StudyXY
RegisterLog in

Mechanisms of IP Fragmentation, TCP Flow Control, and ARP Spoofing Detection in Network Security

This document discusses critical mechanisms related to IP fragmentation, TCP flow control, and ARP spoofing detection in network security.

Olivia Smith
Contributor
4.6
37
5 months ago
Preview (6 of 17 Pages)
100%
Purchase to unlock

Page 1

Mechanisms of IP Fragmentation, TCP Flow Control, and ARP Spoofing Detection in Network Security - Page 1 preview image

Loading page image...

Mechanisms of IP Fragmentation, TCP Flow Control, and ARPSpoofing Detection in Network Security1.Explain the mechanisms of IP fragmentation and reassembly,and describe the role of intermediate routers and the receiver inthis process.Additionally, explain the TCP flow control andretransmission process when a segment is lost during datatransmission.Answer 1Ip fragmentation and reassembly are total different mechanism and not identical to eachother. The main difference between two of them is that the intermediate routers performfragmentation and they do not perform reassembly of an IP datagram. The reassemblytakes place at receiver site. When the data travels over the internet, intermediate routersdivide the whole information into smaller segments known as packets (datagram’s).There are thousands reasons why reassembly of an IP datagram has to made onreceiverside. The substantial reason is that the packets can take different routes so that they canreach their real destination.('IP fragment reassembly vulnerability', 2000)This mean isthat the whole information goes through multiple routers. Hence, multiple paths areavailable to transmit data.If the task of reassembly is handed over to intermediate routers then all fragments of amessage are unavailable. The intermediate router is unable to see all the fragments.System becomes more complex if reassembly carries out by the middle routers. Apartfrom them, there are thousands of drawbacks associated if reassembly attempts while thedata is being sent. If reassembly begins in intermediate routers then there are high

Page 2

Mechanisms of IP Fragmentation, TCP Flow Control, and ARP Spoofing Detection in Network Security - Page 2 preview image

Loading page image...

Page 3

Mechanisms of IP Fragmentation, TCP Flow Control, and ARP Spoofing Detection in Network Security - Page 3 preview image

Loading page image...

chances of data loss or obscure information. The entire message becomes corruptedbecause of missing fragment.If intermediate has to take place at intermediate routers,buffers resources are needed. All parts of the datagram have to go through intermediatenodes for proper reassembly, which might halt the process of dynamic routing.The main task of an intermediate routeris to perform fragmentation, not to doreassembling. Theend device has full privilege to reassemble the fragments. We got areason for that. (a)The fragments follow the concept of packet switching instead ofcircuit switching. This means datagram can may follow different paths instead ofone.There are thousands chances that one router may receive only few fragments of a packet.It is not in proper situation to get all the needed fragments. Hence, this halts the continueflow of data and might pose some problems. If router has capability to receive all thefragments, it is futile to put an extra pressure on a router and this pressureslows down theworking of an intermediate router.Part 2

Page 4

Mechanisms of IP Fragmentation, TCP Flow Control, and ARP Spoofing Detection in Network Security - Page 4 preview image

Loading page image...

In the above scenario,we can see clearly thatHost B sends two tcp segmentsof 100 byteseach. One segment is lost during the data transmission and flow of data is unidirectional.The receiver receives theTCPsegment NO 2 which is out of order. The receiver puts thedata in its buffer after leaving a gap to show that data is still missing and yet to receive.Acknowledgementis sent back to the sender displaying the next byte it expects. It isimportant to note that the receiver stores bytes 201300, but these bytes are notdelivered to the application till the missing space is filled. There is one RTO timer lyingon sender TCP for entire duration of connection. When TCP segment 1 times out, thenTCP resends the missing segment again. Host A successfully receives the missingsegment and put in its buffer. When the whole data is in proper sequence, it sends to theprocess.This way is very useful and beneficial for proper flow of data. Afterretransmission of the missing segment,host A can successfully receive the wholeinformation without any obstacle after reassembling is over.Host B (Sender)Seq:101 ~ 200LostSeq:201 ~ 300Host A (Receiver)TCP segment

Page 5

Mechanisms of IP Fragmentation, TCP Flow Control, and ARP Spoofing Detection in Network Security - Page 5 preview image

Loading page image...

