This course offers students an introduction to the foundational concepts of network programming and a practical guide to developing sophisticated network-based applications. The course covers a comprehensive set of basic and advanced techniques, libraries and toolsets in C, Java and Python (the course will primarily use Python for instructional purposes, but a prior proficiency in the language is not required to register for this course).

Textbooks

There is no required textbook for this course. Online resources and lecture slides will serve as the reference material for the course.

Syllabus

• Introduction to the basics of network programming
• A brief review of network protocols including IP, TCP, UDP, and DNS; TCP and UDP port number assignment; the client-server model of interaction.
• An introduction to writing a UDP socket application (server and client); using socket function calls and tips on how to use these functions.
• An introduction to writing a TCP socket application (server and client); the concept of listening and connected sockets; using socket function calls socket(), connect(), bind(), listen(), accept(), send(), recv() and close(); best practices in the use of these functions.
• Improving robustness of network programs
• IP address conventions; using DNS; port number conventions; avoiding poser servers; managing timeouts correctly.
• Handling the problem of CLOSE_WAIT state in TCP; handling incomplete send() in TCP by using it in a loop or using sendall(); handling an incomplete send() on the receive side; protocol design for such handling.
• Handling socket errors; handling broken connections; handling select errors; strategies for exiting a program gracefully.
• Why and when to half-close a connection.
• Event-driven network programming
• Event-driven programming; blocking versus non-blocking calls; non-blocking I/O on Windows and MAC OS X; using the select() function for I/O multiplexing; handling multiple clients at a server; alternatives to using the select() function call.
• Using an event-driven framework for writing network programming code; the SocketServer class; writing event-handling routines; using the Twisted framework; writing a client and a server using Twisted; handling connections in Twisted.
• Using the Domain Name System
• A review of the Domain Name System (DNS); using getaddrinfo(); making raw DNS calls; how to query a specific nameserver.
• Using DNS for writing performance measurement tools; an introduction to the King tool for measuring latency between arbitrary hosts.
• Using application layer libraries for web, email and ftp
• Sending and receiving HTTP messages; httplib() and urllib().
• Using FTP in software; using ftplib(); anonymous ftp.
• Sending and retrieving email; the SMTP protocol; mail access protocols: SMTP, POP and IMAP; Sending email using SMTP; retrieving email using IMAP; using IMAPClient; writing a GMail tool using IMAPClient.
• Using a web site API; screen scraping vs. APIs; using the YouTube API and gdata; handling paging, feeds and authentication.
• Improving the performance of network programs
• Buffering and TCP; managing buffer deadlock; the TCP socket life cycle.
• Network programing using multithreading; using threads vs. processes; locks and synchronization; understanding the limitations of threading, especially in Python; when to use multiple processes instead of multiple threads; the multiprocessing module in Python.
• Interprocess communication; using pipes and shared memory; when not to use shared memory or pipes.
• General tips for high-performance network programming; using profiler tools; how to exploit caching in the network; using the memory cache daemon (memcached).
• Security and network programming
• Using the Secure Sockets Layer (SSL) and Transport Layer Security (TLS); a brief introduction to public key cryptography and digital certificates; client-side programming using TLS; handling certificates; reading a certificate.
• Using a self-signed certificate; using OpenSSL; writing a secure web application using TLS; generating a certificate; signing a certificate; setting up your own certification authority for testing your network programs.
• How Secure Shell (SSH) works; key management in SSH; using SSH in programs.
• Python and cryptography; extending Python with C code for performance; using pycrypto for generating public-private key pairs; using Fabric for SSH in Python.
• Raw sockets and packet sniffing
• Cache poisoning attacks with Scapy
• Processing pcap files
• General security tips for network programming; understanding the buffer overflow and related overflow attacks; secure coding standards in Python.
• Programming for web applications
• Writing web applications; CGI programming; how to write a CGI application; web server gateway interface (WSGI) and middleware; software architecture of web servers.
• Security issues with CGI; cross-site scripting (XSS) attacks; strategies for avoiding XSS attacks; cross-site request forgery and countermeasures in CGI programming.
• A brief introduction to game networking; writing peer-to-peer applications versus client-server applications; lockstep issues; latency hiding.
• A brief introduction to application development using cloud computing; a brief introduction to the Google App Engine.

Grading Policy

The grading in the course is based on homework assignments, mini-projects, one final project and a final examination. The cumulative grade is based on the following:

• Weekly homework assignments: 40%
• Independent project: 15%
• Four 30-minute quizzes (on April 20, May 6, May 18 and May 27): 40%
• Class participation: -5 to +5%

Both your class rank in the quiz scores and your class rank in the overall scores will be considered for the final grade.

Policy on homework assignments

Homework is always due at the beginning of the lecture class on the day it is due. Typically, homework is collected during the class hours; if a student is unable to attend class, he/she should make alternate arrangements to deliver the homework to the instructor before the time it is due (e.g., by faxing the homework to the instructor at 215-895-1695, or sending the homework as an e-mail attachment to the teaching assistant or to the instructor).

Homeworks and mini-projects submitted after the due date and time will be graded at zero points.

Policy on Absences

Absence from examinations will be excused only under extraordinary circumstances such as medical or family emergencies. A missed examination without prior approval and without legitimate reasons will be graded at zero points. An absence will be excused only if the student is able to provide legitimate documentation (such as a physician's note). An absence from an examination with prior approval will require the student to take an alternate exam at a later time. Special examinations will not be held earlier or on later dates to accommodate, for example, flight schedules for overseas vacations.

Policy on Academic Honesty

Each student is expected to complete homework and project assignments independently; it is not acceptable to copy another student's work or to copy solutions from any other source. Barring action on flagrant violations, an honor system will be assumed.

The following is a partial list of activities that will be considered to constitute academic dishonesty:

• Presenting the work of another person (fellow student or not) as your own.
• Cheating in an examination such as through conversations with other students, sharing textbooks or other materials with another student, using unauthorized books not approved by the instructor in an open book examination, or by inappropriate or unauthorized use of technology such as laptops and cell-phones during an examination.
• Using or attempting to use the work of another student or providing answers to other students.
• Failing to take reasonable measures to protect your work from use by other students in assignments, projects or examinations.

Penalties for academic dishonesty will be strictly enforced and will include a lowering of the grade or a failing grade in the course.