Networking Flashcards

Question 1

Q

OSI Physical Layer

Answer

A

Is responsible for the transmission and reception of bits between a device and a physical transmission medium
It converts these digital bits into electrical, radio, or optical signals

Question 2

Q

OSI Data Link Layer

Answer

A

Provides node-to-node data transfer (a link between two directly connected nodes)
It detects and possibly corrects any transmission errors that may occur in the physical layer
Is divided into two sublayers: MAC and LLC
MAC (media access control) is responsible for controlling how devices in a network gain access to a medium and permission to transmit data
LLC (logical link control) is responsible for identifying and encapsulating network layer protocols, and controls error checking and frame synchronization

Question 3

Q

OSI Network Layer

Answer

A

Provides the means of transferring variable length packets from one node to another connected in a different network
It also manages data transfer rates, via flow control as a means of easing congestion

Question 4

Q

OSI Transport Layer

Answer

A

Deals with the packetisation of data that comes in from the session layer so that it’s suitable for the network layer
Provides the acknowledgement of the successful data transmission and sends the next data if no errors occurred

Question 5

Q

OSI Session Layer

Answer

A

Manages connections between source and destination
This layer is responsible for responsible for gracefully closing a session as well as session checkpointing and recovery in the case of interruptions
Allows the establishment, use and termination of a connection

Question 6

Q

OSI Presentation Layer

Answer

A

Makes decisions on how data is represented before it is sent across the network
Takes care of data compression and encryption/decryption

Question 7

Q

OSI Application Layer

Answer

A

The layer closest to the end user
This layer and the user interact directly with the software application
This layer also serves as a window for the application services to access the network and for displaying the received information to the user

Question 8

Q

TCP/IP Link Layer

Answer

A

Corresponds to the OSI physical and data link layers
Ensures that the model can send and receive data from other layers
Defines the protocols and hardware required to connect a host to a physical network and to deliver data across it
Packets from the Internet layer are sent down this layer for delivery within the physical network
The destination can be another host in the network, itself, or a router for further forwarding

Question 9

Q

TCP/IP Network Layer

Answer

A

Corresponds to the OSI network layer
Performs two functions:
1) Host addressing and identification: this is accomplished with a hierarchical IP addressing system
2) Packet routing: this is the basic task of sending packets of data (datagrams) from source to destination by forwarding them to the next network router closer to the final destination
It also defines the protocols which are responsible for logical transmission of data over the entire network: IP, ICMP, ARP

Question 10

Q

TCP/IP Transport Layer

Answer

A

Corresponds to the OSI transport layer
Is responsible for end-to-end communication and ensuring delivery of data is error-free
Also shields the upper-layer applications from the complexities of data
Contains two protocols: UDP and TCP

Question 11

Q

TCP/IP Application Layer

Answer

A

Corresponds to the OSI session, presentation and application layers
Is responsible for node-to-node communication and controls user-interface specifications
Contains the communications protocols and interface methods used in process-to-process communications across an IP network

Question 12

Q

CSMA/CD

Answer

A

Forces the sender to send transmissions to check for the presence of a digital signal on the wire
If no other hosts are transmitting packets, the sender begins sending the frame
The sender also monitors the wire to make sure no other hosts begin transmitting
However, if another host begins transmitting at the same time and a collision occur, the transmitting host sends a jam signal that causes all hosts on the network segment to stop sending data
The CSMA/CD rules define how long the device should wait if a collision occurs

Question 13

Q

Metcalfe’s Law

Answer

A

A network’s value increases exponentially with the size of the network (in this case, the users)

Question 14

Q

IP address types

Answer

A

Unicast (a single packet destination)
Broadcast (one packet goes to every local host)
Multicast (one packet goes to one or more hosts)
Anycast (IPv6 only, a packet goes to any one of a selection of servers, usually the closest in some sense)

Question 15

Q

IP routing classes

Answer

A

Local hosting, requiring an interior gateway protocol
Non-local hosting, requiring an exterior gateway protocol

Question 16

Q

Classful systems

Answer

A

Original architecture used until CIDR was introduced
Divides IP addresses into one of five classes, depending on its four leading bits
Class A:
1) Most significant bit sequence is 0
2) Next 7 bits gives network number
3) Leaves 24 bits for determining the host in any of the networks
Class B:
1) Most significant bit sequence is 10
2) Next 14 bits gives network number
3) Leaves 16 bits for determining the host in any of the networks
Class C:
1) Most significant bit sequence is 110
2) Next 21 bits gives network number
3) Leaves 8 bits for determining the host in any of the networks
Class D:
1) Most significant bit sequence is 1110
2) Next 28 bits gives network number
3) Used for multicasting (when one host sends data to more than one destination)
Class E:
1) Most significant bit sequence is 11110
2) Next 27 bits gives network number
3) Reversed for future use

Question 17

Q

Motivation for introducing classful addressing

Answer

A

Needed to deal with the expansion of the Internet, since the previous header could only name 256 networks
This expansion was to cater for the trend of increasing local area networking

Question 18

Q

CIDR

Answer

A

Stands for Classless Interdomain Routing
Unlike classful routing, CIDR allows for blocks of IP addresses (typically class C) to be allocated by region and then allocated to ISPs who then assigned addresses to their customers
CIDR has been effective in making good reuse of class A networks
It is subnet mask-based, meaning that the IP address is split into a network and host address, with focus on the host address

Question 19

Q

Why CIDR?

