Various Flashcards
001 What is virtualization, what are its 3 key points and 5 benefits?
Virtualization = using a single physical machine’s hardware to run multiple virtual machines within it
Key points:
- it uses a system’s hardware
- it allocates the CPU / RAM / storage to Virtual Machines
- it cannot exceed the total CPU / RAM / storage that is available on the physical hardware
Benefits:
- better use of hardware resources
- power saving / reduced footprint
- easier recovery (VMs can be saved as files and be in multiple locations for backup and recovery purposes)
- more flexibility (VMs can be moved unlike hardware based machines)
- research and testing without the need for a physical machine
002 What is VSI?
Virtual Server Instance
003 What is a hypervisor?
It’s a piece of software that runs above the physical host and enables virtualization by pulling the resources from the host and allocating them to the virtual environments.
004 What are the two types of hypervisor?
1) Type 1 - Bare Metal (BM) Hypervisors
- installed directly on a bare metal hardware (server), so the virtual machines are added from within the virtualization layer (the hypervisor)
- once it is installed we connect to it via a web-browser or a client and set up our VMs
examples: VMWare vSphere / ESXi, Microsoft Hyper-V, Citrix XenServer
2) Type 2 - Hosted Hypervisors
- installed on a host OS
- VMs are run directly from that computer
- usually running a virtual desktop inside an existing computer (Linux on Windows or the opposite way)
examples: VMWare Workstation / Fusion, Oracle / VirtualBox, Parallels (Mac)
010 What is a three-way handshake?
A three-way handshake is a method used in a TCP/IP network to create a connection between a local host/client and a server.
It is a three-step method designed to allow both communicating ends to initiate and negotiate the parameters of the network TCP socket connection at the same time before data such as HTTP and SSH is transmitted.
Multiple TCP socket connections can be transmitted in both directions simultaneously. A three-way handshake is also known as a TCP handshake or SYN-SYN-ACK, and requires both the client and server to exchange SYN (synchronization) and ACK (acknowledgment) packets before actual data communication begins.
In fact, its name originates from the three messages transmitted by TCP before a session between the two ends is initiated.
011 What are the steps of three-way handshake?
Step 1: A connection between server and client is initiated:
First, the target server must have open ports that can accept and initiate new connections. The client node sends a SYN (Synchronize Sequence Number) data packet over an IP network to a server on the same or an external network.
This SYN packet is a random sequence number that the client wants to use for the communication (for example, X). The objective of this packet is to ask/infer if the server is open for new connections.
Step 2: The server receives the SYN packet from the client node:
When the server receives the SYN packet from the client node, it responds and returns a confirmation receipt – the ACK (Acknowledgement Sequence Number) packet or SYN/ACK packet. This packet includes two sequence numbers.
The first one is ACK one, which is set by the server to one more than the sequence number it received from the client (e.g. X+1).
The second one is the SYN sent by the server, which is another random sequence number (for example, Y).
This sequence indicates that the server correctly acknowledged the client’s packet, and that is sending its own to be acknowledged as well.
Step 3: The client node receives the SYN/ACK from the server and responds with an ACK packet.
Once again, each side must acknowledge the sequence number received by incrementing it by one.
So now it’s the turn of the client to acknowledge the server’s packet by adding one to the sequence number (in this case, Y+1), and resend it to the server.
Upon completion of this process, the connection is created and the host and server can communicate.
All these steps are necessary to verify the serial numbers originated by both sides, guaranteeing the stability of the connection.
Since both hosts must acknowledge the connection parameters of the other side, a missing or out-of-order segment can be quickly detected before the actual data transfer process is initiated.
015 How to find MAC address?
Command for UNIX/Linux:
ifconfig -a
ip link list
ip address show
Command for Windows OS:
ipconfig /all
MacOS:
TCP/IP Control Panel
016 What is DNS?
The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources.
