Here is the solution for the final exam. My comments on common mistakes are embedded inside.

And now, a personal message: I would like to thank all of you for being patient with me throughout the semester. This semester’s CS2105 has been the most difficult semester for me to teach: (i) the class size increases to a record high of 191, (ii) the number of TAs reduces to 1, and (iii) I just become a father to a pair of twins in Dec 2013 and am in the constant state of sleep deprivation for the whole semester. I have been late in posting class materials, returning assignments, and returning emails (or not returning emails). I have made mistakes in some of the lectures and spoken incoherently occasionally, and yet you all have been the nicest bunch of students and have tolerated these. Some of you even have kind words for me despite all of these, and that kept me going. So, thank you.

I hope you have enjoyed CS2105 and have learnt something useful. Have a good break!


Assignment 3: Returned

I have emailed your Assignment 3 scripts back to you to your NUS email account.

Due to a bug in the process, however, a small number of scripts are scanned twice, and so some of you received two emails. Sorry about this.

More seriously, a small number of you did not have your scripts scanned initially. I have tried to check through everyone and rescan/email back those that I missed the first round.

If by now you still have not received your Assignment 3 by email, please let me know.

Assignment 3: Common Mistakes

Hi, These are the common mistake for assignment 3:

Q1-a) Do not explaining about the MAC address. For example, some student wrote “To obtain the IP address”.

Q1-c) Some students just wrote that they could not find the response to packet 9 but did not explain why.

Q2-b) Some students wrote that since the DHCP servers and capturing host have IP addresses with different prefix, they should be in two different subnets. However, we need to have the subnet mask to be able to jugde. The good news is that we did not deduct the mark for those without mentioning msubnet mask.

Q3-b) There were a confussion for this part with iterative and recursive queries in DNS. However, the question was about the reason that a client contacts three different DNS servers instead of one.

Q3-c) There were students which wrote the TTL of IP layer.

Q4-b) The man in the middle attack was mentioned by some student as the vulnerability of self-signed certificate. However, since the self-signed certificate is from a root CA, it is trustable.

Assignment 3: Solutions


a. To obtain the mac address of

b. The host with IP address of and MAC address of d4:be:d9:9d:97:e8. Each of them is fine.

c. No. Because directly responds within a standard frame to the not in the broadcast manner.

d. To query for the mac address of the IP

e. 127. The Mac address of IP which is 00:00:0c:07:ac:02.

f. The packet is a Gratuitous ARP message which is useful for the purposes below:

  • detect IP conflicts. When a machine receives an ARP request containing a source IP that matches its own, then it knows there is an IP conflict.
  • assist in the updating of other machines’ ARP tables.  Clustering solutions utilize this when they move an IP from one NIC to another, or from one machine to another. Other machines maintain an ARP table that contains the MAC associated with an IP. When the cluster needs to move the IP to a different NIC, be it on the same machine or a different one, it reconfigures the NICs appropriately then broadcasts a gratuitous ARP reply to inform the neighboring machines about the change in MAC for the IP. Machines receiving the ARP packet then update their ARP tables with the new MAC.
  • inform switches of the MAC address of the machine on a given switch port, so that the switch knows that it should transmit packets sent to that MAC address on that switch port.
  • Every time an IP interface or link goes up, the driver for that interface will typically send a gratuitous ARP to preload the ARP tables of all other local hosts. Thus, a gratuitous ARP will tell us that that host just has had a link up event, such as a link bounce, a machine just being rebooted or the user/sysadmin on that host just configuring the interface up. If we see multiple gratuitous ARPs from the same host frequently, it can be an indication of bad Ethernet hardware/cabling resulting in frequent link bounces.

Mentioning the Gratuitous ARP message and one of the above purpose is fine.

g. d4:be:d9:9d:b4:ba. This can be acheived from sender MAC address of any packet which has the source IP address of capturing host (


a. and

b. No. By finding the DHCP ack packets, we can find and as the source IP address. By finding the subnet mask for which is, we can find that they are not in the same subnet.

c. Two. We can obtain this by list all the DHCP Discover messages and then count the number of different mac address.

d. Because the capturing host wants to keep its previous IP address if it is possible.


a., and

b. The client may contacts several DNS server in parallel to save the time in the case of failure of one or when an address may not be cached in one DNS
server but may be cached in another.

c. 9 min and 31 second comes form DNS server.


a. The first certificate certifies the public key of diasy.ubuntu.com, signed by “Go Daddy Secure Certificate Authority”. The second certificate certifies the
public key of “Go Daddy Secure Certificate Authority”, signed by “Go Daddy Root Certificate Authority”. The third certificate certifies the public key of “Go Daddy Root Certificate Authority”, signed by “Go Daddy Class 2 Certification Aut”.

b. Yes. A root CA can sign itself.

c. Packet 211 contains the master key encrypted with the public key of diasy.ubuntu.com.

