Basics of Networking

Question 1

In simple words, what does the NAT protocol do?

Answer 1

The Network Address Translation protocol is a method of mapping one IP address to another. So it ensures that any external response to traffic coming from a device comes back to the correct locally assigned IP.

Question 2

Why does the NAT protocol accept connections out and responses back, but does not allow connections in?

Answer 2

Because the local IP address is unknown and a local address shouldn’t be routed across the internet.

Question 3

What defines the layer 1 of the OSI Model?

Answer 3

The physical layer is how the devices are physically connected.

Question 4

If a device uses more than one layer, in which one do we classify it?

Answer 4

We classify a device by its greater layer. If a device uses layers 1 and 2, it will be classified as a layer 2 device.

Question 5

What is the Data Link layer?

Answer 5

It’s the layer responsible to transfer data between adjacent network nodes.

Question 6

Does the Data Link layer transmit data over different networks?

Answer 6

No, it only traverses a single network.

Question 7

What does the ARP protocol do?

Answer 7

The Address Resolution Protocol translates an IP address to a MAC address.

Question 8

Will your MAC address be recorded in the logs of an internet web server you access? Why?

Answer 8

No. ARP traffic is not routed beyond the local network.

Question 9

Does the first three octets of a MAC address identify the manufacturer?

Answer 9

Yes. The first octets are called the OUI, Organitonally Unique Identifier.

Question 10

Can a MAC address be spoofed?

Answer 10

Yes. There’s ways to spoof it at a software level.

Question 11

Can a MAC address be spoofed?

Answer 11

Yes. There’s ways to spoof it at a software level.

Question 12

What does the Network Layer do?

Answer 12

Transmit data to different networks. Routes packages between different networks.

Question 13

How does the IP address 192.168.101.42 would be on a network with a netmask of 255.255.255.0?

Answer 13

It would be 192.168.101.0

Question 14

What are Subnet Masks used for?

Answer 14

They are used to identify the different parts of the IP address. Which bits will refer to the network address.

Question 15

Which operation can be used on the IP address and subnet mask to determine the network identifier?

Answer 15

A bitwise AND.

Question 16

What is the advantage in using CIDR?

Answer 16

CIDR allows for much more flexible subdivisions of network space because any number of bits can be used to define the network portion.

Question 17

What could be happening in the following situation: Computers on your network are being assigned the wrong DNS server IP address and all of them are using DHCP.

Answer 17

Someone has setup another DHCP server. An attacker could setup a rogue DHCP server and take control of the DNS, resulting in attacker controlled responses to all DNS queries.

Question 18

What is routing?

Answer 18

Is the process of moving packets between networks.

Question 19

In how many networks can a router be simultaneously connected?

Answer 19

A router can be connected to two or more networks simultaneously.

Question 20

How do we prevent infinite routing loops?

Answer 20

For each hop the TTL is decremented by 1. When it hits 0, the packet expires in transit.

Question 21

What is a hop?

Answer 21

Is each router between a source and destination,

Question 22

At which layer can fragmentation occur? Why?

Answer 22

At layer 3. Because fragmentation is a feature of IPv4, which operates at layer 3.

Question 23

Why does NAT help with the IPv4 address exhaustion?

Answer 23

Because it’s used to map a public IP address to a single private address. With that, multiple devices can share a single public IP address.

Question 24

True or false: Your computer has an IP address of 192.168.100.5. When you access www.sans.org, 192.168.100.5 will be recorded in their web server logs.

Answer 24

False. The request will be sent by the router, so the router’s public IP will be stored in the logs. The response will be mapped to the local IP address of the device (192.168.100.5) using the NAT protocol.

Question 25

Which of the following network IP addresses must use NAT to access resources on the internet?
- 10.5.4.2
- 172.16.52.4
- 192.168.1.4

Answer 25

All of the above. Because IP addresses starting with 10., 172. or 192. are reserved to private local networks.

Question 26

For what is the ICMP protocol used for?

Answer 26

It’s used to communicate status and diagnostic information, and to help control the flow of information on a network.

Question 27

When a host, port or network is unreachable, which protocol is used to communicate this?

Answer 27

The ICMP protocol (Internet Control Message Protocol).

Question 28

How TRACERT.EXE (In linux traceroute) identifies all the hops in a route?

Answer 28

It increments the TTL value and receive a ICMP time exceeded in transit messages. Only the final host returns a ICMP echo response.

Question 29

You want to configure your firewall to allow people inside your network to ping anyone, but not allow anyone outside your network to traceroute anything behind your firewall. How should you configure it?

Answer 29

Block all outbound ICMP time exceeded in transit messages. This would still allow the ICMP echo responses for the ping command and would block the responses used by the traceroute command.

Question 30

What is a recursive DNS server?

Answer 30

It’s the server responsible for attending the DNS requests made by the user. It also has a local cache for optimize the response time when possible.

Question 31

What are Root Name servers?

Answer 31

Servers in the root of the DNS hierarchy. They can give the ip of TLD servers.

Question 32

What are TLD servers?

Answer 32

Top-Level Domain servers are responsible for the domain extensions, such as .com, .edu, .org, etc…

Question 33

What is a authoritative server?

Answer 33

Server responsible for returning the useful information i.e. the ip of the requested server. It has the ip addresses of specific domains saved.