OSI Model and Network Protocols Flashcards

1
Q

Describe Layer 1 (Physical) in the OSI Model

A

This layer deals with the hardware of networks such as cabling. It defines the mechanical and electrical standards of interface devices and the types of cables used to transmit digital signals (e.g. optical fiber, coaxial cable, wireless, etc.).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Describe Layer 2 (Data Link) of the OSI Model

A

This layer receives data from the physical layer and compiles it into a transform form called framing or frame. The principal purpose of this layer is to detect transfer errors by adding headers to data packets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Describe layer 3 (Network) of the OSI Model

A

This is the most important layer of the OSI model, which performs real time processing and transfers data from nodes to nodes. Routers and switches are the devices used for this layer that connects the notes in the network to transmit and control data flow.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Describe Layer 4 (Transport) of the OSI Model

A

The transport layer works on two determined communication modes: Connection oriented and connectionless. This layer transmits data from source to destination node. This layer includes TCP, responsible for reliable and correctly ordered packets, congestion control and others.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Describe Layer 5 (Session) of the OSI Model

A

This layer allows users on different machines to establish active communications sessions between them. It is responsible for establishing, maintaining, synchronizing, terminating sessions between end-user applications. Session Layer, which is the 5th layer in the OSI model, uses the services provided by The transport layer, enables applications to establish and maintain sessions and to synchronize the sessions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Describe Layer 6 (Presentation) of the OSI Model

A

Within the service layering semantics of the OSI network architecture, the presentation layer responds to service requests from the application layer and issues service requests to the session layer through a unique presentation service access point (PSAP).

The presentation layer ensures the information that the application layer of one system sends out is readable by the application layer of another system. On the sending system it is responsible for conversion to standard, transmittable formats. On the receiving system it is responsible for the translation, formatting, and delivery of information for processing or display.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Describe Layer 7 (Application) of the OSI Model

A

This layer provides several ways for manipulating the data (information) which actually enables any type of user to access network with ease. This layer also makes a request to its bottom layer, which is presentation layer for receiving various types of information from it. The application layer is actually an abstraction layer that specifies the shared protocols and interface methods used by hosts in a communication network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Name common protocols in Layer 1 of the OSI model

A

Bluetooth, IEEE.802.11, IEEE.802.3, L431 and TIA 449, PON, OTN, DSL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Name common protocols in the Data Link OSI Layer

A

802.1x, EAPOL, CDP, Spanning Tree Protocol, Token Ring, ARP, CSLIP, HDLC, IEEE.802.3, PPP, X-25, SLIP, ATM, SDLS and PLIP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Name common protocols in the Network OSI layer

A

ICMP, IPSec, OSPF, EIGRP, IPV4/6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Name common protocols in the Transport OSI Layer

A

TCP, UDP, Variations thereof.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Name common protocols in the Session OSI Layer

A

NETBios, SOCKS, RTCP, PPTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Name Common Protocols in the Presentation OSI Layer

A

SSL, HTTP, FTP, AppleTalk Filing Protocol, Telnet, SSH

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Name common protocols in the application layer

A

HTML, Markdown, FTP, SNMP, DNS, NFS, POP - all the good ones.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Describe CDP

A

CDP is a layer 2 protocol that is used by Cisco and CDP compatible hardware to inform hardware ‘neighbours’ of information that may include: operating system version, hostname, every address (i.e. IP address) from all protocol(s) configured on the port where CDP frame is sent, the port identifier from which the announcement was sent, device type and model, duplex setting, VTP domain, native VLAN, power draw (for Power over Ethernet devices), and other device specific information - it can also include routing information, to save normal routing packets being sent

this information can be queried via SNMP and the CDP ‘show cdp neighbors’ command on Cisco hardware.

CDP sends data out to a ‘multicast’ MAC address - 01:00:0c:cc:cc:cc

yersinia causes DoS
- Simply sending CDP packets with bogus data simulating real Cisco devices. The target device will begin to allocate memory in its CDP table to save the new neighbor information, but without knowing that it is going to have thousands or millions of new friends.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Describe STP

A

The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. As the name suggests, STP creates a spanning tree that characterizes the relationship of nodes within a network of connected layer-2 bridges, and disables those links that are not part of the spanning tree, leaving a single active path between any two network nodes.