Past Year Exam Papers

Here are two past year CS2105 exam paper set by me:


Oh, here are some MCQs that have been rejected as exam questions this year.

1. Which of the following is a VALID networking protocol?

2. Which of the following is NOT a table used in networking protocols?
A. Switching Table
B. NAT Table
C. Forwarding Table
D. Routing Table
E. Premier League Table


Assignment 3 Submission Log

Some of you are anxious if we have received your Assignment 3 submission or not, especially those who slipped the answer sheet under my door.

This is good, because this means you understand well how reliable protocol works, and you are waiting for an ACK from the receiver! You are also worried that Trudy might have intercepted your submission.

Instead of sending back an ACK to individual students, I will broadcast the ACK periodically. So here is the Google Doc that lists the hardcopy answer sheets to Assignment 3 that we have received. The list will be updated a few more times until the deadline.

List of Assigment 3 Received (Hardcopy Submission Only)

Assignment 3: Update on Submission Instructions

Since the deadline falls on a public holiday, we have decided to allow softcopy submission in addition to hardcopy.

If you decide to submit a hardcopy, you can still pass them to either Wei Tsang or Saeid as per instructions.

If you wish to submit a softcopy, please read and following the instructions below carefully.

  1. A PDF answer form has been made available.
  2. Use any decent PDF viewer/editor to fill up the form with your answers. Remember to save the form after you fill it up with your answers.
  3. Rename the form a3-A1234567X.pdf, replacing A1234567X with your matriculation number.
  4. Submit the form into IVLE workbin here, before the deadline.


  1. Please do not submit any other forms of softcopy (e.g., something scanned from a scanner, an image of the answer sheet taken with your phone, a text file edited with vim, etc.) Only the filled up version of the PDF form above is acceptable.
  2. Please do not email us the softcopy. Do not submit a floppy disk containing the softcopy either!
  3. Please name the PDF file according to the convention a3-<matric number>.pdf. Do NOT name it as a3-<nusnet ID>.pdf. (Your matriculation number ends with an alphabet).

There is a 1-point penalty for each violation of instruction above.

Assignment 2 Solution

I have finished grading Assignment 2.

There are couple of common mistakes that worth highlighting here:

  1. If you receive a corrupted packet, you should not look at the content of the packet, since you cannot tell which bit is corrupted! Many of you still assume that p.seq is valid even when p.isCorrupted is true. For this, I takes off two points.
  2. Another common bug is that you did not make sure that all timers are cancelled when the connection is closed. As a result, the sender goes into infinite loop sending forever (and encountering exceptions forever).
  3. The last packet should be treated as any other packet. This means the sender should still ensure that it is received correctly, by repeated retransmitting until it does. Some of you forgot about this and only ensures that the packets are sent correctly, except the last one!

Lecture 12: Putting Things Together

14 April, 2014.

Today, we are going to see how the five layers work together through the examples. We will end the lecture by distilling some of the most important tricks that engineers have used to build computer networks, and higlight how it is used in different parts of CS2105.

Reading: 5.7 A Day in the Life of a Web Page Request

Slides: PDF

CS2105 In the News: on the Heartbleed bug of OpenSSL


Anyway, the heartbleed bug pretty much allows an attacker to probe a server that will end up revealing the private key. Once an attacker knows the private key, they can decrypt session keys that have been sent to the server, and thus decrypt all of the encrypted traffic that goes back and forth between the browser and the server.
Another bit of magic with public key encryption is the notion of “digital signature.” Your browser can create a mathematical challenge using the public key that only someone with knowledge of the private key can solve. This is part of how a website proves to a browser that it is what it says it is. If an attacker learns the private key of some website, then it can masquerade as that site.
All in all, the capture of a server’s private key is a bad thing, and that is what this bug enables.

Assignment 3: Clarification 1

Dear Students,

There were three typos in the pdf file of Assignment 3. We updated the pdf file and uploaded on the blog. Please either re-download the pdf file here or consider the three below points:

1. Question 3 – part (c) – second and third line: the correct URI is daisy.ubuntu.com instead of diasy.ubuntu.com

2.Question 4 – second line: the correct sentence is “Right click on Packet 145 and choose ..” instaed of “Right click on Packet 36 and choose ..”

3. Question 4 – forth line: the correct IP addres is “″ instead of “”