August 2010

Master of Computer Application (MCA) – Semester 3

MC0075 –Computer Networks – 4 Credits

(Book ID: B0813 & B0814)

Assignment Set – 1 (60 Marks)

Answer all Questions Each question carries TEN marks

Book ID: B0813

1. Describe the theory of network software in computer networks. Ans:

Network Software is a set of primitives that define the protocol between two machines. The network software resolves an ambiguity among different types of network making it possible for all the machines in the network to connect and communicate with one another and share information.

Network software is the information, data or programming used to make it possible for computers to communicate or connect to one another.

Network software is used to efficiently share information among computers. It encloses the information to be sent in a “package” that contains a “header” and a “trailer”. The header and trailer contain information for the receiving computer, such as the address of that computer and how the information package is coded. Information is transferred between computers as either electrical signals in electric wires, as light signals in fiber-optic cables, or as electromagnetic waves through space.

2. Describe the OSI reference model and compare it with TCP / IP model. Ans:The Internet Protocol Suite also known as TCP/IP is the set of communications protocols used for the Internet and other similar networks. It is named from two of the most important protocols in it: the Transmission Control Protocol (TCP) and the Internet Protocol (IP), which were the first two networking protocols defined in this standard. IP networking represents a synthesis of several developments that began to evolve in the 1960s and 1970s, namely the Internet and LANs (LocalArea Networks), which emerged in the mid- to late-1980s, together with the advent of the World Wide Web in early 1990s.

The Internet Protocol Suite, like many protocol suites, may be viewed as a set of layers. Each layer solves a set of problems involving the transmission of data, and provides a well-defined service to the upper layer protocols based on using services from some lower layers. Upper layers are logically closer to the user and deal with more abstract data, relying on lower layer protocols to translate data into forms that can eventually be physically transmitted.

The main differences between the two models are as follows: -

1. OSI is a reference model and TCP/IP is an implementation of OSI model. 2.TCP/IP Protocols are considered to be standards around which the internet has developed. The OSI model however is a "generic, protocol- independent standard."

3. TCP/IP combines the presentation and session layer issues into its application layer.

4. TCP/IP combines the OSI data link and physical layers into the network access layer.

5. TCP/IP appears to be a simpler model and this is mainly due to the fact that it has fewer layers. 6. TCP/IP is considered to be a more credible model- This is mainly due to the fact because TCP/IP protocols are the standards around which the internet was developed therefore it mainly gains creditability due to this reason. Where as in contrast networks are not usually built around the OSI model as it is merely used as a guidance tool.

7. The OSI model consists of 7 architectural layers whereas the TCP/IP only has 4 layers.

8. In the TCP/IP model of the Internet, protocols are deliberately not as rigidly designed into strict layers as the OSI model.[6] RFC 3439 contains a section entitled "Layering considered harmful." However, TCP/IP does recognize four broad layers of functionality which are derived from theoperating scope of their contained protocols, namely the scope of the software application, the end-to-end transport connection, the internetworking range, and lastly the scope of the direct links to other nodes on the local network.

9. The presumably strict consumer/producer layering of OSI as it is usually described does not present contradictions in TCP/IP, as it is permissible that protocol usage does not follow the hierarchy implied in a layered model. Such examples exist in some routing protocols (e.g., OSPF), or in the description of tunneling protocols, which provide a Link Layer for an application, although the tunnel host protocol may well be a Transport or even an Application Layer protocol in its own right.

10. The TCP/IP design generally favors decisions based on simplicity, efficiency and ease of implementation.

3. Explain Circuit, Message and Packet switching techniques. Ans:Different types of switching techniques are employed to provide communication between two computers. These are :-

1) Circuit switching, 2) Message switching.3) Packet Switching

Circuit SwitchingIn this technique, first the complete physical connection between two computers is established and then data are transmitted from the source computer to the destination computer. That is, when a computer places a telephone call, the switching equipment within the telephone system seeks out a physical copper path all the way from sender telephone to the receiver’s telephone. The important property of this switching technique is to setup an end-to-end path (connection) between computer before any data can be sent.

This method involves the physical interconnection of two devices. A good example of circuit switching involves the Public phone network. A data example would be the classic A/B switch!

