4 - Network Fundamentals

Question 1

Benefits of layered network model approach

Answer 1

Easier troubleshooting

Standardizes networking architecture

Allows vendor interoperability

Each layer only communicates with peer layer

Question 2

TCP/IP

Answer 2

Network model developed by DARPA and university volunteers

Became standard by late 90s

Question 3

RFC

Answer 3

Request for Comment

Used to define standardized protocols

Question 4

Network Model Layers
– OSI
– TCP/IP (old and new)

Answer 4

• OSI
  1. Physical
  2. Data Link
  3. Network
  4. Transport
  5. Session
  6. Presentation
  7. Application
• TCP/IP (Old)
  1. Link
  2. Internet
  3. Transport
  4. Application
• TCP/IP (New)
  1. Physical
  2. Data Link
  3. Network
  4. Transport
  5. Application

Question 5

PDU

Answer 5

Generic term for unit of info transmitted within network model

Physical - Bits
Data Link - Frame
Network - Packet
Transport - Segment (TCP), Datagram (UDP)
Application - Data

Question 6

Application Layer (TCP/IP)
- Purpose/Functions
- Example protocols

Answer 6

• Provide services to app software
• Defines how programs interface w/ transport layer
• Functions:
  – ID’ing communication partners
  – Determining resource availability
  – Synchronizing communication

Examples: HTTP, DNS, DHCP, HTTPS, FTP, TFTP, Telnet, SSH, NTP, SNMP

Question 7

DHCP
- Port
- Description
- Layer
- Min info obtained

Answer 7

• UDP Port 67 (client to server, broadcast) and 68 (server to client, unicast)
• Dynamically assign IP address, lease length, subnet mask, and default gateway (minimum) and DNS IP (optional)
• Uses “DORA” process
• Application Layer

Question 8

DORA

Answer 8

• Discover, Offer, Request, Acknowledgement

1. DHCP Client broadcasts to find DHCP server
2. Server offers IP address/parameters
3. Client accepts
4. Server acknowledges acceptance and delivers lease info

Question 9

DNS
– port
– layer

Answer 9

TCP/UDP Port 53

Application Layer

Question 10

HTTP

Answer 10

TCP 80, 8008, 8080

Identified using URIs or URLs, used since 1990

Application Layer

Question 11

HTTPS
– Port
– Info
– Layer

Answer 11

TCP 443

If NTP is not synchronized, cert signing can fail

Self-signed certificates provide confidentiality but do not confirm identity

Application Layer

Question 12

FTP
– port
– layer

Answer 12

TCP 20 (Data) and 21 (Control)

Application Layer

Question 13

TFTP
– Port
– Description
– Layer

Answer 13

• UDP 69
• Very basic FTP functionality
  – Requires small amount of memory
  – Can only read and write files from/to a remote server
  – Cannot list directories
  – No user authentication
  – Typically used for storage/retrieval of Cisco switch config files
• Application Layer

Question 14

Telnet
– port
– layer

Answer 14

TCP 23

Sends username/PW in plaintext

Application Layer

Question 15

SSH
– Port
– Layer

Answer 15

TCP 22

Application Layer

Question 16

NTP
– Port
– Description
– Layer

Answer 16

UDP 123

Synchronize time down to a millisecond or fraction of a millisecond

Can use different methods such as radio and satellite

Application Layer

Question 17

Transport Layer (TCP/IP)
– Description/functions
– Example protocols

Answer 17

Communication session management

Defines level of service and status of connection when transporting data

Examples: TCP and UDP

Question 18

TCP (Protocol)

Answer 18

• Two functions:
  – Flow control provided by sliding windows
  – Reliability provided by sequence numbers and acknowledgements
• Breaks messages into segments

Question 19

TCP Segment Header
- Fields

Answer 19

Fields:
source port
destination port
sequence/acknowledgement numbers
control bits (SYN, ACK, FIN, etc.)
window size

Question 20

TCP Window Size

Answer 20

Controls communication flow
sets # of messages transmitted before waiting for ack (ack # matches the seq number of the next segment to be sent)

