117 Final Study Guide Flashcards
What are the four basic operations of the network layer?
- Addressing end devices
- Encapsulation
- Routing
- De-Encapsulation
What does the network layer provide?
The network layer provides services to allow end devices to exchange data.
What are the two principle network layer communication protocols?
IPv4 and IPv6
What is IP Encapsulation?
IP encapuslation encapsulates the transport layer segment using either an IPv4 or an IPv6 packet. It does not impact the Layer 4 segment.
The IP packet will be examined by all layer 3 devices as it traverses the network.
Does IP addressing change during travel?
No, IP addressing stays the same from source to destination.
What are the characteristics of IP?
IP is meant to have low overhead and may be described as:
Connectionless
Best Effort
Media Independent
What are the 3 types of routes inside of a routing table?
Directly connected (Routes automatically added to the router, provided it is active and has addressing)
Remote ( Routes the router does not have a direct connection to, but may learn either manually or dynamically)
Direct route (This forwards all traffic to a specific direction where there is not a match in the routing table)
What are the characteristics of static routing?
Static routes must be configured manually
Static routes must be adjusted manually if there is a change in topology
Good for small, non-redundant networks
Often used in conjunction with dynamic routing for configuring a default route.
What are the characteristics of dynamic routing?
Dynamic routes automatically:
Discover remote networks
Update information
Choose the best path to a destination
Find new best paths when there is a change in topology.
Can dynamic routing share static default routes?
Yes, dynamic routing can share static default routes with other connnected routers.
What command is used to access the IP routing table?
show ip route for IPv4
show ipv6 route for IPv6
What are the route sources listed in the routing table?
- Directly Connected Routes:
- L - Directly conected local interface IP address
- C - Directly Connected Network
- Default Routes
- S - Manually configured static route
- R - Rip route
- Remote Routes
- O - OSPF
- D - EIGRP
What is ARP?
ARP (Address Resolution Protocol) is used to determine the destination MAC address of a local device when it knows its IPv4 address already.
Name the 2 basic functions of ARP
ARP Resolves IPv4 addresses to a MAC address
ARP maintains an ARP tables of IPv4 to MAC address mappings.
How does ARP function?
To send a frame a device will search its ARP table for a destination IPv4 address and a corresponding MAC address.
ARP sends out a broadcast (255.255.255.255) to all devices on the LAN it’s connected to. Only the device with the correct IP address responds with its MAC, and an entry is made in the ARP table.
Describe 4 ways ARP functions in a router.
- If the packets destination IPv4 address is on the same network, the device will search the ARP table for the destination IPv4 address
- If the destination IPv4 address is on a different network, the device will search the ARP table for the IPv4 address of the default gateway
- If the device locates the IPv4 address, its corresponding MAC address is used as the destination MAC address of the frame
- If no ARP entry is found, the device will send out an ARP request.
Name the commands used to show the ARP table.
show ip arp is used on Cisco routers
arp - a is used on Windows 10 PCs
What does IPv6 Neghibor Discovery provide?
IPv6 ND provides:
- Address resolution
- Router Discovery
- Redirection Services
- ICMPv6 Neghibor Solicitation (NS)
- ICMTPv6 Router Solicitation and Router Advertisement
- ICMPv6 redirect messages used by routers for better next-hop selection
What is Neghibor Solicitation and Neghibor Advertisement used for?
NS and NA are used for device to device messaging such as address resolution.
What is Router Solicitation and Router Adverrtisement used for?
RS and RA are used for communication between devices and routers for router discovery.
Define an IPv4 Address.
An IPv4 address is a 32-bit hierarchial address that is made up of a network and a host portion.
How do you determine the network and host portion of an IPv4 address?
A subnet mask is used to determine the network and host portions.
How is a subnet mask used?
To identify the network and host portions of an address, the subnet mask is compared to the IPv4 address bit for bit, from left to right.
What is the name of the process used to identify network and host portions of an address?
The process is called ANDing.
Define prefix length.
A prefix length is a truncated method to identify a subnet mask address.
The prefix length is the number of 1 bits in a subnet mask.
How do you write prefix length in slash notation?
Count the number of bits in the subnet mask and prepend it with a slash.
Example:
- 255.255.255.0
- 11111111.11111111.11111111.00000000
- 24 ones, prefix length is /24
Describe the process of ANDing.
ANDing is a logical Boolean operation.
It is the comparison between two bits where only 1 AND 1 produce 1 and any other combination results in a 0.
1 = True and 0 = False.
What are the 3 types of IP addresses inside of each network?
Network Address (First in the range)
Host addresses (2nd address to 2nd last address in the range)
Broadcast address (Final Address in the range)
Example:
192.168.1.0/30
- 192.168.1.0 - network address
- 192.168.1.1 and 2 - host addresses
- 192.168.1.3 broadcast address.
