Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

MODULE 6 - Ethernet and IP Protocol CERTIFICATION CYBER OPS ASSOCIATE > MODULE 6 - CERTIFICATION CYBER OPS ASSOCIATE > Flashcards

MODULE 6 - CERTIFICATION CYBER OPS ASSOCIATE Flashcards

1
Q

Ethernet Ethernet Encapsulation Ethernet and wireless LANs (WLANs) are the two most commonly deployed LAN technologies.

Unlike wireless, Ethernet uses wired communications, including twisted pair, fiber-optic links, and coaxial cables.

A

Ethernet operates in the data link layer and the physical layer. It is a family of networking technologies defined in the IEEE 802.2 and 802.3 standards. Ethernet supports the following data bandwidths:

10 Mbps

100 Mbps

1000 Mbps (1 Gbps)

10,000 Mbps (10 Gbps)

40,000 Mbps (40 Gbps)

100,000 Mbps (100 Gbps)

As shown in the figure, Ethernet standards define both the Layer 2 protocols and the Layer 1 technologies. Ethernet and the OSI Model

https://snipboard.io/GEe25a.jpg

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Ethernet Frame Fields The minimum Ethernet frame size is 64 bytes and the maximum is 1518 bytes.

This includes all bytes from the destination MAC address field through the Frame Check Sequence (FCS) field.

The preamble field is not included when describing the size of the frame.

Any frame less than 64 bytes in length is considered a “collision fragment” or “runt frame” and is automatically discarded by receiving stations. Frames with more than 1500 bytes of data are considered “jumbo” or “baby giant frames”.

A

If the size of a transmitted frame is less than the minimum, or greater than the maximum, the receiving device drops the frame.

Dropped frames are likely to be the result of collisions or other unwanted signals. They are considered invalid. However, the Fast Ethernet and Gigabit Ethernet interfaces of some Cisco Catalyst switches can be configured to support larger jumbo frames..

The figure shows each field in the Ethernet frame. Refer to the table for more information about the function of each field.

Ethernet Frame Fields

https://snipboard.io/s3WAlP.jpg

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

If the size of a transmitted frame is less than the minimum, or greater than the maximum, the receiving device drops the frame. Dropped frames are likely to be the result of collisions or other unwanted signals. They are considered invalid.

However, the Fast Ethernet and Gigabit Ethernet interfaces of some Cisco Catalyst switches can be configured to support larger jumbo frames..

The figure shows each field in the Ethernet frame.

Refer to the table for more information about the function of each field.

Ethernet Frame Fields

https://snipboard.io/s3WAlP.jpg

– Preamble and Start Frame Delimiter Fields

– Destination MAC Address Field

– Source MAC Address Field

– Type / Length

– Data Field

– Frame Check Sequence Field

A

Preamble and Start Frame Delimiter Fields :

The Preamble (7 bytes) and Start Frame Delimiter (SFD), also called the Start of Frame (1 byte), fields are used for synchronization between the sending and receiving devices.

These first eight bytes of the frame are used to get the attention of the receiving nodes.

Essentially, the first few bytes tell the receivers to get ready to receive a new frame.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

If the size of a transmitted frame is less than the minimum, or greater than the maximum, the receiving device drops the frame. Dropped frames are likely to be the result of collisions or other unwanted signals. They are considered invalid.

However, the Fast Ethernet and Gigabit Ethernet interfaces of some Cisco Catalyst switches can be configured to support larger jumbo frames..

The figure shows each field in the Ethernet frame.

Refer to the table for more information about the function of each field.

Ethernet Frame Fields

https://snipboard.io/s3WAlP.jpg

– Preamble and Start Frame Delimiter Fields

– Destination MAC Address Field

– Source MAC Address Field

– Type / Length

– Data Field

– Frame Check Sequence Field

A

Destination MAC Address Field :

This 6-byte field is the identifier for the intended recipient. As you will recall, this address is used by Layer 2 to assist devices in determining if a frame is addressed to them.

The address in the frame is compared to the MAC address in the device. If there is a match, the device accepts the frame. Can be a unicast, multicast or broadcast address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

If the size of a transmitted frame is less than the minimum, or greater than the maximum, the receiving device drops the frame. Dropped frames are likely to be the result of collisions or other unwanted signals. They are considered invalid.

However, the Fast Ethernet and Gigabit Ethernet interfaces of some Cisco Catalyst switches can be configured to support larger jumbo frames..

The figure shows each field in the Ethernet frame.

Refer to the table for more information about the function of each field.

Ethernet Frame Fields

https://snipboard.io/s3WAlP.jpg

– Preamble and Start Frame Delimiter Fields

– Destination MAC Address Field

– Source MAC Address Field

– Type / Length

– Data Field

– Frame Check Sequence Field

A

Source MAC Address Field :

This 6-byte field identifies the originating NIC or interface of the frame.

A source MAC address can only be a unicast address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

If the size of a transmitted frame is less than the minimum, or greater than the maximum, the receiving device drops the frame. Dropped frames are likely to be the result of collisions or other unwanted signals. They are considered invalid.

However, the Fast Ethernet and Gigabit Ethernet interfaces of some Cisco Catalyst switches can be configured to support larger jumbo frames..

The figure shows each field in the Ethernet frame.

Refer to the table for more information about the function of each field.

Ethernet Frame Fields

https://snipboard.io/s3WAlP.jpg

– Preamble and Start Frame Delimiter Fields

– Destination MAC Address Field

– Source MAC Address Field

– Type / Length

– Data Field

– Frame Check Sequence Field

A

Type / Length :

This 2-byte field identifies the upper layer protocol encapsulated in the Ethernet frame.

Common values are, in hexadecimal, 0x800 for IPv4, 0x86DD for IPv6 and 0x806 for ARP.

Note: You may also see this field referred to as EtherType, Type, or Length.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

If the size of a transmitted frame is less than the minimum, or greater than the maximum, the receiving device drops the frame. Dropped frames are likely to be the result of collisions or other unwanted signals. They are considered invalid.