Answer

A

IP addressing used to be class-based, and allocations were based on the bit boundaries of the four octets of an IP addresss:
1) Class B networks were limited to 65535 network interfaces
2) Class C networks were limited to 254 network interfaces
This led to inefficiencies as well as exhaustion of IP address availability a large numbers of class C networks were required with individual route announcements, leading to exhaustion of
As a result, the system of allocating IP addresses was no longer scalable
Since CIDR is VLSM-based, it allows the division of a network into arbitrarily sized subnets

Question 20

Q

TCP header flags

Answer

A

URG: urgent data
ACK: acknoledgement field
PSH: push this data to the application as possible
RST: reset the connection
SYN: synchronise a new connection
FIN: finish a connection
ECE: congestion notification
CWR: congestion window reduced

Question 21

Q

SYN

Answer

A

Only the first packet sent from each end should have this flag set
Used as the first step in establishing a 3-way handshake between hosts

Question 22

Q

ACK

Answer

A

Indicates that the acknowledgement field is significant
Acknowledges that a packet has been successfully received
In the second step of the 3-way handshake, the receiver sends an ACK = 1 along with a SYN = 1 to notify the sender that it received the initial packet
All packets after the initial SYN packet sent by the client should have a set ACK flag

Question 23

Q

FIN

Answer

A

Indicates the last packet from the sender
Is used to request for connection termination (when there is no more data from the sender)

Question 24

Q

RST

Answer

A

Resets the connection
Can be used to terminate the conection if the RST sender thinks there is an issue with the TCP conection
Usually gets sent to the sender from the receiver when a packet is sent to a particular host that was not expecting it

Question 25

Q

URG

Answer

A

Indicates that the urgent field is significant
Data with this flag is for
Notifies the receiver to process the urgent packet before processing all other packets

Question 26

Q

ECE

Answer

A

Depends on the SYN flag value, this flag checks if a TCP peer is ECN capable during a 3-way handshake
If SYN flag = 0, indicates that there is network congestion to the TCP sender
If SYN flag = 1, then peer is ECN capable

Question 27

Q

CWR

Answer

A

Set by the sending host to indicate it received a TCP segment with the ECE flag set and had responded in congestion control mechanism

Question 28

Q

PSH

Answer

A

All data in the buffer is pushed to the receiving application
Indicates that the data should be passed as soon as possible

Question 29

Q

TCP reliability

Answer

A

If one host sends a packet to another, the receiving host needs to send an ACK packet to inform the sender that it has received it
Otherwise, the sender just resends the packet
Every byte in a TCP connection is numbered
The sequence number is initialised to some random number and represents the byte number of the first byte of data in the TCP packet sent
The acknowledgement number is the sequence number of the next byte the receiver expects to receive
The receiving host ACKs the client’s sequence number by incrementing it by 1

Question 30

Q

Three-way handshake

Answer

A

Used to open a TCP connection
There are three steps:
1) SYN: The active open is performed by the client sending a SYN to the server. The client sets the segment’s sequence number to a random value A.
2) SYN-ACK: In response, the server replies with a SYN-ACK. The ACK number is set to one more than the received sequence number, and the sequence number that the server chooses for the packet is another random number, B.
3) ACK: Finally, the client sends an ACK back to the server. The sequence number is set to the received ACK value, and the ACK number is set to one more than the received sequence number

Question 31

Q

Passive open

Answer

A

The server must first bind to and listen at a port to open it up for connections before a client attempts to connect with a server, occurs once the active open is established

Question 32

Q

Active open

Answer

A

The creation of a listening socket, to accept incoming connections

Question 33

Q

Active close

Answer

A

The side that initiates the closedown process by issuing the first close() call is said to initiate an active close

Question 34

Q

Passive close

Answer

A

The side that closes in response to the initiation is said to initiate a passive close

Question 35

Q

TCP segment exchange

Answer

A

Uses up to four segments
When an endpoint wishes to stop its half of the connection, it transmits a FIN packet, which the other end acknowledges with an ACK
After the side that sent the first FIN has responded with the final ACK, it waits for a timeout before finally closing the connection
A connection can be “half closed”, in which case one side has terminated its end, but the other has not
Therefore the side that has terminated can no longer send any data into the connection, but the other side can
The terminating side should continue reading the data until the other side terminates as well

Question 36

Q

TCP three way handshake termination

Answer

A

A second way of terminating TCP connections
Merely combines two steps into one, when a host sends a FIN and the receiving host replies with a FIN & ACK and the host that sent the original FIN replies with an ACK

Question 37

Q

TCP reset sending termination

Answer

A

A third way of terminating TCP connections
Only used in the case of errors, such as connection to a non-existent port
When a host receives a RST packet, it ends the connection and discards any packets in transit
There are no ACKs required, therefore the connection ends immediately

Question 38

Q

TCP flow control

Answer

A

Adjusts how frequently packets are sent depending on the network conditions and the state of the host receiving these packets, in order to ensure reliability
The advertised window manages the state of the receiving host
Different from congestion control in that flow control prevents the end-node from being overwhelmed
Uses 16 bits of window size
The destination has a limited amount of buffer space and fills up if data is not being processed quickly enough
After receiving a segment, the receiving window sends back to the sender a segment indicating the amount of space left
That way, the sender can slow down the rate of transfer for the buffer to free up space

