4 - Network Fundamentals

Question 1

Benefits of layered network model approach

Answer 1

Easier troubleshooting

Standardizes networking architecture

Allows vendor interoperability

Each layer only communicates with peer layer

Question 2

TCP/IP

Answer 2

Network model developed by DARPA and university volunteers

Became standard by late 90s

Question 3

RFC

Answer 3

Request for Comment

Used to define standardized protocols

Question 4

Network Model Layers
– OSI
– TCP/IP (old and new)

Answer 4

• OSI
  1. Physical
  2. Data Link
  3. Network
  4. Transport
  5. Session
  6. Presentation
  7. Application
• TCP/IP (Old)
  1. Link
  2. Internet
  3. Transport
  4. Application
• TCP/IP (New)
  1. Physical
  2. Data Link
  3. Network
  4. Transport
  5. Application

Question 5

PDU

Answer 5

Generic term for unit of info transmitted within network model

Physical - Bits
Data Link - Frame
Network - Packet
Transport - Segment (TCP), Datagram (UDP)
Application - Data

Question 6

Application Layer (TCP/IP)
- Purpose/Functions
- Example protocols

Answer 6

• Provide services to app software
• Defines how programs interface w/ transport layer
• Functions:
  – ID’ing communication partners
  – Determining resource availability
  – Synchronizing communication

Examples: HTTP, DNS, DHCP, HTTPS, FTP, TFTP, Telnet, SSH, NTP, SNMP

Question 7

DHCP
- Port
- Description
- Layer
- Min info obtained

Answer 7

• UDP Port 67 (client to server, broadcast) and 68 (server to client, unicast)
• Dynamically assign IP address, lease length, subnet mask, and default gateway (minimum) and DNS IP (optional)
• Uses “DORA” process
• Application Layer

Question 8

DORA

Answer 8

• Discover, Offer, Request, Acknowledgement

1. DHCP Client broadcasts to find DHCP server
2. Server offers IP address/parameters
3. Client accepts
4. Server acknowledges acceptance and delivers lease info

Question 9

DNS
– port
– layer

Answer 9

TCP/UDP Port 53

Application Layer

Question 10

HTTP

Answer 10

TCP 80, 8008, 8080

Identified using URIs or URLs, used since 1990

Application Layer

Question 11

HTTPS
– Port
– Info
– Layer

Answer 11

TCP 443

If NTP is not synchronized, cert signing can fail

Self-signed certificates provide confidentiality but do not confirm identity

Application Layer

Question 12

FTP
– port
– layer

Answer 12

TCP 20 (Data) and 21 (Control)

Application Layer

Question 13

TFTP
– Port
– Description
– Layer

Answer 13

• UDP 69
• Very basic FTP functionality
  – Requires small amount of memory
  – Can only read and write files from/to a remote server
  – Cannot list directories
  – No user authentication
  – Typically used for storage/retrieval of Cisco switch config files
• Application Layer

Question 14

Telnet
– port
– layer

Answer 14

TCP 23

Sends username/PW in plaintext

Application Layer

Question 15

SSH
– Port
– Layer

Answer 15

TCP 22

Application Layer

Question 16

NTP
– Port
– Description
– Layer

Answer 16

UDP 123

Synchronize time down to a millisecond or fraction of a millisecond

Can use different methods such as radio and satellite

Application Layer

Question 17

Transport Layer (TCP/IP)
– Description/functions
– Example protocols

Answer 17

Communication session management

Defines level of service and status of connection when transporting data

Examples: TCP and UDP

Question 18

TCP (Protocol)

Answer 18

• Two functions:
  – Flow control provided by sliding windows
  – Reliability provided by sequence numbers and acknowledgements
• Breaks messages into segments

Question 19

TCP Segment Header
- Fields

Answer 19

Fields:
source port
destination port
sequence/acknowledgement numbers
control bits (SYN, ACK, FIN, etc.)
window size

Question 20

TCP Window Size

Answer 20

Controls communication flow
sets # of messages transmitted before waiting for ack (ack # matches the seq number of the next segment to be sent)

