Domain 4: Communications and Networking

Question 1

71. What is Internet/Internetwork layer in the TCP/IP model? What 2 basic functions does Internet protocol perform? What is this layer called in OSI model?

Answer 1

responsible for sending packets across potentially multiple netorks. Does routing.

Hosting addressing/id & packet routing.

called OSI Layer 3.

Question 2

71 What is the Transport Layer in the TCP model? What is it called in the OSI layer? How is data sent?

Answer 2

It has the port numbers. It has the basic data channels that applications use for task specific data exchange. It is called OSI layer 4.
data is sent via TCP or UDP (connectionless)

Question 3

71 What is the application layer? What is it called in the OSI model?

Answer 3

Protocols used by applications for providing user services or exchanging data like HTTP FTP SMTP, CHCP, IMAP.
Distinguishes between user and support protocols.
It is called the OSI layer 5, 6 and 7.

Question 4

72 What is MAC address or BIA? EUI

Answer 4

Media Access Card or Burnt In Address. A unique identifier on a network card. Extended Unique Identifer

Question 5

72 What is a MAC48? What is a EUI 64?

Answer 5

MAC 48 is the original design. first 24 are maufacter identifier. last 24 are unqiue and idenrify the host.
EUI64 use 24 bit for manufacturer and last 40 are qunique annd identify the host.
48bit mac’s ipv6 can be modified into 64 bit macs by adding FF:FE to the device ID.

Question 6

72 What is IPv4?

Answer 6

connectionless protocol to use on packet switched networks.
Operates on best effort delivery model, it doesn’t guarantee delivery, it doesn’t assure proper sequening or avoidance of duplicate delivery. We added other protocols on top of IP to ensure those. TCP protocol made to fix these.

Question 7

72 Ports 3 known.
What are ports like?

Answer 7

0-1023 mostly used for protocols.
0124-49151 Mostly used for vendor specific applications
49152-65535 can be used for anything like web browsers.
Ports are like apartment numbers.IP is like your address.

Question 8

72 Specific ports (2 digits) 6 of them

Answer 8

20 TCP FTP data transfer
21 TCP FTP Control
22 TCP/UDP Secure Shell SSH
23 TCP Telnet unencrypted text communications
25 TCP Simple Mail Transfer protocol SMTP also 2525
80 TCP/UDP HTTP use 8008 8080

Question 9

72 Specific ports (3 digits) 6 of them

Answer 9

110 TCP Post Office Protocol v3 POP3
137 UDP NetBIOS Name Service, use for name registration
138 TCP/UDP NetBios datagram service
143 TCP Internet message access protocol IMAP
443 TCP Hypertext Transfer protocol over TLS/SSL or HTTPS
3389 TCP/UDP Microsfot Terminal Server RDP

Question 10

73 What is a socket?

Answer 10

1 set of IP and Port. like 192.168.0.6:510291.
TCP has 2 sockets. UDP only uses 1 socket.

Question 11

73 IANA? RIR?

Answer 11

Internet Assigned Numbeers Authority. It is a department of ICANN (Internet corporation for assigned names and numbers)
RIR Regional Internet Registry regions:
1 AFRINIC
2 ARIN
3 APNIC
4 LACNIC
5 RIPE NCC

Question 12

73 What are 3 types of ip traffic?

Answer 12

1. unicast: one to one traffic. Client to server. Use promiscouous mode on specific clients network cards.
   2 Multicast: one to many (predefined)
   3 Broadcast: one to all (on LAN network)

Question 13

73 what are the 3 broadcast traffic types?

Answer 13

1 Limited L3 Broadcast: Used 255.255.255.2555 broacast ip address. routers do not pass it.
2 Limited L2 Broadcast: FF:ff:ff:ff:ff. routers do not pass .
3 Direct broadcast: sent to anyone logically connected to thesame network. It doesn’t need to be physically behind the same network.