Question 39

Q

Congestion window

Answer

A

A TCP state variable that determines the amount of data the TCP can send into the network before receiving an ACK
When a connection is set up, the congestion window is set to a small multiple of the MSS allowed on that connection
It is calculated by estimating how much congestion there is on the link

Question 40

Q

Advertised window

Answer

A

An adjustable field that determines the speed of transferring packets to make best use of current conditions in the receiving host

Question 41

Q

Sliding window

Answer

A

Describes the range of bytes that the sender can send at one time
The sender recomputes the availability of the buffer after every ACK it receives

Question 42

Q

Describing the sliding window

Answer

A

The window size is sent in every ACK segment
There are two edges on the sliding window
1) The left hand edge is defined by the number of the latest ACK segment
2) The right hand edge is defined by adding on the window size that is included in the ACK segment
The sliding window closes as more ACKs are received and the left hand edge advances (moves further left)
The window opens as the application reads data and the right hand edge advances (moves further right)

Question 43

Q

Window scale field

Answer

A

An optional field that can increase the receive window size allowed in TCP above its former maximum value of 65,535 bytes
Is necessary because modern networks need to get the most out of the available bandwidth, which can only be achieved with a large window

Question 44

Q

Delayed ACKs

Answer

A

Used to reduce traffic
A host may delay sending an ACK response by up to 500 ms
Additionally, with a stream of full-sized incoming segments, ACK responses must be sent for every second segment
Delayed ACKs can give the application the opportunity to update the TCP receive window and also possibly to send an immediate response along with the ACK attached

Question 45

Q

Piggybacking

Answer

A

Wherever a frame is received, the receiver waits and does not send the control frame (ACK) back to the sender immediately
The receiver waits until its network layer passes in the next data packet
The delayed acknowledgement is then attached to this outgoing data frame

Question 46

Q

Slow start

Answer

A

The congestion window is initialised to the destination’s MSS
A threshold value, ssthresh, is initialised to 64kb
The value for the congestion window size increased by one with each ACK received, effectively doubling the window size each RTT
The increase in tranmission rate continues until either a loss is detected or ssthresh is reached
If a loss event occurs, TCP assumes that it is due to network congestion and takes steps to reduce the offered load on the network

Question 47

Q

Congestion avoidance

Answer

A

Starts when ssthresh is reached without any problems
At this point, the window is increased by 1 segment for each round-trip delay time (RTT), making growth linear rather than near-exponential like slow start
The window continues to increase until the network’s limit is reached, usually dute to a timeout
When this happens, TCP assumes this is due to network congestion
The following steps occur:
1) Congestion window is reset to MSS = 1
2) ssthresh is set to half the congestion window size before the timeout
3) The congestion window starts increasing again, irrespective of whether slow start was running again

Question 48

Q

Fast Retransmit

Answer

A

Reduces the time a sender waits before retransmitting a lost segment
After receiving a packet an acknowledgement is sent for the last in order byte of data received
When a sender receives three duplicate acknowledgements, it can believe that the segment carrying the data that followed the last in order byte specified in the acknowledgment was lost
A sender with fast retransmit will then retransmit this packet immediately without waiting for its timeout
On receipt of the re-transmitted segment, the receiver can acknowledge the last in order byte of data received

Question 49

Q

NAT

Answer

A

Stands for Network Address Translation
A method of mapping many local IP addresses into one global IP address to provide Internet access to the local hosts, packet addresses are modified as they traverse the gateway
This works by allowing a single device, usually a router, to act as a gateway, meaning that only a single unique IP address is required to represent an entire group of computers to anything outside their network
This helps in mitigating address exhaustion

Question 50

Q

Deployment of IPv6

Answer

A

Considered the ultimate solution to address exhaustion since it’s a completely new version of IP
It was designed to have a significantly larger address space (approximately 2¹²⁸ addresses) and more simplified headers to improve processing of packets
Routers will never fragment as packets are dropped and error messages are sent to the sender (every IPv6 host is required to use path MTU discovery to avoid fragmentation)

Question 51

Q

Solving address exhaustion

Answer

A

The entire range of usable IPv4 addresses has now been depleted, despite the mitigating efforts of CIDR and NAT
CIDR has simply extended the time before exhaustion by around 3 years
As a result, IPv6 is being developed and most ISPs are deploying it

Issues with CIDR:
- It is no longer possible to determine by looking at the first octet to determine how many bits of an IP address represent the network ID and how many the host ID

Issues with NAT:

In the private network, the NAT becomes the endpoint meaning that the device knows only its private IP address, which can’t be accessed from the internet (effectively breaking the end-to-end principle, which is key in the development of new applications)
An issue of compliance, developers have to use port 80 (the HTTP port) to work around NATs. However, reuse of this port makes applications process traffic through that port, which makes said traffic appear as basic web browsing, which is infringing.