However, the Fast Ethernet and Gigabit Ethernet interfaces of some Cisco Catalyst switches can be configured to support larger jumbo frames..

The figure shows each field in the Ethernet frame.

Refer to the table for more information about the function of each field.

Ethernet Frame Fields

https://snipboard.io/s3WAlP.jpg

– Preamble and Start Frame Delimiter Fields

– Destination MAC Address Field

– Source MAC Address Field

– Type / Length

– Data Field

– Frame Check Sequence Field

A

Data Field :

This field (46 - 1500 bytes) contains the encapsulated data from a higher layer, which is a generic Layer 3 PDU, or more commonly, an IPv4 packet.

All frames must be at least 64 bytes long.

If a small packet is encapsulated, additional bits called a pad are used to increase the size of the frame to this minimum size.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

If the size of a transmitted frame is less than the minimum, or greater than the maximum, the receiving device drops the frame. Dropped frames are likely to be the result of collisions or other unwanted signals. They are considered invalid.

However, the Fast Ethernet and Gigabit Ethernet interfaces of some Cisco Catalyst switches can be configured to support larger jumbo frames..

The figure shows each field in the Ethernet frame.

Refer to the table for more information about the function of each field.

Ethernet Frame Fields

https://snipboard.io/s3WAlP.jpg

– Preamble and Start Frame Delimiter Fields

– Destination MAC Address Field

– Source MAC Address Field

– Type / Length

– Data Field

– Frame Check Sequence Field

A

Frame Check Sequence Field :

The Frame Check Sequence (FCS) field (4 bytes) is used to detect errors in a frame.

It uses a cyclic redundancy check (CRC). The sending device includes the results of a CRC in the FCS field of the frame. The receiving device receives the frame and generates a CRC to look for errors.

If the calculations match, no error occurred. Calculations that do not match are an indication that the data has changed; therefore, the frame is dropped. A change in the data could be the result of a disruption of the electrical signals that represent the bits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

MAC Address Format :

Decimal and Binary Equivalents of 0 to F Hexadecimal

https://snipboard.io/RNdGIu.jpg

An Ethernet MAC address is a 48-bit binary value expressed as 12 hexadecimal digits (4 bits per hexadecimal digit).

Hexadecimal digits uses the numbers 0 to 9 and the letters A to F. The figure shows the equivalent decimal and hexadecimal values for binary 0000 to 1111. Hexadecimal is commonly used to represent binary data.

IPv6 addresses are another example of hexadecimal addressing. All data that travels on the network is encapsulated in Ethernet frames. A cyber security analyst should be able to interpret the Ethernet data that is captured by protocol analyzers and other tools.

A

Depending on the device and the operating system, you will see various representations of MAC addresses, as displayed in the figure below.

Different Representations of MAC Addresses

https://snipboard.io/WbMDuY.jpg

All data that travels on the network is encapsulated in Ethernet frames.

A cyber security analyst should be able to interpret the Ethernet data that is captured by protocol analyzers and other tools.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

IPv4 :

The network layer, or OSI Layer 3, provides services to allow end devices to exchange data across networks.

As shown in the figure, IP version 4 (IPv4) and IP version 6 (IPv6) are the principle network layer communication protocols.

Other network layer protocols include routing protocols such as Open Shortest Path First (OSPF) and messaging protocols such as Internet Control Message Protocol (ICMP).

Network Layer Protocols

https://snipboard.io/yektiq.jpg

A

To accomplish end-to-end communications across network boundaries, network layer 3 protocols perform four basic operations: :

– Addressing end devices

– Encapsulation

– Routing

– De-encapsulation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

To accomplish end-to-end communications across network boundaries, network layer protocols perform four basic operations: :

– Addressing end devices

– Encapsulation

– Routing

– De-encapsulation

A

Addressing end devices :

End devices must be configured with a unique IP address for identification on the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

To accomplish end-to-end communications across network boundaries, network layer protocols perform four basic operations: :

– Addressing end devices

– Encapsulation

– Routing

– De-encapsulation

A

Encapsulation :

The network layer encapsulates the protocol data unit (PDU) from the transport layer into a packet.

The encapsulation process adds IP header information, such as the IP address of the source (sending) and destination (receiving) hosts.

The encapsulation process is performed by the source of the IP packet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

To accomplish end-to-end communications across network boundaries, network layer protocols perform four basic operations: :

– Addressing end devices

– Encapsulation

– Routing

– De-encapsulation

A

Routing :

The network layer provides services to direct the packets to a destination host on another network.

To travel to other networks, the packet must be processed by a router.

The role of the router is to select the best path and direct packets toward the destination host in a process known as routing.

A packet may cross many routers before reaching the destination host. Each router a packet crosses to reach the destination host is called a hop.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

To accomplish end-to-end communications across network boundaries, network layer protocols perform four basic operations: :

– Addressing end devices

– Encapsulation

– Routing

– De-encapsulation

A

De-encapsulation

When the packet arrives at the network layer of the destination host, the host checks the IP header of the packet.

If the destination IP address within the header matches its own IP address, the IP header is removed from the packet.

After the packet is de-encapsulated by the network layer, the resulting Layer 4 PDU is passed up to the appropriate service at the transport layer.

The de-encapsulation process is performed by the destination host of the IP packet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Unlike the transport layer (OSI Layer 4), which manages the data transport between the processes running on each host, network layer communication protocols (i.e., IPv4 and IPv6) specify the packet structure and processing used to carry the data from one host to another host.

Operating without regard to the data carried in each packet allows the network layer to carry packets for multiple types of communications between multiple hosts.

A

Unlike the transport layer (OSI Layer 4), which manages the data transport between the processes running on each host, network layer communication protocols (i.e., IPv4 and IPv6) specify the packet structure and processing used to carry the data from one host to another host.

