CDL - Section 9 - Relating Network and Applications

Question 1

What is DNS?

Answer 1

The service that changes a memorable name of a resource to the IP addresses.

DNS uses a distributed database that is hosted on several servers, which are located around the world, to resolve the names that are associated with IP addresses.

Question 2

What is DHCP?

Answer 2

A host can obtain an IP address quickly and dynamically from a defined range of IP addresses on the DHCP server versus an admin manually assigning endpoints IP’s.

Dynamic, leased pool of IP addresses for when hosts come online.

Question 3

What is NTP?

Answer 3

Synchronizes the clocks of various devices across a network.

Time synchronization is crucial in secure management and reporting.

Question 4

What is NAT?

Answer 4

NAT allows devices within an enterprise network to have private addresses to communicate among themselves and to translate addresses only when they need to send traffic to the Internet or outside networks in general.

Preserves address space but also protects internal IP’s from the public internet.

Question 5

What are the 3 methods for configuring NAT?

Answer 5

Static - statically translates on a 1:1 basis

Dynamic - inside address translates to a pool of outside addresses handed out dynamically

PAT - all inside addresses get translated to a single outside address, on an outside interface for example

Question 6

REVIEW: The Transport Layer (L4) and Ports

The Transport Layer in the network stack tracks and keeps multiple communications (like surfing the web and listening to music) on a host separate - this layer identifies the target application.

It does this by sending data to “logical” Ports. These are well known ports which are server destinations.

Answer 6

EX) HTTP is port 80

EX) HTTPS is port 443

EX) DNS is port 53

Question 7

What is SNMP?

What overtook it?

Answer 7

Internet protocol that’s used to collect data and monitor the performance and metrics of network devices.

NETCONF

Question 8

REVIEW: When t-shooting a connectivity issues, these are the main/routine verifications to check first:

1. Verify DNS
   * * Nslookup command and pinging the IP address of the server
2. Very first hop
   * * Check to make sure you can reach the router or DGW - this is a super common problem
   * * Sh ip route, ping, sh ip arp, sh ip int brief are all useful commands
3. Verify path connectivity
   * * Basically checking for any issues on the path that leads to the destination host
   * * Traceroute is the most common tool - sends ICMP/UDP echo messages/probes to check reachability and latency
   * * Cisco traceroute works by sending a sequence of three packets for each TTL value, with different destination UDP ports, which allows it to report routers that have multiple, equal-cost paths to the destination.

Answer 8

4. Check FWs
   * * Because filtering is done at the FW, legit traffic can sometimes get blocked by accident
   * * FWs are one of the most common reasons for connectivity issues
5. Verify traffic reaching the host
   * * Available on a majority of Linux distributions, “tcpdump” is an invaluable tool that is used to capture and display (“dump”) packets on the command line

Q - Which statement about troubleshooting connectivity issues is accurate?
A - Layer 1, Layer 2, and Layer 3 connectivity issues can be investigated using ping, traceroute, and arp commands, while deep packet investigation can be done with the tcpdump command.

Question 9

What issues affect application traffic the most?

Answer 9

Latency

Jitter

Drops