3. TCP/IP

Question 1

What does TCP/IP stand for?

Answer 1

Transmission Control Protocol/Internet Protocol

Question 2

Who created TCP/IP?

Answer 2

Department of Defense (DoD)

Question 3

TCP/IP backstory?

Answer 3

• 1973 first created
• 1978 was divided into TCPand IP protocols
• 1983 Advanced Research Projects Agency (ARPA) renamed DARPA and divided into ARPAnet and MIL-NET.
• TCP/IP replaced network control protocol (NCP) used in ARPAnet
• 1990 ARPAnet and MIL-NET dissolved
• TCP/IP shipped with BSD Unix (Berkeley Software Distribution)

Question 4

Name the layers of the DoD Model?

Answer 4

1. Process/Application layer
2. Host-to-we Host or Transport layer
3. Internet layer
4. Network Access or Link layer

Question 5

Which layer of the OSI model corresponds to the Process/Application layer in the DoD model?

Answer 5

Application
Presentation
Session

Question 6

What are the functions of the
Process/Application layer
in the DoD model?

Answer 6

1. Define protocols for node to node communication
2. Controls user interface specifications

Question 7

What are the functions of the
Transport (or Host to Host) layer
in the DoD model?

Answer 7

1. Define protocols for setting up the level of transmission service for applications
2. Create reliable end-to-end communication
3. Ensure error free delivery of data
4. Handle packet sequencing and maintain data integrity

Question 8

What are the functions of the
Internet layer
in the DoD model?

Answer 8

1. Define protocols for the logical transmission of packets across the network
2. Addressing of hosts by giving them an IP address
3. Handle routing of pockets among multiple networks

Question 9

What are the functions of the
Link (or Network Access) layer
in the DoD model?

Answer 9

1. Oversee hardware addressing
2. Define protocols for physical transmission of data

Question 10

Name (11) Process-Application layer protocols

Answer 10

Telnet
SSH Secure Shell
FTP File Transfer Protocol
TFTP Trivial File Transfer Protocol
SNMP Simple Network Management Protocol
HTTP Hyper Text Transfer Protocol
HTTPS Hyper Text Transfer Protocol Secure
NTP Network Time Protocol
DNS Domain Name Service
DHCP/BootP Dynamic Host Configuration Protocol
APIPA Automatic Private IP Addressing

Question 11

What’s the difference between DHCP and BootP?

Answer 11

BootP can assign an IP address to a host, but the host hardware address must be entered manually

BootP can send an operating system that a host can boot from

Question 12

What are the four steps of DHCP?

Answer 12

Discover
Offer
Request
Acknowledge

Question 13

Give details of the Discover step of DCHP?

Answer 13

• A client sends out a broadcast at both layer 2 and layer 3.
• The layer 2 broadcast is all F’s in hex
• The layer 3 broadcast is 255.255.255.255 (which means all networks and all hosts)
• DHCP is connectionless which means it uses UDP at the transport layer

Question 14

What is a DHCP conflict?
How are they resolved?

Answer 14

A DHCP address conflict occurs when two hosts use the same IP address.

A DHCP conflict can only be resolved by an administrator by hand

Question 15

What tools can be used to avoid a DHCP conflict?

Answer 15

The DHCP server can use the Ping program to test the availability of an IP address from its pool before assigning

A host can send a gratuitous ARP on the local LAN or VLAN using its newly assigned address, if nobody replies, this confirms the IP address is free

Question 16

When would APIPA be used?

Answer 16

• APIPA is provided by later windows OS to avoid static IP addressing (adding by hand) when you don’t have a DHCP server.
• The IP address range for a PIPA is
169.254.0.1 to 169.256.255.254.
• A default class B subnet mask of 255.255.0.0 is used

Question 17

Map the DoD model to the OSI model

Answer 17

Process/ Application
Application Presentation
Session

Transport Transport
(Host2Host)

Internet Network

Link Data Link
(Network Access) Physical

Question 18

Map DoD model to TCP/IP protocol suite

Answer 18

Process/ [Telnet][FTP][LPD][SNMP]
Application [TFTP][SMTP][NFS][X Win]
————————————————————-
Transport [TCP][UDP]
(Host2Host)
————————————————————-
Internet [ICMP][ARP][RARP]
[ IP ]
————————————————————-
Link [Ethernet][FastEthernet]
[Token Ring][FDDI]

Question 19

What is the default PIPA range and subnet mask used for APIPA?