Operating without regard to the data carried in each packet allows the network layer to carry packets for multiple types of communications between multiple hosts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

IP Encapsulation IP encapsulates the transport layer 4 (the layer just above the network layer) segment or other data by adding an IP header.

The IP header is used to deliver the packet to the destination host. The figure illustrates how the transport layer PDU is encapsulated by the network layer PDU to create an IP packet.

https://snipboard.io/xsUQXM.jpg

A

The process of encapsulating data layer by layer enables the services at the different layers to develop and scale without affecting the other layers.

This means the transport layer segments can be readily packaged by IPv4 or IPv6 or by any new protocol that might be developed in the future. The IP header is examined by Layer 3 devices (i.e., routers and Layer 3 switches) as it travels across a network to its destination.

It is important to note, that the IP addressing information remains the same from the time the packet leaves the source host until it arrives at the destination host, except when translated by the device performing Network Address Translation (NAT) for IPv4.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

The process of encapsulating data layer by layer enables the services at the different layers to develop and scale without affecting the other layers.

This means the transport layer segments can be readily packaged by IPv4 or IPv6 or by any new protocol that might be developed in the future. The IP header is examined by Layer 3 devices (i.e., routers and Layer 3 switches) as it travels across a network to its destination.

It is important to note, that the IP addressing information remains the same from the time the packet leaves the source host until it arrives at the destination host, except when translated by the device performing Network Address Translation (NAT) for IPv4.

A

Note: NAT is discussed in later modules. Routers implement routing protocols to route packets between networks.

The routing performed by these intermediary devices examines the network layer addressing in the packet header.

In all cases, the data portion of the packet, that is, the encapsulated transport layer PDU or other data, remains unchanged during the network layer processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Characteristics of IP :

IP was designed as a protocol with low overhead. It provides only the functions that are necessary to deliver a packet from a source to a destination over an interconnected system of networks.

The protocol was not designed to track and manage the flow of packets. These functions, if required, are performed by other protocols at other layers, primarily TCP at Layer 4.

These are the basic characteristics of IP:

– Connectionless

– Best Effort

– Media Independent

A

Connectionless :

There is no connection with the destination established before sending data packets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Characteristics of IP :

IP was designed as a protocol with low overhead. It provides only the functions that are necessary to deliver a packet from a source to a destination over an interconnected system of networks.

The protocol was not designed to track and manage the flow of packets. These functions, if required, are performed by other protocols at other layers, primarily TCP at Layer 4.

These are the basic characteristics of IP:

– Connectionless

– Best Effort

– Media Independent

A

Best Effort :

IP is inherently unreliable because packet delivery is not guaranteed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Characteristics of IP :

IP was designed as a protocol with low overhead. It provides only the functions that are necessary to deliver a packet from a source to a destination over an interconnected system of networks.

The protocol was not designed to track and manage the flow of packets. These functions, if required, are performed by other protocols at other layers, primarily TCP at Layer 4.

These are the basic characteristics of IP:

– Connectionless

– Best Effort

– Media Independent

A

Media Independent :

Operation is independent of the medium (i.e., copper, fiber-optic, or wireless) carrying the data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Connectionless IP is connectionless, meaning that no dedicated end-to-end connection is created by IP before data is sent.

Connectionless communication is conceptually similar to sending a letter to someone without notifying the recipient in advance.

The figure summarizes this key point.

Connectionless - Analogy

https://snipboard.io/lHoJku.jpg

A

Connectionless data communications work on the same principle.

As shown in the figure, IP requires no initial exchange of control information to establish an end-to-end connection before packets are forwarded.

Connectionless - Network :

https://snipboard.io/a08isI.jpg

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Best Effort IP also does not require additional fields in the header to maintain an established connection. This process greatly reduces the overhead of IP.

However, with no pre-established end-to-end connection, senders are unaware whether destination devices are present and functional when sending packets, nor are they aware if the destination receives the packet, or if the destination device is able to access and read the packet.

The IP protocol does not guarantee that all packets that are delivered are, in fact, received. The figure illustrates the unreliable or best-effort delivery characteristic of the IP protocol.

https://snipboard.io/Kk8w3U.jpg

A

The IP protocol does not guarantee that all packets that are delivered are, in fact, received.

The figure illustrates the unreliable or best-effort delivery characteristic of the IP protocol.

https://snipboard.io/Kk8w3U.jpg :

As an unreliable network layer protocol, IP does not guarantee that all sent packets will be received. Other protocols manage the process of tracking packets and ensuring their delivery.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Media Independent :

Unreliable means that IP does not have the capability to manage and recover from undelivered or corrupt packets. This is because while IP packets are sent with information about the location of delivery, they do not contain information that can be processed to inform the sender whether delivery was successful.

Packets may arrive at the destination corrupted, out of sequence, or not at all. IP provides no capability for packet retransmissions if errors occur. If out-of-order packets are delivered, or packets are missing, then applications using the data, or upper layer services, must resolve these issues.

This allows IP to function very efficiently. In the TCP/IP protocol suite, reliability is the role of the TCP protocol at the transport layer.

A

IP operates independently of the media that carry the data at lower layers of the protocol stack.

As shown in the figure, IP packets can be communicated as electronic signals over copper cable, as optical signals over fiber, or wirelessly as radio signals.

https://snipboard.io/hQrgVR.jpg

IP packets can travel over different media.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

IP operates independently of the media that carry the data at lower layers of the protocol stack.

As shown in the figure, IP packets can be communicated as electronic signals over copper cable, as optical signals over fiber, or wirelessly as radio signals.

https://snipboard.io/hQrgVR.jpg

IP packets can travel over different media.

A

The OSI data link layer 2 is responsible for taking an IP packet and preparing it for transmission over the communications medium.

This means that the delivery of IP packets is not limited to any particular medium. There is, however, one major characteristic of the media that the network layer considers: the maximum size of the PDU that each medium can transport.