Message SwitchingIn this technique, the source computer sends data or the message to the switching office first, which stores the data in its buffer. It then looks for a free link to another switching office and then sends the data to this office. This process is continued until the data are delivered to the destination computers. Owing to its working principle, it is also known as store and forward. That is, store first (in switching office), forward later, one jump at a time.

Message Switching techniques were originally used in data communications. An example would be early "store and forward" paper tape relay systems. E-Mail delivery is another example of message switching.

Packet SwitchingWith message switching, there is no limit on block size, in contrast, packet switching places a tight upper limit on block size. A fixed size of packet which can be transmitted across the network is specified. Another point of its difference from message switching is that data packets are stored on the disk in message switching whereas in packet switching, all the packets of fixed size are stored in main memory. This improves the performance as the access time (time taken to access a data packet) is reduced, thus, the throughput (measure of performance) of the network is improved

Packet Switching techniques switch packets of data between destinations. Traditionally, this applied to X.25 techniques, but this also applies to TCP/IP and IPX/SPX routers also. Proprietary Frame Relay switches can switch voice signals.

Book ID: B0814 4. Explain the following concepts of Internetworking: A) Internet architectureAns:It is by definition a meta-network, a constantly changing collection of thousands of individual networks intercommunicating with a common protocol.

Internetworking is the practice of connecting a computer network with other networks through the use of gateways that provide a common method of routing information packets between the networks. The resulting system of interconnected networks is called an internetwork, or simply an internet.

The most notable example of internetworking is the Internet, a network of networks based on many underlying hardware technologies, but unified by an internetworking protocol standard, the Internet Protocol Suite, often also referred to as TCP/IP.

The Internet Protocol is designed to provide an unreliable (not guaranteed) packet service across the network. The architecture avoids intermediate network elements maintaining any state of the network. Instead Penef, this function is assigned to the endpoints of each communication session. To transfer data reliably, applications must utilize an appropriate Transport Layer protocol, such as Transmission Control Protocol (TCP), which provides a reliable stream. Some applications use a simpler, connection-less transport protocol, User Datagram Protocol (UDP), for tasks which do not require reliable delivery of data or that require real-time service, such as video streaming.

B) Protocols and Significance for internetworking Ans:Protocols for internetworking

Many protocols have been used for use in an internet. One suite known as The TCP/IP internet protocol stands out most widely used for internets. Most networking professional simply refer this protocol as TCP/IP. Work on the transmission control protocol (TCP) began in the 1970’s. The U.S military funded the research in TCP/IP and internetworking through the Advanced Research Projects Agency in short known as ARPA.

Significance of internetworking and TCP/IP

Internetworking has become one of the important technique in the modern networking. Internet technology has revolutionized the computer communication. The TCP/IP technology has made possible a global Internet, which reaches millions of schools, commercial organizations, government and military etc around the world.

C) Internet layering model Ans:

Internet uses the TCP/IP reference model. This model is also called as Internet layering model or internet reference model. This model consists of 5 layers as illustrated in figure .

The five layers of TCP/IP reference model

A goal was of continuing the conversation between source and destination even if transmission went out of operation. The reference model was named after two of its main protocols, TCP (Transmission Control Protocol) and IP (Internet Protocol). The purpose of each layer of TCP/IP is given below:

The five layers of TCP/IP reference model

A goal was of continuing the conversation between source and destination even if transmission went out of operation. The reference model was named after two of its main protocols, TCP (Transmission Control Protocol) and IP (Internet Protocol). The purpose of each layer of TCP/IP is given below:

Layer 1: Physical layer This layer corresponds to basic network hardware.

Layer 2: Network interface This layer specifies how to organize data into frames and how a computer transfers frames over a network. It interfaces the TCP/IP protocol stack to the physical network.

Layer 3: Internet This layer specifies the format of packets sent across an internet. It also specifies the mechanism used to forward packets from a computer through one or more routers to the final destination.

Layer 4: Transport This layer deals with opening and maintaining connections, ensuring that packets are in fact received. The transport layer is the interface between the application layer and the complex hardware of the network. It is designed to allow peer entities on the source and destination hosts to carry on conversations.

Layer 5: Network interface Each protocol of this layer specifies how one application uses an internet.