Issues with IPv6 deployment:

Cost: it’s expensive as several software upgrades may be required, since the majority of systems won’t have IPv6 support
Lack of demand: consumers don’t care about the protocol, just accessibility to content and services, therefore there is no ability for ISPs to charge for them

Question 52

Q

UDP

Answer

A

Stands for User Datagram Protocol
If a node wants to send UDP data, it first creates a socket, then sends the data to that socket
If a node wants to receive UDP data, it first creates a socket on an address that is known by the node that will send the data, then reads the data from that socket
UDP layers are thinner than TCP

Question 53

Q

WPA-PSK

Answer

A

Works by firstly configuring a password, between 8 and 63 characters
This password derives a key, depending on the access point
Using this key, the host device can then be authenticated in the access point
Every device on the network shares the same password and as a result, share the same key

Question 54

Q

WPA Enterprise

Answer

A

Each user self-authenticates via a server (usually a RADIUS one)
RADIUS server authenticates users by account certificates
Each device each has its own password
Works by assigning a long encryption key to each connected device
The key is not visible as it’s only created when a user presents their login credentialst

Question 55

Q

Wi-Fi Protected Setup

Answer

A

A wireless network standard that attempts to make it easier for wireless devices to connect to a router
Only works with networks that are encrypted with a WPA-PSK key
Works by two ways:
1) Pressing a dedicated WPS button on the router and then on the device, which allows the device to connect without the need for a password
2) Using an eight-digit pin that is generated by the router
However, the pin is easy to hack via brute force attack
This is because the pin is stored in two blocks of four digits, thus the first block can be brute-forced (there would only be 10000 possiblilities) and the second block can be done the same way

Question 56

Q

Carrier Sense

Answer

A

The wire is listened to in order to determine whether there is a signal passing along it
A frame cannot be transmitted if the wire is in use

Question 57

Q

Multiple access

Answer

A

Allows multiple devices to share the same amount of wire to transfer data between themselves

Question 58

Q

CSMA/CA

Answer

A

Stands for carrier sense multiple access with collision avoidance
Used in WiFi
1) In wireless networks, there is no way for the sender to detect collisions the same way CSMA/CD does since the sender is only able to transmit and receive packets on the medium but is not able to sense data traversing that medium
2) Should the control message collide with another control message from another node, it means that the medium is not available for transmission and the back-off algorithm needs to be applied before attempting retransmission

Question 59

Q

Hidden host problem

Answer

A

A situation where a host can communicate with a central host, but can’t communicate with other nodes that are communicating with that central host
Therefore, collisions can’t be detected between hosts that transmit to the central node
Can be addressed using RTS/CTS

Question 60

Q

RTS/CTS

Answer

A

Stands for Request to Send/Clear to Send
When a host wants to transmit data to another host, it sends out an RTS packet
The receiving host then replies with a CTS packet
Both the RTS and CTS pakets contain a duration field, which designates a time period for the transmission to occur
Every other host will see the CTS packet, therefore will wait to send anything until after the transmission completes
The ACK flag of the receiving host is then set to visible
Other hosts can now send data again
Is optional because is not required in every situation
Problem: extra latency

Question 61

Q

MTU

Answer

A

Stands for Maximum Transmission Unit
Is the size of the largest packet that can be transferred in a single network layer transaction

Question 62

Q

Path MTU

Answer

A

The smallest MTU for the entire path travelling from source to destination

IPv4:
- A datagram not larger than the path MTU will not get fragmented
- MTU Discovery works by sending variously sized datagrams with DF set, and monitors the errors returned
- When a datagram reaches the destination with no fragmentation error we have found a lower bound for the path MTU
- This bound is approximate as the network is dynamic and paths may change
- We can send segments of decreasing size, starting with the minimum of the MSS of the sender and the MSS announced by the other end, or 536 if the other end did not give an MSS and with the IP flag DF set
- If an ICMP error “fragmentation needed but DF set” happens during a TCP connection, the congestion window should stay as it is and initiate a slow start
- It’s important to allow ACKs to come through again so the window backs off
IPv6:
- Does not support fragmentation, and as a result doesn’t support DF
- Path MTU discovery is required
- Any device along the path whose MTU is smaller than the packet will drop the packet and send back an ICMPv6 Type 2 message, allowing the source host to reduce its Path MTU appropriately
- The process is repeated until the MTU is small enough to traverse the entire path without fragmentation

Question 63

Q

Issues with path MTU discovery

Answer

A

A router can generate and send an ICMP message, but the ICMP message gets blocked by a router or firewall between this router and the sender
A router can drop a packet and not send an ICMP message (not very common)
A router can generate and send an ICMP message, but the sender ignores the message (not common)

Question 64

Q

Fragmentation

Answer

A

The breaking of packets into smaller pieces
This is done so that the resulting pieces can pass through a link with a smaller MTU than the original packet size
Otherwise it is discarded

Answer 65

A

Version (4 bits)
Header length (4 bits)
Type of service (8 bits)
Total length (16 bits)
Identification (16 bits)
Flags (3 bits)
Fragment offset (13 bits)
Time to live (8 bits)
Protocol (8 bits)
Checksum (16 bits)
Source address (32 bits)
Destination address (32 bits)
Header options (Varies)
Data

Answer 66

A

There is a small increase in CPU and memory overhead in order to fragment an IPv4 datagram
If one fragment of an IPv4 datagram is dropped, then the entire original IPv4 datagram must be resent, and it is also fragmented

Answer 67

A

Contains the number 4, representing in 4 bits (0100) and is needed to know how to interpret different packets

Answer 68

A

Contains the length of the IP header
The bits specify the number of 32-bit words in the header
Is required because the end of the header needs to be distinguished from the optional fields

Answer 69

A

Specifies to routers how the datagram should be handled and request a route that has optimal throughput and reliability
Bits 5,6,7 are labelled as “Precedence”, denoting the priority of the datagram
The second field, labeled “TOS”, denotes how the network should compromises between throughput, delay and reliability
The first field is unused and and set to zero
Usually used for QoS purposes

