Chapter 7 TCP/IP Implementation

Question 1

The DHCP Leases Process:

Answer 1

• Discover- Once a node comes online and loads a simple version of TCP/IP and it’s ready to communicate with a DHCP server, it transmits a broadcast called a DHCP discover to the network’s broadcast address of 255.255.255.255 to see if any DHCP servers are online and then request an IP address.
• Offer- DHCP servers that are online respond with a directed lease offer packet that contains an IP address that the node can lease.
• Request- The node accepts the first offer it receives and returns a request to lease the IP address from the DHCP server.
• Acknowledge- The DHCP server acknowledges the request from the node with a DHCP ACK, which has the IP address and settings required for the leasing time and starts the lease.

Question 2

the predecessor of DHCP. It was developed to assign IP addresses to diskless workstations that had no way of storing their operating system.

Answer 2

BOOTP (the bootstrap protocol)

Question 3

are lease assignments in DHCP that enable you to configure a permanent IP address for a particular client on the subnet. Reserved IP addresses differ from statically configured IP addresses; when there are any changes in network parameters on the DHCP server, IP addresses receive the changes when they renew their leases.

Answer 3

DHCP Reservations

Question 4

a service that captures a BOOTP or DHCP broadcast and forwards it through the router as a unicast transmission to the DHCP server on another subnet. You must either have a DHCP server on each subnet and configure the router to forward the broadcasts, or configure one of these

Answer 4

DHCP Relay Agent

Question 5

a service that enables a DHCP client device to configure itself automatically with an IP address in the range of 169.254.0.1 to 169.254.255.254, in case no DHCP servers respond to the client’s DHCP discover broadcast. APIPA addresses are not routable, so devices with APIPA addresses cannot communicate outside of the local subnet.

Answer 5

Automatic Private IP Addressing (APIPA)

Question 6

windows command that displays connection-specific DNS suffix, IP address, subnet mask, and default gateway information. /release forces the release of an IP address. /renew requests the renewal of an IP address.

Answer 6

Ipconfig

Question 7

command displays the status of currently active network interface devices on Linux and Unix. Iwconfig for wireless devices on Linux and Unix

Answer 7

Ifconfig

Question 8

Enables you to configure and manage DHCP settings on the network interfaces of a computer. Supported on Linux and Unix.

Answer 8

Dhclient

Question 9

Ping command options:

Answer 9

• Packet Size - by default, data packets are sent as re bytes. You can specify a larger size to response time. Example ping target [-1 size]
• TTL- A value that determines how many hops an IP packet can traverse before being discarded. Example ping target [-i TTL]
• Packet Count- Specifies the number of packets with which a remote host is pinged. Default is four packets. Example ping target [-n packet count]
• Continuous ping- Pings the specified host until the command is interrupted by pressing Ctrl+C. Example ping target -t
• IPv6- Ping using IPv6. Example ping target -6

Question 10

As a security measure, some public Internet hosts and routers might be configured to block incoming packets that are generated by the ping command and is known as this.

Answer 10

ICMP Blocking

Question 11

a number that represents a process running on a network. associated with OSI Layer 5, but in every packet, there will be both a source and destination one embedded in the Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) header.

Answer 11

Ports

Question 12

Port # and Protocol(s) for FTP Data File Transfer - Default Data

Answer 12

20 & TCP

Question 13

Port # and Protocol(s) for

Answer 13

21 & TCP

Question 14

Port # and Protocol(s) for SSH - Secure Shell & SFTP - Secure File Transfer Protocol

Answer 14

22 & TCP, UDP

Question 15

Port # and Protocol(s) for Telnet

Answer 15

23 & TCP, UDP

Question 16

Port # and Protocol(s) for SMTP

Answer 16

25 & TCP

Question 17

Port # and Protocol(s) for DNS

Answer 17

53 & TCP, UDP

Question 18

Port # and Protocol(s) for BOOTPS - DHCP (BOOTP) server

Answer 18

67 & TCP, UDP

Question 19

Port # and Protocol(s) for BOOTPC - DHCP (BOOTP) client

Answer 19

68 & TCP, UDP

Question 20

Port # and Protocol(s) for TFTP

Answer 20

69 & UDP

Question 21

Port # and Protocol(s) for HTTP

Answer 21

80 & TCP

Question 22

Port # and Protocol(s) for POP3 - Post Office Protocol, version 3 (POP3)

Answer 22

110 & TCP

Question 23

Port # and Protocol(s) for NTP - Network Time Protocol (NTP)

Answer 23

123 & UDP

Question 24

Port # and Protocol(s) for IMAP - IMAP

Answer 24

143 & TCP, UDP

Question 25

Port # and Protocol(s) for SNMP - Simple Network Management Protocol (SNMP)