5. Explain the following different classes of IP addresses: A) Primary classful addresses Ans:Primary addresses

Out of five the three classes are called Class A, Class B, and Class C. These three classes together are often referred to as "classful" addressing or primary address class.

Each class fixes the boundary between the network-prefix and the host-number at a different point within the 32-bit address. The formats of the fundamental address classes are illustrated in Figure One of the fundamental features of classful IP addressing is that each address contains a self-encoding key that identifies the dividing point between the network- prefix and the host-number.

B) Class A Ans:Class A Networks (/8 Prefixes)

Each Class A network address has an 8-bit network-prefix with the

highest order bit set to 0 and a seven-bit network number, followed by 24-bit host-number. Today, it is no longer considered ‘modern’ to refer to a Class A network. Class A networks are now referred to as "/8s" (pronounced "slash eight" or just "eights") since they have an 8-bit network-prefix.

A maximum of 126 (27 -2) /8 networks can be defined as shown in figure 2.1(b). The calculation requires that the 2 is subtracted because the / 8 network 0.0.0.0 is reserved for use as the default route and the /8 network 127.0.0.0 (also written 127/8 or 127.0.0.0/8) has been reserved for the "loop back" function. Each /8 supports a maximum of 16,777,214 (224 -2) hosts per network. The host calculation requires that 2 is subtracted because the all-0s ("this network") and all-1s ("broadcast") host-numbers may not be assigned to individual hosts.

Since the/8 address block contains 231 (2,147,483,648) individual addresses and the IPv4 address space contains a maximum of 232 (4,294,967,296) addresses, the /8 address space is 50% of the total IPv4 unicast address space.

C) Class B Ans:Class B Networks (/16 Prefixes)

Each Class B network address has a 16-bit network-prefix with the two highest order bits set to 1-0 and a 14-bit network number, followed by a 16-bit host-number as illustrated in figure 2.1(b). Class B networks are now referred to as"/16s" since they have a 16-bit network-prefix.

A maximum of 16,384 (214) /16 networks can be defined with up to 65,534 (216 -2) hosts per network. Since the entire /16 address block contains 230 (1,073,741,824) addresses, it represents 25% of the total IPv4 unicast address space.

D) Class C Ans:Class C Networks (/24 Prefixes) Each Class C network address has a 24-bit network-prefix with the three highest order bits set to 1-1-0 and a 21-bit network number, followed by an 8-bit host-number as shown in figure 2.1(b). Class C networks are now referred to as "/24s" since they have a 24-bit network-prefix. A maximum of 2,097,152 (221) /24 networks can be defined with up to 254 (2 8 -2) hosts per network. Since the entire /24 address block contains 2 29 (536,870,912) addresses, it represents 12.5% (or 1/8th) of the total IPv4 unicast address space.

6. Discuss the theory and practical applications of Supernetting.Ans:

Supernetting, as might be guessed, is more or less the opposite of subnetting. Rather thanmaking additional subnets, one takes a group of subnets and combines them into one.

The subnets must be contiguous. For instance, three subnets of 192.168.1.0, 192.168.2.0 and 192.168.3.0. Note that the third octets are consecutive, 1, 2 and 3. So, rather than take (in binary) 0's from the host portion of the address and making them ones, we're taking 1's and making them zeros.

The formula in this case, rather than 2^n -2 is simply 2^n. We need to combine threesubnets. If we needed to MAKE three subnets, we'd try 2^2-2. 4-2=2, not enough, we'dhave to go to 2^3=8. 8-2=6, and therefore, we would have changed 3 0's in the last octetto 1's, changing our subnet mask from 255.255.255.0 to 255.255.255.224.

However, we're COMBINING 3 subnets into one this time. So,we have three subnets,192.168.1.0, 192.168.2.0 and 192.168.3.0, all of which have a subnet mask of255.255.255.0. 2^1=2. Nope, not enough. 2^2=4. 4 is larger than 3, so that gives usenough. We have to change 2 1's in the third octect to 0's. So, in binary, we have

11111111.11111111.11111111.00000000. We are changing 2 of those ones in the third octet to 0's. So, we have11111111.11111111.11111100.00000000. Our new subnet mask is 255.255.252.0.

