Section 2: Networking

Question 1

What is the metaphor used to explain networks and protocols?

Answer 1

If you need to move a box from one place to the other you would use a moving truck. You put boxes in the moving truck, move that box to another location, and unload the moving truck.

The road that we are driving on is the network and that is what we are using to transport this particular package

The moving truck is the Internet Protocol (IP) and we have designed these networks so that this type of truck can move most efficiently between one point and another

In the moving truck there is a box and inside the box is your data. If you were to open the box there would be certain types of information in there (specific to a certain application or particular function on your network).

Think of the information in the box belonging to a particular room in the house (bedroom, kitchen, dining room), so when the box is delivered that box needs to be moved to the correct room. This encapsulation process allows us to move all kinds of data across the network

Question 2

Explain sending information from a client to a server

Answer 2

On one side you have the client (a workstation) and on the other side is a server (web server, mail server etc) and the client is going to send information to this server. If this is across an Ethernet network then everything inside of the Ethernet packet would be considered an Ethernet payload. There is also an Ethernet Header at the start of the frame and an Ethernet Trailer at the end of the frame

Question 3

What is the most popular protocol we use on our networks?

Answer 3

The most popular protocol we use on our networks is the Internet Protocol (IP)

Question 4

What is in an Ethernet Payload

Answer 4

Ethernet Payload will have an IP Header > Then there will be an IP Payload within that particular part of the frame.

The IP payload has further information inside it, which could be TCP data with a TCP header and a TCP payload.

The TCP payload can also be separated out into different types of data, such as HTTP data

Ethernet Frame (IP>TCP>HTTP data)

Question 5

What is most commonly transferred in IP packets?

Answer 5

TCP and UDP protocols (two different ways to move data from one part of a network to another)

Question 6

What does TCP stand for?

Answer 6

Tranmission Control Protocol

Question 7

What does UDP stand for?

Answer 7

User Datagram Protocol

Question 8

Which layer of the OSI model do TCP and UDP operate at?

Answer 8

The transport layer - Layer 4

Question 9

Describe the capabilities of TCP protocols and their uses

Answer 9

They provide multiplexing, so you can have many different applications communicating to a separate server all simultaneously

Connection-based (stateful) and uses ports and maintains sessions

Used for web, email, FTP, SSH

Question 10

Describe the capabilities of UDP protocols and their uses

Answer 10

They provide multiplexing, so you can have many different applications communicating to a separate server all simultaneously

Stateless and uses ports but no connection state

Used for DNS, VoIP, Streaming, Gaming

Question 11

What is Multiplexing?

Answer 11

Multiplexing in networking refers to the ability to send and receive multiple streams of data over a single network connection or channel. It’s how a single device (like your computer) can communicate with multiple services at once—web, email, streaming, etc.—using a shared physical connection (like your Wi-Fi).

Together, IP + Port + Protocol enables multiplexing — multiple services sharing a single IP address.

Question 12

Explain how TCP works

Answer 12

There is a formal process to set up the flow from one device to the other and a formal process to tear down that flow when the conversation is over.

It is referred to as “Reliable” delivery

TCP can reorder messages that may have been received out of order. It can also manage a retransmission process so that if any data is not received by the destination that information can be resent from the source.

It has a flow control mechanism, so if a device feels like it is receiving information too quickly, it can tell the other side to slow down the process so information can be received at a more reasonable rate

Question 13

What does “Reliable” delivery mean in terms of TCP?

Answer 13

It means that TCP has a built-in system to ensure that data that has been sent has been verified as being received on the other side

Question 14

Explain how UDP works

Answer 14

UDP is a connectionless flow with no formal open or close to the connection. UDP simply sends data from one place to another.

There is no acknowledgement sent from the destination device

UDP has no flow control and no way to determine whether a device should slow down or send information faster

Question 15

What does “Unreliable” delivery mean in terms of UDP?

Answer 15

This does not mean that UDP does not work as well as other protocols. It means that we get no receipt or have any knowledge that the information we sent was received by the device on the other side

Question 16

Why would you ever use UDP if it is “Unreliable”?

Answer 16

UDP plays an important role in being able to send information very quickly over the network.

UDP is most associated with real-time communication, where you can’t stop and retransmit information and then catch up with yourself. For example, with phone conversations.

