networking

Question 1

dns - how to configure dns so that www.domain.com and domain.com work

Answer 1

set an a record fo (blank) | hostname | IP AND www | hostname | IP

Question 2

format for a HTTP protocol command

Answer 2

[Command] [Resource] [Protocol Name/Version] e.g. GET / HTTP/1.0

Question 3

how does IP address spoofing work?

Answer 3

forging the packet header so it contains a different address than the computer sending it. # response goes to spoofer address, so only used when you the spoofer doesn’t care about the response

Question 4

linux - get tcpdump to ignore port 23

Answer 4

tcpdump not port 23

Question 5

linux - get tcpdump to log to a particular file

Answer 5

tcpdump -w capture_file

Question 6

linux - limit the number of packets dumped by tcpdump to 50

Answer 6

tcpdump -c 50

Question 7

linux - print all packets from mysite.com

Answer 7

tcpdump src host mysite.com

Question 8

linux - see all the routers used in getting to Google.com

Answer 8

traceroute www.google.com

Question 9

linux - use tcpdump to only look at HTTP requests

Answer 9

tcpdump dst port 80 # destination port # often you’ll need to specify the device for tcpdump with -i so you might need to add this

Question 10

linux - what does -n option do tcpdump -n

Answer 10

turns off name resolution # you might want to do this since name resolution slows down interception… sometimes crippling it

Question 11

linux - what is tcpdump

Answer 11

a packet sniffer # able to capture traffic that passes through a machine

Question 12

linux - what is the -i option with tcpdump

Answer 12

the network interface tcpdump -i en1

Question 13

linux – what is the final piece of info with tcpdump 10:15:15.571309 IP anon.63180 > sjc-not9.sjc.dropbox.com.http: P 1366488174:1366488582 (408) ack 2337505545 win 7240

Answer 13

Information about the packet. For instance, here we have TCP sequence numbers, flags, ARP/ICMP commands, etc.

Question 14

linux – what is the first piece of info with tcpdump 10:15:15.571309 IP anon.63180 > sjc-not9.sjc.dropbox.com.http: Flags [.], ack 537, win 65535, options [nop,nop,TS val 388814076 ecr 999361453], length 0

Answer 14

the time this packet was received

Question 15

linux – what is the second piece of info with tcpdump 10:15:15.571309 IP anon.63180 > sjc-not9.sjc.dropbox.com.http: Flags [.], ack 537, win 65535, options [nop,nop,TS val 388814076 ecr 999361453], length 0

Answer 15

protocol name (here it’s IP)

Question 16

linux – what is the third piece of info with tcpdump output 10:15:15.571309 IP anon.63180 > sjc-not9.sjc.dropbox.com.http: Flags [.], ack 537, win 65535, options [nop,nop,TS val 388814076 ecr 999361453], length 0

Answer 16

source and destination IP address # only true of IP protocol normally. try appending -e to get the same info in other protocols

Question 17

networking - a subnet expressed like so means what 11.22.33.0/24

Answer 17

subnet is 11.22.33 with 24 significant bits (32 bits total (4X8) in an IPv4) (same as 255.255.255.0 subnet mask) # called the significant bit format

Question 18

networking - a T1 and a backup ISDN are connected to a router. how does the router know to use the ISDN if the T1 is down

Answer 18

configuration table

Question 19

networking - besides finding the fastest possible route on a second by second basis what is the second advantage of packet switching

Answer 19

redundancy - if one part of the network goes down the info still gets there

Question 20

networking - difference between how TCP and UDP transport packets

Answer 20

After UDP has placed a packet on the network (via the IP protocol), it forgets about it TCP keeps connection open and keeps sending the packet until it has been received

Question 21

networking - do all packets follow the same route on the network

Answer 21

not necessarily – each one follows the most efficient one… and this is determined by the hardware on a millisecond by millisecond basis

Question 22

networking - how are subnets connected to one another?

Answer 22

with routers or gateways, which belong to multiple subnets, forwarding internet traffic from one subnet to the other

Question 23

networking - how do computers in subnets (e.g. in offices) get online

Answer 23

your computer directs all traffic destined to the internet through a gateway in your local subnet. The gateway substitutes its own IP address and port in place of your computer’s. When chunks of data arrive in reply, the gateway knows from the port number in the data that they must be forwarded to your computer and local port.

Question 24

networking - how do DDOS attacks get around router’s specificity rules which block certain IP addresses

Answer 24

by spoofing the IP of the sender

Question 25

networking - how do routers know when to reconfigure the path

Answer 25

they tell each other about line conditions, delays in transmission…

Question 26

networking - how do routers prevent networking clogging

Answer 26

stop information from going where it’s not needed

Question 27

networking - how to give your computer a public ip address directly reachable via internet

Answer 27

connect modem to machine directly (instead of through router which could create a subnet) and make sure your ISP gives you a fixed IP adress and not a dynamic IP address

Question 28

networking - no computer is connected to each other online… instead it is connected to one or more

Answer 28

subnets # In order to successfully communicate with other computers throughout the internet, your computer must know what subnet it is part of, so that it knows what IP addresses are outside your local subnet and must be relayed through the gateway

Question 29

networking - the party initiating a TCP connection chooses what local port

Answer 29

usually chosen at random

Question 30

networking - what are private subnets

Answer 30

ranges of IP addresses reserved for private networks 10.0.0.0/8 (addresses from 10.0.0.0 to 10.255.255.255) 172.16.0.0/12 (addresses from 172.16.0.0 to 172.31.255.255) 192.168.0.0/16 (addresses from 192.168.0.0 to 192.168.255.255)