Answer 70

A

Define the entire packet size in bytes, including header and data
The minimum size is 20 bytes (header without data), and the maximum is 65535 bytes
Is required so the machine knows when the current packet ends so it can start processing the next

Answer 71

A

Used to uniquely identify a group of fragments of a single IP datagram for a given source address, destination and protocol
Works in support of fragmentation and reassembly
When an IP datagram is fragmented:
1) Each fragmented datagram is assigned the same identification number
2) This ID number is useful when reassembling fragmented datagrams
3) It helps to identify which IP datagram, the fragmented datagram belongs to

Answer 72

A

Bit 0: Reserved, has to be zero
Bit 1: DF (Don’t fragment)
Bit 2: MF (More fragment)
- These flags are used to control or identify fragments

If DF is set to zero, it grants permission to intermediate devices to fragment the datagram if needed
If DF is set to one:
1) It indicates the intermediate devices not to fragment the IP datagram
2) If network requires the datagram to be fragmented to travel further but settings does not allow its fragmentation, then it is discarded
3) An error message is sent to the sender saying that the datagram has been discarded
If MF is set to zero, it tells the receiver that the current datagram is either the last fragment in the set or that it is the only fragment
If MF is set to one:
1) It tells the receiver that the current datagram is a fragment of some larger datagram
2) More fragments follow
3) The MF bit on every fragment except the final one is set to 1

Answer 73

A

Specifies the offset of a particular fragment relative to the beginning of the original unfragmented IP datagram
The first datagram has an offset of zero, which allows a maximum offset of 65528 bytes (calculated by (2¹³ - 1) x 8), which exceeds the maximum IP packet length if the header length is included (the offset would then be 65548 bytes)

Answer 74

A

Helps prevent datagrams from looping around during routing
Indicates the maximum number of hops a datagram can take to reach the destination
The value of TTL is decremented by 1 when:
1) The datagram takes a hop towards the destination
2) The datagram takes a hop to any intermediate device (such as a router)
If the TTL value becomes zero, the datagram is discarded and an ICMP Time Exceeded message is sent back to the source address

Answer 75

A

Tells the network layer at the destination host which protocol the IP datagram belongs to
Protocol number of TCP is 6 and UDP is 17

Answer 76

A

Detects corruption in the header of IPv4 packets
If there is no corruption, the result of summing the entire IP header, including checksum, should be zero

Answer 77

A

The IPv4 address of the sender of the packet

Answer 78

A

The IPv4 address of the receiver of the packet

Answer 79

A

Allows for extensions that are not present in the original datagram specification, such as security
They are not used often
They must be considered if the header length is more than 5 bits

Answer 80

A

Version (4-bit)
Traffic class (8 bits)
Flow label (20 bits)
Payload length (16 bits)
Next header (8 bits)
Hop limit (8 bits)
Source address (128 bits)
Destination address (128 bits)

Answer 81

A

Contains the number 6
Same size as its IPv4 equivalent but has limited use,

Answer 82

A

Indicates the class or priority of the IPv6 packet
Holds two values
The 6 most significant bits hold the DS field, which is used to classify packets
The remaining 2 bits are used for ECN

Answer 83

A

Allows routers to recognise packets in a single flow and treat them identically
Flow = group of packets
If the flow label = 0, then the packet does not belong to any flow
For default router handling, the flow label is set to zero

Answer 84

A

Contains the length of the data field in octets, including any extension headers and the upper layer of the PDU (Protocol Data Unit)
For payload lengths greater than 65535 bytes, the field is set to zero and a “jumbo payload” option is used
Needed to identify when the packets starts and ends

Answer 85

A

Indicates type of the first extension headers if present, immediately following the IP6 header, or indicates the protocol in the upper layer PDU

Answer 86

A

Decrements by one, by each node that forwards a data packet
If the field is decremented to zero, then any remaining packets are discarded
The main purpose of this field is to identify and discard packets that are stuck in an infinite loop as a result of routing errors

Answer 87

A

Contains the address of the original source of the packet
Four times larger than its IPv4 equivalent

Answer 88

A

Contains the address of the final destination of the packet
Four times larger than its IPv4 equivalent

Answer 89

A

Version
1) Is in IPv6 but with a different number (6 instead of 4)
Header Length
1) Is removed in IPv6
2) IPv6 does not have a header length field because the IPv6 header is always a fixed length of 40 bytes
3) IPv4 has a header option field therefore actual header size varies
4) In IPv6, each extension header is either a fixed length or indicates its own length
Type of Service
1) Is replaced by the IPv6 Traffic Class field
Total Length
1) Is replaced by the IPv6 Payload Length field, which indicates only the size of the payload
Identification, flags and fragment offset fields
1) Are removed in IPv6
2) Fragmentation information is not included in the IPv6 header
3) This info is instead contained in a fragment extension header
Source and destination address
1) These fields are the same except that IPv6 addresses are 128 bits in length
Checksum
1) Removed in IPv6
2) This happens higher up in the header
Options
1) Removed in IPv6
2) IPv6 extension headers replace them

Answer 90

A

If the node cannot connect directly connect to its destination, this means that the destination is in a non-local network
As a result, the node will send the packet to a gateway which decides how to route the path of the data to the correct destination

Answer 91

A

If the destination node is on a network local to the host, then it can send packets directly