  • no authentication
  • can manipulate process to cause constant reconfiguration state, leading to a dos
  • flood network with BPDU (update packets) leading the network to constantly reconfigure itself
  • yersinia

Taking over a root bridge is probably one of the most disruptive attacks. By default, a LAN switch takes any BPDU sent from Yersinia at face value. Keep in mind that STP is trustful, stateless, and does not provide a solid authentication mechanism. The default STP bridge priority is 32768. Once in root attack mode, Yersinia sends a BPDU every 2 sec with the same priority as the current root bridge, but with a slightly numerically lower MAC address, which ensures it a victory in the root-bridge election process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Describe the VLAN 802.1q protocol

A

A protocol used to segregate networks into smaller logical chunks by ensuring ethernet packets are ‘tagged’ with a 4 byte VLAN ID, it supports up to 4096 VLANS. The VLAN tag is inserted between the source MAC address and the Type/Length fields in the Ethernet frame

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Describe 802.1x

A

allows authentication via credentials of a device accessing the network, prevents wider network access prior to authentication.

Take user credentials provided by the client device to the switch/whatever, and forwards it on to a RADIUS server where authentication can be verified.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Describe the difference between Distance vector and link state routing protocols

A

Distance vector protocols can measure the distance—called hops—it takes data to arrive at its destination within a system or application. The number of hops refers to the specific number of routers the data may run through before reaching its ultimate destination.

Link state protocols also find the best routing path and also share information with nearby routers. However, they calculate the speed and the cost of resources associated with each potential path. For example, if a route is longer, it may cost more for the data to be copied additional times. Link state routers are updated from all the routers in the entire network by passing information from router to nearest router.

Rather than continuously broadcast its routing tables as does a distance vector protocol, a link state protocol router only notifies its neighboring routers when it detects a change.

20
Q

subnet mask of a Class A network?

A

/8 or 255.0.0.0

21
Q

subnet mask of a Class B network?

A

/16 or 255.255.0.0.

22
Q

Subnet mask of a Class C network

A

/24 or 255.255.255.0

23
Q

first octet of class A network?

A

1 to 126

24
Q

first octet of class B network?

A

128 to 191

25
Q

first octet of class C network?

A

192 to 223

26
Q

first octet of class D network?

A

224 to 239

27
Q

first octet of class E network?

A

240 to 254

28
Q

link-local IPV4 addresses subnet

A

169.254.0.0/16

29
Q

IPv6 link local subnet?

A

fe80::/10

30
Q

bits in IPv6?

A

128

31
Q

bits in IPv4?

A

32

32
Q

number of hosts in /25?

A

126

33
Q

number of addresses in /28

A

16

34
Q

number of addresses in /22

A

512

35
Q

number of hosts in a /28

A

14 - 1 reserved for broadcast, 1 reserved for network address

36
Q

Name protocols used with 802.1x to secure credentials sent over the network

A

EAP-TLS,
PEAP-MSCHAPV2,
EAP-TTLS/PAP

37
Q

Describe VTP

A

VLAN TRunk Protocol
Cisco proprietary protocol
used to propagate VLAN information through the network.
can be sent over 802.1Q, and ISL trunks.

Using VTP, each Catalyst Family Switch advertises the following on its trunk ports:

  • Management domain
  • Configuration revision number
  • Known VLANs and their specific parameters

Yersinia has DoS for VTP, and potentially can be used to add or remove VLANS
- A malicious hacker exploits VTP to his advantage by connecting into a switch and establishing a trunk between his computer and the switch. (See the earlier “VLAN Hopping” section for more on establishing a trunk.) A malicious hacker then sends a VTP message to the switch with a higher configuration revision number than the current VTP Server but with no VLANs configured. This causes all switches to synchronize with the computer of the malicious hacker, which removes all nondefault VLANs from their VLAN database.

38
Q

Describe HSRP

A

Hot Standby Router Protocol
Cisco proprietary redundancy protocol
The protocol establishes an association between gateways in order to achieve default gateway failover if the primary gateway becomes inaccessible.

The primary router with the highest configured priority will act as a virtual router with a pre-defined gateway IP address and will respond to the ARP or ND request from machines connected to the LAN with a virtual MAC address. If the primary router should fail, the router with the next-highest priority would take over the gateway IP address and answer ARP requests with the same MAC address, thus achieving transparent default gateway failover.

default authentication data (think SNMP key): cisco

  • any HSRP-capable device can advertise a high priority value and take over as the active router.
  • DoS opportunity, maybe MITM - but yersinia isn’t good at it.
  • There are two open-source software tools that you can use to perform a DoS attack: Scapy and Yersinia.

