to consider using node.js or Flask, but other libraries are perfectly fine. TLS and HTTPS experiments require that you generate your own self-signed (not backed by a recognized CA) certificate (see Question 5 in the previous assignment). Most HTTPS client libraries will require extra steps to confirm that it is fine to accept a self-signed certificate. Ignore internet posts that state that accepting self-signed certificates in your program is wrong. They are correct with respect to production code; however, here we are dealing with experiments in a closed environment.

    To run your experiment, use rb1.cs.unh.edu and rb2.cs.unh.edu. Besides connectivity to the department network, the servers are connected via four links that carry no other traffic than the one produced by the experiments. Each of the links is configured so that traffic experiences different link delays. The extra delays added to the inherent delay of a directly connected link are set as follows:

    Interface Subnet Added round-trip delay (ms)
    enp2s0f010.2.0.0/24 4
    enp2s0f110.2.1.0/24 20
    enp2s0f210.2.2.0/24100
    enp2s0f310.2.3.0/24500

    The links are configured with private IP addresses, make sure that you send your test traffic over them and not over the public interfaces rb1.cs.unh.edu and rb2.cs.unh.edu. Standard development tools are installed there. Accounts are being set up for all students in the course with the same username as you have on Agate but with a different password. Your username and password has been stored in your home directory on Agate in file cs725.info, cs825.info, or it725.info, depending on the course you are registered for. The servers do not mount your Agate filesystem. The best way to keep your code in sync between your development environment and both machines is to use git and create multiple clones of your repository.

    IPv4 and IPv6 address assignment on rb1/rb2/rb3. This assignment uses only rb1 and rb2 and network interfaces enp2s0f0, enp2s0f1, enp2s0f2, and enp2s0f3. Instead of typing IP addresses, you can use hostnames using the pattern: hostname "pxyz" resolves to IPv4 address 10.x.y.z. For example, "p201" is the hostname for the rb1 interface with IP address 10.2.0.1.

    How exactly you set up the experiments is up to you. You do not have to run the experiment on all links, but the choices that you make should not be arbitrary. You can use one link to run your experiment and another one to verify your answer. Your submission must include an explicit answer to the question of how many network round-trip times (RTTs) it takes to complete such a transaction. You should include a brief justification of the experiment design decisions.

    Extra Credit: You will earn 20 extra assignment points if you implement the client-server system using HTTP/3 and test it just like the protocols listed above.

    Submission instructions:

    Upload your submission as a single PDF file using myCourses (mycourses.unh.edu). Any source code used in the assignment must be committed to the course Git repository. More details can be found in the standard assignment submission instructions.