Ex: Window size 1 - each segment must be acknowledged before another is sent

Can be changed to maximize bandwidth efficiency

Question 21

UDP Header

Answer 21

64 bits long

Only includes Source port, Destination port, Length, and checksum

Question 22

Socket
– Purpose
– 3 Parts

Answer 22

Used to track different concurrent network sessions

Includes IP address, TCP/UDP, and port number

Question 23

Port number ranges

Answer 23

• Well-known: 0-1023
• User/Registered: 1024-49151
  – Users connect to registered ports using ephemeral source ports
• Dynamic/ephemeral: 49152-65535 (1025-5000 if older than win XP)

Question 24

TCP/IP Layer Interaction

Answer 24

Adjacent layers work together on the same system

Same layers communicate with the same layer on a different system

Question 25

Network Layer (TCP/IP)

Answer 25

Primary protocol is IP Packages data into IP datagrams Routes IP datagrams Protocol Ex: IPv4/6, ARP, ICMP (ping)

Question 26

Internet Protocol (IP)

Answer 26

Defines how data is sent from one computer to another on the internet Messages divided into "packets"

Question 27

IPv4 Packet Structure

Answer 27

Divides data segments (from Transport Layer) into packets Encapsulated data called IP Payload

Question 28

IPv4 Header -- Size -- Fields

Answer 28

Max size 60 bytes, min 20 bytes Includes info such as as IP version, Internet header length (IHL), Differentiated Services Code Point (DSCP)(type of service), Total Length of entire IP packet, Identification number, Flags, Fragment Offset, TTL, Protocol, Header Checksum, Source Address, Destination Address, and Options

Question 29

IPv6 Packet Structure -- Two parts

Answer 29

Two main parts: Header/header extensions and Payload

Question 30

IPv6 Header -- 8 items

Answer 30

Fixed 40 byte length Contains: - Version (4 bit) - Traffic class (8 bits describing packet's priority) - Flow Label (20-bits for QoS Management) - Payload Length (16-bit) - Next Header (describes next extension header or where payload begins) - Hop Limit (8 bits, similar to TTL) - Source Address (128 bits) - Destination Address (128 Bits)

Question 31

IPv6 Packet Contents

Answer 31

Two Parts: Extension Header -- move variable length fields from IPv4 headers into the packet, such as authentication extension header and encapsulating security payload extension header Upper Layer Protocol Data Unit (Payload) -- comes after final extension header

Question 32

ARP

Answer 32

Map IP address to MAC address Allows communication on Ethernet LAN Layer 2 protocol

Question 33

ICMP

Answer 33

Provides feedback about problems in the network Usually formed from a normal IP packet that has generated an ICMP response Uses the following defined messages: - Destination Unreachable - Time Exceeded - Parameter Problem - Subnet Mask Request - Redirect - Echo - Echo Reply - Timestamp - Timestamp Reply - Information Request - Information Reply - Address Request - Address Reply

Question 34

Data Link Layer (TCP/IP)

Answer 34

Handles MAC addressing Detects errors that may occur in physical layer Frame Check Sequence - receiver checks for frame transmission errors and discards frame if one occurs Primary protocols: Ethernet (IEEE 802.3) and PPP, STP

Question 35

MAC Address

Answer 35

- hardware's physical address, tied to NIC - Layer 2 address - Can't be changed but may be spoofed - 48 bits in length -- First 6 hex digits (24 bits) = organizational unique identifier (OUI) -- Last 6 (24 bits) are interface serial number

Question 36

Ethernet Frame Structure

Answer 36

IEEE 802.3 standard Includes: - Preamble -- signals start of frame and enables sync - Start Frame Delimiter (SFD) -- Signifies that destination MAC starts next byte - Destination MAC - Source MAC - Type -- Defines protocol inside the frame (IPv4/6, etc.) - Data and Pad -- Payload Data (46 bytes) - Frame Check Sequence (FCS) -- 32-bit cyclic redundancy check (CRC) for detecting corrupted data

Question 37

Spanning Tree Protocol (STP)

