Terminology 3 Flashcards
In an IP header, what is the protocol number for TCP?
6
In an IP header, what is the protocol number for UDP?
17
In an IP header, what is the protocol number for EIGRP?
88
In an IP header, what is the protocol number for OSPF?
89
In an IP header, what is the protocol number for IPv6?
41
In an IP header, what is the protocol number for GRE?
47
In an IP header, what is the protocol number for L2TP (Layer 2 Tunnelling Protocol)?
115
How are ICMP messages carried across a network?
As IP packets - They are encapsulated within IP datagrams.
What does GRE do?
Encapsulates other protocols inside IP tunnels
What are the parts of a GRE header?
Transport IP Header
GRE Header
Passenger IP Packet
What is the minimum overhead GRE adds to tunnelled packets?
24 bytes
What are 3 limitations of IPSec?
Does not support IP broadcast
Does not support IP multicast
Does not support multi-protocol traffic
How can you overcome the limitations of IPSec?
Run GRE over IPSec
What are the two primary security protocols used by IPSec?
Authentication Header (AH)
Encapsulating Security Payload (ESP)
How does AH work?
The sender generates a one-way hash of the whole packet, then the receiver generates the same hash, and compares them.
How much of the packet does AH authenticate?
The whole packet
What are the five components of ESP?
- Confidentiality
- Data Integrity
- Authentication
- Anti-Replay Service
- Traffic Flow Confidentiality
Which 4 cryptographic algorithms are defined for use with IPSec?
- HMAC-SHA1/SHA2 (for integrity and authenticity)
- TripleDES-CBC (confidentiality)
- AES-CBC 128 bit keys (confidentiality)
- AES-GCM ChaCha20-Poly1305 (Confidentiality and Authentication)
How does ESP counter replay attacks?
Use of sequence numbers
What needs to be enabled for ESP to provide traffic flow confidentiality?
Tunnel mode
What two things does the transport layer use port numbers for?
Identify the virtual circuit (source port)
Identify the upper layer process (destination port)
What is the class A usable network range?
1 to 126
That does a network address of all 0s designate?
This network
What is the network address 127 reserved for?
Network diagnostics (loopback)
What does a host address of all 0 s refer to?
This network
What does a host address of all 1s refer to?
All hosts
What does an IP address of 0.0.0.0 signify?
The default route
What does an IP address of 255.255.255.255 signify?
Broadcast to all hosts on the current network
Layer 2 broadcast - where does it go, what is the limit and how is it addressed?
All nodes on a LAN
Won’t go past the LAN boundary (router)
FF:FF:FF:FF:FF:FF
Layer 3 broadcast - where does it go? How are they addressed?
All nodes on the network.
All host bits on.
What is the address range and class for IPv4 multicast?
Class D
224.0.0.0 to 239.255.255.255
What is the APIPA address range?
169.254.0.1 to 169.254.255.254
What are the parts of an IPv6 address, and length (in bits)?
- Routing or Global prefix - 48
- Subnet ID - 16
- Interface ID - 64
IPv6 Address Types:
Unicast
Destined for a single interface
IPv6 Address Types:
Global Unicast
Publicly routable address
IPv6 Address Types:
Link local
Similar to APIPA addresses - not meant to be routable
IPv6 Address Types:
Unique Local
Similar to an IPv4 private address. Unique local can be routed within your organisation
IPv6 Address Types:
Multicast
one-to-many, as in IPv4. Identifiable as they always start FF
IPv6 Address Types:
Anycast
one-to-one of many or one-to-nearest. Only delivered to one address
IPv6 Special Addresses:
0:0:0:0:0:0:0:0
or ::
Source of the host before the host receives an IP address
IPv6 Special Addresses:
0:0:0:0:0:0:0:1
or ::1
Local loopback (127.0.0.1 equivalent)
IPv6 Special Addresses:
0::FFFF:192.168.100.1
How an IPv4 address would be written in a mixed IPv6/IPv4 network
IPv6 Special Addresses:
2000::/3
The global unicast address range allocated for internet access
IPv6 Special Addresses:
FC00::/7
The unique local unicast range
IPv6 Special Addresses:
FE80::/10
The link-local unicast range
IPv6 Special Addresses:
FF00::/8
The multicast range
IPv6 Special Addresses:
3FFF:FFFF::/32
Reserved for examples and documentation
IPv6 Special Addresses:
2001:0DB8::/32
Reserved for examples and documentation
IPv6 Special Addresses:
2002:/16
Used for IPv6 to IPv4 tunnelling
SLAAC
Stateless Address Autoconfiguration
What separates the OUI and Unique Interface Address parts of a MAC address when creating an EUI-64 address?