https://andrewroderos.com/attacking-hsrp/

39
Q

Describe VRRP

A
  • The Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol that provides for automatic assignment of available Internet Protocol (IP) routers to participating hosts.
  • layer 2
  • VRRP is an election protocol that dynamically assigns the Virtual IP to one of the routers of the VRRP Group. The Routers operate in a local area network. the Updates are not forwarded beyond the local subnet. Hence it is a layer-2 protocol.
  • A host within the same subnet could just spoof VRRP packets and disrupt service.
  • the master router is the router with the highest self-assigned ‘priority’ value. By creating a VRRP service with a higher priority, an attacker could become the master (primary router)
  • leads to a MITM
  • An attack on VRRP is not just theoretical. A tool called Loki allows you to take over the virtual IP-address and become the master router. This will allow you to create a DoS or sniff all traffic.
40
Q

Describe TACACS+

A
  • Terminal Access Controller Access-Control System (TACACS) refers to a family of related protocols handling remote authentication and related services for networked access control through a centralized server.
  • (TACACS+) is a protocol developed by Cisco and released as an open standard
  • port 49
  • headers not encrypted, body of messages are
  • traffic is encrypted with a pre-shared key + previous message headers
  • PSK is static across all devices with access to that TACACS+ server
  • with enough TACACS+ traffic, you can bruteforce the PSK, as all other components are broadcast in plaintext
  • no integrity checking on encrypted messages
  • result of user authentication sent from TACACS+ server to the device authenticated to is always in the same place
  • if you can get the encryption key using above method, you can then modify the result sent from central TACACS+ server to authenticating device, and use any credentials to auth to the device.
  • can use ‘tacflip’ tool and MITM attack to authenticate with invalid credentials.
41
Q

Describe the difference between CAT5 and Fibre

A

The Ethernet calling usually consists of copper cable so basically cat5e, cat 6, cat 6a consists of Ethernet cabling. Multiple outlets are connected to a patch panel (usually 24 Port but sometimes even 48 port) this panel is connected in turn to a routing mechanism called switch.

Fiber is usually used as a backbone cable. It used to connect multiple switches to each other to provide the high bandwidth required and also overcome the distance limitation posed by copper cable.

There’s a new technology which is in design called fiber to desk. It’s a solution where fiber well directly terminate on the laptop or PC. But fiber is fragile compared to copper cable, hence this tech is still in it’s infancy.

42
Q

Describe 10/100/1000baseT

A

10/100/1000 Base-T An Ethernet connection method using twisted pair cables and operating at 10, 100, or 1000 Mbps. A star connection topology is used with the individual cables terminating at a hub, switch, or router.

43
Q

Describe Token ring

A

Token Ring protocol is a communication protocol used in Local Area Network (LAN). The stations are connected to one another in a single ring. It uses a special three-byte frame called a “token” that travels around a ring. It makes use of Token Passing controlled access mechanism. Frames are also transmitted in the direction of the token. This way they will circulate around the ring and reach the station which is the destination.

basically the network is a circle and all hosts are just connected to the device before and after them in the circle. packets go round the circle until they reach their destination.

44
Q

Describe Wireless (802.11)

A

IEEE 802.11 is part of the IEEE 802 set of local area network (LAN) technical standards, and specifies the set of media access control (MAC) and physical layer (PHY) protocols for implementing wireless local area network (WLAN) computer communication.

IEEE 802.11 uses various frequencies including, but not limited to, 2.4 GHz, 5 GHz, 6 GHz, and 60 GHz frequency bands. Although IEEE 802.11 specifications list channels that might be used, the radio frequency spectrum availability allowed varies significantly by regulatory domain.

45
Q

Describe RIP

A

The Routing Information Protocol (RIP) is one of the oldest distance-vector routing protocols which employs the hop count as a routing metric.

The largest number of hops allowed for RIP is 15, which limits the size of networks that RIP can support.

In RIPv1 routers broadcast updates with their routing table every 30 seconds.

RIP uses the User Datagram Protocol (UDP) as its transport protocol, and is assigned the reserved port number 520.

(MD5) authentication for RIPv2 was introduced in 1997.

46
Q

Describe EIGRP

A

Enhanced Interior Gateway Routing Protocol (EIGRP) is EIGRP is a distance vector & Link State routing protocol that is used on a computer network for automating routing decisions and configuration. The protocol was designed by Cisco Systems as a proprietary protocol.

MD5 and SHA-2 authentication between two routers.

Sends topology changes, rather than sending the entire routing table when a route is changed.

Periodically checks if a route is available, and propagates routing changes to neighboring routers if any changes have occurred.