TCP/IP

Question 1

What is DHCP and How DHCP Works? Dynamic Host Configuration Protocol

Answer 1

DORA - Discover/Offer/Request/Ack

1. DHCPDISCOVER
   It is a DHCP message that marks the beginning of a DHCP interaction between client and server. This message is sent by a client (host or device connected to a network) that is connected to a local subnet. It’s a broadcast message that uses 255.255.255.255 as destination IP address while the source IP address is 0.0.0.0
2. DHCPOFFER
   It is DHCP message that is sent in response to DHCPDISCOVER by a DHCP server to DHCP client. This message contains the network configuration settings for the client that sent the DHCPDISCOVER message.
3. DHCPREQUEST
   This DHCP message is sent in response to DHCPOFFER indicating that the client has accepted the network configuration sent in DHCPOFFER message from the server.
4. DHCPACK
   This message is sent by the DHCP server in response to DHCPREQUEST recieved from the client. This message marks the end of the process that started with DHCPDISCOVER. The DHCPACK message is nothing but an acknowledgement by the DHCP server that authorizes the DHCP client to start using the network configuration it received from the DHCP server earlier.
5. DHCPNAK
   This message is the exact opposite to DHCPACK described above. This message is sent by the DHCP server when it is not able to satisfy the DHCPREQUEST message from the client.
6. DHCPDECLINE
   This message is sent from the DHCP client to the server in case the client finds that the IP address assigned by DHCP server is already in use.
7. DHCPINFORM
   This message is sent from the DHCP client in case the IP address is statically configured on the client and only other network settings or configurations are desired to be dynamically acquired from DHCP server.
8. DHCPRELEASE
   This message is sent by the DHCP client in case it wants to terminate the lease of network address it has be provided by DHCP server.

Now as we know about the various DHCP messages, it’s time to go through the the complete DHCP process to give a better Idea of how DHCP works. Note that the steps mentioned below assume that DHCP functionality is enabled by default on the client side.

Here are the steps :

Step 1: When the client computer (or device) boots up or is connected to a network, a DHCPDISCOVER message is sent from the client to the server. As there is no network configuration information on the client so the message is sent with 0.0.0.0 as source address and 255.255.255.255 as destination address. If the DHCP server is on local subnet then it directly receives the message or in case it is on different subnet then a relay agent connected on client’s subnet is used to pass on the request to DHCP server. The transport protocol used for this message is UDP and the port number used is 67. The client enters the initializing stage during this step.
Step 2: When the DHCP server receives the DHCPDISCOVER request message then it replies with a DHCPOFFER message. As already explained, this message contains all the network configuration settings required by the client. For example, the yaddr field of the message will contain the IP address to be assigned to client. Similarly the the subnet mask and gateway information is filled in the options field. Also, the server fills in the client MAC address in the chaddr field. This message is sent as a broadcast (255.255.255.255) message for the client to receive it directly or if DHCP server is in different subnet then this message is sent to the relay agent that takes care of whether the message is to be passed as unicast or broadcast. In this case also, UDP protocol is used at the transport layer with destination port as 68. The client enters selecting stage during this step
Step 3: The client forms a DHCPREQUEST message in reply to DHCPOFFER message and sends it to the server indicating it wants to accept the network configuration sent in the DHCPOFFER message. If there were multiple DHCP servers that received DHCPDISCOVER then client could receive multiple DHCPOFFER messages. But, the client replies to only one of the messages by populating the server identification field with the IP address of a particular DHCP server. All the messages from other DHCP servers are implicitly declined. The DHCPREQUEST message will still contain the source address as 0.0.0.0 as the client is still not allowed to use the IP address passed to it through DHCPOFFER message. The client enters requesting stage during this step.
Step 4: Once the server receives DHCPREQUEST from the client, it sends the DHCPACK message indicating that now the client is allowed to use the IP address assigned to it. The client enters the bound state during this step.
The Concept of Lease
With all the necessary information on how DHCP works, one should also know that the IP address assigned by DHCP server to DHCP client is on a lease. After the lease expires the DHCP server is free to assign the same IP address to any other host or device requesting for the same. For example, keeping lease time 8-10 hours is helpful in case of PC’s that are shut down at the end of the day. So, lease has to be renewed from time to time. The DHCP client tries to renew the lease after half of the lease time has expired. This is done by the exchange of DHCPREQUEST and DHCPACK messages. While doing all this, the client enters the renewing stage.

Question 2

What is Symmetrical encryption?