Answer 92

A

An implementation of IP routing
Uses a routing table to select the next destination for a datagram
If multiple destinations match, the route with the longest subnet mask is chosen
If multiple routes have the same subnet mask, the route with the lowest metric is used
Algorithm states given a destination IP address D and network prefix N:
1) if(N matches a directly connected network address) {Deliver datagram to D over that network link;}
2) else if(The routing table contains a route for N) {Send datagram to the next-hop address listed in the routing table;}
3) else if(A default route exists) {Send datagram to the default route;}
4) else{Send a forwarding error message to the originator;}

Answer 93

A

A collection of connected IP routing prefixes under the control of a single administrative entity/domain, each has a routing protocol to direct packets within (IGP)

Answer 94

A

Each router computes distance between itself and each possible destination i.e. its immediate neighbors
The router share its knowledge about the whole network to its neighbors and accordingly updates table based on its neighbors
The sharing of information with the neighbors takes place at regular intervals
From this, it computes its own vectors of distances
Simple to use, but some protocols have a problem with slow convergence

Answer 95

A

Determines the best route for data packets based on cost
Each router shares knowledge of its neighbors with every other router in the network
A router sends its information about its neighbors to all the routers through flooding
Information sharing takes place only whenever there is a change
Using this information, the protocol computes maps
However, flooding could cause infinite looping which in turn, can be solved using TTL

Answer 96

A

If there are changes to the network routing (for example, due to a broken link), then it requires many intermediate transfers of information to adjust to the route changes

Answer 97

A

Stands for Address Resolution Protocol
Inhibit the sending of new TCP segments when new outgoing data arrives from the user if any previously transmitted data on the connection remains unacknowledged
ARP process:
1) An Ethernet broadcasts an ARP request packet to all the machines on the LAN and asks if any of the machines know they are using that particular IP address
2) When a machine recognizes the IP address as its own, it sends a reply so ARP can update the cache for future reference and proceed with the communication
3) The machines that don’t recognise the IP address as their own simply discard the packet

Answer 98

A

If a new machine joins the network or changes its IP it may send an ARP reply despite not being asked, all machines on the local network can read any ARP request and modify their own ARP caches
It is sent as a broadcast, as a way for a node to announce or update its IP to MAC mapping to the entire network

Answer 99

A

Stands for Domain Name System
Main function is to translate domain names into IP Addresses, which computers can understand
They eliminate the need for humans to memorise IP addresses
Advantageous to use local DNS servers even forlhe local DNS server may have already looked up the domain name, therefore there’s no point wasting time in looking it up again

Answer 100

A

The root of the tree is called . (dot) and this label is currently managed by the Internet Corporation for Assigned Names and Numbers (ICANN)
A Top Level Domain is a registry entity and its name is the name of the group to which its member-names are registered (for example, .com)
A Second Level Domain (directly under TLD) is commonly used to refer to the organisation that registered the domain name. It has a maximum letter length of 63 and can’t start or end with hyphens
A Subdomain is part of the main domain (for example, www)
Management is delegated to make

Answer 101

A

Labels under uk are managed by Nominet, the UK’s domain name registry
Labels under ac.uk are managed by Jisc, a digital service provider for UK-based educational institutions
Labels under bath.ac.uk are managed by University of Bath
Labels under cs.bath.ac.uk are managed by University of Bath’s Department of Computer Science

Answer 102

A

Running down the DNS tree sending SOA requests until the authority responsible for the host can return the IP or an error message
Sends request to local server
If nothing is returned, then send to a higher level
Example: for the link news.bbc.co.uk
1) Look up who runs the uk label
2) Look up who runs the co.uk label
3) Look up who runs the bbc.co.uk label
4) Look up who runs the news.bbc.co.uk label

Answer 103

A

Provides the domain name associated with a particular IP address
Configured by determining PTR records in a DNS server
The process involves searching domain name registry and registrar tables
A PTR record usually represents the IP entered backwards, followed by an in-addr.arpa entry
Example of use is tracking down a user sending spam emails

Answer 104

A

Full transfer of data is not guaranteed
Unreliable protocols are appropriate for tasks where the speed of data delivery takes precedence over the accuracy of it, such as video streaming

Answer 105

A

A signal goes out automatically without determing whether the receiver is ready, or even whether a receiver exists
In other words, there are no prior arrangements for sending data between endpoints
This type of protocol is considered unreliable
Example of CLP is UDP

Answer 106

A

Data communication is established in which the endpoint devices use a set of preliminary protocols to establish end-to-end connections
This type of protocol is considered reliable
Example of COP is TCP

Answer 107

A

An endpoint of a communication
A 16-bit integer

Answer 108

A

A temporary communication hub used for IP communications
It is created from a set range of port numbers by the IP software and used as an end client’s port assignment in direct communication with a well-known port used by a server
These are only valid for the duration of the communication session, and are free for reuse after the communication completes

Answer 109

A

A port number that is reserved for common applications and privileged services (such as admin purposes)
Ports 0-1023 are assigned by Internet Assigned Numbers Authority (IANA)
Examples include:
1) Port 80: HTTP server
2) Port 21: File Transfer Protocol
3) Port 25: SMTP

Answer 110

A

A term referring to an Ethernet data link header and trailer, plus the data encapsulated between the header and trailer
Has five fields

