Networking Flashcards
HTTP
Hypertext Transfer Protocol
Port 80
TCP
Application Layer
HTTPS
Hypertext Transfer Protocol Secure
Port 443
TCP
Application Layer
DNS
Domain Name System
Translate domain names to IP addresses
Port 53
UDP for queries
TCP for Zone Transfer
Application Layer
DHCP
Dynamic Host Configuration Protocol
Automatically assigns IP addresses
Port 67/68
UDP
Application Layer
OSI
Open System Interconnection
Networking framework to implement protocols in layers. It conceptually divides computer network architecture into a logical seven-layer progression.
When network traffic is generated, it is assembled (encapsulated) from the top layer to the bottom layer.
When received, traffic goes through the model in the reverse direction: from bottom to top (decapsulation).
OSI Layers
Layer 7 Application
Layer 6 Presentation
Layer 5 Session
Layer 4 Transport
Layer 3 Network
Layer 2 Data Link
Layer 1 Physical
Encapsulated Layer 7-1 All People Seem To Need Data Processing
Decapsulated Layer 1-7 Please Do Not Throw Sausage Pizza Away
Layer 7
Application
Users interact directly with applications that operate at Layer 7. Examples of Layer 7 applications include web browsers such as Google Chrome, Firefox, and Safari, and other applications, such as SSH and FTP.
Layer 6
Presentation
Data formatting: encryption and decryption
Ensure data is in useable format
Layer 5
Session
Inter-host communication
The session layer is responsible for creating a session between two devices. Controls ports and sessions
Layer 4
Transport
Data transmission.
UDP and TCP
Layer 3
Network
Decides what path the data will take
Layer 3.
Diagnostic tools, such as ping and tracert, operate in this layer.
Layer 2
Data Link
Physical addressing/MAC
Decides format of data.
Switches operate in this layer.
Layer 1
Physical
How data is physically sent through the network.
This layer determines how bits are electrically or optically transferred by hardware devices that interface directly with a network medium, such as coaxial cable, optical fiber, or twisted-pair copper wire.
Hubs operate in this layer.
FTP
File Transfer Protocol
File Transfer protocol is used to transfer files over the network.
For example, the FTP service can be used to transfer files to another device over the
network.
Port 20 data transfer/ 21 authentication
TCP
SSH
Secure SHell
Secure SHell is a secure command-line protocol that allows the user to run remote commands on a remote machine.
Any data that passes through SSH is encrypted.
Port 22
TCP
TCP/IP
Transmission Control Protocol/Internet Protocol
The model describes how data is exchanged over the Internet, including how data should be divided into packets, addressed, transmitted, routed, and received by the destination.
TCP/IP Layers
Layer 4 Application
Layer 3 Transport
Layer 2 Internet
Layer 1 Network Access
ipconfig
Displays a computer’s IP configuration
Private IP Space
Non-Routable
RFC1918
Class A 10.0.0.0/8
Class B 172.16.0.0/12
Class C 192.168.0.0/16
ping
Used to check connectivity between computers over the network.
It also provides information, such as connection speed and reliability.
ICMP is its protocol
nslookup
Sends a query to get the name of a computer by its IP address.
It can also do the opposite - query an IP address by the domain name.
tracert
Displays all the stations (hops) along the route taken by the information to its
destination.
It can work with a domain name or an IP address
netsh
It allows the configuration of the IP address, DNS, default gateway, and various network
functions.
TCP 3 way handshake
- The client sends a SYN
- The server responds with a SYN-ACK
- The client finalizes with ACK
Segment
A broken piece of a packet with a TCP header in each of them.
Frame
The protocol data unit at the data link layer.
Packet
A data fraction transmitted over the network layer.
UDP
User Datagram Protocol: connectionless protocol. Faster, less strict about data integrity. Doesn’t rearrange data packets or check for errors.
TCP
Transmission Control Protocol: connection-oriented protocol. High reliability, rearranges data packets in order, detects errors. 3 way handshake
RDP
Remote Desktop Protocol
TCP
Port 3389
SMTP
Simple Mail Transfer Protocol
Used in sending and receiving email
TCP
Port 25
SMB
Server Message Block
A network file sharing protocol that allows applications on a computer to read and write to files
TCP
Port 445
netstat
Provides statistics about all active connections so you can find out which computers or networks a PC is connected to.