Answer 2

Symmetric encryption is a form of encryption where a secret key is used for both encryption and decryption of a message by both the client and the host. Effectively, any one possessing the key can decrypt the message being transferred.

Symmetrical encryption is often called shared key or shared secret encryption.

Symmetric keys are used to encrypt the entire communication during a SSH Session. Both the client and the server derive the secret key using an agreed method, and the resultant key is never disclosed to any third party. The process of creating a symmetric key is carried out by a key exchange algorithm. What makes this algorithm particularly secure is the fact that the key is never transmitted between the client and the host. Instead, the two computers share public pieces of data and then manipulate it to independently calculate the secret key. Even if another machine captures the publicaly shared data, it won’t be able to calculate the key because the key exchange algorithm is not known

Question 3

What is Asymmetric encryption?

Answer 3

Asymmetrical encryption uses two separate keys for encryption and decryption. These two keys are known as the public key and the private key. Together, both these keys form a public-private key pair.

The public key, as the name suggest is openly distributed and shared with all parties. While it is closely linked with the private key in terms of functionality, the private key cannot be mathematically computed from the public key. The relation between the two keys is highly complex: a message that is encrypted by a machine’s public key, can only be decrypted by the same machine’s private key. This one-way relation means that the public key cannot decrypt its own messages, nor can it decrypt anything encrypted by the private key.

The private key must remain private i.e. for the connection to be secured, no third party must ever know it. The strength of the entire connection lies in the fact that the private key is never revealed, as it is the only component capable of decrypting messages that were encrypted using its own public key.

Question 4

What is hashing encryption?

Answer 4

One-way hashing is another form of cryptography used in Secure Shell Connections. One-way-hash functions differ from the above two forms of encryption in the sense that they are never meant to be decrypted. They generate a unique value of a fixed length for each input that shows no clear trend which can exploited. This makes them practically impossible to reverse.

Hash

It is easy to generate a cryptographic hash from a given input, but impossible to generate the input from the hash. This means that if a client holds the correct input, they can generate the crypto-graphic hash and compare its value to verify whether they possess the correct input.

SSH uses hashes to verify the authenticity of messages. This is done using HMACs, or Hash-based Message Authentication Codes. This ensures that the command received is not tampered with in any way.

While the symmetrical encryption algorithm is being selected, a suitable message authentication algorithm is also selected. This works in a similar way to how the cipher is selected, as explained in the symmetric encryption section.

Each message that is transmitted must contain a MAC, which is calculated using the symmetric key, packet sequence number, and the message contents. It is sent outside the symmetrically encrypted data as the concluding section of the communication packet.

Question 5

What is link balancing?

Answer 5

Link balancing is designed to balance the load between the local area network (LAN) and the Internet. A link balancer is usually positioned between the LAN and the WAN (Wide Area Network).

Question 6

Application Protocols

Answer 6

DNS
DHCP
LDAP
HTTP
FTP
TFTP
SNMP
SMTP
POP3
IMAP4
SMB

Question 7

Network Protocols

Answer 7

IP4
IP6
ARP
IGMP
ICMP
IPSec
RIP
OSPF

Question 8

Reverse proxy vs Load Balancer

Answer 8

RP sends client’s request to a particular server, LB distributes traffic across LB

Question 9

What is DNS Failover?

Answer 9

DNS failover helps websites or network services remain accessible in the event of outage. The Domain Name System (DNS) is the protocol used to translate human readable hostnames into IP addresses. By providing two or more IP address in a DNS record, each IP representing an identical server, you can move traffic from a failing server to a live, redundant server.

Question 10

Load balancer fail over strategies?

Answer 10

Two load balancer master and standby, if one fails second one starts getting traffic, both need to be in same physical network with different IP

Another thing which can be done is keeping multiple LBs in different network and one with high routing cost(just a number, which says it takes this much hops to reach to this router) and other will small cost, that way every request is routed to the small one everytime, but when it fails the routers know about it and switch to the high cost one, both have same IP.

Question 11

Types of LB?

Answer 11

L4 and L7. Also remember about SSL VIPs which indicate that the SSL termination happens on LB not on the service

Question 12

Classfull networks

Answer 12

5 classes

A (devices) - Large networks 1st octet for network, rest 3 host
1st bit of the 1st octet is zero, therefore it can range from 0-127
range - 1.0.0.0 to 126.0.0.0

B (devices) - medium networks first two octets for network, rest 2 host
range - 128.0.0.0 to 191.255.0.0

C (devices) - small networks first three octets for network, rest 1 for host
range - 192.0.0.0 to 233.255.255.0

D multicast
E Reserved

Question 13

Types LB failures?