Ex: Window size 1 - each segment must be acknowledged before another is sent

Can be changed to maximize bandwidth efficiency

Question 21

UDP Header

Answer 21

64 bits long

Only includes Source port, Destination port, Length, and checksum

Question 22

Socket
– Purpose
– 3 Parts

Answer 22

Used to track different concurrent network sessions

Includes IP address, TCP/UDP, and port number

Question 23

Port number ranges

Answer 23

• Well-known: 0-1023
• User/Registered: 1024-49151
  – Users connect to registered ports using ephemeral source ports
• Dynamic/ephemeral: 49152-65535 (1025-5000 if older than win XP)

Question 24

TCP/IP Layer Interaction

Answer 24

Adjacent layers work together on the same system

Same layers communicate with the same layer on a different system

Question 25

Network Layer (TCP/IP)

Answer 25

Primary protocol is IP

Packages data into IP datagrams

Routes IP datagrams

Protocol Ex: IPv4/6, ARP, ICMP (ping)

Question 26

Internet Protocol (IP)

Answer 26

Defines how data is sent from one computer to another on the internet

Messages divided into “packets”

Question 27

IPv4 Packet Structure

Answer 27

Divides data segments (from Transport Layer) into packets

Encapsulated data called IP Payload

Question 28

IPv4 Header
– Size
– Fields

Answer 28

Max size 60 bytes, min 20 bytes

Includes info such as as IP version, Internet header length (IHL), Differentiated Services Code Point (DSCP)(type of service), Total Length of entire IP packet, Identification number, Flags, Fragment Offset, TTL, Protocol, Header Checksum, Source Address, Destination Address, and Options

Question 29

IPv6 Packet Structure
– Two parts

Answer 29

Two main parts: Header/header extensions and Payload

Question 30

IPv6 Header
– 8 items

Answer 30

Fixed 40 byte length

Contains:
- Version (4 bit)
- Traffic class (8 bits describing packet’s priority)
- Flow Label (20-bits for QoS Management)
- Payload Length (16-bit)
- Next Header (describes next extension header or where payload begins)
- Hop Limit (8 bits, similar to TTL)
- Source Address (128 bits)
- Destination Address (128 Bits)

Question 31

IPv6 Packet Contents

Answer 31

Two Parts:
Extension Header – move variable length fields from IPv4 headers into the packet, such as authentication extension header and encapsulating security payload extension header
Upper Layer Protocol Data Unit (Payload) – comes after final extension header

Question 32

ARP

Answer 32

Map IP address to MAC address

Allows communication on Ethernet LAN

Layer 2 protocol

Question 33

ICMP

Answer 33

Provides feedback about problems in the network

Usually formed from a normal IP packet that has generated an ICMP response

Uses the following defined messages:
- Destination Unreachable
- Time Exceeded
- Parameter Problem
- Subnet Mask Request
- Redirect
- Echo
- Echo Reply
- Timestamp
- Timestamp Reply
- Information Request
- Information Reply
- Address Request
- Address Reply

Question 34

Data Link Layer (TCP/IP)

Answer 34

Handles MAC addressing

Detects errors that may occur in physical layer
Frame Check Sequence - receiver checks for frame transmission errors and discards frame if one occurs

Primary protocols: Ethernet (IEEE 802.3) and PPP, STP

Question 35

MAC Address

Answer 35

• hardware’s physical address, tied to NIC
• Layer 2 address
• Can’t be changed but may be spoofed
• 48 bits in length
  – First 6 hex digits (24 bits) = organizational unique identifier (OUI)
  – Last 6 (24 bits) are interface serial number

Question 36

Ethernet Frame Structure

Answer 36

IEEE 802.3 standard

Includes:
- Preamble – signals start of frame and enables sync
- Start Frame Delimiter (SFD) – Signifies that destination MAC starts next byte
- Destination MAC
- Source MAC
- Type – Defines protocol inside the frame (IPv4/6, etc.)
- Data and Pad – Payload Data (46 bytes)
- Frame Check Sequence (FCS) – 32-bit cyclic redundancy check (CRC) for detecting corrupted data

Question 37

Spanning Tree Protocol (STP)

Answer 37

Prevents frame loops within a switched network

Question 38

Physical Layer (TCP/IP)