2.Explain the ARP spoofing detection process, detailing the modules involved in detectingand mitigating ARP spoofing attacks, and how the system handles traffic verification and alertsnetwork administrators.Answer 2Arp stands for address resolution protocol that does not possess authentication procedureso that true identity of the initiator can be verified. This networking protocol holds a longhistory and lacks immunity against spoofing attacks. It is considered that ARP spoofingisthe first stair that leads to various attacks such DoS, man in the middle attack etc. Theworld is still using passive mechanism for the detection of spoofing attack. This methoddoes not hold good reputation because it got a lot of drawbacks. There is a time lagbetween detection and learning, which is the main of its less popularity. Sometimes, thesystem is unable to grab the neck of an attacker and come to know about this event longafter. The active approach is an alternative to overcome from this situation. This approachis better, incredible faster as compared to passive approach in figuring out ARP spoofingattacks. This is just not enough because it has capabilityto detect the real mapping ofMAC to ip address.The active approach has been chosen that divides our detection indifferent modules.ARP sniffer module: The main task of this module is to collect all the needed traffic fromevery inch of the network.MHAD module:-The main job of this module is to divide all the traffic into twodifferent categories. These categories are inconsistent and consistent headerARPpackets respectively.

Page 6

Mechanisms of IP Fragmentation, TCP Flow Control, and ARP Spoofing Detection in Network Security - Page 6 preview image

Loading page image...

KTFM:-It stands for known traffic module whose main task is to perform filtering of allthe traffic. Thepacket will be dropped by it if the internet protocol to MAC mapping issystematic. If contradiction exists then alarm will be raised. The main task of spoofdetection engine is to done verification of new ARP packets and they do not have knownaddress.SDE module:-It stands for spoof detection engine module which is the prominent engineto detect anything related with ARP spoofing. It receives input in the form of consistentheader ARP packets. It has thousands of responsibilities on its shoulder and comes withdeep complexity.Database module:-When the verification of legitimate ARP entries done, then theseentries are sent to host database.Spoof alarm module:-An alarm will be raised by this module if it detects arp spoofing. Itimmediately sends a mail, text to the administrator who is eagerly waiting for suchmoment. Hence, a lot of pressure on network administrator shoulders has already beenreduced.
Preview Mode

This document has 17 pages. Sign in to access the full document!

Study Now!

XY-Copilot AI
Unlimited Access
Secure Payment
Instant Access
24/7 Support
Document Chat

Document Details

Subject
Information Technology

Related Documents

View all
Class Notes

DevOps and Its Importance Study Notes

DevOps Overview – Covers culture, performance metrics, CI/CD, CALMS model, automation, continuous testing, and frameworks like Agile, SAFe, and SRE. Ideal for modern IT and DevOps foundation learning.

Past Exams

Veeam Certified Engineer VMCE-V12

Veeam Backup Q&A – Covers Scale-out Backup Repositories, Oracle RMAN plug-in, agent-supported OS, and retention policies. Ideal for IT pros preparing for Veeam certification or data protection roles.

Past Exams

Modules 1 - 3 Basic Network Connectivity and Commu

Modules 1–3: ITN v7.0 Exam Answers on Basic Network Connectivity and Communications. Covers OSI model, IP addressing, protocols, and network devices. Ideal for CCNA exam prep.

Class Notes

Notes CCNA

Set boot file and recover from crash on Cisco switches. Use boot system commands, mode button, and boot loader steps to restore functionality after power loss or software issues.

Class Notes

CCNA 200-301 Portable Command Guide 5th Edition 20

Configure and secure NTP for accurate time across your network. Learn NTP design, troubleshooting, clock settings, and timestamps with configuration examples to support SLAs and log accuracy.

Class Notes

CCNA 200-301 Portable Command Guide 5th Edition 22

Manage traffic using ACLs: Learn to create, apply, and verify standard, extended, named, and IPv6 ACLs. Includes tips, keywords, sequence numbers, and configuration examples.

Class Notes

CCNA 200-301 Portable Command Guide 5th Edition 36

Learn how to subnet IPv4 addresses using binary math, including Class B and C subnetting, binary ANDing, and shortcuts—essential skills for mastering the CCNA 200-301 exam.

Class Notes

Foundations of Novell Networking Section 26

Learn how web servers work and explore installing and configuring the NetWare Enterprise Web Server in NetWare 6, including support for iFolder and iPrint.

Class Presentation

Modulo 7 DHCPv4

Aprende a configurar DHCPv4 para asignar IPs dinámicamente. Ideal para redes grandes o pequeñas, usando servidores dedicados o routers Cisco con IOS como servidor DHCP eficiente.

Class Notes

Build and troubleshooting Integration Challenge

Networking Practice Exam: Configura y soluciona redes con routers y VLANs. Incluye direccionamiento IP detallado, subredes, interfaces y pruebas de conectividad para integración de sistemas.