Answer 13

Least connections algo will end up in a black hole situation when every request goes through same server which is failing because of another service dependency

Queuing at LBs when the services are taking long time to serve a request

Question 14

Classless networks

Answer 14

Moves away from classfull networks and introduces subnets with a mask

Question 15

CIDR notation

Answer 15

/24 means first 24 bits of subnet mask is turned on, first 24 bits identify the network and rest identify the host

Question 16

Broadcast IP

Answer 16

Its the last IP address of the network, so in case of 172.16.0.0/24 the last IP is 172.16.0.255 and that is the broadcast IP and similarly 172.16.0.0 is the Network address and these two IP address can’t be used for a device.

Also in general broadcast ip is 255.255.255.255

Question 17

How is broadcast address 255.255.255.255 helpful? Why is it being fixed helpful?

Answer 17

When a new host comes up and doesn’t have a IP address or doesn’t know the IP of network (router), it sends a broadcast message on this IP and waits for the network to respond.

Question 18

Multicast

Answer 18

Multicast is the special IP addresses i.e. Reserved class. Read more about this

Question 19

ARP table command and types of ARP

Answer 19

arp -a
Regular ARP
Gratuitous ARP
Proxy ARP

Question 20

ip route show

route -n

Answer 20

Lists route table information from the system.

Question 21

ICMP

Answer 21

ICMP (Internet Control Message Protocol) is an error-reporting protocol network devices like routers use to generate error messages to the source IP address when network problems prevent delivery of IP packets.

Question 22

Types of ICMP messages (only few imp ones)

Answer 22

■■ Destination Unreachable Messages (Type 3, Code 0–15). Destination
messages consist of messages that inform a host about the reachability
of the destination it is trying to reach. Examples of destination messages include routers that don’t have routes for a destination, a host
that is not running a specific application, or even a host that is not
running a specific upper-layer protocol.
■■ Diagnostic Messages (Type 8, Code 0 and Type 0, Code 0). The most
popular diagnostic message in the ICMP protocol is PING. There are
varying stories of where the term PING came from. Many believe it is
from submarine terminology where one submarine would send an
audible ping and then wait for it to bounce off of another submarine so
the first submarine could determine distance and angle. Another popular definition is that PING stands for Packet Internet Groper. Whatever
the origin, the PING message type is a powerful troubleshooting tool
for IP networks.
■■ Redirect Messages (Type 5, Code 0–4). Redirect messages inform hosts
about the best path to use for reaching a destination host.
■■ Time Exceeded Messages (Type 11, Code 0–1). Chapter 3 contains an
example showing how the Time to Live field in the IP header is used to
prevent a packet from endlessly looping around a network. ICMP notifies you about when the TTL field reaches zero and a packet is dropped.
■■ Informational Messages (Type 12, 13, 14, 15, 16, 17, 18). ICMP contains
a number of informational messages about parameter problems,
lengths, and other information.

Question 23

Can a Host specify don’t fragment incase the datagram is bigger than what needs to be sent?

Answer 23

host has set the Don’t Fragment bit, indicating its wishes to not have its datagrams fragmented. How then, you might ask, does a host know the correct size datagrams to send out onto a network? Hosts can’t possibly know the MTU size of every link on the network. ICMP is used to inform hosts about the correct size they need to use in order to traverse a link. When a router receives a datagram that is too big for it to forward out onto an outgoing link, the router normally fragments the datagram into several small datagrams. When an IP packet has the Don’t Fragment bit set, the router is not allowed to fragment the datagram, so instead it sends back an ICMP Destination Unreachable message with Type 3 and Code 4, indicating that fragmentation is needed but the Don’t Fragment bit was set

Question 24

What happens when routers are configured to allow only certain traffic, what is the response for it?

Answer 24

Routers reply back with Communication Administratively Prohibited (Code 13) ICMP message indicating that a specific protocol isn’t supported, should be carefully enabled or else hackers might have info about routers.

Question 25

At what layer does fragmentation happen?

Answer 25

Network layer based on the MTU (Maximum transmission unit ) defines the largest size of packets (layer 3) that an interface can transmit without the need to fragment. The MTU of an Ethernet connection by default = 1500 bytes. If a system sends packets over an Ethernet network that are larger than 1500 bytes, the data will be fragmented into smaller packets.

Question 26

What is traceroute?

Answer 26

Traceroute is a very useful tool for determining the response delays and routing loops present in a network pathway across packet switched nodes. It also helps to locate any points of failure encountered while en route to a certain destination.

