Comms and Network

Question 1

Hub

Answer 1

OSI Layer 1
repeats an electrical signal that comes in one port out all other ports

they operate in half-duplex.
they are prone to collisions.
each port on a hub is in the same collision domain.
data is forwarded out all ports and can be captured with a network sniffer.

Question 2

Network Bridge

Answer 2

OSI Layer 2
Device that divides a network into segments. Each segment represent a separate collision domain, so the number of collisions on the network is reduced
Software based segmentation

Question 3

Network Switch

Answer 3

OSI Layer 2
A switch is essentially a multiport network bridge. Each port on a switch is in a separate collision domain and can run in the full duplex mode.

Each switch has a dynamic table (called the MAC address table) that maps MAC addresses to ports. With this information, a switch can identify which system is sitting on which port and where to send the received frame.

Question 4

Difference between Switch and Bridge

Answer 4

1. Most bridges have only 2 or 4 ports. A switch can have hundreds of ports.
2. bridges are software based. Switches are hardware-based and use chips (ASICs) when making forwarding decisions, which makes them much faster than bridges.
   3, switches can have multiple spanning-tree instances.
3. Bridges can have only one.
   switches can have multiple broadcast domains (one per VLAN).

Question 5

Router

Answer 5

OSI Layer 3
Connects different computer networks by routing packets from one network to the other. This device is usually connected to two or more different networks.
Each port on a router is in a separate collision and broadcast domain and can run in the full duplex mode.

Question 6

Collision Domain

Answer 6

The term collision domain is used to describe a part of a network where packet collisions can occur. Packet collisions occur when two devices on a shared network segment send packets simultaneously. The colliding packets must be discarded and sent again, which reduces network efficency.
Hosts on hub are in 1 collision domain
Hosts seperated by bridge are in seperate domains
Each host on switch are in seperate domains

Question 7

Broadcast Domain

Answer 7

a group of devices on a specific network segment that can reach each other with Ethernet broadcasts. Broadcasts sent by a device in one broadcast domain are not forwarded to devices in another broadcast domain.

Ethernet broadcasts are usually used by Address Resolution Protocol (ARP) to translate IP addresses to MAC addresses.

Only routers seperate LAN to multiple broadcast domains

Question 8

CSMA/CD

Answer 8

Carrier Sense Multiple Access with Collision Detection (CSMA/CD). This algorithm helps devices on the same network segment to decide when to send packets and what to do in case of collisions. CSMA/CD is commonly used in networks with repeaters and hubs because these devices run in the half-duplex mode and all of their ports are in the same collision domain.

Since switches have replaced hubs in most of today’s LANs, CSMA/CD is not often used anymore. Switches work in full-duplex mode and each port on a switch is in a seperate collision domain, so no collisions can occur.

Question 9

IEEE 802.3

Answer 9

Ethernet is defined in a number of IEEE (Institute of Electrical and Electronics Engineers) 802.3 standards. These standards define the physical and data-link layer specifications for Ethernet

Question 10

MAC Address

Answer 10

Media Access Control
Unique identifier assigned to a network interface controller (NIC) for communications at the data link layer of a network segment. MAC addresses are used as a network address for most IEEE 802 network technologies
First 24 bits - OUI Organizationally Unique Identifier

Question 11

CISCO hierachy model

Answer 11

1. CORE- network backbone, this layer is responsible for transporting large amounts of traffic quickly.
2. Distribution - serves as the communication point between the access layer and the core. Its primary functions is to provide routing, filtering, and WAN access and to determine how packets can access the core
3. Access - controls user and workgroup access to the resources on the network

Question 12

TCP/IP Suite

Answer 12

set of communications protocols used on computer networks today, most notably on the Internet. It provides an end-to-end connectivity by specifying how data should be packetized, addressed, transmitted, routed and received on a TCP/IP network. This functionality is organized into four abstraction layers and each protocol in the suite resides in a particular layer.