What are Unicast transmissions?
Unicast transmission is sending a packet to a SINGLE destination IP address.
What are Broadcast transmissions?
Broadcast transmission is sending a packet to ALL destination IP addresses on a network.
What are Multicast Transmissions?
Multicast transmissions send a packet to a SPECIFIED multicast address group.
What are public IPv4 addresses?
Public IPv4 addresses (as defined in RFC 1918) are globally routed between ISP routers.
What are Private IPv4 addresses?
Private IPv4 addresses are common blocks of addresses used by most organizations to assign IPv4 addresses to internal hosts.
Private IPv4 addresses are not Unique and can be used internally within any network, however they are not privately routable.
Name the 3 ranges of IPv4 Private Addresses.
- 0.0.0/8 (10.0.0.0 - 10.255.255.255)
- 16.0.0/12 (172.16.0.0 - 172.31.255.255)
- 168.0.0 /16 (192.168.0.0 - 192.168.255.255)
What are Loopback Addresses?
Loopback addresses (127.0.0.0 / 8 or any address starting in 127 up to 127.255.255.254) are used on a host to test if TCP/IP is operational.
What are Link-Local addresses.
Link local addresses are commonly known as the Automatic Private IP Addressing (APIPA) addresses. Also known as self assigned addresses. They are used by Windows DHCP clients to self-configre when DHCP servers are unavailable.
What range are Class A addresses allocated?
0.0.0.0/8 to 127.0.0.0/8
What range are Class B addresses allocated?
128.0.0.0/16 to 191.255.0.0/16
What range are Class C addresses allocated?
192.0.0.0/24 to 223.255.255.0/24
What range are class D addresses allocated?
224.0.0.0 to 239.0.0.0
What range are Class E addresses assigned to?
240.0.0.0 - 255.255.255.255
Why is Classful addressing no longer used?
Classful addressing was wasteful and has been replaced with classless addressing which ignores the rules of classes.
How does prefix length affect the number of hosts per subnet?
The longer the prefix length, the less hosts per subnet.
Why do we segment networks?
Large broadcast domains have the ability to generate excessive broadcasts which negatively affect the network.
How are larger broadcast domains shrunk down?
Smaller broadcast domains are created from the larger ones in a process known as Subnetting.
What are some reasons for segmenting networks?
Subnetting recudes overall traffic and improves the networks performance
Security policies can be implemented between subnets
Subnetting reduces the number of devices affected by abnormal broadcast traffic.
Some other reasons include:
Router location
Group or function of a network
What types of devices are used.
On the other side of this card, study the number of hosts in relation to prefix length.
What would be the SMALLEST subnet needed for a network with 243 hosts?
A /24 subnet would cover that number of hosts.
What is VLSM?
VLSM (Variable Length Subnet Mask) is a method of creating subnets to fit the needs of each individual network.
VLSM was developed to avoid wasting addresses by allowing administrators to subnet a subnet.
What is the main thing to remember when beginning to use VSLM?
When using VSLM, always begin by satisfying the host requirements of the largest subent, and continue until the host requirements of the smallest subnet are satisfied.
Why is there a need for IPv6?
IPv4 does not have enough addresses to suply the world, and IPv6 is a nessicary successor.
IPv6 has a much larger 128-bit address space over IPv4.
What is Dual Stacking?
Dual stacking is when devices run both IPv4 and IPv6 protocol stacks similtaneously.
Describe how IPv6 addresses are formatted.
IPv6 addresses are 128 bits expressed in hexadecimal.
IPv6 addresses aren’t case sensitive.
IPv6 addresses are written as:
x:x:x:x:x:x:x:x
Each x consists of 4 hexadecimal values.
What is the term unnofficial term used to refer to a 16 bit segment?
Hextet
How do you truncate an IPv6 address?
IPv6 addresses are truncated by omitting 0s.
If a hextet is made of all 0s, it can be represented by a single 0.
Leading 0s can be left out when typing an address
If there is a range of 0s, it can be represented using a double colon, but only once per address.
What is the truncated version of these IPv6 addresses?
2001:0EAF:0006:0407:0000:0000:0000:0054
ABBA:ACDC:0ABC:A004:0000:0000:69FE:0061
AAAA:0BBB:00CC:D000:0000:0000:0000:0ABC
2001:EAF:6:407::54
ABBA:ACDC:ABC:A004::69FE:61
AAAA:BBB:CC:D000::ABC
Remember, Leading 0s can be removed, but trailing 0s can not be removed.
Name the 3 broad categories of IPv6 addresses.
Unicast, Multicast, and Anycast.
