networking Flashcards
What is TCP?
The Transmission Contro Protocol is a
- Communication standard
- Enables application programs to exchange messages
over a network (orders the messages correctly)
- Designed to ensure succesful delivery of data
- Connection oriented
- Client-server connection must be established
- 3-way handshake
How is a connection established for TCP?
client ————————–> server
1. SYN ———->
2. <——- SYN ACK
3. —-> ACK received
What is UDP?
User Datagram Protocol is a communication standard
- Connectionless communication
- Prior communications are not required in order to set
up communication channels or data paths
- Provides Checksums for data integrity and
- Port numbers for addressing diferent functions at the source and destination of the datagram
- No handshaking
- exposes user to unreliability of the underlying network
- No guarantee of delivery
- Suitable for purposes where error checking and correction are not necessary or are performed in the application
What is The OSI Model?
The Open Systems Interconnection model is a
- Conceptual Model
- Describes universal standard of communication
functions of a telecommunications system
- Disregards the system’s underlying technology
In this model, the communications between a computing system are split into seven different abstraction layers:
- Application
- Presentation
- Session Layer
- Transport Layer
- Network layer
- Data link layer
- Physical layer
Each intermediate layer serves a class of functionality to the layer above it and is served by the layer below it.
What is HTTP?
- Hypertext Transfer protocol
- application layer protocol for transmitting hypermedia
documents - stateless protocol
- follows the client-server model
Why HTTP is said to be stateless and how can we store state if HTTP is stateless?
HTTP is stateless meaning that the server does not keep data among different requests.
Using HTTP cookies will allow the use of stateful sessions, these cookies are sent through HTTP headers to share the same context or state
What does it mean when a proxy is transparent or non-transparent?
- When a proxy is transparent, it means that the proxy forward requests without altering them
- Proxies are non-transparent when they will change the request in some way before passing it.
What is a proxy and what functions they accomplish?
Proxies are computers between the client and the server which relay the HTTP messages
The are used for perform different functions:
- caching
- filtering (like an antivirus scan or parental controls)
- load balancing (allowing multiple servers to serve different requests)
- authentication
- logging (allowing the storage of historical information)
Why HTTP is said to be extensible?
Since new functionality can be introduced by a simple agreement between a client and a server about new header semantics
What is multiplexing in HTTP?
Multiplexing is a functionality of HTTP/2 which allows us to send multiple requests without waiting for a response. By multiplexing messages over a single connection, helping keep the connection warm and more effiecient
Representational state transfer (or RES)
In 2000, a new pattern for using HTTP was designed: representational state transfer (or REST). The API wasn’t based on the new HTTP methods, but instead relied on access to specific URIs with basic HTTP/1.1 methods. This allowed any web application to let an API retrieve and modify its data without having to update the browsers or the servers.
How HTTP/2 protocols differs from HTTP/1.1
- It’s a binary protocol rather than text protocol. It can’t be read and created manually. Despite this hurdle, it allows for the implementation of improved optimization techniques
- It’s a multiplexed protocol. Parallel requests can be made over the same connection, removing the constraints of the HTTP/1.x protocol
- It compresses headers. As these are often similar among a set of requests, this removes the duplication and overhead of data transmitted
- It allows a server to populate data in a client cache through a mechanism called the server push
What is an HTTP message and what type of HTTP messages exist?
HTTP messages are how data is exchanged between a server and a client. There are two types of HTTP messages, Requests and Responses.
What is a HTTP request?
HTTP requests are messages sent by the client to initiate an action on the server.
What is the name of the target of a HTTP requests?
Resource.
It can be a document, a photo, or anything else. Each resource is identified by a Uniform Resource Identifier (URI) used throughout HTTP for identifying resources.
What is a MIME type (IANA media types)
A media type (also known as a Multipurpose Internet Mail Extension) indicates the nature and format of a file. It serves the same purpose as a file extension. It’s important that web servers send the correct MIME type in the response’s Content-Type header to prevent misinterpretation of the contents of files.
What is CORS?
Cross Origin Resource Sharing is a HTTP header based mechanism that allows a server to indicate any origins (domain, scheme or port) other than its own from which a browser should permit loading resource
What is a HTTP Header?
HTTP headers let the client and the server pass additional information with an HTTP request or response.
What is same-origin policy
The same-origin policy is a security mechanism that restricts how a document or script is loaded by one origin
What is a CORS preflight?
A CORS preflight request is a CORS request that checks to see if the CORS protocol is understood and a server is aware using specific methods and headers
It is an OPTIONS request, using three HTTP request headers: Access-Control-Request-Method, Access-Control-Request-Headers, and the Origin header.
A preflight request is automatically issued by a browser and in normal cases, front-end developers don’t need to craft such requests themselves. It appears when request is qualified as “to be preflighted” and omitted for simple requests.
HTTP reponse status codes?
100 - 199 ?
200 - 299?