This characteristic is referred to as the maximum transmission unit (MTU). Part of the control communication between the data link layer and the network layer is the establishment of a maximum size for the packet.

The data link layer passes the MTU value up to the network layer. The network layer then determines how large packets can be.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

The OSI data link layer 2 is responsible for taking an IP packet and preparing it for transmission over the communications medium.

This means that the delivery of IP packets is not limited to any particular medium. There is, however, one major characteristic of the media that the network layer considers: the maximum size of the PDU that each medium can transport.

This characteristic is referred to as the maximum transmission unit (MTU). Part of the control communication between the data link layer and the network layer is the establishment of a maximum size for the packet.

The data link layer passes the MTU value up to the network layer. The network layer then determines how large packets can be.

A

In some cases, an intermediate device, usually a router, must split up an IPv4 packet when forwarding it from one medium to another medium with a smaller MTU.

This process is called fragmenting the packet, or fragmentation. Fragmentation causes latency (delay).

IPv6 packets cannot be fragmented by the router.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

IPv4 Packet Header IPv4 is one of the primary network layer communication protocols.

The IPv4 packet header is used to ensure that this packet is delivered to its next stop on the way to its destination end device.

A

An IPv4 packet header consists of fields containing important information about the packet.

These fields contain binary numbers which are examined by the Layer 3 process.

27
Q

IPv4 Packet Header Fields The binary values of each field identify various settings of the IP packet.

Protocol header diagrams, which are read left to right, and top down, provide a visual to refer to when discussing protocol fields.

The IP protocol header diagram in the figure identifies the fields of an IPv4 packet. Fields in the IPv4 Packet Header

https://snipboard.io/VxGw0h.jpg https://snipboard.io/cIrOvQ.jpg

A

The two most commonly referenced fields are the source and destination IP addresses. These fields identify where the packet is coming from and where it is going.

Typically, these addresses do not change while travelling from the source to the destination. The Internet Header Length (IHL), Total Length, and Header Checksum fields are used to identify and validate the packet.

Other fields are used to reorder a fragmented packet. Specifically, the IPv4 packet uses Identification, Flags, and Fragment Offset fields to keep track of the fragments. A router may have to fragment an IPv4 packet when forwarding it from one medium to another with a smaller MTU.

28
Q

IP Addressing Basics Network and Host Portions An IPv4 address is a 32-bit hierarchical address that identifies a network and a host on the network.

When determining the network portion versus the host portion, you must look at the 32-bit stream, as shown in the figure.

IPv4 Address

https://snipboard.io/djeLpc.jpg

A

The bits within the network portion of the address must be identical for all devices that reside in the same network.

The bits within the host portion of the address must be unique to identify a specific host within a network.

If two hosts have the same bit-pattern in the specified network portion of the 32-bit stream, those two hosts will reside in the same network.

But how do hosts know which portion of the 32-bits identifies the network and which identifies the host? That is the role of the subnet mask.

29
Q

The Subnet Mask As shown in the figure, assigning an IPv4 address to a host requires the following:

– IPv4 address

– Subnet mask

A

IPv4 address :

This is the unique IPv4 address of the host.

Subnet mask :

This is used to identify the network/host portion of the IPv4 address.

https://snipboard.io/slXZCG.jpg

Note: A default gateway IPv4 address is required to reach remote networks and DNS server IPv4 addresses are required to translate domain names to IPv4 addresses.

30
Q

The IPv4 subnet mask is used to differentiate the network portion from the host portion of an IPv4 address. When an IPv4 address is assigned to a device, the subnet mask is used to determine the network address of the device.

The network address represents all the devices on the same network. The next figure displays the 32-bit subnet mask in dotted decimal and binary formats.

Subnet Mask

https://snipboard.io/On1rRF.jpg

Notice how the subnet mask is a consecutive sequence of 1 bits followed by a consecutive sequence of 0 bits.

To identify the network and host portions of an IPv4 address, the subnet mask is compared to the IPv4 address bit for bit, from left to right as shown in the figure.

A

Associating an IPv4 Address with its Subnet Mask

https://snipboard.io/ICdor6.jpg

Note that the subnet mask does not actually contain the network or host portion of an IPv4 address, it just tells the computer where to look for the part of the IPv4 address that is the network portion and which part is the host portion.

The actual process used to identify the network portion and host portion is called ANDing.

31
Q

The Prefix Length Expressing network addresses and host addresses with the dotted decimal subnet mask address can become cumbersome.

Fortunately, there is an alternative method of identifying a subnet mask, a method called the prefix length. The prefix length is the number of bits set to 1 in the subnet mask. It is written in “slash notation”, which is noted by a forward slash (/) followed by the number of bits set to 1.

Therefore, count the number of bits in the subnet mask and prepend it with a slash.

A

Refer to the table for examples.

The first column lists various subnet masks that can be used with a host address.

The second column displays the converted 32-bit binary address.

The last column displays the resulting prefix length.

https://snipboard.io/sGA3Xr.jpg

Note: A network address is also referred to as a prefix or network prefix. Therefore, the prefix length is the number of 1 bits in the subnet mask. When representing an IPv4 address using a prefix length, the IPv4 address is written followed by the prefix length with no spaces.

For example, 192.168.10.10 255.255.255.0 would be written as 192.168.10.10/24. Using various types of prefix lengths will be discussed later. For now, the focus will be on the /24 (i.e. 255.255.255.0) prefix

32
Q

Determining the Network: Logical AND :

A logical AND is one of three Boolean operations used in Boolean or digital logic.

The other two are OR and NOT. The AND operation is used in determining the network address.

A

Logical AND is the comparison of two bits that produce the results shown below.

Note how only a 1 AND 1 produces a 1. Any other combination results in a 0.

1 AND 1 = 1

0 AND 1 = 0

1 AND 0 = 0

0 AND 0 = 0

Note: In digital logic, 1 represents True and 0 represents False.