Answer 111

A

6 bytes
Contains the MAC address of the machine where data is coming from
As Source Address is always an individual address (Unicast), the least significant bit of first byte is always 0

Answer 112

A

6 bytes
Contains the MAC address of the machine for which the data is travelling to

Answer 113

A

2 bytes
Indicates the type of the next layer up

Answer 114

A

Between 46 and 1500 bytes
The place where actual data is inserted, also known as payload
Both IP header and data will be inserted here if IP is used over Ethernet
Needs to be at least 46 bytes since the frame must be long enough to detect a collision
If the data length is less than 46 bytes, then 0’s are added as padding to meet the minimum length

Answer 115

A

4 bytes
Contains a 32-bit hash code of data, which is generated over the other fields
If the checksum computed by destination is not the same as sent checksum value, data received is corrupted

Answer 116

A

Stands for Internet Protocol Security
Authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an IP network
Consists of three components: ESP (Encapsulating Security Payload), Authentication Header (AH) and Internet Key Exchange (IKE)
ESP provides data integrity through hash functions and confidentiality through encryption protection for IP packets, and only authenticates the payload
AH ensures connectionless integrity by using a hash function and a secret shared key in the AH algorithm, and authenticates the entire packet except for any mutable fields
IKE negotiates a key to deliver a secret key for the ESP and AH to work as well as sets up a security association (SA) in the IPsec protocol suite
Is good to use in that it allows TCP and UDP to be layered transparently on top of IPSec

Answer 117

A

There is an overhead at the first connection
Difficult to set up
Not as flexible as equivalent protocols such as TLS

Answer 118

A

A private network that connects remote sites or users together over a public network
Allows a device to appear if it’s in a different location or network through tunnelling
Data encryption is added into the tunnel for the VPN to provide extra security as well as privatisation of a connection
Motivations for using a VPN include:
1) Accessing internet content that is otherwise restricted due to location or censorship
2) Businesses needing to access resources from outside its network
3) To improve privacy by hiding the IP address from the ISP, since all activity would be routed through a VPN server

Answer 119

A

One protocol layers over another so the lower protocol can move the upper protocol transparently over a network that doesn’t typically carry the upper protocol

Answer 120

A

A VPN prioritises security (i.e., hiding the IP address and encryption of data), meaning that data has to travel more which can have an effect on speed
Despite hiding internet activity from the ISP, this data is still accessible to the VPN provider
Some VPN providers have limits on data usage, therefore there ia a financial charge for increasing that limit

Answer 121

A

Stands for Transport Layer Security
A stateful connection is established via a handshake to authenticate the connection and generate a session key
This session key is then used to encrypt any data being transferred through the connection
During the handshake, the server provides a digital certificate as a form of identification
The cerfiticate provides three details that allow authentication: the server name, some certificate authority and the server’s public encryption key
The session key is then generated and the handshake is concluded
Once this happens, the secured connection begins which is encrypted and decrypted with the session key until the connection closes

Answer 122

A

There are several overheads:
1) Encryption or decryption data creates overhead after every packet
2) Setup messages and certificate validation creates overhead per connection
3) Data expansion that occurs in the encryption process creates an overhead for every packet it happens in
The programmer needs to have strong understanding of how to set up the handshake connection

Answer 123

A

A security device that sits between a private network and the wider Internet, acting as a gateway
Decides whether to allow or block specific traffic based on a defined set of security rules
There are three common types of firewall: packet filters, application layer firewalls and application proxies
Most firewalls are software-based, but there is specialist hardware available

Answer 124

A

Works in data link, network and transport layers
Inspects packets as they are transferred
Makes decisions on incoming and outgoing packets based on ports, protocols and the addresses of source and destination
One of three decisions are made on these packets:
1) The firewall allows the packet to pass through
2) The firewall silently discards the packet
3) The firewall rejects the packet and generates an ICMP notification for the sender

Answer 125

A

Use a series of configured policies to determine whether to block or allow communications to or from an application
Typically works in the application layer
Different from traditional packet filters in that filters are applied by process rather than by port or protocol
Application firewalls can be either active or passive:
1) Active firewalls actively inspect all incoming requests against known vulnerabilities such as SQL injections. Only requests deemed as “clean” are passed to the applications
2) Passive firewalls inspect all incoming requests against known vulnerabilities, but they don’t actively reject or deny those requests if a potential attack is discovered

Answer 126

A

Pros of packet filtering:

1) They are fast, as they perform fewer evaluations
2) They are efficient, as just a single rule is able to help protect an entire network

Cons of packet filtering:

1) They are more susceptible to vulnerabilities, since they don’t inspect the payload of packets
2) They can be complex to configure

Pros of application filtering:

1) They are generally more secure, as they thoroughly inspect packet headers and data before distribution
2) They provide detailed logs of what the user is sending, allowing another way of monitoring network safety

Cons of application filtering:

1) Inbound data is processed by the application and by its proxy, as a result they are slower then picket filters
2) The logs produced by the firewall can be memory-intensive

Answer 127

A

The protection and hiding of personal information from third parties

Answer 128

A

The verification of a user that is requesting to connect to the network
Usually completed with a username and password

Answer 129

A

0 voltage for 0 bit, 1 voltage for 1 bit
In principle, this is simple but there are problems:
1) It is not possible to do carrier sense since a zero-stream looks exactly the same as an empty network
2) Electrically it’s bad because a steady stream of 1 bits is basically a stream of 1V, which can destroy the wire the bits are travelling through