Answer 38

Encodes a signal onto medium for transmission

Question 39

IEEE 802.3 media types

Answer 39

Coax
Twisted Pair (UTP/STP)
Fiber Optic

Question 40

Coax

Answer 40

Consists of center core, surrounded by dielectric insulator, metallic shield, and finally plastic jacket

Still used with cable modems

Question 41

Twisted pair cabling

Answer 41

Unshielded:
Four color-coded pairs
Cat 3, 5, 5e, and 6
Common connectors: RJ-11 and RJ-45 (standard)
Can use straight-through (unlike) or crossover cables (like)

Shielded:
Additional metal shielding around each pair or collection of pairs to reduce EMI
Primarily used in data networks

Question 42

Fiber Optic Cables

Answer 42

Two modes:
Single Mode (SMF)
Multi Mode (MMF)

Question 43

Single Mode Fiber (SMF)

Answer 43

Transmits using laser and glass core

Higher bandwidth and greater cable distance

Question 44

Multi-Mode Fiber (MMF)

Answer 44

Transmits using LED
Larger core, typically plastic

Signal bounces off reflective surfaces and Light travels different distances depending on entry angle (modal dispersion)

Cheaper than SMF

Question 45

Encapsulation/De-encapsulation

Answer 45

Adding headers/trailers around data, and removing headers to process data inside

Question 46

IEEE

Answer 46

Institute of Electrical and Electronics Engineers

Non-Profit

Several categories:
802.1X - Authentication
802.3 - Ethernet
802.11 - Wireless
802.15 - WPAN
802.15.1 - Bluetooth
802.16 - WMAN

Question 47

802.1x

Answer 47

Authentication

Port-based Network Access Control
Authentication mechanism for connecting to LAN/WLAN
Provides protection for other types of authentication such as remote access and VPN

Question 48

802.3

Answer 48

Ethernet

Xerox, 1983, 802.3 CSMA/CD

Standards for physically connected networks

1980s - Ethernet (10Mbps) - Copper
1990s - Fast Ethernet (100Mbps) and 1000BASE-T (1 Gbps) - Copper
2018 - 200GBASE-X (200Gbps) - Fiber

Question 49

CSMA/CD

Answer 49

Rules governing communication over Ethernet

• Carrier - Network signal
• Sense - Ability to detect
• Multiple Access - Equal access for all devices
• Collision - What happens when devices send at once
• Detection - How computers handle collisions

Devices wait until line is free, but when collision does occur, each device waits a random time then retransmits

Question 50

10BASE2/5

Answer 50

“Thinnet”/”Thicknet”
Coax
One problem affects whole LAN
Uses physical bus (vampire taps) or logical bus (Hub)

Question 51

Hub (topology)

Answer 51

One device talks at a time
1 collision/broadcast domain

Question 52

10BASE-T

Answer 52

Twisted Pair Ethernet
UTP cabling
One problem does NOT affect whole LAN
star topology w/ bridge or switch

Question 53

Bridge

Answer 53

2-4 interfaces
separate collision domain for each interface
adds bandwidth (half duplex)
Uses SOFTWARE to forward/filter frames (slower)

Question 54

Switch

Answer 54

• 24-48 interfaces
• Separate collision domain for each interface
• Adds bandwidth (full duplex)
• Uses HARDWARE to forward/filter frames (faster)
• Learns MAC addresses:
  – Listens to frames
  – Source MAC and interface added to CAM table
• Primary function - forward/filter frames based on CAM tables
• Inactive MACs removed (300 secs default) to make room for new ones
• Uses STP and places ports in forward or block state to prevent layer 2 (frame) loops

Question 55

Switching logic

Answer 55

Unicast - ID single LAN interface card

Broadcast - all devices (FFFF.FFFF.FFFF) (switch does not learn addresses)

Multicast - dynamic subset of devices (switch does not learn addresses)

Question 56

Switch forward/filter decision

Answer 56

Switch receives frame

If MAC destination is in table, forward to that interface. Otherwise, flood to all interfaces (ARP)

Question 57

Collision Domain

Answer 57

Domain in which frame sent by one NIC could result in a collision with a frame from another NIC

One physical segment (shared medium)

Layer 2 devices separate collision domains by each interface

Layer 1 devices like hubs do not separate collision domains regardless of interfaces used

Question 58

Broadcast Domain

Answer 58

Domain in which broadcast frame sent by one NIC is received by all other NICs

Routers ignore broadcasts

Question 59

LAN design considerations

Answer 59

Total devices per collision domain

Broadcasts

Segment large LAN w/ routers to reduce bandwidth consumption from broadcasts

Break up collision domains with layer 2 devices.
Break up broadcast domains with layer 3 devices.