Question 13

ARP

Answer 13

ARP (Address Resolution Protocol) – used to convert an IP address to a MAC address

used on Ethernet LANs because hosts that want to communicate with each other need to know their respective MAC addresses.

It is a request-reply protocol; ARP request messages are used to Broadcast to request the MAC address, while ARP reply messages are used to send the requested MAC address

ARP are sent to broadcast address and only host with specified IP will respond with ARP reply

RP requests are sent to the Layer 2 broadcast address of FF:FF:FF:FF:FF:FF

Question 14

IP

Answer 14

IP (Internet Protocol) – used to deliver packets from the source host to the destination host based on the IP addresses.

Question 15

ICMP

Answer 15

ICMP (Internet Control Message Protocol) – used to detects and reports network error conditions. Used in ping.

Question 16

TCP

Answer 16

OSI Layer 4
TCP (Transmission Control Protocol) – a connection-oriented protocol that enables reliable data transfer between two computers.

process used to establish a TCP connection is known as the three-way handshake. After the connection has been established, the data transfer phase begins

Question 17

UDP

Answer 17

OSI Layer 4
UDP (User Datagram Protocol) – a connectionless protocol for data transfer. Since a session is not created before the data transfer, there is no guarantee of data delivery.

provides delivery of data between applications running on hosts on a TCP/IP network, but it does not sequence the data and does not care about the order in which the segments arrive at the destination.

Question 18

FTP

Answer 18

FTP (File Transfer Protocol) – used for file transfers from one host to another.

PORT 20 - sending data, 21 - control commands

Question 19

TELNET

Answer 19

Telnet (Telecommunications Network) – used to connect and issue commands on a remote computer.
PORT 23

Question 20

DNS

Answer 20

DNS (Domain Name System) – used for host names to the IP address resolution.

Question 21

HTTP

Answer 21

HTTP (Hypertext Transfer Protocol) – used to transfer files (text, graphic images, sound, video, and other multimedia files) on the World Wide Web.

Question 22

IPV4

Answer 22

32 bit address assigned to each host on a network

An IP address is a software (logical) address, not a hardware address hard-coded on a NIC like a MAC address.

Question 23

IPV6

Answer 23

128 bit address

Question 24

Private network IP address

Answer 24

10.0.0.0 – 10.255.255.255
172.16.0.0 – 172.31.255.255
192.168.0.0 – 192.168.255.255
Private IP addresses are specified in RFC 1918.

Question 25

Port

Answer 25

A port is a 16-bit number used to identify specific applications and services

Question 26

Telnet

Answer 26

Port 23
Telnet is an application protocol that allows a user to communicate with a remote device
Not commonly used as telnet sends all data in clear-text, including usernames and passwords! SSH (port 22) is commonly used today instead of Telnet.

Question 27

SSH

Answer 27

Secure Shell (SSH) protocol enables a user to access a remote device and manage it
Uses asymmetric encryption to secure symmetric key
TCP Port 22

Question 28

TFTP

Answer 28

Trivial File Transfer Protocol (TFTP) is a simpler version of FTP and it doesn’t have all of its functions; for example, you can not list, delete, or rename files or directories on a remote server. In fact, TFTP can only be used to send and receive files between the two computers. TFTP doesn’t support user authentication and all data is sent in clear text.

Question 29

SNMP

Answer 29

Simple Network Management Protocol (SNMP) is an application layer protocol that is used for network device management. This protocol can collects and manipulate network information from switches, routers, servers, printers, and other network-attached devices.