Suppose we have 8 subnets that we want to combine. First, what power of 2 equals or is greater than 8? 2^3=8. Ok, we need to knock off 3 1's from the third octet. So, a subnet mask of 255.255.248.0 will enable us to combine the 8 subnets into one.

The points to remember here. Instead of changing 0's to ones, beginning at the left side ofan octet, we are changing ones to 0's, beginning at the right side of the octet. The subnetsthat are being combined must be contiguous, such as 192.168.1.0, 192.168.2.0, etc. Atleast for test purposes, we can't combine 192.168.1.0, 192.168.6.0 and 192.168.11.0.Figure out how many subnets you are combining. Figure out which power of 2 is equal orgreater to that number, eg if it's 8 subnets that you're combining, what is n in 2^n=8. If itwas just two subnets being combined, then it would be 2^1=2. If three subnets, then2^2=4, if 5 subnets then 2^3=8, etc. Whatever n turns out to be, that's how many 1's youare taking away--from the RIGHT side of the octet, and changing them to 0's.

You probably have either memorized, or have your own method by now for remembering that 10000000 is 128, 11000000 is 192, 11100000 is 224, etc. So, if we change the last 2 1's of 255.255.255.0 to 0's that will be 252. If we change three 1's to 0 it will be 248, etc.

You can of course, simply memorize tables again, but it probably isn't necessary. At leastin the practice tests I've seen, there were never more than 16 subnets to be combined,meaning that if you simply remember 240, 248, 252 and 254, you'll be fine. (For 16subnets to be combined we would go 2^n=16. n=4. Take the last 4 1's of the third octetand make them 0's. This gives us11110000 in binary, or 240 in decimal.

August 2010

Master of Computer Application (MCA) – Semester 3

MC0075 –Computer Networks – 4 Credits

(Book ID: B0813 & B0814)

Assignment Set – 2 (60 Marks)

Answer all Questions Each question carries TEN marks

Book ID: B0813

1. Explain the design of the Data Link Layer. Ans: The Data Link Layer is Layer 2 of the seven-layer OSI model of computer networking. It corresponds to, or is part of the link layer of the TCP/IP reference model.

The Data Link Layer is the protocol layer which transfers data between adjacent network nodes in a wide area network or between nodes on the same local area network segment[1]. The Data Link Layer provides the functional and procedural means to transfer data between network entities and might provide the means to detect and possibly correct errors that may occur in the Physical Layer. Examples of data link protocols are Ethernet for local area networks (multi-node), the Point-to-Point Protocol (PPP), HDLC and ADCCP for point-to-point (dual-node) connections.

The Data Link Layer is concerned with local delivery of frames between devices on the same LAN. Data Link frames, as these protocol data units are called, do not cross the boundaries of a local network.

2. Describe various IEEE Standards with respect to Medium Access Control sublayer. Ans:IEEE has standardized a number of LAN’s and MAN’s under the name of IEEE 802. Few of the standards are listed in figure 3.6. The most important of the survivor’s are 802.3 (Ethernet) and 802.11 (wireless LAN). Both these two standards have different physical layers and different MAC sub layers but converge on the same logical link control sub layer so they have same interface to the network layer.

Fast Ethernet

Fast Ethernet is a collective term for a number of Ethernet standards that carry traffic at the nominal rate of 100 Mbit/s, against the original Ethernet speed of 10 Mbit/s. Of the 100 megabit Ethernet standards 100baseTX is by far the most common and is supported by the vast majority of Ethernet hardware currently produced. Full duplex fast Ethernet is sometimes referred to as "200 Mbit/s" though this is somewhat misleading as that level of improvement will only be achieved if traffic patterns are symmetrical. Fast Ethernet was introduced in 1995 and remained the fastest version of Ethernet for three years before being superseded by gigabit Ethernet.

A fast Ethernet adaptor can be logically divided into a medium access controller (MAC) which deals with the higher level issues of medium availability and a physical layer interface (PHY). The MAC may be linked to the PHY by a 4 bit 25 MHz synchronous parallel interface known

as MII. Repeaters (hubs) are also allowed and connect to multiple PHYs for their different interfaces.

· 100BASE-T is any of several Fast Ethernet standards for twisted pair cables.