When using an AND operation, both input values must be True (1) for the result to be True (1). To identify the network address of an IPv4 host, the IPv4 address is logically ANDed, bit by bit, with the subnet mask.

ANDing between the address and the subnet mask yields the network address.

33
Q

To illustrate how AND is used to discover a network address, consider a host with IPv4 address 192.168.10.10 and subnet mask of 255.255.255.0, as shown in the figure:

IPv4 host address (192.168.10.10) - The IPv4 address of the host in dotted decimal and binary formats. Subnet mask (255.255.255.0) - The subnet mask of the host in dotted decimal and binary formats.

Network address (192.168.10.0) - The logical AND operation between the IPv4 address and subnet mask results in an IPv4 network address shown in dotted decimal and binary formats.

https://snipboard.io/LXiZTP.jpg

A

Using the first sequence of bits as an example, notice the AND operation is performed on the 1-bit of the host address with the 1-bit of the subnet mask.

This results in a 1 bit for the network address. 1 AND 1 = 1. The AND operation between an IPv4 host address and subnet mask results in the IPv4 network address for this host.

In this example, the AND operation between the host address of 192.168.10.10 and the subnet mask 255.255.255.0 (/24), results in the IPv4 network address of 192.168.10.0/24.

This is an important IPv4 operation, as it tells the host what network it belongs to.

34
Q

Subnetting Broadcast Domains : The 192.168.10.0/24 network can support 254 hosts.

Larger networks, such as 172.16.0.0/16, can support many more host addresses (over 65,000).

However, this can potentially create a larger broadcast domain.

A problem with a large broadcast domain is that these hosts can generate excessive broadcasts and negatively affect the network.

A

In the figure, LAN 1 connects 400 users that could each generate broadcast traffic.

That much broadcast traffic can slow down network operations.

It can also slow device operations because each device must accept and process each broadcast packet.

A Large Broadcast Domain : https://snipboard.io/yR9JDH.jpg

35
Q

In the figure, LAN 1 connects 400 users that could each generate broadcast traffic.

That much broadcast traffic can slow down network operations.

It can also slow device operations because each device must accept and process each broadcast packet.

A Large Broadcast Domain :

https://snipboard.io/yR9JDH.jpg

A

The solution is to reduce the size of the network to create smaller broadcast domains in a process called subnetting.

These smaller network spaces are called subnets. In the figure, for example, the 400 users in LAN 1 with network address 172.16.0.0 /16 have been divided into two subnets of 200 users each; 172.16.0.0 /24 and 172.16.1.0 /24.

Broadcasts are only propagated within the smaller broadcast domains.

Therefore, a broadcast in LAN 1 would not propagate to LAN 2. Notice how the prefix length has changed from a /16 to a /24. This is the basis of subnetting; using host bits to create additional subnets.

36
Q

Communicating Between Networks

https://snipboard.io/6PmHV1.jpg

Note: The terms subnet and network are often used interchangeably. Most networks are a subnet of some larger address block. Subnetting reduces overall network traffic and improves network performance.

It also enables an administrator to implement security policies that control which subnets are permitted to communicate with each other, for example.

There are various ways of using subnets to help manage network devices.

Network administrators can group devices and services into subnets that may be determined by a variety of factors.

– Location

– By Department

– Device type

A

Location :

https://snipboard.io/r1Qvsd.jpg

A cybersecurity analyst does not need to know how to subnet. However, it is important to know the meaning of the subnet mask and that hosts with addresses on different subnets come from different physical or virtual places in a network.

37
Q

Communicating Between Networks

https://snipboard.io/6PmHV1.jpg

Note: The terms subnet and network are often used interchangeably. Most networks are a subnet of some larger address block. Subnetting reduces overall network traffic and improves network performance.

It also enables an administrator to implement security policies that control which subnets are permitted to communicate with each other, for example.

There are various ways of using subnets to help manage network devices.

Network administrators can group devices and services into subnets that may be determined by a variety of factors.

– Location

– By Department

– Device type

A

By Department :

https://snipboard.io/W7Fpxq.jpg

A cybersecurity analyst does not need to know how to subnet. However, it is important to know the meaning of the subnet mask and that hosts with addresses on different subnets come from different physical or virtual places in a network.

38
Q

Communicating Between Networks

https://snipboard.io/6PmHV1.jpg

Note: The terms subnet and network are often used interchangeably. Most networks are a subnet of some larger address block. Subnetting reduces overall network traffic and improves network performance.

It also enables an administrator to implement security policies that control which subnets are permitted to communicate with each other, for example.

There are various ways of using subnets to help manage network devices.

Network administrators can group devices and services into subnets that may be determined by a variety of factors.

– Location

– By Department

– Device type

A

Device type :

https://snipboard.io/6lmEdv.jpg

A cybersecurity analyst does not need to know how to subnet. However, it is important to know the meaning of the subnet mask and that hosts with addresses on different subnets come from different physical or virtual places in a network.

39
Q

Types of IPv4 Addresses

IPv4 Address Classes and Default Subnet Masks

There are various types and classes of IPv4 addresses.

While address classes are becoming less important in networking, they are still used and referred to commonly in network documentation.

A

Address Classes In 1981, IPv4 addresses were assigned using classful addressing as defined in RFC 790.

Customers were allocated a network address based on one of three classes, A, B, or C.

The RFC divided the unicast ranges into specific classes:

– Class A

– Class B

– Class C

40
Q

Address Classes In 1981, IPv4 addresses were assigned using classful addressing as defined in RFC 790.

Customers were allocated a network address based on one of three classes, A, B, or C.

The RFC divided the unicast ranges into specific classes:

– Class A

– Class B

– Class C

A

Class A :

(0.0.0.0/8 to 127.0.0.0/8) –

Designed to support extremely large networks with more than 16 million host addresses.

It used a fixed /8 prefix with the first octet to indicate the network address and the remaining three octets for host addresses.