Answer 37

Prevents frame loops within a switched network

Question 38

Physical Layer (TCP/IP)

Answer 38

Encodes a signal onto medium for transmission

Question 39

IEEE 802.3 media types

Answer 39

Coax Twisted Pair (UTP/STP) Fiber Optic

Question 40

Coax

Answer 40

Consists of center core, surrounded by dielectric insulator, metallic shield, and finally plastic jacket Still used with cable modems

Question 41

Twisted pair cabling

Answer 41

Unshielded: Four color-coded pairs Cat 3, 5, 5e, and 6 Common connectors: RJ-11 and RJ-45 (standard) Can use straight-through (unlike) or crossover cables (like) Shielded: Additional metal shielding around each pair or collection of pairs to reduce EMI Primarily used in data networks

Question 42

Fiber Optic Cables

Answer 42

Two modes: Single Mode (SMF) Multi Mode (MMF)

Question 43

Single Mode Fiber (SMF)

Answer 43

Transmits using laser and glass core Higher bandwidth and greater cable distance

Question 44

Multi-Mode Fiber (MMF)

Answer 44

Transmits using LED Larger core, typically plastic Signal bounces off reflective surfaces and Light travels different distances depending on entry angle (modal dispersion) Cheaper than SMF

Question 45

Encapsulation/De-encapsulation

Answer 45

Adding headers/trailers around data, and removing headers to process data inside

Question 46

IEEE

Answer 46

Institute of Electrical and Electronics Engineers Non-Profit Several categories: 802.1X - Authentication 802.3 - Ethernet 802.11 - Wireless 802.15 - WPAN 802.15.1 - Bluetooth 802.16 - WMAN

Question 47

802.1x

Answer 47

Authentication Port-based Network Access Control Authentication mechanism for connecting to LAN/WLAN Provides protection for other types of authentication such as remote access and VPN

Question 48

802.3

Answer 48

Ethernet Xerox, 1983, 802.3 CSMA/CD Standards for physically connected networks 1980s - Ethernet (10Mbps) - Copper 1990s - Fast Ethernet (100Mbps) and 1000BASE-T (1 Gbps) - Copper 2018 - 200GBASE-X (200Gbps) - Fiber

Question 49

CSMA/CD

Answer 49

Rules governing communication over Ethernet - Carrier - Network signal - Sense - Ability to detect - Multiple Access - Equal access for all devices - Collision - What happens when devices send at once - Detection - How computers handle collisions Devices wait until line is free, but when collision does occur, each device waits a random time then retransmits

Question 50

10BASE2/5

Answer 50

"Thinnet"/"Thicknet" Coax One problem affects whole LAN Uses physical bus (vampire taps) or logical bus (Hub)

Question 51

Hub (topology)

Answer 51

One device talks at a time 1 collision/broadcast domain

Question 52

10BASE-T

Answer 52

Twisted Pair Ethernet UTP cabling One problem does NOT affect whole LAN star topology w/ bridge or switch

Question 53

Bridge

Answer 53

2-4 interfaces separate collision domain for each interface adds bandwidth (half duplex) Uses SOFTWARE to forward/filter frames (slower)

Question 54

Switch

Answer 54

- 24-48 interfaces - Separate collision domain for each interface - Adds bandwidth (full duplex) - Uses HARDWARE to forward/filter frames (faster) - Learns MAC addresses: -- Listens to frames -- Source MAC and interface added to CAM table - Primary function - forward/filter frames based on CAM tables - Inactive MACs removed (300 secs default) to make room for new ones - Uses STP and places ports in forward or block state to prevent layer 2 (frame) loops

Question 55

Switching logic

Answer 55

Unicast - ID single LAN interface card Broadcast - all devices (FFFF.FFFF.FFFF) (switch does not learn addresses) Multicast - dynamic subset of devices (switch does not learn addresses)

Question 56

Switch forward/filter decision

Answer 56

Switch receives frame If MAC destination is in table, forward to that interface. Otherwise, flood to all interfaces (ARP)