With UDP we send the data and if it make it to the other side we were successful, and if the information was dropped along the way, we simply keep the conversation going

Question 17

Give examples of UDP’s connectionless form of communication (connectionless protocols)

Answer 17

DHCP (Dynamic Host Configuration Protocol) - Used to automatically assign IP addresses to our devices

TFTP (Trivial File Transfer Protocol) - Uses UDP as its transport mechanism

Question 18

Give examples of TCP connection-oriented protocols

Answer 18

HTTPS (Hypertext Transfer Protocol Secure) - Used to send information securely to our web browsers

SSH (Secure Shell) - Provides us with an encrypted form of terminal communication between our systems

Question 19

What happens if packets are dropped or are missing

Answer 19

If our HTTPS data between a web server and a client loses a packet between point A and point B, TCP will recognise that a packet was missing and will ask to retransmit that information and the retransmitted data is sent over the network. This happens automatically with TCP

Question 20

What is the additional piece of information added to all transmissions for UDP and TCP?

Answer 20

In the case of UDP and TCP there is an additional piece of information that’s added to all of the conversations and that information is a port number

Question 21

What does a port number determine

Answer 21

It determines which application on the server is going to receive the transmitted data

Question 22

What additional information is needed to complete the traffic flow between two devices?

Answer 22

Server’s IP address, protocol (TCP/UDP), server application port number (80, 443, 123 etc)

Client’s IP address, protocol (TCP/UDP), client port number

Question 23

What are Non-ephemeral ports?

Answer 23

Non-ephemeral ports are permanent ports (non-temporary ports) that tend to be the same every time we access a device

Question 24

What port numbers are most commonly associated with communicating with web servers?

Answer 24

Port 80 (HTTP)
Port 443 (HTTPS)

Every web server communicated with will use those same port numbers so we know exactly where that service is located on an IP address

Question 25

What are ephemeral ports?

Answer 25

Ephemeral ports (temporary ports) are used for when you are communicating with a server. You need a port number on your device that you can associate with a particular traffic flow. These are usually temporary port numbers and once that traffic flow is over, will no longer use that port number. Commonly, an operating system will assign a port number between 1,024 and 65,535. But this is often configured in the operating system itself and it’s assigned in real time as you’re using these applications.

Question 26

When are dynamic port numbers used?

Answer 26

Some applications that use dynamic port numbers that can change dramatically from one device to the other. This is simply a number associated with that service. And if we know that, then we’re able to communicate with that service and have a conversation to send data

Question 27

Why aren't random port numbers used to try and make the system more secure?

Answer 27

Port numbers are not designed to be a security mechanism. They’re simply designed to allow you to access those services on that particular device. It’s relatively easy to use a port scanner to find all of the open ports on a particular server and then begin to do more research to determine what service is really running on that port.

Question 28

What are the benefits of using well-known port numbers?

Answer 28

When you access all of the different sites that you visit on the internet, all of those sites are going to be using the same port numbers. This allows you to type in the name of the website and immediately connect to that site and be able to transfer data. If all of those different websites used completely different port numbers, we would have to have another mechanism in place to somehow determine what the appropriate port number might be for that individual site.

Question 29

Do TCP and UDP protocols use the same port numbers?

Answer 29

TCP has its own port numbers which are different to those of UDP This means that there could be a service running on TCP port 80 and a different service running on UDP port 80. However this can be confusing so we don't tend to do that in normal operation

Question 30

What is the standart destination port used for VoIP traffic?

Answer 30

5,004

Question 31

What protocol is FTP and what port number does it use?

Answer 31

FTP, or the File Transfer Protocol is a protocol that transfers files from one device to another. There are two port numbers used by FTP: TCP port 20 (for data transfers) TCP port 21, (used to control the data transfer)

Question 32

What is FTP and what is it used for?

Answer 32

FTP is a generic way to transfer data between devices, but it commonly requires some type of authentication to log in to the remote device. So you might use a username and password, although some systems will allow you to log in as anonymous and use any password to gain access. The FTP protocol also includes a number of file management functions. When you connect to an FTP server you can list all of the files on that server. You can add, delete, rename, and perform other file management functions all by using FTP.

Question 33

What is SSH and what is it used for?

Answer 33

Secure Shell - Used when you need to connect to a remote device through a terminal or command line front end. It’s common to use SSH to provide a terminal connection to a remote device. SSH commonly communicates over TCP using port 22 It has a text-based front end to be able to access that remote device. Although we see plain text on our screen, any communications sent over the network are sent as encrypted data

Question 34

Other than SSH, what is another common way of connecting to a remote device using this text-based or console front end

Answer 34

Using Telnet (Telecommunication network protocol) Telnet commonly uses TCP port 23 Telnet provides this text-based front end that allows us to connect to the remote console of another device. But unlike SSH, all of the communication between this Telnet front end and the Telnet server is sent unencrypted This is why we often say that you shouldn’t use Telnet on your production networks and instead you should always use SSH for terminal communication

Question 35

What protocol do email servers use to communicate, and on what port number?

