networking Flashcards
dns - how to configure dns so that www.domain.com and domain.com work
set an a record fo (blank) | hostname | IP AND www | hostname | IP
format for a HTTP protocol command
[Command] [Resource] [Protocol Name/Version] e.g. GET / HTTP/1.0
how does IP address spoofing work?
forging the packet header so it contains a different address than the computer sending it. # response goes to spoofer address, so only used when you the spoofer doesn’t care about the response
linux - get tcpdump to ignore port 23
tcpdump not port 23
linux - get tcpdump to log to a particular file
tcpdump -w capture_file
linux - limit the number of packets dumped by tcpdump to 50
tcpdump -c 50
linux - print all packets from mysite.com
tcpdump src host mysite.com
linux - see all the routers used in getting to Google.com
traceroute www.google.com
linux - use tcpdump to only look at HTTP requests
tcpdump dst port 80 # destination port # often you’ll need to specify the device for tcpdump with -i so you might need to add this
linux - what does -n option do tcpdump -n
turns off name resolution # you might want to do this since name resolution slows down interception… sometimes crippling it
linux - what is tcpdump
a packet sniffer # able to capture traffic that passes through a machine
linux - what is the -i option with tcpdump
the network interface tcpdump -i en1
linux – what is the final piece of info with tcpdump 10:15:15.571309 IP anon.63180 > sjc-not9.sjc.dropbox.com.http: P 1366488174:1366488582 (408) ack 2337505545 win 7240
Information about the packet. For instance, here we have TCP sequence numbers, flags, ARP/ICMP commands, etc.
linux – what is the first piece of info with tcpdump 10:15:15.571309 IP anon.63180 > sjc-not9.sjc.dropbox.com.http: Flags [.], ack 537, win 65535, options [nop,nop,TS val 388814076 ecr 999361453], length 0
the time this packet was received
linux – what is the second piece of info with tcpdump 10:15:15.571309 IP anon.63180 > sjc-not9.sjc.dropbox.com.http: Flags [.], ack 537, win 65535, options [nop,nop,TS val 388814076 ecr 999361453], length 0
protocol name (here it’s IP)
linux – what is the third piece of info with tcpdump output 10:15:15.571309 IP anon.63180 > sjc-not9.sjc.dropbox.com.http: Flags [.], ack 537, win 65535, options [nop,nop,TS val 388814076 ecr 999361453], length 0
source and destination IP address # only true of IP protocol normally. try appending -e to get the same info in other protocols
networking - a subnet expressed like so means what 11.22.33.0/24
subnet is 11.22.33 with 24 significant bits (32 bits total (4X8) in an IPv4) (same as 255.255.255.0 subnet mask) # called the significant bit format
networking - a T1 and a backup ISDN are connected to a router. how does the router know to use the ISDN if the T1 is down
configuration table
networking - besides finding the fastest possible route on a second by second basis what is the second advantage of packet switching
redundancy - if one part of the network goes down the info still gets there
networking - difference between how TCP and UDP transport packets
After UDP has placed a packet on the network (via the IP protocol), it forgets about it TCP keeps connection open and keeps sending the packet until it has been received
networking - do all packets follow the same route on the network
not necessarily – each one follows the most efficient one… and this is determined by the hardware on a millisecond by millisecond basis
networking - how are subnets connected to one another?
with routers or gateways, which belong to multiple subnets, forwarding internet traffic from one subnet to the other
networking - how do computers in subnets (e.g. in offices) get online
your computer directs all traffic destined to the internet through a gateway in your local subnet. The gateway substitutes its own IP address and port in place of your computer’s. When chunks of data arrive in reply, the gateway knows from the port number in the data that they must be forwarded to your computer and local port.