Question 14

74 Ipv4? What about private ipv4? What are 3 exception addresses for private ipv4?

Answer 14

Made of 4 Octets and into 32 bit integer binary.
private ipv4 have 3 ranges, 10.xxx, 172.xx., 192.168.xx… . Loopback addresses 127.0.0.0/8 , Link-local 169.254.0.0/16 , Broadcast 255.255.255.255

Question 15

74 Ipv4 What is a NAT? What are 2 NATs?

Answer 15

Network Address Translation. It was a band aid solution to extend the depletion of IPv4 addresses.
Static NAT translate 1 to 1 public ip to private ip.
Pool NAT still 1-1 but pool was avaiablle to all clients

Question 16

74 What is a PAT?

Answer 16

Port Address Translation. Also called NAT overload or One to Many.

Question 17

74 What is CIDR?

Answer 17

Classless Inter Domain Routing also called slash notation. You logically segment them out. /24 is 256. /32 is 1. /0 is 4.29 million. /24 is most common and 254 is usable for hosts. first 0 and last 255 can’t be used. But with newer tech, only 255 is not usable since it is a broadcast address.

Question 18

74 What is classful IP network?

Answer 18

Early in the internet used inefficient IP addresses. Networks had 16 million + IPs.

Question 19

74 What is in the IP headers?

Answer 19

Version: IP version 4, IHL: lenght of IP header, QoS (quality of service), ID (used for IP fragmentation AND priority of the service, TTL (to prevent routing loops, protocal, Source and Destination IP addresses, MTU (maxium transmission unit , 1500 bytes , if packet exceeds that size a router may fragment into smaller packets.

Question 20

75 What does IPv6 header contain?

Answer 20

Version: IP v6 (4 bits),
Traffic Class/Priority , old QoS 8bit , Flow Lable/QoS management 20 bits, Payload Lenght 16bits, Next Header 8bits, TTL/Hop Limit 8bits (this is to prevent briding loops, once it hits a router, it is decremented by 1), source IP address 128bits, Desitnation IP address 128bits. MTU Maximum Transmission Unit normaly 1500 bytes. if a packet exceeds a size it will be fragmentsed into smaller packets.

Question 21

75 IPv6

Answer 21

128bit hexadecimal numbers (use 0-9 and a-f) 16 options. You don’t need NAT or PAT. 8 groups of 4 hexadecimals. IPSec is built in. hard to read so remove all 0s and add ::

Question 22

75 How do you change MAC address for ipv6?

Answer 22

shimmy fffe (used in EUI64) into EUI 48 address. from 00:fa:22:52:88:8a into 00:fa:22:ff:fe:52:88:8a.
then to 20:fa:22:ff:fe:52:88:8a modifed identifiers to allow development oftuture tech that can take advantage of interface identificers with universal scope.

Question 23

75 How do you add MAC address to IPv6

Answer 23

If you network prefix is 2001:0000:0000:00b8, you add this in front of the mac address. Like 2001:0000:0000:00b8:20fa:22ff:fe52:888a. to 2001::b8:20fa:22ff:fe52:888a (internet). Link local address for local only change 2001 to fe80.

Question 24

76 What is ARP Address Resolution Protocol? What is RARP?

Answer 24

Translates IP addresses into MAC addresses. It is always trusting. Victim to ARP cache poisoning attack usually with Default Gateway. ARP sends out a request to the network “does any know the physical address for this ip address “ as multicast. A switch or phsycial device responds in unicast. but an attacker can respond. RARP=Reverse ARP is ued by diskless workstations to get IPs. It sends out this is my MAC address, then here is your IP address.

Question 25

76. What ICMP? Internet control message protocol.

Answer 25

Used to troubleshoot IP. It sends Ping (echo request) and TTL Exceeds in Traceroute. Check if server is up. Some servers to block icmp replies like firewalls.

Question 26

76 What is Traceroute?

Answer 26

It used ICMP to trace a network route. Uses TTL value in somewhat reverse. We do it until the destination is reached (max of 30 hops)

Question 27

76 What is telnet? what is SSH

Answer 27

Remote access over a network. TCP port 23. all data is plaintext including username and password. shouldn’t be used. Attachkers with newtork access can sniff crednetials.
ssh v1 had vulnerabiltyes. v2 2as more secure but not anymore by snowden leak. Designed to replace/add secruity to telnet, ftp, http…BothanSpy (windows) and Gyrfalcon (Linux) can implant that targets the SSH client.