Answer 35

SMTP - Simple Mail Transfer Protocol TCP port 25 Not only is SMTP used to communicate between mail servers, but it’s also used for our mail clients to send mail to a mail server. So if you’re using a mail client on your mobile device or your desktop computer and you’re sending an email message, you could be using SMTP.

Question 36

Explain the difference in protocols when sending and receiving emails

Answer 36

SMTP is used to send mail and IMAP or POP3 is used to receive mail

Question 37

What does IMAP and POP3 stand for and what are they used for?

Answer 37

They are two standard email protocols used to retrieve messages from a mail server, but work in different ways IMAP - Internet Message Access Protocol - keeps emails on the server - Ideal for multiple device accessing the same inbox - Messages not downloaded unless you open them Port 143 (unencrypted) Port 993 (encrypted/SSL) POP3 - Post Office Protocol 3 -downloads emails to your device and typically removed from the server - best for single device use - uses less server storage Port 110 (unencrypted) Port 995 (encrypted/SSL)

Question 38

What is used to be able to resolve an IP address from a fully qualified domain name?

Answer 38

DNS (Domain Name System) DNS uses UDP Port 53 to make a connection between you and the DNS server DNS provides the resolution between the domain name you type in the browser, and the IP address that will be used for the communication

Question 39

What is DHCP and what is it used for?

Answer 39

Dynamic Host Configuration Protocol Uses UDP port 67 and 68 It requires a DHCP server to assign IP addresses to devices on the network, and they are commonly built into routers and Wireless Access Points that we used

Question 40

Explain how DHCP works

Answer 40

The DHCP server will have a large pool of IP addresses that can then be assigned to devices on your network. All of these IP addresses are assigned in real time. So when you start up your computer, it queries the DHCP server and the DHCP server assigns your device all of your IP configuration details. DHCP uses a leasing system to assign these IP addresses, so you are only using this IP address for a certain amount of time. And after that lease expires and you’re no longer on the network, that IP address goes back in the pool for someone else to use.

Question 41

Can you configure DHCP servers to give out the same IP address to a device every time?

Answer 41

Network administrators can configure DHCP servers to always assign the same IP address to certain devices, e.g routers, firewalls, switches. They may configure DHCP reservations so those devices always receive the same IP address every time they’re booted up. This means that if you need to change any of the IP configurations on these devices, you don’t have to go to the devices to make those changes. You simply make them on the DHCP server. The next time that device requests a DHCP address, it will receive the new configuration.

Question 42

What does HTTP and HTTPS stand for?

Answer 42

Hypertext Transfer Protocol - common protocol used by our browsers to communicate to web servers - unencrypted using TCP port 80 Hypertext Transfer Protocol Secure - used to communicate over an encrypted channel using TCP port 443

Question 43

What was POP3 designed for and why is it less popular today?

Answer 43

POP3 was designed to retrieve email messages to an email client, but it wasn’t built for multiple email clients. We often use many different mobile devices, all accessing the same email inbox.

Question 44

What is IMAP4 used for?

Answer 44

To be able to synchronise emails across many different mailboxes IMAP commonly uses TCP port 143 to be able to download and manage the mailbox.

Question 45

What does SMB stand for and where is this protocol used?

Answer 45

SMB - Server Message Block Operating Systems use SMB to transfer information between devices Sometimes referenced as CIFS (Common Internet File System) SMB uses several protocols to communicate Older Windows machines use NetBISO over TCP/IP TCP port 445

Question 46

What is NetBIOS and what protocol does it use?

Answer 46

NetBIOS is the Network Basic Input Output System This uses UDP port 137 as a name service function so that it can find devices on your network by name and: uses TCP port 139 to set up a session and transfer data between devices. On most modern versions of Windows, NetBIOS isn’t used. Devices can communicate directly between each other using TCP/IP. In those cases, it would use a direct SMB connection using TCP port 445. This allows us to have a direct SMB communication between two devices by using only TCP/IP.

Question 47

What is SNMP?

Answer 47

Simple Network Management Protocol Allows a network management device to query these infrastructure devices for performance details and receive those metrics in return Uses UDP port 161 Can configure the infrastructure device to monitor for certain metrics. And if it exceeds any of those metrics, it can send an alert to the management station. We refer to these alerts as traps, and the traps use UDP port 162. If you’re configuring SNMP on a device, it will ask you if you’re using version 1, version 2, or version 3. V3 includes encryption

Question 48

What port is used for SNMP traps?