Each device connected to the Internet has a unique IP address which other machines use to find the device. DNS servers eliminate the need for humans to memorize IP addresses such as 192.168.1.1 (in IPv4), or more complex newer alphanumeric IP addresses such as 2400:cb00:2048:1::c629:d7a2 (in IPv6).
017 What are the 8 steps of DNS lookup?
The 8 steps in a DNS lookup:
1) A user types ‘example.com’ into a web browser and the query travels into the Internet and is received by a DNS recursive resolver (or a recursive DNS server)
2) The resolver then queries a DNS root nameserver (.).
3) The root server then responds to the resolver with the address of a Top Level Domain (TLD) DNS server (such as .com or .net), which stores the information for its domains. When searching for example.com, our request is pointed toward the .com TLD.
4) The resolver then makes a request to the .com TLD.
5) The TLD server then responds with the IP address of the domain’s nameserver, example.com.
6) Lastly, the recursive resolver sends a query to the domain’s nameserver.
7) The IP address for example.com is then returned to the resolver from the nameserver.
8) The DNS resolver then responds to the web browser with the IP address of the domain requested initially.
Once these 8 steps of the DNS lookup have returned the IP address for example.com, the browser is able to make the request for the web page:
9) The browser makes a HTTP request to the IP address.
10) The server at that IP returns the webpage to be rendered in the browser (step 10).
018 What is a WKP?
Well Known Port
A number from 0 through 1023 used to identify a network service on a private IP network or the public Internet.
Residing in a field in the TCP or UDP header, the port number directs packets to the appropriate application in the server. The most common well-known port is 80, which identifies HTTP traffic for a Web server.
019 What are the most common well known ports?
HTTP 80 Web
HTTPS 443 Web (secure)
FTP 20,21 File transfer
SFTP 22 File transfer (secure)
FTPS 989, 990 File transfer (secure)
SIP 5060 VoIP (Internet phone)
DNS 53 Find IP address
SMTP 25 Internet mail
POP3 110 POP mailbox
IMAP 143 IMAP mailbox
Telnet 23 Remote login
SSH 22 Remote login (secure)
NNTP 119 Usenet newsgroups
NNTPS 563 Usenet (secure)
IRC 194 Chat
NTP 123 Network time of day
SNMP 161,162 Network management
CMIP 163,164 Network management
Syslog 514 Event logging
Kerberos 88 Authentication
NetBIOS 137-139 DOS/Windows naming
020 What is HTTP?
The Hypertext Transfer Protocol (HTTP) is the foundation of the World Wide Web, and is used to load web pages using hypertext links. HTTP is an application layer protocol designed to transfer information between networked devices and runs on top of other layers of the network protocol stack. A typical flow over HTTP involves a client machine making a request to a server, which then sends a response message.
021 What is HTTP request?
An HTTP request is the way internet communications platforms such as web browsers ask for the information they need to load a website.
Each HTTP request made across the Internet carries with it a series of encoded data that carries different types of information. A typical HTTP request contains:
HTTP version type
a URL
an HTTP method
HTTP request headers
optional HTTP body
022 What’s an HTTP method?
An HTTP method, sometimes referred to as an HTTP verb, indicates the action that the HTTP request expects from the queried server.
For example, two of the most common HTTP methods are ‘GET’ and ‘POST’
‘GET’ request expects information back in return (usually in the form of a website), while a ‘POST’ request typically indicates that the client is submitting information to the web server (such as form information, e.g. a submitted username and password).
023 What is HTTP request header?
HTTP headers contain text information stored in key-value pairs, and they are included in every HTTP request and response.
These headers communicate core information, such as what browser the client is using and what data is being requested.
Example of HTTP request header (the first row is a request row containing basic information, the rest is the header) :
GET /tutorials/other/top-20-mysql-best-practices/ HTTP/1.1
Host: net.tutsplus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: PHPSESSID=r2t5uvjq435r4q7ib3vtdjq120
Pragma: no-cache
Cache-Control: no-cache
024 What is HTTP response?
An HTTP response is what web clients (often browsers) receive from an Internet server in answer to an HTTP request.
