1️⃣ List and briefly explain the four main network criteria mentioned in the slides. Why is each important for security?
✅ 4 criteria – performance, accuracy, reliability, security
Performance – measured by transit/response time; depends on users, medium, topology, hardware.
Accuracy – data must arrive unchanged/corruption-free.
Reliability – data reaches intended destination (availability).
Security – protection from unauthorised access (confidentiality, integrity).
Accuracy – data must arrive unchanged/corruption-free.
Reliability – data reaches intended destination (availability).
Security – protection from unauthorised access (confidentiality, integrity).
🔐 Security directly relies on the other three: poor accuracy can hide attacks; low reliability enables DoS; bad performance may indicate anomalies.
2️⃣ Compare simplex, half‑duplex and full‑duplex with real examples from the lecture. Which one is used in a telephone call?
✅ three direction modes
Simplex (unidirectional) – one station transmits, other only receives. E.g., keyboard to computer, radio broadcast.
Half‑duplex – each can transmit or receive, but not simultaneously. E.g., walkie‑talkie.
Full‑duplex – simultaneous two‑way transmission. Telephone call is the classic example.
3️⃣ Distinguish between network edge and network core. Name two devices/components found in each.
✅ edge – hosts; core – routers
Network edge: end systems (hosts) that run applications (web, email). Examples: client PC, server.
Network core: mesh of interconnected routers forwarding data. Examples: core router, optical links.
The edge uses core services for communication.
4️⃣ Explain the fundamental difference between circuit switching and packet switching. Which one is used on the Internet?
✅ circuit: dedicated path; packet: store‑and‑forward
Circuit switching – end‑to‑end resources reserved for the call (telephone net). Guaranteed performance, but waste if idle.
Packet switching – data split into packets, each travels independently; routers forward based on destination address. Internet uses packet switching.
Packet switching offers better efficiency and resilience.
5️⃣ What are the five components of data communication (from slide 22)? What role does a protocol play?
✅ message, sender, receiver, medium, protocol
1. Message – information to be communicated. 2. Sender – device that sends. 3. Receiver – destination device. 4. Medium – physical path. 5. Protocol – set of rules governing data exchange.
Protocol defines format, order, actions on transmission/receipt (slide 23).
6️⃣ Give two applications that use TCP and two that use UDP. Why is UDP chosen for streaming media?
✅ TCP: HTTP, email; UDP: DNS, VoIP
TCP applications – Web (HTTP), file transfer (FTP), email (SMTP). Reliable, in‑order delivery.
UDP applications – streaming media, DNS, Internet telephony. No retransmission delay; time‑sensitive, error‑tolerant.
UDP avoids head‑of‑line blocking, crucial for real‑time.
7️⃣ Describe the TCP three‑way handshake in detail. Why do firewalls and IDS inspect these packets?
✅ SYN, SYN‑ACK, ACK
Step 1: Client sends TCP SYN segment (initial seq# = x, no data).
Step 2: Server receives SYN, replies with SYN/ACK (seq# = y, ack = x+1). Allocates buffers.
Step 3: Client receives SYN/ACK, replies with ACK (ack = y+1). May contain data.
🔥 Firewalls/IDS use the handshake to track connection state, filter spoofed SYNs, and detect port scans.
8️⃣ Explain how a TCP connection is normally terminated (FIN handshake). When would an application send an RST instead?
✅ four‑step FIN, or immediate RST
Normal close: client FIN → server ACK + FIN → client ACK, then timed wait.
RST (reset) – sent to abort abruptly (e.g., application error, crashed process, or unwanted connection). No graceful close.
9️⃣ What is the 4‑tuple that identifies each TCP connection? How is it used in network filtering and intrusion detection?
✅ (src IP, src port, dst IP, dst port)
Each TCP connection is uniquely identified by these four values (slide 32).
Filters (ACLs, firewalls) use 4‑tuple rules to permit/deny traffic. IDS tracks flow state; anomalies (mismatched seq/ack) can signal attacks.
🔟 Describe the UDP segment header. What is the length of the header? Which field helps detect corruption?
✅ 8‑byte header, checksum field
UDP header: source port (16b), dest port (16b), length (16b), checksum (16b). Total 8 bytes.
Checksum verifies packet integrity (optional in IPv4 but usually enabled).
1️⃣1️⃣ Explain data encapsulation in the TCP/IP model. What happens to a message as it moves from application to physical layer?
✅ each layer adds its own header
Application data → transport layer adds TCP/UDP header (segment) → network layer adds IP header (datagram) → link layer adds frame header/trailer → physical layer transmits bits.
Receiving side does the reverse (decapsulation).
1️⃣2️⃣ How do sequence numbers and acknowledgment numbers provide reliable data transfer in TCP? Use the "lost packet" scenario.
✅ sender retransmits if ACK not received
Sender numbers each byte (sequence #). Receiver ACKs next expected byte. If timeout occurs without ACK, sender retransmits. (slide 34)
In lost packet case, duplicate ACKs trigger fast retransmit.
1️⃣3️⃣ Distinguish between LAN, MAN and WAN. Give an example of each from the lecture.
✅ LAN (building), MAN (city), WAN (long distance)
LAN – single building, e.g., Ethernet. MAN – covers city (campus interconnections). WAN – long distance, e.g., Internet.
1️⃣4️⃣ Why does a process need both an IP address and a port number? Give example for lu.edu.qa web server.
✅ IP = host; port = specific process
IP delivers to the correct host; port demultiplexes to the correct process/application.
Example: lu.edu.qa web server = IP 86.36.50.226, port 80.
Slide 31: identifier = (IP address, port number).
1️⃣5️⃣ List three factors that affect network performance, as described in slide 4.
✅ number of users, medium, bandwidth, hardware/software, topology
Any three from: users, transmission medium, bandwidth, hardware/software efficiency, topology.
📌 frequently used formulas & identifiers
4‑tuple (socket pair)
src IP · src port · dst IP · dst port
UDP header length
8 bytes (fixed)
TCP seq/ack
ack # = next expected byte
max bytes in one segment
MSS = MTU – (TCP+IP hdr)
throughput approx
≈ min(link bandwidth, window/RTT)
port numbers
HTTP:80 · HTTPS:443 · DNS:53
ACADEZI 2026