Chapter 9: TCP/IP Applications Flashcards
Session
A logical stream of data flowing between two programs over a network.
Transmission Control Protocol (TCP)
- Enables connection-oriented communication in networks that use the TCP/IP protocol suite.
- Most common type of session
TCP Three-Way Handshake
A three-packet conversation between TCP hosts to establish and start a data transfer session.
User Datagram Protocol (UDP)
Used for the type of sessions that don’t require the overhead of connection-oriented traffic.
Port and Session Type of DHCP
Port 67 (server) and port 68 (client) UDP
Network Time Protocol (NTP)
Synchronizes the clocks of devices on a network.
UDP port 123
Trivial File Transfer Protocol (TFTP)
Enables you to transfer files from one machine to another.
UDP port 69
Internet Control Message Protocol (ICMP)
- Used to handle many low level functions such as error reporting.
- Usually request and response pairs
What kind of packets does ping send?
ICMP
What is the packet called that ping sends out? The one that comes back?
Echo request, Echo reply
If your computer has no route to the address listed, ping will display _________.
Destination Host Unreachable
If you ping a device and no echo reply comes back before the 1-second default time, ping will respond with _______.
Request Timed Out
Ping of Death
A ping that allowed malicious users to send malformed ping packets to your computer and make it crash.
Internet Group Management Protocol (IGMP)
Enables routers to communicate with hosts to determine a “group” membership for multicasting.
What is the subnet that multicast addresses use?
224.0.0.0/4
Well-known Port Numbers
0-1023
Reserved for specific TCP/IP applications
Ephemeral Ports
1024-5000
An arbitrary number generated by a sending computer that the receiving computer uses as a destination address when sending a return packet.
Dynamic/Private Port Numbers
49152-65535
Recommended by IANA to use as ephemeral port numbers
Registered Ports
1024-49151
The IANA assigns these ports for anyone to use for their application
Socket
A combination of a port number and an IP address that uniquely identifies a connection.
Endpoints
The term used when discussing the data each computer stores about the connection between two computers’ TCP/IP applications.
netstat
Shows you the list of endpoints you have connections with.
netstat -a
Tells netstat to show all used ports
netstat -n
Tells netstat to show raw port #’s and IP addresses.
netstat -o
Tells netstat to show the process ID
netstat -b
Shows the name of the running program
Open Port
A socket that is prepared to respond to any IP packets destined for that socket’s port number.
Established Port
Active, working endpoint
close_wait
Implies that a graceful closure is happening, i.e. each side see the session closing normally
time_wait
Means a connection has been lost and is waiting a defined amount of time called a timeout period.
ps
Linux command that shows process IDs
Hypertext Transfer Protocol (HTTP)
Defines what actions Web servers and browsers should take in response to various commands.
TCP port 80
Web Server
- A computer that delivers Web pages.
- Listen on port 80
Internet Information Services (IIS)
- Microsoft’s Web server program for managing Web servers.
- Enables you to set a max connection limit on your Web server based on available bandwidth and memory
Apache HTTP Server
The web server that most UNIX/Linux based operating systems use.
What are the three qualities of a secure Internet application?
1) Authentication
2) Encryption
3) Nonrepudiation:Process of making sure data came from the person or entity it was supposed to come from.
Secure Sockets Layer (SSL)
A protocol developed for transmitting private documents over the Internet
HTTPS
- The secure form of HTTP
- TCP Port 443
Telnet
- The first protocol invented to connect remotely to another computer.
- TCP Port 23
Secure Shell (SSH)
Like Telnet, but encrypted.
-TCP Port 22
Simple Mail Transfer Protocol (SMTP)
Used by email clients to send messages
TCP Port 25
Post Office Protocol version 3 (POP3)
Used to receive mail
TCP Port 110
Internet Message Access Protocol version 4 (IMAP4)
Preferred alternative to POP3 for receiving mail
TCP Port 143
File Transfer Protocol (FTP)
-The original protocol for transferring files on the Internet.
-Not encrypted
TCP port 20/21
Most UNIX and Linux desktop operating systems provide a GUI application for easily viewing and filtering the information in system logs.
(A) True
(B) False
Answer : (A)
TCP is preferred over UDP for real time services.
(A) True
(B) False
Answer : (B)
CALEA requires telecommunications carriers and equipment manufacturers to provide for surveillance capabilities.