TFTP
Trivial File Transfer Protocol (TFTP) is a simple lockstep File Transfer Protocol which allows a client to get a file from or put a file onto a remote host.
UDP
Port 69
NTP
Network Time Protocol (NTP)
Synchronizes computer clocks
UDP
Port 123
Switch
Designed to forward frames from source to destination according to specific MAC addresses in the Frame.
Layer 2 device
MAC Address Table
A way to map each and every port to a MAC address.
Dynamic- Automatic configured MAC address
Static- Manually configured MAC address
Store-and-Forward Switch
Buffers the entire frame upon receipt. Checks for errors. Slow
Cut-Through Switching
Faster. Only the first 6 bytes of the incoming frame is buffered (MAC address). Forwards immediately. No error checking.
Fragment-Free Switching
Buffers the first 64 bytes including MAC address data and the frames payload. Provides partial error checking.
Auto-Negotiation
Tells connected devices to announce their capabilities. Bases on the settings, chooses the optimal speed and duplex mode.
Cisco IOS
Internetwork Operating System
User mode
Exec (enable) mode
Config term
interfaces
ARP
Address Resolution Protocol (ARP)
Procedure for mapping a dynamic IP address to a permanent physical machine address in a local area network (LAN)
Telnet
Manage devices from anywhere.
Not encrypted
TCP
Port 23
Hexadecimal
0-9
A-F
Router
Forwards packets
Layer 3 device
NAT
Network Address Translation
Changes your IP address to a new IP address before sending it to a different network
Default Gateway
Routes traffic to and from other networks
Used when you want to find an IP that is not on your network
Routing Process
Examination
Decapsulation
Decision-Making
Encapsulation
Forwarding
IPv4
32 bits
4 octets-each 8 bits
separated by a .
Broadcast
Sent to all devices on network
255.255.255.255 or FF:FF:FF:FF:FF:FF
Routers block
APIPA
Automatic Private IP Addressing
169.254.0.0/16
Loopback Address
127.0.0.0/8
Allow for a device to send and receive its own data packets
show ip interface brief
Shows up/down status of your IP interfaces.
Displays critical info about a lot of interfaces on one easy to read page
show interface
Detailed output of each interface
show version
Shows info about your software and hardware
show ip route
Shows your routing table
show running-config
Tells you how the box is configured right now. Also, “show startup-config” will tell you how the router will be configured after the next reboot
show port
Gives you the status of ports on a switch.
Static Routing
User enters every network manually
Used for Stub Networks & Small Networks
Stub Network
Uses 1 router that sends and receives non-local traffic by a single path
Class A IP Addresses
1-127
Default Subnet Mask 255.0.0.0
Class B IP Addresses
128-191
Default Subnet Mask 255.255.0.0
Class C IP Addresses
192-223
Default Subnet Mask 255.255.255.0
RIP
Routing Information Protocol
Administrative Distance 120
15 max hops
Changes the routing table every time
In CLI (command line) shown as R
OSPF
Open Shortest Path First
AD 110
Keeps track of changes in topology
Bases metric calculation on the bandwidth of the links along the path to the destination
In CLI show as O
EIGRP
Enhanced Interior Gateway Routing Protocol
AD 90
In CLI it is shown as D
Slash Notation
/24
/25
/26
/27
/28
/29
/30
/31
/32
/24= 256 255.255.255
/25= 128 255.255.255.128
/26= 64 255.255.255.192
/27= 32 255.255.255.224
/28 16 255.255.255.240
/29= 8 255.255.255.248
/30= 4 255.255.255.252
/31= 2 255.255.255.254
/32= 1 255.255.255.255
Static Route
AD 1
VLAN Switchport Mode Access
Access ports carry traffic only on the VLAN they belong to.
VLAN Switchport Mode Trunk
Carry traffic for different VLANs and devices. Adds a tag so it gets where it needs to go.