Question 57

Collision Domain

Answer 57

Domain in which frame sent by one NIC could result in a collision with a frame from another NIC One physical segment (shared medium) Layer 2 devices separate collision domains by each interface Layer 1 devices like hubs do not separate collision domains regardless of interfaces used

Question 58

Broadcast Domain

Answer 58

Domain in which broadcast frame sent by one NIC is received by all other NICs Routers ignore broadcasts

Question 59

LAN design considerations

Answer 59

Total devices per collision domain Broadcasts Segment large LAN w/ routers to reduce bandwidth consumption from broadcasts Break up collision domains with layer 2 devices. Break up broadcast domains with layer 3 devices.

Question 60

802.11

Answer 60

Wireless MAC and physical specifications for implementing Wireless LAN (WLAN)

Question 61

Wireless Specifications

Answer 61

802.11a - 11 Mbps 802.11b - 54 Mbps 802.11g - 54 Mbps 802.11n - 450 Mbps 802.11ac - 1 Gbps

Question 62

IPv4 Classes

Answer 62

Class A - Internet hosts - 0-127 Class B - Internet hosts - 128-191 Class C - Internet hosts - 192-223 Class D - Internet multicasts - 224-239 Class E - Used experimentally - 240-255

Question 63

Private IPv4 Ranges

Answer 63

Non-routable on public networks/internet 10.0.0/8 172.16-31.0.0/12 192.168.0.0/16

Question 64

Special IPv4 addresses

Answer 64

127.0.0.1/8 - Loopback THIS computer Tests TCP/IP software but NOT the NIC 169.254.0.00/16 - Auto assigned private IP address Allows LAN communication when no DHCP server can be reached/exists

Question 65

IPv4 Ethernet Addressing -- "cast" options

Answer 65

Unicast - One sends to one Multicast - One sends to many - Network copies data and delivers to each destination Broadcast - One sends to all destinations on network - network copies data and sends to all destinations on network

Question 66

IPv6 Benefits

Answer 66

More IP addresses Better security Optional NAT Simpler header format More efficient routing Easier admin

Question 67

Special IPv6 addresses

Answer 67

::1 - loopback ::/128 - unspecified FE80::/10 - link local FC00::/8 or FD00::/8 - Unique local 2000::/3 - global unicast FF00::/8 - multicast

Question 68

Types of IPv6 addresses

Answer 68

Global Unicast - globally routable Unique Local - Private IP, routable in private network Link Local - Routable within broadcast domain

Question 69

IPv6 Addressing --"Cast" options

Answer 69

- Unicast - Single Interface, similar to IPv4 - Multicast - Replaces IPv4 Broadcast - Packets delivered to every interface in a group - Anycast - Typically used to locate nearest specific server, such as DNS/DHCP - Single address assigned to multiple nodes

Question 70

Hub (network device)

Answer 70

Connects computers in a star topology Transmits to every attached line in half-duplex (one signal can be sent OR received at a time) Operates at Layer 1, not a smart device

Question 71

Repeater

Answer 71

Used to regenerate/boost signals farther than max range (100m for twisted pair, for example) Operate at Layer 1

Question 72

Modem

Answer 72

Modulator-Demodulator Converts carrier signal between analog and digital mode Operates at Layer 1

Question 73

Media Converter -- Description -- Layer

Answer 73

Allows connection/interoperability between dissimilar media types (such as UTP and fiber) Operates at Layer 1

Question 74

NIC

Answer 74

Implements electronics allowing physical and data link layer connections to a network Often built into motherboard, but can be standalone card

Question 75

Bridge -- Description -- Layer

Answer 75

Works at Layer 2 OSI Reduces traffic on LAN by dividing it into two collision domains

Question 76

Basic Switch

Answer 76

Operates mostly at Layer 2 OSI Each port is a collision domain

Question 77

WAP (Wireless Access Point)

Answer 77

Operates at Layer 2 OSI Allows wireless devices to connect to wired network using Wi-Fi Access Point usually connects to router but can be integrated into router itself