IPv6 does not have a broadcast address, however there is an IPv6 all-nodes multicast that does essentially the same thing.
Define Unicast IPv6 addresses.
Unicast IPv6 addresses uniquely identify an interface on an IPv6 enabled device
Define Multicast IPv6 addresses.
Multicast IPv6 addresses are used to send a single IPv6 packet to multiple destinations.
Define Anycast IPv6 addresses.
Anycast is an IPv6 unicast address that can be assigned to multiple devices. A packet sent to an anycast address is routed to the nearest device with that address.
What are IPv6 Global Unicast Addresses (GUA)?
GUA are similar to a public IPv4 address, as they are globally unique, internet-routable addresses.
What are Link-Local Addresses (LLA)?
LLA are required for every IPv6 enabled device and are used to communicate with other devices on the same local link. They are unroutable and are confined to a single link.
What is the range for IPv6 Link Local Addresses?
fe80::/10
What is SLAAC?
SLAAC allows a device to configure a GUA without DHCPv6
How does SLAAC work?
SLAAC works by allowing devices to obtain information to configure a GUA from ICMPv6 RA messages.
RA provides a prefix, and the device uses either the EUI-64 or a random generated Interface ID.
Whate is Stateful DHCPv6?
Stateful DHCPv6 is similar to DHCP for IPv4, and allows a device to automatically receive a GUA, prefix length and the addresses of DNS servers.
What does EUI stand for?
Extended Unique Identifier
What does the EUI-64 process entail?
The EUI-64 process inserts a 16 bit value of FFFE(hex) into the middle of a 48 bit MAC address belonging to the client.
The 7th bit of the client MAC address is reversed from a binary 0 to a 1.
Example:
48-bit MAC fc::00:47:75:ce:e0 becomes:
EUI-64 ID: fe:99:47:ff:fe:75:ce:e0
What are the two types of IPv6 multicast addresses?
Well-Known Multicast addresses
Solicited Node Multicast Addresses
Can Multicast addresses be used as source addresses? (IPv6)
No, Multicast addresses can only be destination addresses.
What are Well-Known Multicast Addresses?
Well-known IPv6 multicast addresses are assigned and reserved for predefined groups of devices.
What are the two common IPv6 assigned multicast groups?
ff02: :1 - All-Nodes Multicast group. This is the group all IPv6 enabled devices join.
ff02: :2 All-Routers multicast group. This is the multicast group all IPv6 routers join. A router becomes part of this group when the ipv6 unicast-routing command is applied.
What is a Solicited-Node IPv6 multicast address?
A solicided-node multicast is similar to all-nodes multicast, however it is mapped to a special Ethernet multicast address.
Ethernet NICs filter the frame by examining the destination MAC without sending it to the IPv6 process to see if the device is the intended target for the packet.
What are 3 messages common to both ICMPv4 and v6?
Host Reachability (Echo message) An echo request and reply is exchanged between hosts to determine availability.
Destination or Service Unreachable Notifies the source that the destination or service is unreachable
Time Exceeded (TTL for IPv6) Ipv6 uses hop limits instead of TTL to determine if packets are expired.
How do RA messages work?
RA messages are sent by IPv6 routers every 200 seconds to provide addressing information to IPv6 hosts.
What could be included in a RA message?
RA messages can include addressing information for hosts including:
Prefix / prefix length
DNS address
Domain name
How does SLAAC interact with RA?
A host using SLAAC will set its default gateway to the link-local address of the router that sent the RA.
What are RS messages used for?
RS messages are used by routers to ask for dynamic addressing information from other routers. The response to an RS message is an RA message containing addressing information.
Name some ICMPv4 Destination Unreachable codes.
0 - Network Unreachable
1 - Host Unreachable
2 - Protocol Unreachable
3 - Port Unreachable.
Name some ICMPv6 Destination Unreachable codes
0 - No route to destination
1- Communication with destination prohibited
2 - Beyond the scope of the source address
3 - Address unreachable
4 - Port Unreachable
What is DAD?
Duplicate Address Detection.
A device checks the uniqueness of an address using a NS message with its own IPv6 address.If another device on the network has the same address, it will respond with an NA message notifying the sending device that the address is in use.
How is NS used for ICMPv6?
NS is used to determine the destination MAC address.
The message is sent to the target device, which replies with an NA message containing the MAC address.
What is the purpose of TCP?
TCP (Transmission Control Protocol) provides reliability and flow control.
Name the operations of TCP.
TCP Numbers and tracks data segments transmitted to a specific host from a specific application
Awknoleges the received data
Retransmits any unacknowledged data after TTL has run out
Sequences un-ordered data
Sends data at an efficient rate
What is UDP?