SNMP agents use UDP port 161,
SNMP manager uses UDP port 162

Question 30

NTP

Answer 30

Network Time Protocol (NTP) is an application layer protocol used for clock synchronization between hosts on a TCP/IP network. The goal of NTP is to ensure that all computers on a network agree on the time
UDP port 123

Question 31

DHCP

Answer 31

Dynamic Host Configuration Protocol (DHCP) is an application layer protocol used to distribute network configuration parameters, such as IP addresses, subnet masks, default gateways, etc. to hosts on a TCP/IP network
DHCP Server - UDP 67
DHCP Client - UDP 68

Question 32

APIPA

Answer 32

Automatic Private IP Addressing (APIPA) is a feature in Windows operating systems that enables computers to automatically self-configure an IP address and subnet mask when their DHCP server isn’t reachable

The IP address range for APIPA is 169.254.0.1-169.254.255.254, and the subnet mask is 255.255.0.0.

If your host is using an IP address from the APIPA range, there is usually a problem on the network

Question 33

Subnetting

Answer 33

Subnetting is the practice of dividing a network into two or more smaller networks. It increases routing efficiency, enhances the security of the network and reduces the size of the broadcast domain.
In binary - A subnet mask is always be a series of 1s, followed by a series of 0s.

Question 34

IP routing tables

Answer 34

A routing table lists all networks for which routes are known. Each router’s routing table is unique and stored in the RAM of the device.+

When a router receives a packet that needs to be forwarded to a host on another network, it examines its destination IP address and looks for the routing information stored in the routing table

There methods are used to populate a routing table:

1. directly connected networks are added automatically
2. using static routing
3. using dynamic routing
4. Connected routes always take precedence over static or dynamically discovered routes because they have the administrative distance value of 0 (the lowest possible value).

Question 35

Routing Protocol

Answer 35

Interior Gateway Protocols (IGPs) – routing protocols used to exchange routing information with routers in the same autonomous system (AS). Interior gateway protocols are further divided into two types: distance-vector routing protocols and link-state routing protocols. EG. OSPF (open shortest path first), RIP (routing information protocol)

Exterior Gateway Protocols (EGPs) – routing protocols used to exchange routing information between different routers in different autonomous systems (Border Gateway Protocol)

Question 36

RIP

Answer 36

Routing Information Protocol
Default administrative distance of 120
Uses the hop count (the number of routers between the source and destination network) as the metric and is very simple to configure
It sends the entire routing table every 30 seconds, which can consume a lot of network bandwidth. The hop count limit is 15

RIP lacks some more advanced features of the newer routing protocols like OSPF or EIGRP and it is not widely used in modern networks.

Question 37

Split Horizon

Answer 37

a router will not advertise a route back onto the interface from which it was learned. Split horizon is enabled on interfaces by default.

Question 38

Route poisoning

Answer 38

When a router detects that one of its directly connected routes has failed, it will advertise a failed route with an infinite metric (“poisoning the route”). Routers who receive the routing update will consider the route as failed and remove it from their routing tables.

Each routing protocol has its own definition of an infinite metric. In the case of RIP the infinite metric is 16.

Question 39

holddown timer

Answer 39

Used in RIP. prevents a router from learning new information about a failed route until the timer expires.

Question 40

EIGRP

Answer 40

EIGRP (Enhanced Interior Gateway Routing Protocol) is an advanced distance vector routing protocol
Routers that run EIGRP must become neighbors before exchanging routing information

Question 41

OSPF

Answer 41

OSPF (Open Shortest Path First) is perhaps the most popular link state routing protocol. It is an open standard so it can be run on routers produced by different vendors

The default administrative distance for OSFP routes is 110

OSPF routers stores routing and topology information in three tables:+

1. neighbor table – stores information about OSPF neighbors.
2. topology table – stores the topology structure of the network.
3. routing table – stores the best routes.

Question 42

Layer 2 switching

Answer 42

Layer 2 switching (also known as the Data Link layer switching) is the process of using devices’ MAC addresses to decide where to forward frames in a LAN. Layer 2 switching is efficient because there is no modification to the data packet, only to the frame encapsulation of the packet.