Question 78

Basic Router

Answer 78

Operates at Layer 3 OSI Connects two or more networks by forwarding packets between them Uses routing table to select best path Breaks up broadcast domains

Question 79

Basic Firewall

Answer 79

Operates at Layer 3 and 4 OSI Monitor and control in and out network traffic Uses set of predefined rules to create barrier between trusted/untrusted connections/devices

Question 80

OSI Layer 1 -- Name -- PDU -- Devices -- TCP/IP Equivalent

Answer 80

Physical PDU: Bit Devices: Hub, Modem, Repeater, Cables, Media Converters, and NIC TCP/IP equivalent: Link (old) or Physical (new)

Question 81

OSI Layer 2 -- name -- PDU -- Devices -- TCP/IP equivalent -- Header/trailer fields

Answer 81

Data Link PDU: Frame Devices: Switch, Bridge, WAP, NIC TCP/IP Equivalent: Link (old) or Data Link (new) Header/Trailer Fields: Preamble, SFD, Dest/source MAC, Type, FCS

Question 82

OSI Layer 3 -- name -- PDU -- Devices -- Protocols -- TCP/IP equivalent -- Header/trailer fields

Answer 82

Network PDU: Packet, IP Datagram Devices: Router, Multilayer Switch, Firewall Protocols: IP, ARP, ICMP, IPv4/6 TCP/IP Equivalent: Internet (Old), Network (New) Header/Trailer Fields: IHL, TTL, Source/Dest IP

Question 83

OSI Layer 4 - Layer name - PDU - Devices - Protocols - TCP/IP Equivalent - Header/trailer fields

Answer 83

Transport PDU: Segment (TCP), Datagram (UDP) Devices: Firewall Protocols: TCP, UDP TCP/IP Equivalent: Transport (Both) Header/Trailer Fields: Source/Dest port, Window size, Control bits (Syn/Ack, etc.)

Question 84

OSI Layer 5, 6, and 7 -- Names -- PDU -- Devices -- Protocols -- TCP/IP Equivalent

Answer 84

Session, Presentation, Application PDU: Data Devices: Clients, Servers, Application Layer security appliances Protocols: HTTP/S, POP3, SMTP, DNS, FTP, Telnet, SSH (all for application layer) TCP/IP Equivalent: Application (Both)

Question 85

Bus Topology

Answer 85

Every station shares the media and can see all traffic One failure affects all nodes Think straight line

Question 86

Ring Topology

Answer 86

Can be bidirectional or unidirectional If unidirectional, second link is necessary for redundancy Each host connected to two other hosts, in a ring shape

Question 87

Star Topology

Answer 87

One central device connects to several others, typically with a hub or switch Switch = physical star & logical star Hub = physical star & logical bus

Question 88

Physical star

Answer 88

all nodes physically connected to central device

Question 89

Logical star

Answer 89

All nodes in separate collision domains

Question 90

Logical bus

Answer 90

All nodes in same collision domain

Question 91

Mesh Topology

Answer 91

Each device is connected to every other device in network Extremely reliable and provides redundancy High admin overhead and requires exponential cabling

Question 92

Hybrid Topology

Answer 92

Combination of two or more network topologies Flexible, reliable, increased fault tolerance, easy to add new nodes, easy to diagnose Difficult to manage and expensive

Question 93

Circuit switched networks

Answer 93

Dedicated path between nodes, such as in telephone network Data sent as stream of bits through sequence of predetermined links in network Delivery guaranteed Each data unit knows entire path address provided by source Resource reservation due to fixed path

Question 94

Packet Switched Networks

Answer 94

Routers determine addressing Processes digital signals and routes through multiple pathways Delivery not guaranteed Each data unit knows only the final destination, intermediate path is determined by routers No resource reservation due to shared bandwidth

Question 95

Virtual Circuit

Answer 95

Process of providing connection-oriented service between hosts over packet-switched network (e.g. TCP) Essentially, emulates circuit-switched process over packet-switched network Guaranteed Delivery

Question 96

DSCP

Answer 96

mechanism for classifying/prioritizing network traffic on IP networks. part of IPv4 Header