Network Traffic Flashcards
(19 cards)
What is network traffic?
Network traffic, the term used to describe the movement of data across a network, is a fundamental concept in the realm of IT infrastructure.
Network traffic consists of packets of data transmitted over networks. These packets are the fundamental units that carry our emails, website content, and file transfers from one point to another.
Traffic can occur within a local area network or traverse wide area networks, including the vast collective network known as the Internet.
This interaction is regulated by protocols such as TCP/IP and UDP. TCP/IP or transmission control protocol Internet protocol, ensures that data packets are accurately sent, received, and reassembled. On the other hand, UDP or user datagram protocol, is used for speedy but less dependable transmissions.
How is internet speed measured?
Internet speeds advertised by Internet service providers are measured in megabits per second, or gigabits per second.
These measurements indicate the theoretical maximum rate for downloading and uploading data.
The higher the megabits or gigabits per second value, the faster you can transfer files and enjoy a smoother online experience.
When checking your home Internet speed, you’ll find the following units and measurements. First is bytes, which is the total amount of data transmitted over the network. Second is packets, the individual data units transmitted, each containing a portion of the overall message. And third is flows, a series of packets transmitted between a specific source and destination during a particular time interval.
What are the benefits of efficient network management?
First, by identifying and resolving congestion points and bandwidth limitations, network traffic management helps optimize network performance. This ensures that critical data reaches its destination without delay.
Second, monitoring network traffic enables the detection of suspicious activities or potential security breaches, allowing timely intervention to mitigate risks and protect sensitive data.
Third, understanding network traffic patterns, enables organizations to allocate resources effectively.
What is bandwidth?
Bandwidth refers to the maximum amount of data that can be transmitted over a network or internet connection within a given time period. It is measured in bits per second (bps) or bytes per second (Bps).
What is latency?
Latency, also known as network delay, is the time it takes for data to travel from the source to the destination across a network. It is measured in milliseconds (ms) and can be influenced by factors such as network distance, congestion, and routing paths.
What is Jitter?
Jitter is the variation in latency over time that causes packets to arrive at irregular intervals. It can significantly impact real-time applications such as voice over IP (VoIP) and video conferencing, leading to choppy audio or video quality.
What is packetloss?
Packet loss occurs when data packets transmitted over a network fail to reach their intended destination. It can be caused by network congestion, hardware failures, or transmission errors and can result in missing or corrupted data, impacting the overall quality of service.
What is Quality of Service (QoS)?
Quality of Service (QoS) refers to a network’s ability to prioritize and manage different types of traffic to ensure consistent and reliable performance for critical applications or services.
What is a Content Delivery Network (CDN)?
A CDN is a distributed network of servers strategically placed across multiple locations to efficiently deliver web content, such as images, videos, and other static files, to end-users based on their geographic location.
What is Unicast Traffic?
Unicast traffic is the most common type of network communication, where data is transmitted from a single source to a single destination. This one-to-one communication is widely used for activities such as web browsing, file transfers, and email exchanges. Unicast traffic efficiently utilizes bandwidth, as the data is sent directly to the intended recipient without replication.
What is Multicast Traffic?
Multicast traffic involves sending data from a single source to multiple destinations simultaneously. This type of traffic is particularly useful for applications that require efficient data distribution to a group of recipients, such as video streaming, online gaming, and software updates. Compared to sending individual unicast streams to each recipient, multicast traffic reduces network congestion and bandwidth consumption.
What is Broadcast Traffic?
Broadcast traffic is a type of network communication where data is transmitted from a single source to all devices on the same network segment or broadcast domain. This type of traffic is typically used for network discovery and configuration purposes, such as Address Resolution Protocol (ARP) requests and Dynamic Host Configuration Protocol (DHCP) messages. While broadcast traffic is necessary for certain network operations, excessive broadcast traffic can lead to network congestion and performance degradation.
What is Anycast Traffic?
Anycast traffic is a routing methodology where data is transmitted from a single source to the nearest available destination among a group of potential receivers. This type of traffic is commonly used in content delivery networks (CDNs) and distributed denial-of-service (DDoS) mitigation services, where requests are routed to the nearest available server or mitigation point for optimal performance and load balancing.
What is the primary goal of network segmentation?
The primary goal of network segmentation is to streamline traffic flow, enabling better management of resources, improved security, and overall enhanced performance. By segregating the network, the movement of information between devices and systems is controlled, ensuring that sensitive information is kept safe from unauthorized access
while simultaneously improving the speed and efficiency of the network.
Why is network segmentation important?
Network segmentation allows you to prioritize and allocate bandwidth more efficiently by separating different types of traffic onto dedicated subnetworks,
ensuring that high-priority applications receive the necessary bandwidth they require.
Second, every network has sensitive data and critical systems that must be protected from unauthorized access and potential breaches. By segmenting the network and isolating these sensitive resources into separate subnetworks, you can contain potential threats within those segments, minimizing the impact of a security breach on the rest of the network.
Third, network congestion and bottlenecks can significantly degrade overall performance, leading to slow response times, buffering issues, and frustrating user experiences.
What are the two main approaches to network segmentation?
Segmentation can be achieved through two main approaches : physical segmentation and virtual segmentation.
Physical segmentation involves using dedicated hardware, such as separate Internet connections, physical network equipment and firewalls to create closed-off networks. This approach, also known as perimeter-based segmentation, treats everything outside the network perimeter as untrusted. However, once a threat penetrates the perimeter, it can move freely within the network due to the lack of internal filtering.
Virtual segmentation, on the other hand, extends beyond the traditional network perimeter by using technologies like virtual local area networks or VLANs and distributed firewalls to create virtual segments independent of the physical infrastructure. This approach provides the same benefits as physical segmentation,
but more flexibility and cost effectively, allowing for easier adjustment of security policies within each segment.
What are (4) common use cases you might encounter in organizations?
-Dept or functional areas
-Roles
-Server and application
-Remote separate networks
What are (5) tools for Network Traffic Analysis?
-Wireshark
-tcpdump
-Suricata
-ELK Stack
-Nmap
What insights do you get from analyzing the network traffic?
Through the analysis of network traffic patterns and bandwidth usage graphs using Wireshark, you can gain valuable insights into the overall health and efficiency of your network. Specifically, you can identify peak bandwidth utilization periods, which shed light on times of heavy network activity and potential congestion points.
Additionally, you may observe recurring patterns in network traffic, such as spikes during certain hours or consistent data transmission to specific IP addresses. These insights allow you to make informed decisions regarding network optimization and resource allocation. For example, by identifying peak usage times, you can schedule network maintenance or updates during off-peak hours to minimize disruption.
Furthermore, analyzing traffic to specific IP addresses helps in detecting potential security threats or unauthorized access attempts. Overall, the analysis using Wireshark equips you with the knowledge to proactively manage your network infrastructure, ensuring optimal performance and security.