These responses communicate valuable information based on what was asked for in the HTTP request.
A typical HTTP response contains:
an HTTP status code
HTTP response headers
optional HTTP body
025 Whats an HTTP status code?
HTTP status codes are 3-digit codes most often used to indicate whether an HTTP request has been successfully completed. Status codes are broken into the following 5 blocks:
1xx Informational
2xx Success
3xx Redirection
4xx Client Error
5xx Server Error
The “xx” refers to different numbers between 00 and 99.
Status codes starting with the number ‘2’ indicate a success. For example, after a client requests a web page, the most commonly seen responses have a status code of ‘200 OK’, indicating that the request was properly completed.
If the response starts with a ‘4’ or a ‘5’ that means there was an error and the webpage will not be displayed. A status code that begins with a ‘4’ indicates a client-side error (It’s very common to encounter a ‘404 NOT FOUND’ status code when making a typo in a URL). A status code beginning in ‘5’ means something went wrong on the server side. Status codes can also begin with a ‘1’ or a ‘3’, which indicate an informational response and a redirect, respectively.
026 What is HTTP response headers and body?
Much like an HTTP request, an HTTP response comes with headers that convey important information such as the language and format of the data being sent in the response body.
Successful HTTP responses to ‘GET’ requests generally have a body which contains the requested information. In most web requests, this is HTML data which a web browser will translate into a web page.
027 What is CLI?
Command Line Interface
Command Line Interpreter
Command Line Input
CLI is a command line program that accepts text input to execute operating system functions.
In the 1960s, using only computer terminals, this was the only way to interact with computers.
In the 1970s an 1980s, command line input was commonly used by Unix systems and PC systems like MS-DOS and Apple DOS.
Today, with graphical user interfaces (GUI), most users never use command-line interfaces (CLI).
However, CLI is still used by software developers and system administrators to configure computers, install software, and access features that are not available in the graphical interface.
028 What is ping?
Ping (Packet Internet Groper) is a method for determining communication latency between two networks. Simply put, ping is a method of determining latency or the amount of time it takes for data to travel between two devices or across a network. As communication latency decreases, communication effectiveness improves.
029 How to get a ping of a certain website?
By typing “pingwebsite name” into the command prompt or terminal to have your system send some data packets to that specific website and then acknowledge you with value of ping that is occurring within your system and that specific website.
030 What is a protocol analyzer?
Protocol analyzers are tools that allow IT administrators and security teams to capture network traffic and perform analysis of the captured data to identify problems with network traffic or potential malicious activity.
This traffic data can be observed in real time by a technician for troubleshooting purposes, monitored by an alerting tool to identify active network threats, or retained to perform forensic analysis in the case a network breach is discovered.
032 What is a layer 2 switch?
A layer 2 switch is a type of network switch or device that works on the data link layer (OSI Layer 2) and utilizes MAC Address to determine the path through where the frames are to be forwarded. It uses hardware based switching techniques to connect and transmit data in a local area network (LAN).
033 What is a MAC address table?
The MAC address table is where the switch stores information about the other Ethernet interfaces to which it is connected on a network.
The table enables the switch to send outgoing data (Ethernet frames) on the specific port required to reach its destination, instead of broadcasting the data on all ports (flooding).
034 What is layer 2 broadcast?
A Layer 2 Broadcast is any frame with a Destination MAC address of FFFF. FFFF. FFFF (or ff:ff:ff:ff:ff:ff or ff-ff-ff-ff-ff-ff)
This is a MAC address specifically reserved for Broadcast Frames. It is also sometimes displayed as — these are all identical ways of displaying the “all F’s” MAC address.
035 What is a subnet mask?
Every device has an IP address with two pieces: the client or host address and the server or network address. IP addresses are either configured by a DHCP server or manually configured (static IP addresses).
The subnet mask splits the IP address into the host and network addresses, thereby defining which part of the IP address belongs to the device and which part belongs to the network.