Answer 48

162

Question 49

Which version of SNMP uses encryption?

Answer 49

Version 3

Question 50

What common protocol is used to query the directories used on modern networks?

Answer 50

LDAP - Lightweight Directory Access Protocol Uses TCP port 389 Most popular implementation of LDAP is Microsoft Active Directory, which allows you to query the Active Directory server using the LDAP protocol

Question 51

What common protocol is used for remote access?

Answer 51

RDP - Remote Desktop Protocol Uses TCP port 3389 Standard protocol used by Windows for remote access to someone's device

Question 52

What is RDP used for?

Answer 52

Remote Desktop Protocol used to remotely connect to someone's device. RDP can be used to take over and control an entire system, or just to run a single application from that server. Although you’ll find servers running RDP almost exclusively on Windows, there are clients that you can run on almost any operating system. So if you’re running Linux, Mac OS, Android, or any other operating system, there’s probably an application you can load that would allow you to connect to a Windows device using the remote desktop protocol.

Question 53

List some network infrastructure devices

Answer 53

Layer 2 switch Layer 3 switch Network Interface Card (NIC) Optical Network Terminal (ONT) DSL Modem Cable Modem Firewall Hub Router PoE switch Patch panels Access Point

Question 54

What is a Router?

Answer 54

A router is a device that forwards traffic between different IP subnets. The router uses the IP address that’s within the packet to determine what the next hop might be on its way to the final destination. Because this routing takes place at layer 3 of the OSI model, we often refer to these as layer 3 devices if we have a router that can be configured inside of a switch, you’ll see those devices referred to as layer 3 switches Routers also connect different types of networks together (LAN, WAN, Fibre)

Question 55

What is a Switch?

Answer 55

A switch determines where traffic should be forwarded based on the destination MAC address inside of that time frame, as opposed to a router which forwards traffic based on destination IP It is able to forward traffic at very high rates of speed because a lot of those forwarding decisions are based in the hardware of the device Many switches have an Application Specific Integrated Circuit or an ASIC which allows for very fast throughput. They will also add additional power to the switch connection using POE or Power Over Ethernet A switch that has the ability to turn on additional routing functionality, we often refer to that as a layer 3 switch or a multilayer switch

Question 56

Describe what an unmanaged switch is?

Answer 56

Unmanaged switches have very limited functionality with no configuration options (often purchased from a local or online retailer). Very little integration with other protocols You cannot configure any VLANs on an unmanaged switch No SNMP capabilities

Question 57

Describe what a managed switch is?

Answer 57

Managed switches are usually found in offices and provide additional capabilities Allow you to configure different interfaces to be on completely different IP subnets (VLANS) and gives you the option to prioritise traffic e.g. VoIP traffic higher priority than file transfer traffic Allows capabilities such as SNMP

Question 58

What is a VLAN?

Answer 58

Virtual Local Area Network - a way to logically segment a physical network into multiple, isolated networks at the data link layer (Layer 2 of the OSI model), even if the devices are physically connected to the same switches. Each port on a managed switch can be assigned to a VLAN. When a device sends data, it gets tagged (usually with a VLAN ID using IEEE 802.1Q tagging), so switches and routers know which VLAN it belongs to A company has one switch and wants to separate the IT and HR departments. VLAN 10 is assigned to IT, VLAN 20 to HR. Even though both departments’ computers connect to the same switch, they can't directly communicate unless a router or Layer 3 switch is used.

Question 59

What is used to prevent loops between multiple switches in a network?

Answer 59

Spanning Tree Protocol (STP)

Question 60

What is Port Mirroring?

Answer 60

Some managed switches will allow you to perform port mirroring, where you can take traffic from one port that’s on the switch and copy all of that traffic to a different port on the switch, ideally to plug in a protocol analyser to be able to view all of those packets traversing the network. This is commonly used for troubleshooting or packet analysis and not something you would usually find on an unmanaged switch.

Question 61

What is an Access Point and what is it used for?

Answer 61

Often found on the ceiling of offices It provides wireless connectivity for the local network. This is not a router that you might find in a SOHO device that your small office or home office. This is a device that only provides a link between the wireless network and the wired network. You’ll sometimes hear these devices referred to as a bridge because they are simply bridging or extending that wired connection into a wireless connection. This is not a device that is routing between subnets, and it’s not performing any type of network address translation. It’s simply bridging people on the wireless network to the folks that are on the wired network. An access point makes forwarding decisions based on the destination MAC address, which is identical to the way that a switch forwards information. The access point examines the destination MAC address and determines if that MAC address is on the wireless network or if it should send that information to the wired network.