Answer 19

169.254.0.1 to 169.256.255.254

255.255.0.0

Question 20

Get details of the DHCP client 4 step process

Answer 20

1. The DHCP client broadcasts a DHCP Discover message looking for a DHCP server (port 67).
2. The DHCP server that received the DHCP Discover message sends a layer 2 unicast DHCP Offer message back to the host.
3. The client then broadcasts to the server a DHCP Request message asking for the offered IP address and possibly other information.
4. The server finalises the exchange with a unicast DHCP Acknowledgement message

Question 21

TCP Segment Format fields

Answer 21

[ 16-bit source port ][ 16-bit destination port]
[ 32-bit sequence number ]
[ 32-bit acknowledgment number ]
[4b head len][Rsrvd][Flags][16-bit window sz]
[16-bit TCP Checksum][16-bit urgent pointer]
[ Options ]
[ Data ]

Question 22

Study the TCP Segment field
photo

Answer 22

Source Port (16-bits)
This is the port number of the application on the host sending the data

Destination Port (16-bits)
This is the port number of the application requested on the destination host

Sequence number (32-bits)
A number used by TCP that puts the data back in the correct order or re-transmit missing or damaged data during a process called sequencing

Acknowledgement Number (32-bits)
The value is the TCP octet that is expected next

Header length (?)
The number of 32 bit words in the TCP header, which indicates where the data begins. The TCP header (even one including options) is an integral number of 32 bits in length.

Reserved (?)
Always set to 0.

Flags/code bits (?)
Controls functions used to set up and terminate a session

Window (16-bit)
The window size the sender is willing to accept in octets

Checksum (16-bits)
The cyclic redundancy check (CRC) Used because TCP doesn’t trust the lower layers and checks everything. The CRC checks the header and data fields

Urgent (16-bits)
A valid field only if the urgent pointer in the code bit is set. If so, this value indicates the offset from the current sequence number (in octets) where the segment of non-urgent data begins

Options
Maybe zero, meaning that no options have to be present or a multiple of 32 bits

Data
Handed down to the TCP protocol at the transport layer, which includes the upper layer headers

Question 23

Study the UDP Segment ‘diagram’

Answer 23

[ 16-bit source port ][ 16-bit destination port]
[ 16-bit length ][ 16-bit checksum ]
[ Data ]

Question 24

Common TCP Protocol Port Numbers

FTP
SSH
HTTP
HTTPS
Telnet
POP3
SNMP
DNS
IMAP4

Answer 24

FTP 20, 21
SSH 22
HTTP 80
HTTPS 443
Telnet 23
POP3 110
SNMP ? (Both TCP and UDP)
DNS 53 (Both TCP and UDP)?
IMAP4 143

Question 25

Common UDP Protocol ports SNMP SMTP TFTP DNS NTP BootP

Answer 25

SNMP 161 SMTP 25 (587) TFTP 69 DNS 53 NTP 123 BootP 67

Question 26

Study the IP Header [diagram photo](https://share.icloud.com/photos/07cG5_csc8kiodPa-i-bysCcw)

Answer 26

**Version** (4-bit) IP version number **Header Length** (4-bit) Add a length in 32 bit words **Priority and Type of Service** (8-bits) Type of Service tells how the datagram should be handled. The first 3 bits are the priority bits or differentiated services bits **Total Length** (16-bits) Length of the packet, including header and data **Identification** (16-bits) Unique IP-packet value used to differentiate fragmented packets from different datagrams **Flags** (3-bits) Specifies whether fragmentation should occur **Fragment Offset** (13-bits) Provide fragmentation and reassembly if the packet is too large to put in a frame. It also allows different maximum transmission units (MTUs) on the Internet. **Time to Live** (8-bits) The time to live (TTL) is set into a packet when it’s originally generated. If it doesn’t get to where it’s supposed to go before the TTL expires the packet is dropped. This stops IP packets from continuously circling the network looking for a home. **Protocol** (8-bits) The port of the upper layer protocols for example TCP is port 6 and UDP is port 17. Also support network layer protocols (not ports) like ARP and ICMP and can be referred to as the *Type* field in some analyses. **Header Checksum** (16-bits) Cyclic redundancy check (CRC) on header only **Source IP Address** (32-bits) 32-bit IP address of sending station **Destination IP Address** (32-bits) 32-bit IP address of the station this packet is destined for **Options** (0 or 32-bits) Used for network testing, the bugging, security and more **Data** (varies if any) After the IP option field will be the upper layer data if any

Question 27

What are the values (ports) in an IP packet for the protocols? ? - ICMP ? - IP in IP (tunnelling) ? - TCP ? - UDP ? - IPv6 ? - GRE ? - EIGRP ? - OSPF ? - L2TP

Answer 27

1 - ICMP 4 - IP in IP (tunnelling) 6 - TCP 17 - UDP 41 - IPv6 47 - GRE 88 - EIGRP 89 - OSPF 115 - L2TP

Question 28

What is ICMP and what is it used for?