41
Q

Address Classes In 1981, IPv4 addresses were assigned using classful addressing as defined in RFC 790.

Customers were allocated a network address based on one of three classes, A, B, or C.

The RFC divided the unicast ranges into specific classes:

– Class A

– Class B

– Class C

A

Class B :

(128.0.0.0 /16 – 191.255.0.0 /16) –

Designed to support the needs of moderate to large size networks with up to approximately 65,000 host addresses.

It used a fixed /16 prefix with the two high-order octets to indicate the network address and the remaining two octets for host addresses.

42
Q

Address Classes In 1981, IPv4 addresses were assigned using classful addressing as defined in RFC 790.

Customers were allocated a network address based on one of three classes, A, B, or C.

The RFC divided the unicast ranges into specific classes:

– Class A

– Class B

– Class C

A

Class C :

(192.0.0.0 /24 – 223.255.255.0 /24) –

Designed to support small networks with a maximum of 254 hosts.

It used a fixed /24 prefix with the first three octets to indicate the network and the remaining octet for the host addresses.

Note: There is also a Class D multicast block consisting of 224.0.0.0 to 239.0.0.0 and a Class E experimental address block consisting of 240.0.0.0 – 255.0.0.0.

43
Q

As shown in the figure, the classful system allocated 50% of the available IPv4 addresses to 128 Class A networks, 25% of the addresses to Class B and then Class C shared the remaining 25% with Class D and E.

Although appropriate at the time, as the internet grew it was obvious that this method was wasting addresses and depleting the number of available IPv4 network addresses.

https://snipboard.io/M9BJFs.jpg

A

Classful addressing was abandoned in the late 1990s for the newer and current classless addressing system.

However, as we will see later, classless addressing was only a temporary solution to the depletion of IPv4 addresses.

44
Q

Reserved Private Addresses Public IPv4 addresses are addresses which are globally routed between ISP routers.

However, not all available IPv4 addresses can be used on the internet. There are blocks of addresses called private addresses that are used by most organizations to assign IPv4 addresses to internal hosts.

In the mid-1990s, private IPv4 addresses were introduced because of the depletion of IPv4 address space. Private IPv4 addresses are not unique and can be used by any internal network.

A

These are the private address blocks:

  1. 0.0.0 /8 or 10.0.0.0 to 10.255.255.255
  2. 16.0.0 /12 or 172.16.0.0 to 172.31.255.255
  3. 168.0.0 /16 or 192.168.0.0 to 192.168.255.255

It is important to know that addresses within these address blocks are not allowed on the internet and must be filtered (discarded) by internet routers.

For example, as shown in the figure, users in networks 1, 2, or 3 are sending packets to remote destinations. The ISP routers would see that the source IPv4 addresses in the packets are from private addresses and would, therefore, discard the packets.

Private Addresses Cannot be Routed over the Internet

https://snipboard.io/PxIvtd.jpg

45
Q

These are the private address blocks:

  1. 0.0.0 /8 or 10.0.0.0 to 10.255.255.255
  2. 16.0.0 /12 or 172.16.0.0 to 172.31.255.255
  3. 168.0.0 /16 or 192.168.0.0 to 192.168.255.255

It is important to know that addresses within these address blocks are not allowed on the internet and must be filtered (discarded) by internet routers.

For example, as shown in the figure, users in networks 1, 2, or 3 are sending packets to remote destinations.

The ISP routers would see that the source IPv4 addresses in the packets are from private addresses and would, therefore, discard the packets.

Private Addresses Cannot be Routed over the Internet

https://snipboard.io/PxIvtd.jpg

A

Most organizations use private IPv4 addresses for their internal hosts. However, these RFC 1918 addresses are not routable on the internet and must be translated to a public IPv4 addresses.

Network Address Translation (NAT) is used to translate between private IPv4 and public IPv4 addresses. This is usually done on the router that connects the internal network to the ISP’s network.

Home routers provide the same capability. For instance, most home routers assign IPv4 addresses to their wired and wireless hosts from the private address of 192.168.1.0 /24.

The home router interface that connects to the Internet service provider (ISP) network is often assigned a public IPv4 address to use on the internet.

46
Q

The Default Gateway Host Forwarding Decision With both IPv4 and IPv6, packets are always created at the source host.

The source host must be able to direct the packet to the destination host.

To do this, host end devices create their own routing table. This topic discusses how end devices use routing tables.

A

Another role of the network layer is to direct packets between hosts. A host can send a packet to the following: :

– Itself

– Local host

– Remote host

47
Q

Another role of the network layer is to direct packets between hosts. A host can send a packet to the following: :

– Itself

– Local host

– Remote host

A

Itself :

A host can ping itself by sending a packet to a special IPv4 address of 127.0.0.1 or an IPv6 address ::/1, which is referred to as the loopback interface.

Pinging the loopback interface tests the TCP/IP protocol stack on the host.

48
Q

Another role of the network layer is to direct packets between hosts. A host can send a packet to the following: :

– Itself

– Local host

– Remote host

A

Local host :

This is a destination host that is on the same local network as the sending host.

The source and destination hosts share the same network address.

49
Q

Another role of the network layer is to direct packets between hosts. A host can send a packet to the following: :

– Itself

– Local host

– Remote host

A

Remote host :

This is a destination host on a remote network. The source and destination hosts do not share the same network address. The figure illustrates PC1 connecting to a local host on the same network, and to a remote host located on another network.

https://snipboard.io/MhjCEB.jpg

Whether a packet is destined for a local host or a remote host is determined by the source end device. The source end device determines whether the destination IP address is on the same network that the source device itself is on. The method of determination varies by IP version:

50
Q

Remote host :

This is a destination host on a remote network. The source and destination hosts do not share the same network address.

The figure illustrates PC1 connecting to a local host on the same network, and to a remote host located on another network.

https://snipboard.io/MhjCEB.jpg

A

Whether a packet is destined for a local host or a remote host is determined by the source end device.