· 100BASE-TX (100 Mbit/s over two-pair Cat5 or better cable),

· 100BASE-T4 (100 Mbit/s over four-pair Cat3 or better cable, defunct),

· 100BASE-T2 (100 Mbit/s over two-pair Cat3 or better cable, also defunct).

Figure 3.8: Token Passing

IEEE 802.5 Standard - Token Ring

A ring is really not a broadcast medium, but a collection of individual point-to-point links that happen to form a circle. Ring engineering is almost entirely digital. A ring is also fair and has a known upper bound on channel access.

A major issue in the design and analysis of any ring network is the “physical length” of a bit. If the data rate of the ring is R Mbps, a sec. With a typical propagation speed ofbit is emitted every 1/R sec, each bit occupies 200/R meters on the ring. Thisabout 200 m/ means, for example, that a 1-Mbps ring whose circumference is 1000 meters can contain only 5 bits on it at once.

A ring really consists of a collection of ring interfaces connected by point-to-point lines. Each bit arriving at an interface is copied into a 1-bit buffer and then copied out onto the ring again. While in the buffer, the bit can be inspected and possibly modified before being written out. This copying step introduces a 1-bit delay at each interface.

In a token ring a special bit pattern, called the token, circulates around the ring whenever all stations are idle. When a station wants to transmit a frame, it is required to seize the token and remove it from the ring before transmitting. Since there is only one token, only one station can transmit at a given instant, thus solving the channel access problem the same way the token bus solves it.

3. Explain the following principles of routing: A) Types of routing algorithms Ans:

Algorithm Types Static versus dynamic Single-path versus multi-path Link state versus distance vector

Dynamic vs. Static

Static routing algorithms are hardly algorithms at all, but are table mappings established by the network administrator prior to the beginning of routing. These mappings do not change unless the network administrator alters them. Algorithms that use static routes are simple to design and work well in environments where network traffic is relatively predictable and where network design is relatively simple.

Dynamic routing algorithms can be supplemented with static routes where appropriate. A router of last resort (a router to which all unroutable packets are sent), for example, can be designated to act as a repository for all unroutable packets, ensuring that all messages are at least handled in some way.

Single-Path vs. Multipath

Some sophisticated routing protocols support multiple paths to the same destination. Unlike single-path algorithms, these multipath algorithms permit traffic multiplexing over multiple lines. The advantages of multipath algorithms are obvious: They can provide substantially better throughput and reliability.

Link State vs. Distance Vector

Link-state algorithms (also known as shortest path first algorithms) flood routing information to all nodes in the internetwork. Each router, however, sends only the portion of the routing table that describes the state of its own links. Distance- vector algorithms (also known as Bellman-Ford algorithms) call for each router to send all or some portion of its routing table, but only to its neighbors. In essence, link- state algorithms send small updates everywhere, while distance- vector algorithms send larger updates only to neighboring routers.

Because they converge more quickly, link- state algorithms are somewhat less prone to routing loops than distance- vector algorithms. On the other hand, link- state algorithms require more CPU power and memory than distance- vector algorithms. Link-state algorithms, therefore, can be more expensive to implement and support. Despite their differences, both algorithm types perform well in most circumstances.

B) Classes of routing algorithms Ans:Routing algorithms can be classified by type. Key differentiators include:

 - Single-path versus multi-path: Multi-path routing algorithms support multiple paths to the same    destination and permit traffic multiplexing over multiple lines. Multi-path routing algorithms can    provide better throughput and reliability.

 - Flat versus hierarchical: In a flat routing system, the routers are peers of all others. In a hierarchical routing system, some routers form what amounts to a routing backbone. In hierarchical systems, some routers in a given domain can communicate with routers in other domains, while others can communicate only with routers in their own domain.

 - Host-intelligent versus router-intelligent: In host-intelligent routing algorithms, the source end-   node determines the entire route and routers act simply as store-and-forward devices. In router-   intelligent routing algorithms, host are assumed to know nothing about routes and routers    determine the optimal path.

 - Intradomain versus interdomain: Some routing algorithms work only within domains; others work    within and between domains.

 - Static versus dynamic - this classification will be discussed in the following two slides.

 - Link state versus distance vector: will be discussed after static versus dynamic routing.