Answer 28

Internet Control Message Protocol - ICMP works at the network layer and is used by IP for many different services. - It is basically a management protocol and messaging service. - Its messages are carried as IP datagrams. - RFC1256 is an annex to ICMP

Question 29

What messages are sent via ICMP?

Answer 29

- Destination unreachable - Buffer Full / Source Quench - Hops / Time Exceeded - Ping - Traceroute

Question 30

What is ARP? What is it used for?

Answer 30

Address resolution protocol - ARP finds the hardware address of a host from a known IP address. - If IP doesn’t find the destination host hardware address in the ARP cache, it uses ARP to find this information - ARP interrogates the local network by sending out a broadcast asking the machine with the specified IP address to reply with its hardware address

Question 31

What is an IP address?

Answer 31

An IP address is a software address (not a hardware address) that is hardcoded on a network interface card (NIC) and used for finding hosts on a local network.

Question 32

What is a network address?

Answer 32

The network address (also called network number) uniquely identify each network. Every machine on the same network shares that network address as part of its IP address for example 192.168.0.0

Question 33

What is a node address?

Answer 33

A node address (or host address) is assigned to each machine on a network This part of the address must be unique because it identifies the machine. For example, 192.168.1.12

Question 34

Summarise the different classes of networks

Answer 34

Class 8-bit 8-bit 8-bit 8-bit A [Network][ Host ][ Host ][ Host ] B [Network][Network][ Host ][ Host ] C [Network][Network][Network][ Host ] D Multicast E Research Class A **0**xxxxxxx = 0 -> 127 Class B **10**xxxxxx = 128 -> 191 Class C **110**xxxxx = 192 -> 223 Class D = 224 -> 239 Class E = 240 -> 255

Question 35

Study the following reserved IP addresses

Answer 35

**Network address of all 0s** Interpreted to mean “this network or segment “ **Network address of all 1s** Interpreted to mean “all networks” **Network 127.0.0.1** Reserved for loopback tests. Designate the local node and allows that node to send a test packet to itself without generating network traffic. **Node address of all 0s** Interpreted to main “network address“ or any host on a specified network. **Node address of all 1s** Interpreted to mean “all nodes“ on the specified network, for example 128.2.255.255 means “all nodes“ on network 128.2 (Class B address) **Entire IP address set to all 0s** Used by Cisco routers to designate the default route. Could also mean “any network“ **Entire IP address set to all 1s** ie (255.255.255.255) Broadcast to all nodes on the current network, sometimes called an “all 1s broadcast“ or local broadcast

Question 36

What are the Private IP Address (RFC 1918) ranges for each Class of IP Address?

Answer 36

Class A 10.0.0.0 through 10.255.255.255 Class B 172.16.0.0 through 172.31.255.255 Class C 192.168.0.0 through 192.168.255.255

Question 37

What is the address range of Loopback interfaces?

Answer 37

127.0.0.0 through 127.255.255.254

Question 38

Who is a Layer 2 Broadcast sent to? What format does it take?

Answer 38

- All _nodes_ on a LAN - Also called hardware broadcast - Sent to MAC address ff:ff:ff:ff:ff:ff (all 1s)

Question 39

Who is a Layer 3 Broadcast sent to? What format does it take?

Answer 39

- _All hosts_ on a broadcast domain can be achieved by setting _all host bits on_ ie 192.168._255.255_ - _All hosts and networks_ can be achieved using _255.255_._255.255_ (all network and host bits on) - Note that default router behaviour is _not_ to pass this broadcast on

Question 40

What is a Unicast Address?

Answer 40

This is defined as a single IP address for a single NIC

Question 41

What is a Multicast Address? How is it used?

Answer 41

- Multicast addresses allow the sending of data or messages to multiple hosts from a single host (one to many) - Implemented by hosts *subscribing* to an IP multicast _group_ address - EIGRP uses multicast on 224.0.0.10 - Address range is 224.0.0.0 through 239.255.255.255 (Class D)