Networking

Question 1

What are the seven layers of OSI-7 model?

Answer 1

1. Application
2. Presentation
3. Session
4. Transport
5. Network
6. Data link
7. Physical

Question 2

How physical layer works?

Answer 2

It broadcast signal over the medium (wifi - radio, cable - electrical, fiber - light) as fourier transformations.

All the physical properties are defined by standards - transmitting and receiving, voltage, timings, rates distances, modultation, connector

Transmits RAW bit streams.

Vulnerable to collisions - when multiple devices send data at the same time signal gets distorted and unreadable

Question 3

What is networking HUB?

Answer 3

Networking hub is a physical layer device that repeats signal over multiple cable connections.

Networking hub does not check for errors or collisions, it only repeats the signal.

Networking hub performance is degrading when more devices are added to network, because it works as broadcast device and easily can create collisions between devices.

Question 4

How data link layer works?

Answer 4

It is one layer on top of the physical layer.

DL introduces MAC address and splits data sent over the local network in FRAMES.

DL works between 2 or more devices in the same network and sends data using MAC addresses (from device and to device)

DL is responsible for collisions and error correction.

On each hop Frame is removed and new frame is created - changing from MAC address and to MAC address.

DL allows sending frames using unicast and broadcast (dest mac address is FF FF..)

Question 5

What is MAC Address?

Answer 5

MAC address stands for “Media Access Control address”.

All physical devices has MAC address.

MAC address consists is 48 bits long and 24 first bits are manufacturer id and last 24 bits are device id.

Question 6

What Frame packet consists of?

Answer 6

Frame is DL packet.

PREAMBLE - identify start of frame
dest MAC - destination mac address (all F’s for broadcast)
source MAC - network device address (network card)
EtherType - IPv4, IPv6, ARP
Payload - 46b to 1500b
Checksum - 32bits

Question 7

What is Unicast?

Answer 7

Unicast is a one-to-one transmission from one point in the network to another point

Question 8

What is Broadcast?

Answer 8

Broadcasting is a method of transferring a message to all recipients simultaneously

Question 9

What is PREAMBLE in frame packet?

Answer 9

56 bits (alternating 010101) beginning of a frame to allow devices to synchronize when a frame packets starts.

Question 10

What is networking Switch?

Answer 10

Networking switch is a devices that works in DL.

It receives frames consisting with mac addresses and retransmits only to dedicated hosts.

When mac address not in the switch table then it broadcasts.

Switch check frames checksum and retransmits only valid packets.

Question 11

What is multicast?

Answer 11

Multicast is communication between a single sender and multiple receivers on a network.

Question 12

How network layer works?

Answer 12

NL is on top of the DL. And each frame of DL contains Ethernet Frame.

Media layer works across multiple networks and sends data from one ip address to another ip address.

NL can send multiple types of packets - IPv4, IPv6, ICMP (ping)

Question 13

What Ethernet Frame consists of?

Answer 13

Source ip address
Destination Ip address
Protocol - ICMP (Ping), TCP, UDP
TTL - how many hops it can jump before expire
Data - array of bytes

Ethernet frame is surrounded by data link frame containing mac addreses.

Question 14

How do you map IP addresses to MAC addresses?

Answer 14

Address Resolution Protocol (ARP) - Finds mac address for the IP

• Broadcasts request for mac address with an ip address
• Creates data link frame packet that contains ip packet using

1. Compares subnet mask and destination ip and checks if in current network
   2 Sends request for mac address which maps to ip addresses in the network
2. Waits till mac addresses are received
3. Chooses most narrow ip address (if no address maps, takes the widest address which is gateway for the internet)
4. Encapsulates ethernet frame inside the data link frame using mac addresses and sends packets.
5. Repeats the process on each hop

Question 15

What is DHCP?

Answer 15

Dynamic Host Configuration Protocol - automatically assigns ip to a host

Question 16

What is a router?

Answer 16

Connections multiple networks and devices together.

Has internal ip - mac address table consisting of all routes.

Reroutes incoming packets to some destination.

Question 17

How ip addresses work?

Answer 17

Ip addresses consists of two parts - network part and host part.

Devices with the same network part are located in the same network.

Network part is indicated by network mask or CIDR.

Subnet mask format is 255.255.255.0 and CIDR would /24.

Subnet masks are used to create trees of networks where one network can contain multiple other networks.

While device id is used to uniquely identify device in a network.

Question 18

What is a subnet mask?

Answer 18

Subnet mask indicate where the network part ends and device part starts.

Question 19

How TCP protocol handshake works?

Answer 19

1. Client sends sync packet
2. Server replies with sync-ack packet
3. Client sends ack packet - can include first payload
4. Communication is established

When syncing client and servers send sequence numbers that always incremented and sent back in ack packets.

https://afteracademy.com/images/what-is-a-tcp-3-way-handshake-process-three-way-handshaking-establishing-connection-6a724e77ba96e241.jpg

Question 20

How UDP protocol handshake works?

Question 21

How packet loss is addressed in TCP?

Answer 21

TCP protocol sends acknowledgment of data it has received. When an ack is not received or ack received in RTT time then packet is sent again.

Question 22

How packet loss is addressed in UDP?