UDP provides the basic functions for delivering datagrams between applications quickly. It has very little overhead and does almost no data checking.
What are some characterists of UDP?
UDP is a connectionless protocol
UDP is known as a best-effort delivery protocol because there is no acknowledgment that the data is received at the destination.
What should UDP and TCP be used for?
UDP is used by request and reply applicatioins where the data is minimal and the retransmission can be done quickly if there is an error.
TCP is used if it is imperative that the data arrives and can be processed in proper sequence.
TCP is like your mailman waiting for you to answer your door to grab your package.
UDP is like the mailman who throws your package from the edge of your yard and drives away.
Name the features of TCP
TCP:
Establishes a session.
Ensures reliable delivery
Provides Same-Order delivery
Supports Flow Control
Name the features of UDP
UDP features:
Data reconstructed in the order it is received
Any segments that are lost are discarded
There is no session establishment
Sending is not informed about resource availability.
What are some applications that use UDP
Video and Multimedia (VoIP and Live streaming video)
Simple request / reply applications (DNS and DHCP)
Applications that handle reliablity on their own.
How do TCP and UDP use port numbers?
TCP / UDP use port numbers to manage multiple conversations at the same time.
The source port number is associated with the originating appplication on the local host.
The destination port number is associated with the destination application on the destination host.
What are the functions of the TCP Three-Way handshake?
The Three-Way Handshake:
Establishes that the destination device exists
Verifies that the destination device is ready to accept requests on the port number that the initiating client wants to use.
Informs the destination device that the initiating client is trying to establish a communication session on that number.
TCP: “Hey…. you home?, You busy rn? Can I come establish a connection? ;)”
What occurs after the TCP Three-Way Handshake?
All sessions close, the connection is terminated, and they both re-enable inside the TCP reliability function.
Describe some characterists of UDP datagram reassembly.
Because UDP doesn’t track sequence numbers the same way TCP does, it has no way to reorder datagrams into their transmission order. UDP just reassembles in the order it was received and sends it off.
Describe UDP Client processes.
The UDP client process dynamically selects a port number from a range and uses this as the source port.
This port is usally a well known or registered port number assigned to the server.
After a client has selected the source and destination ports, the same are used in the header of all datagrams in the transaction.
What is the function of DNS?
DNS or Domain Name Service translates domain names into IP addresses.
What is the function of DHCP?
DHCP (Dynamic Host Config Protocol) dynamically assigns IP addresses to be re-used when no longer in operation.
What is the function of HTTP?
HTTP (Hypertext Transfer Protocol) is a set of rules for exchanges test, video, sound, images, and other media files over the World Wide Web.
What is the difference betweeen HTTP and HTTPS?
HTTP and HTTPS are both request/response protocols that specify message types used for communication. HTTP is not secured while HTTPS is a secure protocol.
Name 3 common HTTP message types
GET - Client request for data (ex a web browser requests HTML pages from a web server)
POST - Uploads data files to the web server
PUT - Uploads resources or content to the web server, such as an image.
Name the email protocols
SMTP (Simple Mail Transfer Protocol) used to send email
IMAP / POP(Post office protocol) used to receive email
What is the function of email transfer protocols?
SMTP connects with a server SMTP process on well-known port 25
After connection is made, the client attempts to send the email to the server
When the server receives the messsage, it either places it in a local account or sends it to a different mail server for delivery if its a remote destination.
If the destination is busy or offline, SMTP spools the messages to be resent in the future.
What is the function of POP?
After the server has established TCP connection to the server, the POP server sends a greeting.
The client and POP server exchange commands and responses until the connection is aborted.
What is the function of IMAP?
IMAP, like POP, receives email messages.
POP differentiates from IMAP by copying the messages and downloading them on to the client application. The original emails are kept on the IMAP server until deleted manually.
Hwo are DNS messages formatted?
The DNS server stores different types of resource records that are used to resolve names, These records contain the name, address and type.
When a client makes a DNS query, the server process first looks at its own directory to resolve the name. If it can’t reolve the name, it asks other servers to resolve it.
Once a match is found and returned to the original server, it temporarily stores the numbered address for use in the future.
What is the function of DHCP?
When a host connects to a network, the DHCP server receives a request. It then chooses an address from a range of preconfigured addresses called a pool and assigns it to the host.
What is FTP?
FTP is File Transfer Protocol. It was developed to allow data transfers between client and server. An FTP Client is an application which is used to push and pull data from an FTP server.
What is SMB?
SMB (Server Message Block) Is a client / server request /response file sharing protocol. Servers are allowede to make their own resources available to clients on the network.
What are the 3 functions of SMB?
SMB messages:
Start, authenticate and terminate sessions
Controle file and printer access
Allow applications to send or reseive messages from other devices.