FFFE
What bit of the OUI is toggled when creating an EUI-64 address?
7
What does it mean when the UL bit (bit 7) of a 16 bit interface ID is set to 1?
The address is Universally unique
What does it mean when the UL bit (bit 7) of a 16 bit interface ID is set to 0?
The address is locally unique
Convert this MAC address to EUI-64
(The global prefix and subnet is 2001:0db8:0:1):
0090:2716:fd0f
2001:0db8:0:1:0290:27ff:fe16:fd0f
Convert this MAC address to EUI-64
(The global prefix and subnet is 2001:0db8:0:1):
aa12:bcbc:1234
2001:0db8:0:1:a812:bcff:febc:1234
What is dual stacking?
Having both IPv4 and IPv6 running on our network
What is 6 to 4 tunnelling?
Using tunnelling to allow IPv6 traffic to traverse an IPv4 network
Why do we use Teredo?
Because NAT and PAT would break 6 to 4 tunnels
What does Teredo do?
Allows the IPv6 tunnel traffic to be forwarded as UDP pacckets
What is 2^2=
4
2^3=
8
2^4=
16
2^5=
32
2^6=
64
2^7=
128
2^8=
256
2^9=
512
2^10=
1024
2^11=
2048
2^12=
4096
2^13=
8192
2^14=
16384
2^15=
32768
2^16=
65536
What are 4 benefits of subnetting?
- Reduced network traffic
- Optimised network performance
- Simplified management
- Facilitated spanning of large geographical distances
What are 3 steps in designing subnets?
- Determine the number of network IDs
- Determine the number of host IDs per subnet
- Create subnets
When subnetting, how many network IDs are required?
One for each subnet and one for each WAN link
When subnetting, how many host IDs are required per subnet?
One for each TCP/IP host, one for each router interface
CIDR
Classless Inter-Domain Routing
VLSM
Variable-Length Subnet Masking
When subnetting “the fast way”, what are the 5 questions we need to answer after choosing a subnet mask?
- How many subnets does the chosen mask produce?
- How many VALID hosts per subnet are available?
- What are the valid subnets?
- What is the broadcast address of each subnet?
- What are the valid hosts in each subnet?
What are the 3 types of NAT?
- SNAT (Static NAT)
- DNAT (Dynamic NAT)
- Overloading (or PAT)
What is SNAT?
One to one mapping between local and global addresses
What is DNAT?
Dynamically mapping addresses from a global pool to an internal address
What is Overloading/PAT?
Mapping multiple local IP addresses to a single global address, using different ports.
In NAT, what is a global address?
Global addresses are the addresses used after NAT translation.
In NAT, what are local addresses?
Local addresses are the addresses used before NAT translation.
What is an inside local address?
The address of the source before translation
What is an outside local address?
The address of the destination before translation
What is an inside global address?
The address of the source after translation
What is the outside global address?
The address of the destination after translation
What does a router do when it gets a packet addressed to a network that is not in its routing table?
It discards it
When a host sends a packet to a remote network, what is the MAC address of the frame it sends?
The interface of its gateway router.
What is the first high-level division of dynamic routing protocols?
It is between:
1. Interior gateway protocols (IGPs)
2. Exterior gateway protocols (EGPs)
What is an autonomous system (AS) when talking about routing?
A collection of networks or subnets in the same administrative domain.
What are the two primary divisions of IGP routing protocols?
- Distance Vector (DV)
- Link State (LS)
What are two DV protocols?
RIP and IGRP
What are two LS protocols?
OSFP and IS-IS
What are two hybrid routing protocols?
EIGRP and BGP