Question 60

802.11

Answer 60

Wireless

MAC and physical specifications for implementing Wireless LAN (WLAN)

Question 61

Wireless Specifications

Answer 61

802.11a - 11 Mbps
802.11b - 54 Mbps
802.11g - 54 Mbps
802.11n - 450 Mbps
802.11ac - 1 Gbps

Question 62

IPv4 Classes

Answer 62

Class A - Internet hosts - 0-127
Class B - Internet hosts - 128-191
Class C - Internet hosts - 192-223
Class D - Internet multicasts - 224-239
Class E - Used experimentally - 240-255

Question 63

Private IPv4 Ranges

Answer 63

Non-routable on public networks/internet

10.0.0/8

172.16-31.0.0/12

192.168.0.0/16

Question 64

Special IPv4 addresses

Answer 64

127.0.0.1/8 - Loopback
THIS computer
Tests TCP/IP software but NOT the NIC

169.254.0.00/16 - Auto assigned private IP address
Allows LAN communication when no DHCP server can be reached/exists

Question 65

IPv4 Ethernet Addressing
– “cast” options

Answer 65

Unicast - One sends to one

Multicast - One sends to many - Network copies data and delivers to each destination

Broadcast - One sends to all destinations on network - network copies data and sends to all destinations on network

Question 66

IPv6 Benefits

Answer 66

More IP addresses
Better security
Optional NAT
Simpler header format
More efficient routing
Easier admin

Question 67

Special IPv6 addresses

Answer 67

::1 - loopback
::/128 - unspecified
FE80::/10 - link local
FC00::/8 or FD00::/8 - Unique local
2000::/3 - global unicast
FF00::/8 - multicast

Question 68

Types of IPv6 addresses

Answer 68

Global Unicast - globally routable

Unique Local - Private IP, routable in private network

Link Local - Routable within broadcast domain

Question 69

IPv6 Addressing
–“Cast” options

Answer 69

• Unicast - Single Interface, similar to IPv4
• Multicast - Replaces IPv4 Broadcast - Packets delivered to every interface in a group
• Anycast - Typically used to locate nearest specific server, such as DNS/DHCP - Single address assigned to multiple nodes

Question 70

Hub (network device)

Answer 70

Connects computers in a star topology

Transmits to every attached line in half-duplex (one signal can be sent OR received at a time)

Operates at Layer 1, not a smart device

Question 71

Repeater

Answer 71

Used to regenerate/boost signals farther than max range (100m for twisted pair, for example)

Operate at Layer 1

Question 72

Modem

Answer 72

Modulator-Demodulator

Converts carrier signal between analog and digital mode

Operates at Layer 1

Question 73

Media Converter
– Description
– Layer

Answer 73

Allows connection/interoperability between dissimilar media types (such as UTP and fiber)

Operates at Layer 1

Question 74

NIC

Answer 74

Implements electronics allowing physical and data link layer connections to a network

Often built into motherboard, but can be standalone card

Question 75

Bridge
– Description
– Layer

Answer 75

Works at Layer 2 OSI

Reduces traffic on LAN by dividing it into two collision domains

Question 76

Basic Switch

Answer 76

Operates mostly at Layer 2 OSI

Each port is a collision domain

Question 77

WAP (Wireless Access Point)