Question 28

76. FTP? SFTP? FTPS? TFTP

Answer 28

FTP uses TCP port 20 and 21. Not secure. SFTP uses SSH to add security to FTP. FTPS, uses TLS and SSL to add security layer to FTP session. Trivial FTP uses UDP Port 69. No authentication or directory structure, files are written and read form one directory/tftpboot. Uses for Boostrapping, downloading an OS voer the network for diskless workstations. Used for saving router configuations.

Question 29

77 What port is HTTP and HTTPS? And what protocol?

Answer 29

Both use TCP protocol. HTTP is 80 (8008 and 8080) and Http is port 443 and 8443.

Question 30

77 Whatis BOOTP Bootstrap porotocal? What port does it use?

Answer 30

Used for diskless workstations which determines OS and IP addresses. (downloaded with tftp. Most BIOS support BOOTP, which can use OS without a disk. Used UDP Port 67 for server and port 69 for client.

Question 31

What is DHCP Dynamic Host configuration protocol?

Answer 31

protocol to assignng IPs controlled by a DHCP server. you home network has one, uses UDP ort 67 for server and UDP port 68 for client.

Question 32

77 How do Email server protocols work?

Answer 32

1 MUA (mail user agent) Send SMTP to MSA (mail submission agent) email server 2 send to DNS server 3 DNS responds to any MX (mail exchange) records 4 MSA sends to MTA (mail transfer agent) 5 MDA delivers to Jane 6 Jane’s MUA pick up either POP3 or IMAP

Question 33

77 DNS port? What are the 3 servers ? What is a common attack? Whatis DNSSEC DNS Security Extnesions

Answer 33

TCP and UDP port 53. Authoritative name servers: the autoehrity fora given name space. 2 Recursive name server: tries to resolve names it doesn’t already know. Cache name server: Keeps previously resovled names in a temp cache. Common attack is DNS poisoning similar to ARP poisoning, an attacker sends a fake address/name combo to another DNS sercer when asked and the server keeps it in its DNSrecords until it expires. DNS has no native authenitcation. DNSSEC provides authentication and integrity using PKI encryption. Doesn’t provide confidentiality. it is a signature for DNS.

Question 34

77 What is SNMP? Simple Network Management Protocol.

Answer 34

Used to monitor devices in the network. Must be installed on client. SNMPv1 and v2 send data in cleartext. v2 is widely used but should be avoided. v3 uses encryption CIA. This should be standard.v2 widely used. attackers can controll your device using v2. v1 is less dangerous, only uses cleartext only send data. v2 can controll device. Solarwinds example.

Question 35

78 What is Crosstalk? What is Attenuatin? What is copper ethernet cables called?

Answer 35

Crosstalk is signal crossing from oen cable to antoher, this can be a condifentiality issue. Attentuation is the singal getting weaker the farther it travels. Copper has this. Fiber doesn’t have this. RJ45 copper ethernent cables.

Question 36

78 What 2 types of twisted pair cables?

Answer 36

UTP Unshield Twisted Pair. Twisting them makes less usceptible of EMI. 1 cable sends and 1 receives data. CAT 3 pairs are less tight. CAT 6 is more tight.
STP shielded twisted pair. metal mesh. but more thicker and expensive.

Question 37

78 Fiber cables length max?

Answer 37

150miles+ 240km+. Single and Multil mode fiber. Single is used for long disntance and IP backbones. Multimode (datacenter) is done with WDM wavelnght divison multiplexing.

Question 38

79 What is CSMA Carrier Sense Multiple Access?

Answer 38

LAN technology, CSMA : clients on a network check to see if the hared line is in use, if not they will send their data. If idle, they send, if in use, they wait random amount of time in milliseconds.

Question 39

79 What is CSMA/CD Collison Detection

Answer 39

Used for systems that can send and receive at the same time like Ethernet. While transmitting, they monitor the network. they send a Jam signal to tell the other nodes to stop sending.

Question 40

79 What is CSMA Carrier Sense multiple Access CA Collison avoidance?

Answer 40

Used in wireless. Check if idle and send if in use and wait. They are not aware of other clients. If there is a lot of congestion, the clietn can send a RTS Request to Send and if the host replies with CTS Clear to Send, similar to a token, the client will transmit. The AP Access Point determines who can send.