Traceroute uses ICMP messages and TTL fields in the IP header for its operations, and transmits packets with small TTL values. Every hop that handles the packet subtracts “1” from the packet’s TTL. If the TTL reaches zero, the packet has expired and is discarded. Traceroute depends on the common router practice of sending an ICMP time-exceeded message back to the sender when the TTL expires.

By using small TTL values that quickly expire, traceroute forces routers along a packet’s normal delivery path to generate these ICMP messages. These messages also identify the router. A TTL value of “1” should produce a message from the first router; a TTL value of “2” generates a message from the second one, and so on.

Question 27

Routing protocol

Answer 27

A routing protocol specifies how routers communicate with each other to distribute information that enables them to select routes between any two nodes on a computer network. Routers perform the “traffic directing” functions on the Internet; data packets are forwarded through the networks of the internet from router to router until they reach their destination computer. Routing algorithms determine the specific choice of route. Each router has a prior knowledge only of networks attached to it directly. A routing protocol shares this information first among immediate neighbors, and then throughout the network. This way, routers gain knowledge of the topology of the network. The ability of routing protocols to dynamically adjust to changing conditions such as disabled data lines and computers and route data around obstructions is what gives the Internet its fault tolerance and high availability.

The specific characteristics of routing protocols include the manner in which they avoid routing loops, the manner in which they select preferred routes, using information about hop costs, the time they require to reach routing convergence, their scalability, and other factors such as relay multiplexing and cloud access framework parameters. Certain additional characteristics such as multilayer interfacing may also be employed as a means of distributing uncompromised networking gateways to authorized ports.[1] This has the added benefit of preventing issues with routing protocol loops.[2]

Many routing protocols are defined in technical standards documents called RFCs.[3][4][5][6]

Question 28

services provided by the Data Link Layer

Answer 28

Framing & Link access: Data Link Layer protocols encapsulate each network frame within a Link layer frame before the transmission across the link. A frame consists of a data field in which network layer datagram is inserted and a number of data fields. It specifies the structure of the frame as well as a channel access protocol by which frame is to be transmitted over the link.

Reliable delivery: Data Link Layer provides a reliable delivery service, i.e., transmits the network layer datagram without any error. A reliable delivery service is accomplished with transmissions and acknowledgements. A data link layer mainly provides the reliable delivery service over the links as they have higher error rates and they can be corrected locally, link at which an error occurs rather than forcing to retransmit the data.

Flow control: A receiving node can receive the frames at a faster rate than it can process the frame. Without flow control, the receiver’s buffer can overflow, and frames can get lost. To overcome this problem, the data link layer uses the flow control to prevent the sending node on one side of the link from overwhelming the receiving node on another side of the link.

Error detection: Errors can be introduced by signal attenuation and noise. Data Link Layer protocol provides a mechanism to detect one or more errors. This is achieved by adding error detection bits in the frame and then receiving node can perform an error check.

Error correction: Error correction is similar to the Error detection, except that receiving node not only detect the errors but also determine where the errors have occurred in the frame.

Half-Duplex & Full-Duplex: In a Full-Duplex mode, both the nodes can transmit the data at the same time. In a Half-Duplex mode, only one node can transmit the data at the same time.

Question 29

Main functions performed by the network layer are?

Answer 29

Routing: When a packet reaches the router’s input link, the router will move the packets to the router’s output link. For example, a packet from S1 to R1 must be forwarded to the next router on the path to S2.

Logical Addressing: The data link layer implements the physical addressing and network layer implements the logical addressing. Logical addressing is also used to distinguish between source and destination system. The network layer adds a header to the packet which includes the logical addresses of both the sender and the receiver.

Internetworking: This is the main role of the network layer that it provides the logical connection between different types of networks.

Fragmentation: The fragmentation is a process of breaking the packets into the smallest individual data units that travel through different networks.

Question 30

RIP

Answer 30

Routing Information Protocol uses UDP to send routing information between routers BGP, OSPF etc.

Question 31

Internet protocol suite

Answer 31

Application layer
BGP DHCP DNS FTP HTTP HTTPS IMAP LDAP MGCP MQTT NNTP NTP POP ONC/RPC RTP RTSP RIP SIP SMTP SNMP SSH Telnet TLS/SSL XMPP

Transport layer
TCP UDP DCCP SCTP RSVP

Internet layer
IP IPv4 IPv6 ICMP ICMPv6 ECN IGMP IPsec

Link layer
ARP NDP OSPF Tunnels PPP MAC Ethernet Wi-Fi DSL ISDN FDDI