036 What is default gateway?
A default gateway is a node that enables a connection between networks in order to allow machines on other networks to communicate. The ‘default’ part of the terminology relates to the fact it is often the first and default route taken.
One of the most common uses for a default gateway is to access web pages; a request is sent through the gateway before it actually gets on to the internet. Other use cases of default gateways include connecting multiple devices to a single subnet. In that scenario, the default gateway acts as an intermediary.
Put simply, default gateways are routing systems that allow requests to find the path of least resistance to their intended destination, even if the network protocols of the sender and the receiver are different.
037 What is DHCP?
Dynamic Host Configuration Protocol (DHCP) is a network management protocol used to automate the process of configuring devices on IP networks, thus allowing them to use network services such as DNS, NTP, and any communication protocol based on UDP or TCP.
A DHCP server dynamically assigns an IP address and other network configuration parameters to each device on a network so they can communicate with other IP networks.
038 What is DORA?
DORA is the Process that is used by DHCP (Dynamic Host Configuration Protocol). It is used for providing the IP Address to the clients/host machine. It has four main stages and it obtains the IP Address from the centralized server.
D - Discover
O - Offer
R - Request
A - Acknowledge
039 What is NAT?
When devices communicate on the Internet, they are sending data from their IP address to the IP address of their intended destination.
Sometimes, while data is en route to a destination, the IP addresses used in the communication need to be translated to different IP addresses.
This IP translation is similar to when multiple employees of the same company use their individual phones (with individual phone numbers) to make outbound phone calls, yet still appear as if they were all using the same company phone number.
The process of translating one IP address to another is known as Network Address Translation, or NAT.
There are many different reasons one would need NAT, and many different ways of translating IP addresses. Understanding NAT is paramount to any Network Engineer, as every wifi, home, or company network employs Network Address Translation at some point.
Traditionally, NAT exists to translate Private IPv4 addresses into Public IPv4 addresses. For the sake of simplicity, this article series will describe NAT from this perspective. However, in reality, it does not matter whether the IP addresses being translated are public or private. NAT could easily occur from private addresses to other private addresses or from public addresses to other public addresses.
040 What is a Firewall?
A firewall is a network security device that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules.
Its purpose is to establish a barrier between our internal network and incoming traffic from external sources (such as the internet) in order to block malicious traffic like viruses and hackers.
041 What is DMZ?
In computer networks, a DMZ, or demilitarized zone, is a physical or logical subnet that separates a local area network (LAN) from other untrusted networks – usually, the public internet. DMZs are also known as perimeter networks or screened subnetworks.
Any service provided to users on the public internet should be placed in the DMZ network. External-facing servers, resources and services are usually located there. Some of the most common of these services include web, email, domain name system, File Transfer Protocol and proxy servers.
Servers and resources in the DMZ are accessible from the internet, but the rest of the internal LAN remains unreachable. This approach provides an additional layer of security to the LAN as it restricts a hacker’s ability to directly access internal servers and data from the internet.
Hackers and cybercriminals can reach the systems running services on DMZ servers. Those servers must be hardened to withstand constant attack. The term DMZ comes from the geographic buffer zone that was set up between North Korea and South Korea at the end of the Korean War.
042 What is Port Forwarding?
Port forwarding is a technique that is used to allow external devices access to computers services on private networks.
It does this by mapping an external port to an internal IP address and port.
043 What is OSPF?
The OSPF (Open Shortest Path First) protocol is one of a family of IP Routing protocols, and is an Interior Gateway Protocol (IGP) for the Internet, used to distribute IP routing information throughout a single Autonomous System (AS) in an IP network.
The OSPF protocol is a link-state routing protocol, which means that the routers exchange topology information with their nearest neighbors. The topology information is flooded throughout the AS, so that every router within the AS has a complete picture of the topology of the AS. This picture is then used to calculate end-to-end paths through the AS, normally using a variant of the Dijkstra algorithm. Therefore, in a link-state routing protocol, the next hop address to which data is forwarded is determined by choosing the best end-to-end path to the eventual destination.