networking - how do DDOS attacks get around router’s specificity rules which block certain IP addresses
by spoofing the IP of the sender
networking - how do routers know when to reconfigure the path
they tell each other about line conditions, delays in transmission…
networking - how do routers prevent networking clogging
stop information from going where it’s not needed
networking - how to give your computer a public ip address directly reachable via internet
connect modem to machine directly (instead of through router which could create a subnet) and make sure your ISP gives you a fixed IP adress and not a dynamic IP address
networking - no computer is connected to each other online… instead it is connected to one or more
subnets # In order to successfully communicate with other computers throughout the internet, your computer must know what subnet it is part of, so that it knows what IP addresses are outside your local subnet and must be relayed through the gateway
networking - the party initiating a TCP connection chooses what local port
usually chosen at random
networking - what are private subnets
ranges of IP addresses reserved for private networks 10.0.0.0/8 (addresses from 10.0.0.0 to 10.255.255.255) 172.16.0.0/12 (addresses from 172.16.0.0 to 172.31.255.255) 192.168.0.0/16 (addresses from 192.168.0.0 to 192.168.255.255)
networking - what does a packet contain
HEADER 1 sender’s IP address 2 recipient’s IP address # so it knows where it’s going 3 count of packets email(/whatever) was broken into 4 number of this particular packet PAYLOAD 1 data (e.g. 1000 bytes of data) TRAILER data to show end of packet
networking - what does this subnet mask communicate? 255.255.255.0
the last byte indicates computers in the network, the rest indicates the subnet itself 4 bytes (byte = 8 bits = 1111(binary) = 255) Therefore, 255.255.255.0 means that the first 3 bytes of the subnet IP address (11.22.33) indicate the actual subnet, and the last byte can be variable (and indicates computers in the subnet)
networking - what info is contained in a MAC
first 3 bytes - manufacturer last 3 bytes - serial number of NIC itself
networking - what information goes in a router’s configuration table
info on which connections lead to which addresses priorities for connections
networking - what is a datagram
packets of an unreliable service that do not notify the user if delivery fails e.g. in UDP
networking - what is a loopback address
IP shorthand for your computer. special IP address (127.0.0.1) that isn’t physically connected to any network hardware
networking - what is a NIC
Network Interface Card # used to connect computers to networks
networking - what is a socket?
: # e.g. website (port 80) 41.199.222.3:80
networking - what is a typical subnet
group of consecutive IP addresses, such as all IP addresses from 11.22.33.0 to 11.22.33.255.
networking - what is a VPN?
A private network that runs over the public Internet. Virtual Private Network
networking - what is an egress firewall
filters outbound connections from your machine to the internet - software which tries to control what programs on your machine access the internet
networking - what is an ingress firewall
stops wider internet from accessing services on certain ports on your machine (meant only to be accessed by locally trusted subjects)
networking - what is an internet
a series of two or more connected TCP/IP networks that can be reached by routing.
networking - what is an IP address
the numeric address of a computer
networking - what is an MAC
Media Access Control physical address stored in a specific memory location of an NIC
networking - what is CRC
Cyclic Redundancy Check (CRC) error checking in packets. sum of all the 1s in the packet stored in hex. If tge recalculation of CRC on receipt doesn’t match the number originally sent then that packet is resent.
networking - what is IPv4
32 bit IP address (127.0.0.1)
networking - what is IPv6
a 128 bit IP address 0:0:0:0:0:0:0:1
networking - what is MIME for?
server responds to client HTTP request saying what kind of information is contained in the file
networking - what is Network Address Translation (NAT)
Helps the Internet not run out of IP addresses by translating an IP address (perhaps not unique) on one network to another IP address on a different network — usually, the Internet # no longer needed with IPv6
networking - what is port forwarding/virtual server
the router which connects the private subnet to the internet can be configured to forward all incoming connections on a certain port to one of the computers inside the private network used if your computer is on a private subnet
networking - what is the normal range for ports?
1-65535
networking - what to remember about IP addresses when using port forwarding
public IP address is not the server, but rather the forwarder
networking - what transport layer does DNS use?
UDP DNS sends a UDP packet to a DNS server to look up the domain. When the server finds the domain, it returns the domain’s IP address in another UDP packet. (not kept open like TCP)
networking - why do DDOS attacks hurt others besides the target
the routers just upstream get highly taxed …. thus they lose bytes and internet is slowed down
networking - why do HTTP and FTP use TCP?
since losing a chunk of a file or HTTP page is undesirable
networking - why do online videos and streaming choose UDP over TCP?
doesn’t matter if chunks of data are lost… more important data arrives quickly
networking - why do ports exist?
In order to handle multiple simultaneous connections with the same computer, your computer must be able to distinguish them
networking - why does a connection need two ports
you need to have one on your machine and one on the other # the party initiating the connection must know which port he wants on the other machine
networking - why does TCP’s robustness cost it responsiveness
Before any data can be sent using TCP, the two computers must engage in a short back-to-forth to establish a TCP connection.
networking - why might an office choose proxy over NAT?
With a proxy the office can more easily restrict and monitor your traffic and permit or deny access selectively based not just on port numbers, but the content being accessed and protocols being used.
networking - with a gateway in place all connections coming from computers in the subnet appear to computers outside the subnet as coming from….
the gateway itself
port 23 is…
telnet # by default… although you can set this as something else
security - why is authentication based on IP a weak measure
since a hacker could bypass it with IP spoofing
When wiring up a URL you typically need to hook up both:
example.com www.example.com
Wiring up domains needs to be done both on …. side and …. side
server side domain provider side