C) Properties of routing algorithms Ans:

An algorithm is written in simple English and is not a formal document. An algorithm must:

- be lucid, precise and unambiguous - give the correct solution in all cases - eventually end

Also note it is important to use indentation when writing solution algorithm because it helps to differentiate between the different control structures.

1) Finiteness: - an algorithm terminates after a finite numbers of steps.

2) Definiteness: - each step in algorithm is unambiguous. This means that the action specified by the step cannot be interpreted (explain the meaning of) in multiple ways & can be performed without any confusion.

3) Input:- an algorithm accepts zero or more inputs

4) Output:- it produces at least one output.

5) Effectiveness:- it consists of basic instructions that are realizable. This means that the instructions can be performed by using the given inputs in a finite amount of time.

D)Optimality principle Ans:A Bellman equation (also known as a dynamic programming equation), named after its discoverer, Richard Bellman, is a necessary condition for optimality associated with the mathematical optimization method known as dynamic programming. It breaks a dynamic optimization problem into simpler subproblems, writing the value of a decision problem at a certain point in time in terms of the payoff from some initial choices and the value of the remaining decision problem that results from those initial choices, as Bellman's Principle of Optimality prescribes.

The Optimality Principleif node j is on the optimal path from node i to node k, then the optimal route from j to k also falls along the same route.

Sink Tree of Optimal routes from B for above network.

From the optimality principal it is possible to generate the optimal routes between sources and destinations for the entire network. The above example shows a simple network, and the coresponding graph of optimal routes from B to all other nodes. A tree such as this is known as a sink tree.

Book ID: B0814

4. Discuss the following with respect to Internet Control Message Protocols (ICMP): A) Detecting circular or long routes Ans:Internet Control Message Protocol (ICMP) is an error reporting and diagnostic utility and is considered a required part of any IP implementation. Understanding ICMP and knowing what can possibly generate a specific type of ICMP is useful in diagnosing network problems.

ICMPs are used by routers, intermediary devices, or hosts to communicate updates or error information to other routers, intermediary devices, or hosts.

Each ICMP message contains three fields that define its purpose and provide a checksum. They are TYPE, CODE, and CHECKSUM fields. The TYPE field identifies the ICMP message, the CODE field provides further information about the associated TYPE field, and the CHECKSUM provides a method for determining the integrity of the message.

B) Clock Synchronization and transit time estimation Ans:

5. Explain the theory and practical applications of EGP and BGP Ans:The two main interdomain routing protocols in recent history are EGP and BGP. EGP suffers from several limitations, and its principal one is that it treats the Internet as a tree-like structure, as illustrated in the figure below. This assumes that the structure of the Internet is made up of parents and children, with a single backbone.

BGP is an improvement of EGP. Unfortunately it is more complex than EGP, but not as complex as OSPF. BGP assumes that the Internet is made up of an arbitrary interconnected set of nodes. It then assumes the Internet connects, to a number of AANs (autonomously attached networks). It assumes that, once they are in the AAN, the packets will be properly routed.

Most routing algorithms try to find the quickest way through the network, whereas BGP tries to find any path through the network. Thus the main goal is reachability instead of the number of hops to the destination. So finding a path which is nearly optimal is a good achievement. The AAN administrator selects at least one node to be a BGP speaker and also one or more border gateways. These gateways simply route the packet into and out of the AAN> The border gateways are the routers through which packets reach the AAN.

The speaker of the AAN broadcasts its reachability information to all the networks within its AAN. This information states only whether a destination AAN can be reached; it does not describe any other metrics. An important point is that BGP is not a distance-vector or link state protocol because it transmits complete routing information instead of partial information.

The Border Gateway Protocol (BGP) is an inter-Autonomous System routing protocol. The primary function of a BGP speaking system is to exchange network reachability information with other BGP systems. BGP-4 provides a new set of mechanisms for supporting classes interdomain routing.

6. Explain the following with respect to E-Mail: A) Architecture Ans:

Electronic mail (e mail) is one of the use of the World Wide Web, according to most businesses, improves productivity. Traditional methods of sending mail within an office environment are inefficient, as it normally requires an individual requesting a secretary to type the letter. This must then be proof-read and sent through the internal mail system, which is relatively slow and can be open to security breaches.