Question 41

79 What is ARCNET Attached Rersource Comptuer Network? What is Token Ring? FDDI Fiber Distriuted Data Interface.

Answer 41

Legacy systems. Used network tokens for traffic, no collision. Used a star topology. 2.5mbps . Token ring. Same thng. as ARCNET but faster 16mbps. FDDI Used token bus for traffic, no collisiions. Ring. Ruber fiber and not copper. 100 mbps.

Question 42

79 What is Bus Topology? What is Tree (Hierarchical) Topology?

Answer 42

Legacy tech. Bus: All nodes are connected in a line. each node inspects traffic and passes it. Not very stable. Single node can break it. Tree: Base of the tree topology , like mainframe. If single nodes fails, whole system fails.

Question 43

79 What is Ring and Star Topologies? What are 2 types of Star?

Answer 43

These are LAN Topology legacy. All nodes are connect as a ring. Star is used today. Use for Ethernet.All nodes are connected wit ha switch.If switch, no token passing or collison detections is needed. If we use a hub, collision will still occur. and unsecure. Hub operates in OSI physical layer, switch operates on the OSI data link layer.

Question 44

79 What is a Mesh? What are 2 types?

Answer 44

Nodes are connected to each other in partial or full mesh. Used in high availablity env. Need in load balancing and keep alive env.

Question 45

80 What are some legacy WAN Connections?

Answer 45

T1. Dedicated 1.543 Mbps circuti carrying 24 64-bit DS0 channels. Also called Ds1. T3: 28 Bundled t1 lines. Creating a dedicated 44.736 Mbps circut. E1 (europe) dedicated 2.048 circuit carrying 30 channels. E3: 16 bundled E1 lines, creating a dedicated 34.368 mbps circuit.

Question 46

80 What is FCoE Fiber Channel over Ethernet

Answer 46

Channel’s HBA Host Bus Adapters are unqiue cards to interface with storage. can be combined with the network interface NIC for economies of scale. FCoE uses Ethernet, not TcP/IP and because of that it is not routable.

Question 47

81 What is FCIP Fiber Channel over IP?

Answer 47

Encapsulates fiber channel frames iva TCP/IP

Question 48

82 What is WLAN? What is Rouge access points?

Question 49

82 What are 2 other WLAN attacks?

Answer 49

1 Jamming and 2 Evil twin.

Question 50

82 What are the 802.11 standards? What is the range?

Question 51

83 What is 4 different modes that 802.11 can operate on?

Question 52

83 WLAN security

Answer 52

WEPWired Equivalent Privacy.2 WPA, WPA2 WPA3

Question 53

84 What are 3 types of bluetooth attacks?

Answer 53

Blujacking, bluesnarfing, bluebugging.

Question 54

85 What is LiFi? What is Zigbee?

Answer 54

Uses Light to transmit data and position detween device. Speed is 100 Gbit. Used in place where there is too much EMI, aircraft cabins, hospitals, and nuclear power plants.
Zigbee : Mesh wireless network with low power, low data rate, and close proximity.

Question 55

86 Name 2 layer1 devices. Name 2 layer2 device.

Answer 55

Repeaters: it receive a signal and retransmit it. copper cables. Hubs: they are repeaters with more than 2 ports.No confidentiality or Integrity.
Layer2: Bridges are 2 port switches used to separate collison domains.

Question 56

86 What is VXLAN Virtual eXtensble Local Area Network

Answer 56

Made for cloud computing.. Solves teh max 4094 vlans 12 bit vlan id. vxlan has 16 million vlns, 24 bit vlan id

Question 57

86 what is a Trunk Port? whatis VLAN pruning? Whatis VLAN taggin?

Answer 57

Port between 2 switches. VLAN is layer 2. VLAN pruning is stopping the traffice. VLAn use tags within network packets and tag handling.

Question 58

87 What is RIP?

Answer 58

Layer 3 protocol. One of the oldest distance vector routing protocols which uses hte hop count as a routing metric. Uses UDP port 520

Question 59

86 what is ASN or Autonomous System Number?

Answer 59

globally unique and is assigned to each autonomous systems by the IANA Internet Assigned Numbers Authority.