about 3,749,760 bits. That is 37% of
our 10,000,000 bit bandwidth. That
leaves almost 6,300,000 bits for carrying data each second.
But hold on a minute. If we are
exchanging data between a UDP or
TCP application, the Data field of the
Ethernet frame will contain two or
more encapsulated protocols, such as
IP carrying UDP, or IP carrying TCP carrying HTTP. Either way, the protocol
headers take away another chunk of
bits, leaving us with even less bits for
carrying data.
On top of all that, we have
assumed a perfect Ethernet network
with no collisions. Any collisions will
cause retransmission of the affected
frames (after a random idle period),
wasting even more of our precious bit
budget.
In short, when you think of 10
Mbps Ethernet, be aware that all
those bits are not being used as data
bits.
LESS IS MORE,
MORE IS MORE
As any digital electronics student may recall, the more logic
gates you have in a circuit, the
longer the propagation delay
between the inputs and outputs. For
example, a circuit with six gates
connected in a series fashion, with
one gate’s output feeding the next
gate’s input, will have a cumulative
propagation delay equal to the sum
of the individual gate delays. If we
pretend that each gate has an identical delay, say five nanoseconds,
then the entire circuit has a delay of
30 nanoseconds. The significance of
the gate delay is that we must wait
for 30 nanoseconds after changing
the inputs before we can change
them again.
By reorganizing the circuit so
that the gates function as a
hardware pipeline, we might
put three gates in each of two
stages. This means that each
stage has a delay of only 15
nanoseconds. By putting
latches between the logic
gates, each stage can be
clocked once every 15 nanoseconds.
This means we can change the inputs
every 15 nanoseconds, instead of
every 30. We also get a new result at
the output every 15 nanoseconds,
instead of every 30. The pipeline can
be operated two times faster than the
original circuit.
If we divided the six gates into
three groups of two gates each, the
pipeline would have three stages,
with each stage clocked once every
10 nanoseconds. The circuit can be
operated three times faster than the
original circuit. So, maybe you see
why I say “less is more.”
On the other hand, suppose we
have a group of gates that perform a
particular arithmetic operation for
us, such as signed addition. Whether
the gates are pipelined or not, the
circuit takes a certain amount of time
to do its job. If we add a second
group of gates (another copy of the
original circuit), it would appear that
performance would suffer. After all,
there are now two circuit delays
instead of one. The trick, however, is
to operate the two circuits in parallel.
Thus, there is still only one circuit
delay, but now two results are available instead of one. We change the
inputs on both circuits at the same
time, wait one circuit delay, and then
read the results from the outputs of
both circuits. More logic leads to
more performance when parallelism
is exploited. This is why I say “more is
more.”
packs or upgrades. In other words, the
computer looked very attractive to
someone looking for a computer to
break into.
The initial infection took less
than 24 hours and the winner was the
Nachi worm, a nasty bandwidth
hogger as it seeks other computers to
infect. The honeypot went live on a
Friday afternoon, and Monday
morning my ISP was on the phone
informing me of the infection. I asked
the ISP technician how he discovered
my computer was infected. He replied
that my system was a “top talker” on
the network, and his laptop monitors
top talkers.
Even more interesting than that
was what happened after the first
attacker identified my honeypot as
a vulnerable host. Within an hour,
several ‘buddies’ had joined in the
fun, with probes coming from lots of
different IP addresses and networks. I
can only imagine that once the
machine was penetrated, word got
out as one attacker told another and
the party got started.
I ran a network sniffer program on
the honeypot while it was being
attacked and captured many
attempts. I shared the capture files
with my computer security and forensics students so they can analyze
them and discover what happened
themselves.
THE SOCIAL LIFE
OF A HONEYPOT
One summer, I set up a honeypot in my college office. A honeypot is a computer connected to
the Internet that is deliberately
vulnerable to attacks. There is
no firewall to protect it, no
router to hide its presence
via NAT, no anti-virus or
anti-spyware software
running. The operating
system on the computer
was a freshly-installed
copy of Windows NT
Server with no service
CONCURRENT VERSUS
SIMULTANEOUS
INSTRUCTION
EXECUTION
What is the difference between
instruction execution being concurrent or simultaneous? First, consider
a single processor system, with the
processor containing a single instruction execution unit. Concurrent execution means two or more threads of
code are executed over a period of
time, taking turns at the execution
unit. To execute the two threads
simultaneously, the processor would
need to have a second execution unit,
or you would need to add a second
processor. Newer Intel CPUs provide
both concurrent execution (via its
January 2006 25