Question 43

VLAN

Answer 43

VLANs (Virtual LANs) are logical grouping of devices in the same broadcast domain. VLANs are configured on switches by placing some interfaces into one broadcast domain and some interfaces into another

Question 44

ACL

Answer 44

An Access Control List (ACL) is a set of rules that is usually used to filter network traffic. ACLs can be configured on network devices with packet filtering capatibilites, such as routers and firewalls.

standard access lists – allow you to evaluate only the source IP address of a packet.

extended access lists – allow you to evaluate the source and destination IP addresses, the type of Layer 3 protocol, source and destination port, and other parameters

Question 45

NAT

Answer 45

NAT (Network Address Translation) is a process of changing the source and destination IP addresses and ports. The main goal of NAT is to limit the number of public IP addresses a company needs and to hide private network address ranges. The NAT process is usually done by routers or firewalls.

There are three types of NAT:+

1. Static NAT – translates one private IP address to a public one. The public IP address is always the same.
2. Dynamic NAT – private IP addresses are mapped to the pool of available public IP addresses.
3. Port Address Translation (PAT) – one public IP address is used for all internal devices, but a different port is assigned to each private IP address. This type is also known as NAT Overload.

Question 46

Difference between Link and End to End Encryption

Answer 46

The critical difference between link and end-to-end encryption is that in link encryption, all the data, including the header, trailer, address, and routing data, is also encrypted. Therefore, each packet has to be
decrypted at each hop so it can be properly routed to the next hop and then re-encrypted before it can be sent along its way, which slows the
routing. End-to-end encryption does not encrypt the header, trailer, address, and routing data, so it moves faster from point to point but is more susceptible to sniffers and eavesdroppers.

Question 47

IPSEC

Answer 47

IPsec uses public key cryptography to provide encryption, access control, nonrepudiation, and message authentication, all using IPbased protocols.

The primary use of IPsec is for virtual private
networks (VPNs),

IPsec is commonly paired with the Layer 2 Tunneling Protocol

The Authentication Header (AH) provides assurances of message integrity and nonrepudiation. AH also provides authentication and access control and prevents replay attacks.

The Encapsulating Security Payload (ESP) provides confidentiality and integrity of packet contents. It provides encryption and limited authentication and prevents replay attacks

Need to create Security Associations (SA). Each SA is simplex. To have bi directional for both AH and ESP, need 4SA

Supported by ISAKMP

Question 48

ISAKMP

Answer 48

The Internet Security Association and Key Management Protocol (ISAKMP) provides background security support services for IPsec by negotiating, establishing, modifying, and deleting security associations.

Question 49

WPA

Answer 49

WiFi Protected Access WiFi Protected Access (WPA) implements the Temporal Key Integrity Protocol
(TKIP), eliminating the cryptographic weaknesses that undermined WEP.

WPA does not provide an end-to-end security solution. It encrypts traffic only between a mobile computer and the nearest wireless access point

Question 50

Salt

Answer 50

random value that is added to the end of

the password before the operating system hashes the password

Question 51

Known Plaintext

Answer 51

attacker has a copy of the encrypted message along with the plaintext message used to generate the ciphertext

Question 52

Chosen Ciphertext

Answer 52

attacker has the ability to decrypt chosen portions of the ciphertext message and use the decrypted portion of the message to discover the key

Question 53

Chosen Plaintext

Answer 53

the attacker has the ability to encrypt plaintext messages of their choosing and can then analyze the ciphertext output of the encryption algorithm

Question 54

Meet in the Middle

Answer 54

defeat encryption algorithms that use two rounds of
encryption. the attacker uses a known plaintext
message

Question 55

Man in the middle

Answer 55

malicious individual sits between two communicating parties and intercepts all communications

Question 56

Birthday attack

Answer 56

malicious individual seeks to substitute in a digitally signed communication a different message that produces the same message digest

Question 57

Replay

Answer 57

used against cryptographic algorithms that don’t incorporate temporal protections. attacker intercepts an encrypted message between two parties (often a request for authentication) and then later “replays” the
captured message to open a new session.