Answer 25

161 & UDP

Question 26

Port # and Protocol(s) for IRC - Internet Relay Chat (IRC)

Answer 26

194 & TCP

Question 27

Port # and Protocol(s) for IDAP - Lightweight Directory Access Protocol (LDAP)

Answer 27

389 & TCP, UDP

Question 28

Port # and Protocol(s) for HTTPS - HTTP-secure

Answer 28

443 & TCP

Question 29

Port # and Protocol(s) for SMB - Server Message Block (SMB)

Answer 29

445 & TCP

Question 30

Port # and Protocol(s) for LDAPS - Secure LDAP

Answer 30

636 & TCP, UDP

Question 31

Port # and Protocol(s) for h.323 - H.323 Call Setup

Answer 31

1720 & TCP

Question 32

Port # and Protocol(s) for RDP - Remote Desktop Protocol (RDP)

Answer 32

3389 & TCP, UDP

Question 33

Port # and Protocol(s) for SIP - Session Initiation Protocol (SIP) unencrypted signaling traffic

Answer 33

5060 & TCP, UDP

Question 34

Port # and Protocol(s) for SIP encrypted traffic

Answer 34

5061 & TCP, UDP

Question 35

For example, if your web server is installed on 193.44.234.3, the —- for the HTTP process would look like this 193.44.234.3:80.

Answer 35

Socket

Question 36

a unique name given to a node on a TCP/IP network.

Answer 36

Host Names

Question 37

a grouping of devices on the Internet or on another network based on the nature of their operations.

Answer 37

Domain Name

Question 38

a host name combined with the host’s domain name forms this

Answer 38

a host name combined with the host’s domain name forms

Question 39

a TCP/IP name resolution service that translates FQDNs into IP addresses.

Answer 39

Domain Name System (DNS)

Question 40

The DNS database is divided logically into a hierarchical grouping of domains. It is divided physically into files called this

Answer 40

Zones

Question 41

files that contains the actual IP-to-host name mappings for one or more domains.

Answer 41

Zone File

Question 42

can be entered into a DNS database either statically or dynamically

Answer 42

records

Question 43

DNS record is entered manually by an administrator and does not change unless the administrator manually updates it.

Answer 43

Static Record

Question 44

For example, if a client is using DHCP to get its IP address, each time it leases a new address, it can request an update of its DNS host record.

Answer 44

Dynamic Record

Question 45

DNS record that maps a host name to its IP address by using a 32-bit IPv4 address.

Answer 45

(A) Address

Question 46

DNS record that maps a host name to its IP address by using a 128-bit IPv6 address.

Answer 46

(AAAA) IPv6 address

Question 47

Maps multiple canonical names (aliases) to an A record

Answer 47

Canonical name (CNAME)

Question 48

Maps a domain name to a email server list

Answer 48

Mail Exchanger (MX)

Question 49

Maps an IP address to the host name for the purpose of reverse lookup

Answer 49

Pointer (PTR)

Question 50

The DNS Resolution Process: (7 Steps)

Answer 50

Step 1- Client Request
Step 2- Preferred DNS server
Step 3- Root name Server
Step 4- Top-level domain server
Step 5- Other domain servers
Step 6- Host name resolution
Step 7- Host address

Question 51

is a plaintext file configured on a client device containing a list of IP addresses and their associated host names, separated by at least once space.

Answer 51

HOSTS file

Question 52

this command determines the route data takes to get to a particular destination. Internet Control Message Protocol (ICMP) “Time Exceeded” messages are then sent back from the routers to the node running the command. Each time a packet is sent, the TTL value is reduced before the packet is forwarded, thus allowing TTL to count how many hops it is away from the destination. Traceroute is the Linux equivalent of the tracert command.

Answer 52

Tracert

Question 53

Tracert command options:
if you are having trouble resolving host names when using tracert, use this option to prevent tracert from trying to resolve host names. It also speeds up response time because it is not spending time resolving host names.

Answer 53

-d

Question 54

Tracert command options:
The default number of hops tracert will attempt to reach is 30. Using this option, you can specify more or fewer hops for it to check.

Answer 54

-h max_hops

Question 55

Tracert command options:

You can use thisoption to force the outgoing datagram to pass through a specific router.

Answer 55

-j host-list

Question 56

Tracert command options:
If many of your responses on the tracert are timing out, by using this option, you can increase the number of milliseconds to wait before continuing. If, after increasing the value, destinations are then reachable, you probably have a bandwidth issue to resolve.

Answer 56

-w timeout

Question 57

this command provides information about latency and packet loss on a network. combines the functionality of the ping and tracert commands. It is similar to tracert as it identifies the routers that are on the path. In the output, it also displays the path to the remote host over a maximum of 30 hops.