(A) True
(B) False
Answer : (A)
The SNMP version 3 protocol introduces authentication, validation, and encryption for messages exchanged between devices and the network management console.
(A) True
(B) False
Answer : (A)
Wireshark or any other monitoring software running on a single computer connected to a switch doesn’t see all the traffic on a network, but only the traffic the switch sends to it, which includes broadcast traffic and traffic specifically addressed to the computer.
(A) True
(B) False
Answer : (A)
SNMP agents receive requests from an NMS on what port number? (A) 161 (B) 162 (C) 163 (D) 160
Answer : (A)
What security standard below was created to protect credit card data and transactions, requiring network segmentation as part of security controls? (A) CALEA (B) HIPAA ( C) PCI DSS (D) CAARA
Answer : (C)
Packets that exceed the medium's maximum packet size are known by what term? (A) giants (B) runts (C) ghosts (D) jabbers
Answer : (A)
Packets that are smaller than a medium's minimum packet size are known by what term below? (A) jabbers (B) giants (C) ghosts (D) runts
Answer : (D)
When a device handles electrical signals improperly, usually resulting from a bad NIC, it is referred to by what term below? (A) ghost (B) jabber (C) talker ( D) blabber
Answer : (B)
Which of the following is not a requirement in order to use a soft phone?
(A) An IP telephony client.
(B) The ability to communicate with a digital telephone switch.
(C) A microphone and speakers, or a headset.
(D) A wireless carrier to handle the voice path.
Answer : (D)
What percentage of Internet traffic, as estimated by Cisco Systems, will be devoted to video traffic by 2018? (A) 20% (B) 65% C) 79% (D) 93%
Answer : (C)
In a VoIP call, what method of transmission is used between two IP phones? (A) global multicast (B) multicast (C) unicast (D) broadcast
Answer : (C)
On circuit switched portions of a PSTN, what set of standards established by the ITU is used to handle call signaling? (A) MCU (B) H.323 (C) H.225 (D) SS7
Answer : (D)
Which element of H.323 is a device that provides translation between network devices running the H.323 signaling protocols and devices running other types of signaling protocols? (A) H.323 terminal (B) H.323 gateway (C) H.323 gatekeeper (D) MCU
Answer : (B)
In H.323, which protocol below handles call or video conference signaling? (A) H.225 (B) H.245 (C) H.200 (D) H.252
Answer : (A)
A computer that provides support for multiple H.323 terminals and manages communication between them is known as what term below? (A) H.323 gateway (B) H.323 gatekeeper (C) MCU (D) H.323 server
Answer : (C)
A server running the SIP protocol listens on what TCP/UDP port for unsecured communications? (A) 6050 (B) 5060 (C) 5061 (D) 6051
Answer : (B)
What component of SIP is a server that responds to user agent clients' requests for session initiation and termination? (A) proxy server (B) registrar server (C) user agent server (D) redirect server
Answer : (C)
When using SIP, what term is used to describe end-user devices, which may include workstations, tablet computers, smartphones, or IP phones? (A) user agent (B) user agent client (C) user agent proxy (D) user agent node
Answer : (B)
In order for gateways to exchange and translate signaling and control information with each other so that voice and video packets are properly routed through a network, what intermediate device is needed? (A) media gateway (B) media proxy server (C) media gateway controller (D) analog switch
Answer : (C)
When using DiffServ, what type of forwarding utilizes a minimum departure rate from a given node, which is then assigned to each data stream? (A) assured forwarding (B) prioritized forwarding (C) scaled forwarding (D) expedited forwarding
Answer : (D)
The Priority Code Point field in a frame consists of how many bits? (A) 2 bits (B) 3 bits (C) 5 bits (D) 8 bits
Answer : (B)
What protocol enables multiple types of Layer 3 protocols to travel over any one of several connection-oriented Layer 2 protocols? (A) DiffServ (B) MPLS (C) CoS (D) SIP
Answer : (B)
A highly available server is available what percentage of the time? (A) 90% (B) 99% (C) 99.9% (D) 99.99%
Answer : (D)
What two log files are used by older versions of Unix and newer version of Linux to store log information? (A) /var/log/messages (B) /var/log/syslog (C) /var/log/log (D) /var/adm/messages
Answer :
What two terms below are used to describe a telephone switch that connects and manages calls within a private organization? (A) public branch exchange (B) private branch exchange (C) PBX D) PBE
Answer :
What two terms below describe the process of manipulating certain characteristics of packets, data streams, or connections to manage the type and amount of traffic traversing a network or interface at any moment? (A) bandwidth policing (B) throughput shaping (C) traffic shaping (D) packet shaping
Answer :
What two terms below describe a network device with three ports, two of which send and receive all traffic, and the third port mirrors the traffic? (A) network hub (B) network tap (C) network splitter (D) packet sniffer
Answer :
What two terms below are used to describe an analog-to-digital voice conversion device that accepts and interprets both analog and digital voice signals? (A) IP PBX (B) digital PBX (C) ATA PBX D) ePBX
Answer :
True or False: The scope of network management techniques differs according to the network’s size and importance.