Question 62

What kind of connections would you find on a patch panel?

Answer 62

RJ45 Connectors

Question 63

What is a patch panel?

Answer 63

Connects cables that run from all of the desks using RJ45 connectors which ultimately connect to a switch Combination of punch-down blocks There are smaller cables on the front that connect from the patch panel and extend that connection into an interface on a switch

Question 64

What is a firewall?

Answer 64

A traditional firewall is able to allow or disallow traffic through your network based on IP addresses and port numbers. Since those TCP and UDP ports operate at layer 4 of the OSI model, it’s common to refer to firewalls like this as an OSI Layer 4 device. It’s increasingly common to see firewalls that understand application layer traffic. And in those cases, the firewall would be a layer 7 device. Some firewalls can also act as an endpoint for an encrypted tunnel, which means that you can connect two sites together across a public network like the internet, but all of the traffic between those sites is encrypted Can also act as a proxy - firewall will perform browsing for the user Can also act as a router (in homes)

Question 65

What is PoE?

Answer 65

Power over Ethernet Some devices allow you to power a system through the Ethernet cable that’s already connecting to a device, referred to as Power over Ethernet Allows you to run a single wire to the device that will not only be able to transfer data but also be used as the power source for that device

Question 66

What devices are PoE's often used with

Answer 66

You often see POE used with access points, cameras, and anything else where power may be difficult to run to that device

Question 67

When power comes directly from a switch to power devices like cameras, what is it referred to as?

Answer 67

Endspan

Question 68

If your switch doesn’t support POE, what can you use in the middle of the connection that will add power to the Ethernet cable?

Answer 68

PoE Injectors, often referenced as a Midspan

Question 69

How many different types of PoE's are there and what are the differences?

Answer 69

PoE, PoE+, PoE++ Each has a different standard and provide different wattage and amps

Question 70

What is a hub?

Answer 70

Before there were switches, we used hubs to connect all of the devices on our network. Sometimes you’ll hear a hub referred to as a multi-port repeater. That’s because hubs are not very intelligent devices. Any data that’s going into one interface on this hub will automatically be copied and sent to all of the other interfaces on this hub. Not able to run any full duplex communication to a hub. So all of the devices plugged into this hub will operate at half duplex. Since everything is being re-transmitted to every other interface on this device, you put more of a load and add more devices to the network, so the performance of this device tends to get slower and slower

Question 71

What is a cable modem?

Answer 71

Cable modems are a prevalent type of hardware that connects computer devices with your ISP. Differing from other types of modems, a cable modem uses coax cable, the same infrastructure that brings television programming to our business or homes, to proxy that connection, rather than a telephone or DSL line.

Question 72

What does ADSL stand for?

Answer 72

Asymmetric Digital Subscriber Line - uses the same telephone line as what is used for analogue telephones

Question 73

What does ONT stand for and what is it used for?

Answer 73

Optical Network Terminal Used in fibre networks This is connecting an ISP fiber network and converting it into signals like copper ethernet that can be used inside of your home. This ONT is usually connected to the outside of your building and it usually delineates the ISPs network from your own internal network.

Question 74

What is a Demarcation (demarc) point?

Answer 74

It's so you know what the responsibilities are for each different party. Any of the wiring on the inside of your house is your responsibility up to the point of that demarcation, and then anything outside of that demarc is the responsibility of the service provider. Sometimes this demarc is located in your data centre itself. Or if you’re at home, it’s located on the outside of your home.

Question 75

What is a NIC?

Answer 75

Network Interface Card Used for copper Ethernet connections to provide connectivity There are also network interface cards for other types of topologies. E.g. If you’re plugging into a wide area network serial connection, or have a wireless interface

Question 76

What is Software Defined Networking (SDN)

Answer 76

Allow us to take devices like switches, routers, firewalls and other networking infrastructure devices and change them to be a software based platform that we could use in the cloud This means that we might take something like a switch and separate all of the functions of the switch into individual pieces. We can then take these pieces and then create software versions that we can then run in the cloud

Question 77

What are the three common layers or ways to separate networking devices for Software Defined Networking?

Answer 77

1. Infrastructure layer (data plane) - forwarding, trunking, encrypting, NAT or anything else occurring at the packet level 2.Control layer (control plane) - references held in the control plane to know where the traffic is going 3. Application layer (management plane) - manage device through API, SSH into a router, graphical front end of firewall etc