Answer 57

pathping command

Question 58

pathping options:

Answer 58

• h maximum hops
• i specifiy a source address
• n specify that host name resolution can be skipped

Question 59

Querries DNS and displays the domain name or IP address mapping

Answer 59

nslookup

Question 60

Displays incoming and outgoing TCP network connections, routing tables, and connection statistics.

Answer 60

netstat

Question 61

Scans the network to discover hosts and services on the network and build a map of the network. Built into Linux and Unix. Have to download the utility for windows.

Answer 61

nmap

Question 62

the integrated management of IP address allocation, DNS, and DHCP services.

Answer 62

Internet Protocol Address Management (IPAM)

Question 63

a TCP/IP protocol that enables the transfer of files between a user’s workstation and a remote host. Characteristics include:
Works at the Application Layer (Layer7) of the OSI model and the Application Layer of the TCP/IP model.
TCP port 20 for data transfer
TCP port 21 for control commands

Answer 63

File Transfer Protocol (FTP)

Question 64

is a simple version of FTP that uses UDP as the transport protocol, and does not require logon to the remote host. It is commonly used for bootstrapping and loading applications and not for file transfer. FTP traffic is not encrypted and all transmissions are in clear text. User names, passwords, commands, and data can be read by anyone able to perform packet capture (sniffing) on the network.

Answer 64

Trivial File Transfer Protocol (TFTP)

Question 65

is an Internet protocol that synchronizes the clock times of devices in a network by exchanging time signals. Works at the Application Layer (Layer 7) of the OSI model. Uses UDP port number 123.

Answer 65

Network Time Protocol (NTP)

Question 66

is an Internet protocol that enables administrators to monitor and manage network devices and traffic. Works at the Application Layer (Layer 7) of the OSI model. uses ports 161 and 162 to collect information from and send configuration commands to networking devices such as routers, switches, servers, workstations, printers, and any other SNMP-enables devices. generally runs over UDP.

Answer 66

Simple Network Management Protocol (SNMP)

Question 67

a communications protocol for formatting and sending email messages from a client to a server or between servers. Works at the Application Layer (Layer 7) of the OSI model. Uses port 25 or 587 for standard communications and port 465 for encrypted communications. Runs on TCP.

Answer 67

Simple Mail Transfer Protocol (SMTP)

Question 68

a protocol used to retrieve email messages from a mailbox on a mail server. Characteristics include:
Works at the Application Layer (Layer 7) of the OSI model.
Uses TCP port 110 for regular transmissions and port 195 for encrypted transmissions.
Once the client retrieves and downloads the messages, the server deletes them unless the client configures options to leave the messages on the server.It is not the best email protocol to use when users need to access their email from multiple devices.

Answer 68

Post Office Protocol 3 (POP3)-

Question 69

is a protocol used for retrieving messages from a mail server. Works at the Application Layer (Layer 7) of the OSI model. Uses port 143 for regular transmissions and port 993 for encrypted transmissions.

Answer 69

Internet Message Access Protocol version 4 (IMAP4)

Question 70

is a network protocol that enables clients to interact with websites by allowing them to connect to and retrieve web pages from a server. Works at the Application Layer (Layer 7) of the OSI model. Uses port 80 for communications.

Answer 70

Hypertext Transfer Protocol (HTTP)

Question 71

is a secure version of HTTP that provides a secure connection between a web browser and a server. Runs at the Application Layer (Layer 7) of the OSI model. Uses port 443 and runs on TCP. uses the Transport Layer Security (TLS) security protocol to encrypt data.

Answer 71

HTTP Secure (HTTPS)

Question 72

a terminal emulation protocol. It works at the Application Layer (Layer 7) of the OSI model. Uses TCP Port 23. It is NOT a secure protocol, since it transmits in cleartext.

Answer 72

Telnet

Question 73

is a program that enables a user or an application to log on to another device over a network, execute commands, and manage files. Characteristics include:
Operates at the Application Layer (Layer 7) of the OSI model.
It uses port 22 and runs on TCP
Offers strong authentication methods, and ensures that communications are secure over insecure channels.
All traffic (including passwords) is encrypted to eliminate connection hijacking, eavesdropping, and other network-level attacks, such as IP source routing, IP spoofing, and DNS spoofing.
SSH2 includes a secure replacement for FTP called Secure File Transfer Protocol (SFTP)

Answer 73

Secure Shell (SSH)

Question 74

is a protocol that helps share resources such as files, printers, and serial ports among devices. Works at the Application Layer (Layer 7) of the OSI model. Uses port 445 and runs on TCP.

Answer 74

Server Message Block (SMB)

Question 75

is a proprietary protocol created by Microsoft for connecting to and managing devices that are not necessarily located at the same place as the administrator. It uses port 3389 and runs on TCP. Works at the Application Layer (Layer 7) of the OSI model.

Answer 75

Remote Desktop Protocol (RDP)