Answer 77

Operates at Layer 2 OSI

Allows wireless devices to connect to wired network using Wi-Fi

Access Point usually connects to router but can be integrated into router itself

Question 78

Basic Router

Answer 78

Operates at Layer 3 OSI

Connects two or more networks by forwarding packets between them

Uses routing table to select best path

Breaks up broadcast domains

Question 79

Basic Firewall

Answer 79

Operates at Layer 3 and 4 OSI

Monitor and control in and out network traffic

Uses set of predefined rules to create barrier between trusted/untrusted connections/devices

Question 80

OSI Layer 1
– Name
– PDU
– Devices
– TCP/IP Equivalent

Answer 80

Physical

PDU: Bit

Devices: Hub, Modem, Repeater, Cables, Media Converters, and NIC

TCP/IP equivalent: Link (old) or Physical (new)

Question 81

OSI Layer 2
– name
– PDU
– Devices
– TCP/IP equivalent
– Header/trailer fields

Answer 81

Data Link

PDU: Frame

Devices: Switch, Bridge, WAP, NIC

TCP/IP Equivalent: Link (old) or Data Link (new)

Header/Trailer Fields: Preamble, SFD, Dest/source MAC, Type, FCS

Question 82

OSI Layer 3
– name
– PDU
– Devices
– Protocols
– TCP/IP equivalent
– Header/trailer fields

Answer 82

Network

PDU: Packet, IP Datagram

Devices: Router, Multilayer Switch, Firewall

Protocols: IP, ARP, ICMP, IPv4/6

TCP/IP Equivalent: Internet (Old), Network (New)

Header/Trailer Fields: IHL, TTL, Source/Dest IP

Question 83

OSI Layer 4
- Layer name
- PDU
- Devices
- Protocols
- TCP/IP Equivalent
- Header/trailer fields

Answer 83

Transport

PDU: Segment (TCP), Datagram (UDP)

Devices: Firewall

Protocols: TCP, UDP

TCP/IP Equivalent: Transport (Both)

Header/Trailer Fields: Source/Dest port, Window size, Control bits (Syn/Ack, etc.)

Question 84

OSI Layer 5, 6, and 7
– Names
– PDU
– Devices
– Protocols
– TCP/IP Equivalent

Answer 84

Session, Presentation, Application

PDU: Data

Devices: Clients, Servers, Application Layer security appliances

Protocols: HTTP/S, POP3, SMTP, DNS, FTP, Telnet, SSH (all for application layer)

TCP/IP Equivalent: Application (Both)

Question 85

Bus Topology

Answer 85

Every station shares the media and can see all traffic

One failure affects all nodes

Think straight line

Question 86

Ring Topology

Answer 86

Can be bidirectional or unidirectional

If unidirectional, second link is necessary for redundancy

Each host connected to two other hosts, in a ring shape

Question 87

Star Topology

Answer 87

One central device connects to several others, typically with a hub or switch

Switch = physical star & logical star
Hub = physical star & logical bus

Question 88

Physical star

Answer 88

all nodes physically connected to central device

Question 89

Logical star

Answer 89

All nodes in separate collision domains

Question 90

Logical bus

Answer 90

All nodes in same collision domain

Question 91

Mesh Topology

Answer 91

Each device is connected to every other device in network

Extremely reliable and provides redundancy

High admin overhead and requires exponential cabling

Question 92

Hybrid Topology

Answer 92

Combination of two or more network topologies

Flexible, reliable, increased fault tolerance, easy to add new nodes, easy to diagnose

Difficult to manage and expensive

Question 93

Circuit switched networks

Answer 93

Dedicated path between nodes, such as in telephone network

Data sent as stream of bits through sequence of predetermined links in network

Delivery guaranteed

Each data unit knows entire path address provided by source

Resource reservation due to fixed path

Question 94

Packet Switched Networks

Answer 94

Routers determine addressing

Processes digital signals and routes through multiple pathways

Delivery not guaranteed

Each data unit knows only the final destination, intermediate path is determined by routers

No resource reservation due to shared bandwidth

Question 95

Virtual Circuit

Answer 95

Process of providing connection-oriented service between hosts over packet-switched network (e.g. TCP)

Essentially, emulates circuit-switched process over packet-switched network

Guaranteed Delivery

Question 96

DSCP

Answer 96

mechanism for classifying/prioritizing network traffic on IP networks. part of IPv4 Header