A faster method, and more secure method of sending information is to use electronic mail where by  a computer user can exchange messages with other computer users (or groups of

users) via a communications network. Electronic mail is one of the most popular uses of the Internet. For example, a memo with 100 words will be sent in a fraction of a second. Other types of data can also be sent with mail message such as images, sound, and so on.

A typical email-architecture contains four elements:

 1. Post offices- where outgoing messages are temporally buffered (stored) before transmission and where incoming messages are stored. The post office runs the server software capable of routing messages (a message transfer agent) and maintaining the post office database.

2. Message transfer agents- for forwarding messages between post offices and to the destination clients. The software can either reside on the local post office or on a physically separate server.

3. Gateways-which provide parts of the message transfer agent functionally. They translate between different e-mail systems, different e-mail addressing schemes and messaging protocols.

4. E-mail clients- normally the computer which connects to the post office.

B) Header format Ans:Email Headers are lines of metadata attached to each email that contain lots of useful information for a forensic investigator. However, email headers can be easily forged, so they should never be used as the only source of information.

Making Sense of Headers

There is no single way to make sense of email headers. Some examiners favor reading from the bottom up, some favor reading from the top down. Because information in the headers can be put there by the user's MUA, a server in transit, or the recipient's MUA, it can be difficult to determine when a line was added.

Sender's IP Address

Some web-based email providers include the sender's IP address in the message headers. Some do not.

Mail User Agents

Every MUA sets up the headers for a message slightly differently. Although some headers are required under the applicable RFC, their format and ordering can vary by client. Almost all clients, however, add their headers in a fixed format and order. The examiner can use the

format and order for each client to show that messages were forged, but not that they were legitimate. For example, if a message purports to be from Apple Mail but the order or the headers do not match the Apple Mail Header Format, the message has been forged. If the headers of the message do match that format, however, it does not guarantee that the message was sent by that program.

Servers in Transit

Mail servers can add lines onto email headers, usually in the form of "Received" lines, like this:

Received: by servername.recipeienthost.com (Postfix, from userid 506)

id 77C30808A; Sat, 24 Feb 2007 20:43:56 -0500 (EST)

Message Id Field

Main article Using message id headers to determine if an email has been forged. According to the current guidelines for email [1], every message should have a Message-ID field. These id fields can be used to determine if a message has been forged. It is harder, but sometimes possible, to show that a message is authentic using the message id field. Where known, the Message-ID algorithms for known programs are given on the separate pages for those programs.

Signature Fields

Main article Using signature headers to determine if an email has been forged. Some email programs allow users to sign messages. This gives the recipient some assurance that the sender given in the message really sent the message. Obviously these headers can be used by an examiner for the same purpose.

C) User agents Ans:A Mail User Agent (MUA) is an application that is used to send and receive email. Furthermore, as email “evolves” and becomes more complex, MUA's are becoming increasingly powerful in the way they interact with email; this gives users increased functionality and flexibility. FreeBSD contains support for numerous mail user agents, all of which can be easily installed using the FreeBSD Ports Collection. Users may choose between graphical email clients such as evolution or balsa, console based clients such as mutt, alpine or mail, or the web interfaces used by some large organizations.

D) E-mail Services Ans:

An e-mail hosting service is an Internet hosting service that runs e-mail servers.

E-mail hosting services usually offer premium e-mail at a cost as opposed to advertising supported free e-mail or free webmail. E-mail hosting services thus differ from typical end-user e-mail providers such as webmail sites. They cater mostly to demanding e-mail users and Small and Mid Size (SME) businesses, while larger enterprises usually run their own e-mail hosting service. E-mail hosting providers allow for premium e-mail services along with custom configurations and large number of accounts. In addition, hosting providers manage user's own domain name, including any e-mail authentication scheme that the domain owner wishes to enforce in order to convey the meaning that using a specific domain name identifies and qualifies e-mail senders.

Most e-mail hosting providers offer advanced premium e-mail solutions hosted on dedicated custom e-mail platforms. The technology and offerings of different e-mail hosting providers can therefore vary with different needs. E-mail offered by most webhosting companies is usually more basic standardized POP3 based e-mail and webmail based on open source webmail applications like Horde or SquirrelMail. Almost all webhosting providers offer standard