Answer 22

It is not addressed in UDP protocol. Packets are lost in the void.

Question 23

What is ephemeral ports?

Answer 23

Ephemeral ports are pool of ports that are used when client opens TCP/UDP connection.

These ports are used to have bidirectional connection. On the used port client will receive data from the server.

Question 24

What TCP packet consists of?

Answer 24

• TCP Segment Header
  
  • Source Port
  • Dest Port
  • Sequence - init random + total length sent + 1
  • Acknowledgment - last received packet sequence number + 1
  • Flags - close connection, sync connection, reserved space, data offset, finish connection, etc.
  • Window - number of bytes willing to receive between acknowledgements (flow control)
  • Checksum
  • Urgent Pointer - priorty sending data

Question 25

What UDP packet consists of?

Answer 25

UDP Segment HEader
- Source port
- Dest port
- Length
- Data

Does not have any retransmission mechanics and reliable way of checking if packet was received.

Question 26

What is the network part and device part of 123.111.213.02/18?

Answer 26

• network part is 123.11.192.0 (123.111.213.02 & 255.255.192.0)
• device part 0.0.21.02 (123.11.192.0 123.111.213.02 & ~255.255.192.0)

Question 27

What is multiplexing?

Answer 27

Multiplexing, or muxing, is a way of sending multiple signals or streams of information over a communications link at the same time in the form of a single, complex signal.

Question 28

How transport layer works?

Answer 28

Two protocols available on transport layer is UDP and TCP?

UDP - User Datagram Protocol
TCP - Transmission Control Protocol

Introduces concept of sessions - uses ports to have multiple sessions between devices.

TL is bidirectional, both parties keep state of connection.

TL is wrapped inside network layer and then inside data link layer frames.

Question 29

How TCP windowing works?

Answer 29

A bunch of packets are sent and are in transit. Sender keeps a table with all ack checks for each of the packet.

Receiver for each packet sends an ack message with sequence id + 1 value to indicate that packet has been received.

When ack is not received in RTT then packet is retransmitted and windows size is reduced.

Question 30

How TCP windowing works?

Answer 30

A bunch of packets are sent and are in transit. Sender keeps a table with all ack checks for each of the packet.

Receiver for each packet sends an ack message with sequence id + 1 value to indicate that packet has been received.

Once sender receives ack packet it marks it as sent a sends a new packet.

window size 1 means there is 1 packet in transit.

Question 31

What is congestion control in TCP?

Answer 31

Tries to find appropriate window size for connection,

Slow starts is a strategy setting windows size starting from window size 1 and doubling up until missing an ack.

After slow start (doubling up) threshold strategy is changed to congestion avoidance strategy.

Congestion avoidance strategy - increases window size by 1.

Congestion detection - when ack not received in RTT time then window size reduced by 1/2.

Question 32

What is default gateway?

Answer 32

Default gateway is 0.0.0.0/0 address which forwards all traffic when receiver is not in the current network.

The CIDR /0 indicates that it is the loosest subnet therefore always will be chosen as last one.

Question 33

What are ip address spaces?

Answer 33

• A - 0.0.0.0 to 127.255.255.255 with /8 (starts with 0)
• B - 128.0.0.0 to 191.255.255.255 with /16 (starts with 10)
• C - 192.0.0.0 to 223.255.255.255 with /24 (starts with 110)
• Free to use ranges (RFC1918) - only used privately
  
  • 10.0.0.0 - 10.255.255.255 with /8 (1x A class network)
  • 172.16.0.0 - 172.31.255.255 with /12 (B class networks)
  • 192.168.0.0 - 192.168.255.255 with /16 (C class networks)

Question 34

What is DDOS and what are its categories?

Answer 34

• Generates traffic that competes with legitimate traffic and overloads hardware
• Botnets - uses compromised machines
• Distributed - comes from many different ip addresses
• Categories
  
  • Application layer - http flooding, makes a specific request to a http route that is heavy by the server to compute
  • Protocol attack - sync flood, opens TCP connection with changed destination address therefore uses network resources on the end device
  • Volumetric/Amplification - Uses DNS servers to target the service by spoofing (changing) the source address and the response is sent to the service and congesting the network

Question 35

What is stateless firewall?

Answer 35

Stateless firewall is also known as Access Control List - ACL.

It contains predefined rules for incoming and outgoing traffic - ip addresses, ports, protocols

Question 36

What is stateful firewall?

Answer 36

Stateful firewall is also known as Security Group.

When sender makes a request, firewall analyses traffic inbound traffic. Aka checks TCP/UDP packets and saves ip address, port and protocol for incoming traffic.

Question 37

What is NAT gateway and its types?

Answer 37

Network Address Translation also known as NAT.

NAT creates mappings between private network to a public network. Where private ip and/or port is mapped to public ip and public port.

Types:
1. Static NAT - Predefined mappings between two networks where each private ip is mapped to public ip. Static NAT allows initialize connection from both sides.

2. Dynamic NAT - Dynamically maps private ip to a public ips .
3. Static PAT - Predefined mappings of ip addresses and PORTS between to networks.
4. PAT - Dynamically maps ip addresses and PORTS between to networks.