The source end device determines whether the destination IP address is on the same network that the source device itself is on.

The method of determination varies by IP version:

In IPv4 - The source device uses its own subnet mask along with its own IPv4 address and the destination IPv4 address to make this determination.

In IPv6 - The local router advertises the local network address (prefix) to all devices on the network.

51
Q

Whether a packet is destined for a local host or a remote host is determined by the source end device.

The source end device determines whether the destination IP address is on the same network that the source device itself is on.

The method of determination varies by IP version:

In IPv4 - The source device uses its own subnet mask along with its own IPv4 address and the destination IPv4 address to make this determination.

In IPv6 - The local router advertises the local network address (prefix) to all devices on the network.

A

In a home or business network, you may have several wired and wireless devices interconnected together using an intermediary device, such as a LAN switch or a wireless access point (WAP).

This intermediary device provides interconnections between local hosts on the local network. Local hosts can reach each other and share information without the need for any additional devices.

If a host is sending a packet to a device that is configured with the same IP network as the host device, the packet is simply forwarded out of the host interface, through the intermediary device, and to the destination device directly.

52
Q

In a home or business network, you may have several wired and wireless devices interconnected together using an intermediary device, such as a LAN switch or a wireless access point (WAP).

This intermediary device provides interconnections between local hosts on the local network. Local hosts can reach each other and share information without the need for any additional devices.

If a host is sending a packet to a device that is configured with the same IP network as the host device, the packet is simply forwarded out of the host interface, through the intermediary device, and to the destination device directly.

A

Of course, in most situations we want our devices to be able to connect beyond the local network segment, such as out to other homes, businesses, and the internet.

Devices that are beyond the local network segment are known as remote hosts. When a source device sends a packet to a remote destination device, then the help of routers and routing is needed.

Routing is the process of identifying the best path to a destination. The router connected to the local network segment is referred to as the default gateway.

53
Q

Default Gateway The default gateway is the network device (i.e., router or Layer 3 switch) that can route traffic to other networks.

If you use the analogy that a network is like a room, then the default gateway is like a doorway.

If you want to get to another room or network you need to find the doorway.

A

On a network, a default gateway is usually a router with these features:

It has a local IP address in the same address range as other hosts on the local network.

It can accept data into the local network and forward data out of the local network.

It routes traffic to other networks.

A default gateway is required to send traffic outside of the local network. Traffic cannot be forwarded outside the local network if there is no default gateway, the default gateway address is not configured, or the default gateway is down.

54
Q

A Host Routes to the Default Gateway A host routing table will typically include a default gateway.

In IPv4, the host receives the IPv4 address of the default gateway either dynamically from Dynamic Host Configuration Protocol (DHCP) or configured manually.

In IPv6, the router advertises the default gateway address or the host can be configured manually.

A

In the figure, PC1 and PC2 are configured with the IPv4 address of 192.168.10.1 as the default gateway.

https://snipboard.io/SYF9kP.jpg

Having a default gateway configured creates a default route in the routing table of the PC.

A default route is the route or pathway your computer will take when it tries to contact a remote network.

Both PC1 and PC2 will have a default route to send all traffic destined to remote networks to R1.

55
Q

Host Routing Tables On a Windows host, the route print or netstat -r command can be used to display the host routing table.

Both commands generate the same output.

The output may seem overwhelming at first, but is fairly simple to understand.

A

The figure displays a sample topology and the output generated by the netstat –r command.

https://snipboard.io/c7ogCw.jpg

IPv4 Routing Table for PC1

https://snipboard.io/ZTlibK.jpg

Note: The output only displays the IPv4 route table.

56
Q

Entering the netstat -r command or the equivalent route print command displays three sections related to the current TCP/IP network connections:

A

Interface List - Lists the Media Access Control (MAC) address and assigned interface number of every network-capable interface on the host, including Ethernet, Wi-Fi, and Bluetooth adapters.

IPv4 Route Table -

Lists all known IPv4 routes:

  • including direct connections,
  • local network, and local default routes.

IPv6 Route Table -

Lists all known IPv6 routes,

including direct connections,

local network, and

local default routes.

57
Q

IPv6 Need for IPv6

You already know that IPv4 is running out of addresses.

That is why you need to learn about IPv6.

IPv6 is designed to be the successor to IPv4.

IPv6 has a larger 128-bit address space, providing 340 undecillion (i.e., 340 followed by 36 zeroes) possible addresses.

However, IPv6 is more than just larger addresses.

A

When the IETF began its development of a successor to IPv4, it used this opportunity to fix the limitations of IPv4 and include enhancements.

One example is Internet Control Message Protocol version 6 (ICMPv6), which includes address resolution and address autoconfiguration not found in ICMP for IPv4 (ICMPv4).

The depletion of IPv4 address space has been the motivating factor for moving to IPv6.

As Africa, Asia and other areas of the world become more connected to the internet, there are not enough IPv4 addresses to accommodate this growth.

As shown in the figure, four out of the five RIRs have run out of IPv4 addresses. RIR IPv4 Exhaustion Dates

https://snipboard.io/bwdIyR.jpg

58
Q

When the IETF began its development of a successor to IPv4, it used this opportunity to fix the limitations of IPv4 and include enhancements.

One example is Internet Control Message Protocol version 6 (ICMPv6), which includes address resolution and address autoconfiguration not found in ICMP for IPv4 (ICMPv4).

The depletion of IPv4 address space has been the motivating factor for moving to IPv6.

As Africa, Asia and other areas of the world become more connected to the internet, there are not enough IPv4 addresses to accommodate this growth.

As shown in the figure, four out of the five RIRs have run out of IPv4 addresses. RIR IPv4 Exhaustion Dates

https://snipboard.io/bwdIyR.jpg

A

IPv4 has a theoretical maximum of 4.3 billion addresses. Private addresses in combination with Network Address Translation (NAT) have been instrumental in slowing the depletion of IPv4 address space.