Answer: True
A _____ is a report of the network’s current state of operation.
Answer: baseline
In addition to internal policies, a network manager must consider ____ regulations that might affect her responsibilities.
a. state
b. federal
c. state and federal
d. local
Answer: C
The network management protocol that provides for both authentication and encryption is ____.
a. SMTP
b. SNMPv1
c. SNMPv2
d. SNMPv3
Answer: D
True or False: Much of the information collected in event logs and syslog files does not point to a problem, even if it is marked with a warning.
Answer: True
VoIP, is the use of any network (either public or private) to carry ____________________ signals using the TCP/IP protocol.
Answer: voice
True or False: VoIP can run over any packet-switched network.
Answer: True
____________________ allow the user to customize his or her graphical interface.
Answer: Soft phones
____ is the protocol specified by the H.323 standard that handles call or video conference signaling.
a. H.225
b. H.245
c. H.248
d. H.252
Answer: A
____________________, ensures that the type of information - whether voice or video - issued to an H.323 terminal is formatted in a way that the H.323 terminal can interpret.
Answer: H.245
True or False: SIP does not attempt to perform and control as many functions as the H.323 protocols.
Answer: True
Media gateways rely on an intermediate device known as a(n) ____________________ to exchange and translate signaling and control information with each other.
Answer: MGC (media gateway controller), Media gateway controller, MGC
____ is a simple technique that addresses QoS issues by prioritizing traffic.
e. RTCP (Real-time Transport Control Protocol)
f. RSVP (Resource Reservation Protocol)
g. MPLS (multiprotocol label switching)
h. DiffServ (Differentiated Service)
Answer: D
1. What federal organization sets strict standards to protect the privacy of patient records? A. CALEA B. HIPAA C. PCI DSS D. IETF
Answer: B. HIPAA
2. What command retrieves the next record in an SNMP log? A. snmpget B. snmpwalk C. snmpgetnext D. snmptrap
Answer: C. snmpgetnext
3. What port do SNMP agents listen on? A. Port 161 B. Port 21 C. Port 162 D. Port 10162
Answer: A. Port 161
4. What utility in Linux provides standards for generating, storing, and processing messages about events on a system? A. Event Viewer B. event log C. ls D. syslog
Answer: D. syslog
5. One of your coworkers downloaded several, very large video files for a special project she’s working on for a new client. When you run your network monitor later this afternoon, what list will your coworker’s computer likely show up on? A. Top talkers B. Top listeners C. Event Viewer D. Discarded packets
Answer: B. Top listeners
6. Your roommate has been hogging the bandwidth on your router lately. What technique can you use to limit the amount of bandwidth his computer can utilize at any one time? A. Interface reset B. Packet shaping C. Caching D. Traffic policing
Answer: D. Traffic policing
7. What kind of phone is a Skype app? A. Analog phone B. IP phone C. Soft phone D. Video phone
Answer: C. Soft phone
8. You’re trying to choose a signaling protocol for your company’s network because you’re about to upgrade to a VoIP system. You need to keep it simple because this is a small company with a simple network. Which protocol should you choose? A. H.323 B. SIP C. MGCP D. Megaco
Answer: B. SIP
9. RTP and RTCP operate at which layer of the OSI model? A. Application layer B. Transport layer C. Network layer D. Data Link layer
Answer: A. Application layer
10. Which QoS technique operates at the OSI layer “2.5”? A. RTP B. DiffServ C. MPLS D. CoS
Answer: C. MPLS
- When you arrive at work one morning, your Inbox is full of messages complaining of a network slowdown. You collect a capture from your network monitor. What can you compare it with in order to determine what has changed?
Answer: A baseline