300 - 399?
400 - 499?
500 - 599?
HTTP response status codes indicate whether a specific HTTP request has been successfully completed. Responses are grouped in five classes:
Informational responses (100–199)
Successful responses (200–299)
Redirection messages (300–399)
Client error responses (400–499)
Server error responses (500–599)
What does the HTTP GET method do?
The GET method requests a representation of the specified resource. Request using GET should only retrieve data.
What does the HTTP HEAD method do?
The HEAD method ask for a response idential to a GET request, without the response body.
For example, if a URL might produce a large download, a HEAD request could read its Content-Length header to check the filesize without actually downloading the file
What does the HTTP POST method do?
The POST method submits an entity to the specified resource, often causing a change in state or side effects on the server.
What does the HTTP PUT method do?
The PUT method replaces all current representations of the target resource with the request payload
What does the HTTP DELETE method do?
The DELETE method deletes the specified resource
What does the HTTP CONNECT method do?
The CONNECT method establishes a tunnel to the server identified by the target resource
What does the HTTP OPTIONS method do?
The OPTIONS method describes the communication options for the target resource
What does the HTTP TRACE method do?
The TRACE method performs a message loop-back test along the path to the target resource
What does the HTTP PATCH method do?
The PATCH method applies partial modifications to a resource
What is a REST API?
- What are the constraints for an API to be REST?
A Web API (or Web Service) conforming to the REST architectural style is a REST API.
constraints:
- client-server architecture
- stateless
- cacheable
- Uniform interface
- Layered system
- Code on demand (optional)
REST makes sure that HTTP methods are used the way they are supposed to. For example, using GET to retrieve information and DELETE to destroy information.
What does it mean when a HTTP method is idempotent?
Why PUT is idem optent and POST is not?
PUT requests are idempotent, meaning that executing the same PUT request will allways produce the same result. On the other hand a POST will produce different outcomes. If you execute a POST request multiple times, you’ll create a new resource multiple tiems despite them having the same data being passed in
What if I just want to update part of my resource? Can I still use PUT?
If you just want to update part of your resource, you still need to send in data for the entire resource when you make a PUT request. The better-suited option here would be PATCH.
The key differences are that PUT will create a new resource if it cannot find the specified resource. And with PUT you need to pass in data to update the entire resource, even if you only want to modify one field.
With PATCH, you can update part of a resource by simply passing in the data of the field to be updated.
What is TLS?
- Transport Layer Security
- Security protocol
- Facilitate privacy and data security for communic.
- Primary use case
- Encrypting the communication using public key
encryption.
- Security protocol
After the tcp connection has been established:
ClientHello —————————————> ServerHello Certificate
ServerHelloDone
ClientKeyExchange
ChangeCipherSpec <————————-
Finished
——————————————> ChangeCipherSpec Finished
What is the TLS Handshake?
Method by which the TLS connection is initiated. It includes the following steps:
- Specify which version of TLS (1.0, 1.2, 1.3, etc) they will use
- Decide on which cipher suites they will use
- Authenticate the identity of the server using the server’s TLS certificate
- Generate session keys for encrypting messages between them after the handshake is complete
Extra:
Once the data is encrypted and authenticated, it is then signed with a message authentication code (MAC). The recipient can then verify the MAC to ensure the integrity of data. This is kind of like the temper-proof foil found on a bottle of aspirin; the consumer knows no one has tampered with their medicine because the foil is intact when they purchase it.
What is the difference between TLS and HTTPS?
HTTPS is an implementation of TLS encryption on top of the HTTP protocol. Any website that uses HTTPS is therefore employing TLS encryption.
What are the three main components of what the TLS protocol accomplishes:
- Encryption: hides the data being transferred from third parties
- Authentication: ensures that the parties exchanging information are who they claim to be
- Integrity: Verifies the data has not been forged or tampered with.
What is a cookie?
Pieces of data to store specific information related to a specific client. Allows having stateful information for the stateless HTTP protocol
They are typically used to:
- Session management
- Logins, shopping carts, game scores, or anything else
the server should remember
- Personalization
- User preferences, themes and other settings
- Tracking
- Recording and analyzing user behavior
What types of cookies exist?
- Session Cookie: doesn’t have a expire date, when the session ends your browser will delete the cookie
- Permanent Cookie: maximum expiration date
- Httponly cookie: cookies can only be set from the server, the browser cannot read them
- Secure cookie:
- Third party cookie:
- zombie cookie:
Cross-site scripting (XSS)
When an attack occurs due to injection of third party JavaScript into a page.
What is a WebSocket?
WebSocket technology is a bidirectional, full-duplex protocol for communication between client and server over the web. It provides a way to exchange data between browser and server via a persistent connection
This protocol enables realtime applications such as chatting, notifications, live feed, multiplayer gaming and other use cases
Full-duplex
Full duplex means that both parties can communicate with each other simultaneously.