However, NAT is problematic for many applications, creates latency, and has limitations that severely impede peer-to-peer communications. With the ever-increasing number of mobile devices, mobile providers have been leading the way with the transition to IPv6.

The top two mobile providers in the United States report that over 90% of their traffic is over IPv6. Most top ISPs and content providers such as YouTube, Facebook, and NetFlix, have also made the transition.

Many companies like Microsoft, Facebook, and LinkedIn are transitioning to IPv6-only internally. In 2018, broadband ISP Comcast reported a deployment of over 65% and British Sky Broadcasting over 86%.

59
Q

Internet of Things The internet of today is significantly different than the internet of past decades.

The internet of today is more than email, web pages, and file transfers between computers. The evolving internet is becoming an Internet of Things (IoT).

No longer will the only devices accessing the internet be computers, tablets, and smartphones. The sensor-equipped, internet-ready devices of tomorrow will include everything from automobiles and biomedical devices, to household appliances and natural ecosystems.

With an increasing internet population, a limited IPv4 address space, issues with NAT and the IoT, the time has come to begin the transition to IPv6.

A

Internet of Things The internet of today is significantly different than the internet of past decades.

The internet of today is more than email, web pages, and file transfers between computers. The evolving internet is becoming an Internet of Things (IoT).

No longer will the only devices accessing the internet be computers, tablets, and smartphones. The sensor-equipped, internet-ready devices of tomorrow will include everything from automobiles and biomedical devices, to household appliances and natural ecosystems.

With an increasing internet population, a limited IPv4 address space, issues with NAT and the IoT, the time has come to begin the transition to IPv6.

60
Q

IPv6 Addressing Formats :

The first step to learning about IPv6 in networks is to understand the way an IPv6 address is written and formatted.

IPv6 addresses are much larger than IPv4 addresses, which is why we are unlikely to run out of them.

A

IPv6 addresses are 128 bits in length and written as a string of hexadecimal values.

Every four bits is represented by a single hexadecimal digit; for a total of 32 hexadecimal values, as shown in the figure.

IPv6 addresses are not case-sensitive and can be written in either lowercase or uppercase. 16-bit Segments or Hextets

https://snipboard.io/R8x9Vu.jpg

61
Q

Preferred Format

The previous figure also shows that the preferred format for writing an IPv6 address is x:x:x:x:x:x:x:x, with each “x” consisting of four hexadecimal values.

The term octet refers to the eight bits of an IPv4 address. In IPv6, a hextet is the unofficial term used to refer to a segment of 16 bits, or four hexadecimal values.

Each “x” is a single hextet which is 16 bits or four hexadecimal digits.

A

Preferred format means that you write IPv6 address using all 32 hexadecimal digits.

It does not necessarily mean that it is the ideal method for representing the IPv6 address.

In this module, you will see two rules that help to reduce the number of digits needed to represent an IPv6 address.

These are examples of IPv6 addresses in the preferred format.

https://snipboard.io/KmzS3d.jpg

62
Q

Rule 1 – Omit Leading Zeros :

The first rule to help reduce the notation of IPv6 addresses is to omit any leading 0s (zeros) in any hextet.

Here are four examples of ways to omit leading zeros:

01ab can be represented as 1ab

09f0 can be represented as 9f0

0a00 can be represented as a00

00ab can be represented as ab

A

This rule only applies to leading 0s, NOT to trailing 0s, otherwise the address would be ambiguous.

For example, the hextet “abc” could be either “0abc” or “abc0”, but these do not represent the same value.

63
Q

Rule 2- Double Colon :

The second rule to help reduce the notation of IPv6 addresses is that a double colon (::) can replace any single, contiguous string of one or more 16-bit hextets consisting of all zeros.

For example, 2001:db8:cafe:1:0:0:0:1 (leading 0s omitted) could be represented as 2001:db8:cafe:1::1.

The double colon (::) is used in place of the three all-0 hextets (0:0:0).

A

The double colon (::) can only be used once within an address, otherwise there would be more than one possible resulting address.

When used with the omitting leading 0s technique, the notation of IPv6 address can often be greatly reduced. This is commonly known as the compressed format.

Here is an example of the incorrect use of the double colon: 2001:db8::abcd::1234.

The double colon is used twice in the example above.

Here are the possible expansions of this incorrect compressed format address: 2001:db8::abcd:0000:0000:1234 2001:db8::abcd:0000:0000:0000:1234 2001:db8:0000:abcd::1234

2001:db8:0000:0000:abcd::1234

If an address has more than one contiguous string of all-0 hextets, best practice is to use the double colon (::) on the longest string.

If the strings are equal, the first string should use the double colon (::).

64
Q

IPv6 Prefix Length

The prefix, or network portion, of an IPv4 address can be identified by a dotted-decimal subnet mask or prefix length (slash notation).

For example, an IPv4 address of 192.168.1.10 with dotted-decimal subnet mask 255.255.255.0 is equivalent to 192.168.1.10/24.

In IPv4 the /24 is called the prefix. In IPv6 it is called the prefix length. IPv6 does not use the dotted-decimal subnet mask notation.

Like IPv4, the prefix length is represented in slash notation and is used to indicate the network portion of an IPv6 address.

A

The prefix length can range from 0 to 128. The recommended IPv6 prefix length for LANs and most other types of networks is /64, as shown in the figure.

IPv6 Prefix Length https://snipboard.io/t7xwYl.jpg The prefix or network portion of the address is 64 bits in length, leaving another 64 bits for the interface ID (host portion) of the address.

It is strongly recommended to use a 64-bit Interface ID for most networks.

This is because stateless address autoconfiguration (SLAAC) uses 64 bits for the Interface ID. It also makes subnetting easier to create and manage.

MODULE 6 - Ethernet and IP Protocol CERTIFICATION CYBER OPS ASSOCIATE (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions