6.1

Question 1

What’s the difference between Layers 1-3 vs Layer 4?

Answer 1

Layers 1-3 are about moving the packet.

Layer 4 is about what to do with the packet

Question 2

What are the well known vs unknown ports for IP?

Answer 2

0-1023 are known
.
1024-49151 are server apps
.
Remaining 65535 are private/dynamic use

Question 3

What a port number with source IP form?

Answer 3

A Socket

Question 4

TCP Header Fields (10)

Answer 4

Source / Destination
Seq. #
Ack #
Data Length
Flags (ACK/SYN/FIN)
Window (# of Packets / Ack)
Checksum (error check)
Urgent Pointer
Options

Question 5

What is TCP 3 Way Handshake?

Answer 5

SYN (Client -> Server)
SYN-ACK (Server -> Client)
ACK (Client -> Server)

Question 6

What’s the structure of a UDP datagram?

Answer 6

Source Port
Destination Port
Message Length
Checksum

Question 7

What is the netstat command for?

Answer 7

Check state of ports on local host

Checks suspicious remote connections

Question 8

Windows:
Netstat -a

Answer 8

Display open ports

Question 9

Linux: netstat
-t & -u & -w

Answer 9

-t: Show TCP connections
-u: Show UDP connections
-w: Show raw connections

Question 10

Linux: netstat
-x & -a & -1

Answer 10

-x: Shows UNIX sockets/local server ports
-a: Show all ports
-1: Shows only ports in listening state

Question 11

netstat
-n & -p

Answer 11

-n: Displays in numerical format
-p: Add with protocol type
(TCP, TCPv6, UDP, or UDPv6)

Question 12

netstat
-o & -b & -p

Answer 12

-o: Shows ID #
-b: Shows process name
-p: Show ID and process name

Question 13

netstat
-s & -r

Answer 13

-s: Reports protocol statistics
-r: Shows routing table

Question 14

netstat
-e & -i

Answer 14

-e: Ethernet stats
-i: Ethernet stats