DTP
Dynamic Truck Protocol
Cisco protocol to automate the creation of trunk links.
Dynamic Auto- Default, does not negotiate
Dynamic Desirable- Actively attempts to change the mode
Default VLAN
Reserved
VLAN 1
1002-1005
Data VLAN
2-1001
Syslog
System Logs
Standard for logging messages
Severity Levels 0 (emergency) 7 (debugging)
ACL
Access Control List
Configure basic traffic filtering
Improve network performance and secure the network
1-99 and 1300-1999
Failover Cluster
Method used to back up a network in case of a failure.
Acts like a single system
Cluster software becomes a single point of failure
Load Balancer
Device that distributes traffic across multiple devices.
IDS
Intrusion Detection System
IPS
Intrusion Prevention System
AAA
Authentication, Authorization, Accounting
Verify user identity, enforce user permissions, track user activity
RADIUS
Remote Authentication Dial-In User Service
AAA protocol
TACACS+
Terminal Access Controller Access Control System Plus
AAA protocol
802.1X
Security protocol (port-based network access control)
Supplicant: Receives credentials from user and submits to the authenticator
Authenticator: Relays credentials received to the authentication server
Authentication Server: Validates credentials. Determines level of access
EAP
Authentication framework that provides transport for the requests and response parameters
CAM Table
Stores MAC addresses on a switch
Limited space
CAM table flooding makes the switch act like a hub
Port Security
Not enabled on switches by default
Restricts input to an interface
Limits the number of MAC addresses that can access a specific physical port
Port Security Violation Modes
Shutdown (default mode) port shuts down automatically-notification sent
Restrict - drops frames with unfamiliar source MAC address-notification sent
Protect - frames with unknown MAC addresses are dropped-no notification sent
Switch Spoofing
VLAN Hopping
Manipulates DTP (Dynamic Trunking Protocol)
DTP negotiation is enabled by default, even if it runs in access mode
Double Tagging
VLAN Hopping
Takes advantage of 802.1q tagging process
Switch removes the first tag
Next switch in line will process the second tag
Encoding
Convert to coded form
Base64 ends in = or == (padding)
Hashing
Consists of character and numbers
MD5: 128 big length unique key
Salt/Salting
Adding unique characters after a password, before hashing to create a different hash value
Pepper/Peppering
Adds unique characters like salting but it is not stored alongside a password hash
Rainbow Table
Used for hash cracking
Predefined list of hashes
Saves time in Brute-Force attacks
Symmetric Cipher
Uses the same key to encrypt and decrypt the text
Asymmetric Cipher
Uses 2 keys, 1 for encryption and another for decryption
Diffie-Hellman
First key-sharing protocol designed to solve the problem of key distribution
PKI
Public Key Infrastructure
System for creating, storing, and distributing digital certificates
Firewall
Monitors and filters network traffic
Can be software, hardware, or cloud service
Firewall Actions
Accept: Allow traffic to pass through
Drop: Blocks packet without notification
Reject: Blocks a packet with an error notification
Stateless Filtering
Permits or denies packets based on their source or destination IP address and ports
Stateful Filtering
Requires the server to store connection states and session information
Fail-Open
Allows access even if the device is in a failed state. Availability is more important than security.
Fail-Close
Blocks access if the device is in a failed state. Security is more important than availability.
SNMP
Simple Network Management Protocol
Application layer protocol that allows devices on a network to share info
NetFlow
Network monitoring protocol used to collect IP traffic.
Eye on performance and resource allocation
Nagios
Open-source network monitoring software
Packet Inspection Levels
Shallow: Inspects only packet headers
Medium: Compares data with a list of specific packet and data format types
Deep: Inspects all traffic from a designated IP address
Analyst Workflow
- Review alert and associated rules
- Gather additional info from the system related to the incident
- Investigate the alert and its cause
- Summarize conclusions about alert and recommend the next step
AES
Advanced Encryption Standard
VPN Protocols
IPsec
PPTP
L2TP/IPsec
CDP
Cisco Discovery Protocol
LLDP
Link Layer Discovery Protocol