Question 31

networking - what does a packet contain

Answer 31

HEADER 1 sender’s IP address 2 recipient’s IP address # so it knows where it’s going 3 count of packets email(/whatever) was broken into 4 number of this particular packet PAYLOAD 1 data (e.g. 1000 bytes of data) TRAILER data to show end of packet

Question 32

networking - what does this subnet mask communicate? 255.255.255.0

Answer 32

the last byte indicates computers in the network, the rest indicates the subnet itself 4 bytes (byte = 8 bits = 1111(binary) = 255) Therefore, 255.255.255.0 means that the first 3 bytes of the subnet IP address (11.22.33) indicate the actual subnet, and the last byte can be variable (and indicates computers in the subnet)

Question 33

networking - what info is contained in a MAC

Answer 33

first 3 bytes - manufacturer last 3 bytes - serial number of NIC itself

Question 34

networking - what information goes in a router’s configuration table

Answer 34

info on which connections lead to which addresses priorities for connections

Question 35

networking - what is a datagram

Answer 35

packets of an unreliable service that do not notify the user if delivery fails e.g. in UDP

Question 36

networking - what is a loopback address

Answer 36

IP shorthand for your computer. special IP address (127.0.0.1) that isn’t physically connected to any network hardware

Question 37

networking - what is a NIC

Answer 37

Network Interface Card # used to connect computers to networks

Question 38

networking - what is a socket?

Answer 38

: # e.g. website (port 80) 41.199.222.3:80

Question 39

networking - what is a typical subnet

Answer 39

group of consecutive IP addresses, such as all IP addresses from 11.22.33.0 to 11.22.33.255.

Question 40

networking - what is a VPN?

Answer 40

A private network that runs over the public Internet. Virtual Private Network

Question 41

networking - what is an egress firewall

Answer 41

filters outbound connections from your machine to the internet - software which tries to control what programs on your machine access the internet

Question 42

networking - what is an ingress firewall

Answer 42

stops wider internet from accessing services on certain ports on your machine (meant only to be accessed by locally trusted subjects)

Question 43

networking - what is an internet

Answer 43

a series of two or more connected TCP/IP networks that can be reached by routing.

Question 44

networking - what is an IP address

Answer 44

the numeric address of a computer

Question 45

networking - what is an MAC

Answer 45

Media Access Control physical address stored in a specific memory location of an NIC

Question 46

networking - what is CRC

Answer 46

Cyclic Redundancy Check (CRC) error checking in packets. sum of all the 1s in the packet stored in hex. If tge recalculation of CRC on receipt doesn’t match the number originally sent then that packet is resent.

Question 47

networking - what is IPv4

Answer 47

32 bit IP address (127.0.0.1)

Question 48

networking - what is IPv6

Answer 48

a 128 bit IP address 0:0:0:0:0:0:0:1

Question 49

networking - what is MIME for?

Answer 49

server responds to client HTTP request saying what kind of information is contained in the file

Question 50

networking - what is Network Address Translation (NAT)

Answer 50

Helps the Internet not run out of IP addresses by translating an IP address (perhaps not unique) on one network to another IP address on a different network — usually, the Internet # no longer needed with IPv6

Question 51

networking - what is port forwarding/virtual server

Answer 51

the router which connects the private subnet to the internet can be configured to forward all incoming connections on a certain port to one of the computers inside the private network used if your computer is on a private subnet

Question 52

networking - what is the normal range for ports?

Answer 52

1-65535

Question 53

networking - what to remember about IP addresses when using port forwarding

Answer 53

public IP address is not the server, but rather the forwarder

Question 54

networking - what transport layer does DNS use?

Answer 54

UDP DNS sends a UDP packet to a DNS server to look up the domain. When the server finds the domain, it returns the domain’s IP address in another UDP packet. (not kept open like TCP)

Question 55

networking - why do DDOS attacks hurt others besides the target

Answer 55

the routers just upstream get highly taxed …. thus they lose bytes and internet is slowed down

Question 56

networking - why do HTTP and FTP use TCP?

Answer 56

since losing a chunk of a file or HTTP page is undesirable

Question 57

networking - why do online videos and streaming choose UDP over TCP?

Answer 57

doesn’t matter if chunks of data are lost… more important data arrives quickly

Question 58

networking - why do ports exist?

Answer 58

In order to handle multiple simultaneous connections with the same computer, your computer must be able to distinguish them

Question 59

networking - why does a connection need two ports

Answer 59

you need to have one on your machine and one on the other # the party initiating the connection must know which port he wants on the other machine

Question 60

networking - why does TCP’s robustness cost it responsiveness

Answer 60

Before any data can be sent using TCP, the two computers must engage in a short back-to-forth to establish a TCP connection.

Question 61

networking - why might an office choose proxy over NAT?

Answer 61

With a proxy the office can more easily restrict and monitor your traffic and permit or deny access selectively based not just on port numbers, but the content being accessed and protocols being used.

Question 62

networking - with a gateway in place all connections coming from computers in the subnet appear to computers outside the subnet as coming from….

Answer 62

the gateway itself

Question 63

port 23 is…

Answer 63

telnet # by default… although you can set this as something else

Question 64

security - why is authentication based on IP a weak measure

Answer 64

since a hacker could bypass it with IP spoofing

Question 65

When wiring up a URL you typically need to hook up both:

Answer 65

example.com www.example.com

Question 66

Wiring up domains needs to be done both on …. side and …. side

Answer 66

server side domain provider side