Answer 130

A

Splits each bit period into two, and ensures that there is always a transition between the signal levels in the middle of each bit
The encoding of each data bit is either low then high, or high then low, for equal time
A 0 bit is represented by a low to high transition
A 1 bit is represented by a high to low transition
The main advantage of Manchester encoding is the fact that the signal synchronizes itself, this minimizes the error rate and optimizes reliability
The main disadvantage is the fact that this encoding doubles the frequency of the signal to 20 Mhz and can’t be used with 100Mb/s Ethernet rates

Answer 131

A

Prevents bits from drifting out of step

Answer 132

A

Stands for Multi Level Transit
Like Manchester, transitions are used to encode bits
Cycles sequentially through 4 transitions: -1 to 0, 0 to 1, 1 to 0, 0 to -1
A transition encodes a 1 bit while a non-transition encodes a 0 bit
Used in conjunction with 4B5B, whose translations ensure that every set of 5 has a minimum of two transitions in order for the voltage to balance out to 0V

Answer 133

A

Groups 4 data bits into 5 physical bits for transmission
There is an issue of 25% more bits being required to send the same amount of information
Used in conjunction with MLT-3 for Ethernet to mitigate this

Answer 134

A

Stands for Asymmetric Digital Subscriber Line
Allows faster data transmission over copper telephone lines than a conventional voiceband modem can provide
Analogue telephone lines are capable of more than just voice communications but are limited to maximum speed of 56kb/s, and all frequencies are filtered out unless they fit into the range 300-3300Hz
Data transfer rate depends Increasing wire length decreases bandwidth
Is asymmetric in that available bandwidth is divided with a larger chunk for downloading and a small one for uploading

Answer 135

A

The economic infeasibility of connecting every building to a telephone exchange using optical fibre

Answer 136

A

Stands for Universal Coded Character Set
Uses 31 bits to represent a character
Contains over 136000 abstract characters, and each is identified through a unique name and a sequence of integer numbers called the code point
This allows the representation of many languages and scripts

Answer 137

A

A character in UTF-8 can be from 1 to 4 bytes long and can represent any character in the Unicode standard
This allows ASCII values to be represented in UCS-compatible form since single bytes in the range 0-127 map directly to Unicode code points in the ASCII range
Is more compact than UTF-16 and doesn’t suffer from the same endianness issues as other UCS encodings

Answer 138

A

Different encodings have different ways of interpreting bits
To ensure consistency on what these bits mean, they have to be translated so the original result is maintained
However, there is an issue of interpreting and changing bits that should not be changed

Answer 139

A

Two armies A and B, each led by a different general, are preparing to attack a city C
The armies are encamped near the city, each in its own valley
A third valley separates the two hills, and the only way for the two generals to communicate is by sending messengers through the valley
Unfortunately, the valley is occupied by C’s defenders and there’s a chance that any messages could be intercepted
A sends a message to B, stating the time they want to attack at dawn
It is required that the two generals have their armies attack the city at the same time in order to succeed, else A will fail the attack if they are alone
B has to send an ACK to A to confirm that they agree with the time
However, there is a possibility of the ACK being intercepted and A may not receive it
Because the ACK receipt can be lost as easily as the original message, a potentially infinite series of messages is required to come to consensus

Answer 140

A

Used by TCP to avoid the Two Generals Problem
The sender starts a retransmission timer when sending a packet to some receiving host
The timer stops when the receiver sends an ACK back
If the timer expires before this, a timeout occurs, the timer is reset and the segment is retransmitted
If the network slows down (there is less bandwidth as a result of heavy traffic), then the RTT should increase

Answer 141

A

RTT = αRTT + (1 − α)M
M = actual round trip time
α = some smoothing factor

Answer 142

A

Also known as silly window syndrome
Caused by poor TCP implementation
A serious problem can arise when the sending application program creates data slowly, the receiving application program consumes data slowly, or both
If a server with this problem is unable to process all incoming data, it requests that its clients reduce the amount of data they send at a time
If the server continues to be unable to process all incoming data, the window size shrinks and it can shrink to such an extent where the data being transmitted is smaller than the TCP Header
Since there is a certain amount of overhead associated with processing each packet, the increased number of packets means increased overhead to process a decreasing amount of data

Answer 143

A

Nagle’s Algorithm if SWS is created by the sender
Clark’s solution if SWS is created by the receiver

Answer 144

A

Inhibits the sending of new TCP segments when new outgoing data arrives from the user if any previously transmitted data on the connection remains unacknowledged
Improves the efficiency of TCP/IP networks by reducing the number of packets that need to be sent over the network
Works by combining a number of small outgoing messages (known as tinygrams) and sending them all at once in one large segment
As long as there is a sent packet for which the sender has received no acknowledgment, the sender should keep buffering its output until it has a full packet’s worth of output, thus allowing output to be sent all at once
Nagle and SWS fit together naturally, because when window scaling is in effect, “small” can’t be smaller than the window scale size

Answer 145

A

The receiver should not send a window update for 1 byte
The receiver should wait until it has a decent amount of space available or is half empty
The receiver should then advertise that window size to the sender

Answer 146

A

ARP, could pretend to be someone else therefore can be broken
DNS, fake websites (e.g. bank)

Brainscape's Knowledge GenomeTM

Networking Flashcards

Brainscape's Knowledge Genome^TM