255 Questions
What does the first two octets represent in a Class B address?
Network address
What is the purpose of the loopback address, 127.0.0.1?
To refer to the NIC of the machine you are on
What is the use of private IP addresses?
To communicate within a network
What is the role of a gateway router in network address translation?
To replace the private IP address with the public IP address
What is the range of private IP addresses that can be used on a private network?
10.0.0.10 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255
What is the purpose of NAT?
To replace the private IP address with the public IP address of the gateway router
What type of IP address is used to communicate with computers outside the network?
Public IP address
What is the class of IP address where the first three octets represent the network and the last octet represents the node?
Class C
What is the purpose of a gateway router?
To perform network address translation
What is the limitation of private IP addresses?
They cannot be routed over the internet
What is the main purpose of subnetting?
To divide a network into smaller portions
What is the minimum value of the first octet of a subnet mask?
255
What is the effect of a subnet mask on the IP address?
It divides the IP address into node and network portions
What is the main difference between traditional subnetting and VLSM?
VLSM uses a variable length subnet mask, while traditional subnetting uses a fixed length subnet mask
What is the result of converting a subnet mask to binary?
Once you hit a zero, the rest are all zeros
What is the significance of the part of the IP address covered with 1s?
It is reserved for the network
How is the IP address and subnet mask combined by the computer?
Using a binary AND operation
What is the purpose of DHCP protocol?
To handle dynamic IP address allocation
What is the significance of an APIPA address?
It indicates that the machine is not capable of communicating with the network
What is the CIDR notation used for?
To represent the IP address and the number of bits for the network
What is the significance of IPv6 using a 128-bit address?
It ensures that IP addresses will never run out in the future.
What is the purpose of the hex-numbering method in IPv6?
To make IPv6 addresses shorter and more readable.
What is the format of IPv6 subnetting?
CIDE format with slash (/) and hexadecimal value.
What does the link/machine-local address in IPv6 indicate?
The device could not obtain an IP address from a DHCP server.
What is the equivalent of IPv4 private IP addresses in IPv6?
Site/network-local addresses.
What is the purpose of the loopback address in IPv6?
To test the network interface.
Why are IPv6 site/network-local addresses not routable on the internet?
They are private and only work on the local network.
What is the primary advantage of using IPv6 over IPv4?
IPv6 uses a 128-bit address, preventing the exhaustion of IP addresses
What is the format of IPv6 addresses?
Hexadecimal, with eight groups separated by colons
What is the purpose of the Managed Address Configuration flag (M flag) in DHCPv6?
To enable DHCPv6 to obtain a stateful IPv6 address
What is the characteristic of IPv6 link/machine-local addresses?
They start with fe80:: and are used when a device cannot obtain a DHCP address
What is the difference between IPv6 site/network-local addresses and IPv4 private addresses?
IPv6 site/network-local addresses are not routable on the internet, while IPv4 private addresses are
What is the purpose of the ::/128 address in IPv6?
It is the IPv6 loopback address
What is the range of IPv6 site/network-local addresses?
FEC to FEF
What is the advantage of using IPv6 over IPv4 in terms of address space?
IPv6 has a much larger address space than IPv4
What is the purpose of the hex-numbering method in IPv6?
To avoid long addresses and make them more readable
What is the difference between IPv6 and IPv4 in terms of subnetting?
IPv6 uses a different subnetting method, but both use CIDR notation
What is the purpose of the 101 message sent to the browser?
To inform the browser that the protocol is changing
What type of messages do error codes 400-499 represent?
Client errors
What does a 301 error code indicate?
The requested resource has permanently moved to a new URL
What type of errors do error codes 500-599 represent?
Server-side errors
What does a 503 error code indicate?
The service requested is down, possibly overloaded
What is the purpose of the HTTP GET message?
To request reading a web page
What is the meaning of HTTP response codes in the range of 100-199?
Informational messages
Which of the following HTTP messages is used to request appending to a page?
POST
What is the purpose of the HTTP HEAD message?
To request reading the head section of a web page
What is the error message displayed when a requested resource is not found?
Error 404: file not found
What is the purpose of the HTTP LINK message?
To connect two existing resources
What is the primary function of the header in a network packet?
To provide information for routing the packet
What is the general structure of a network packet?
Header, payload, and footer
What is the term for the chunks of data sent across a network?
Packets
What is the purpose of capturing network packets in forensic analysis?
To analyze network traffic and gather evidence
What is the difference between various types of network packets?
They have different structures and formats
Why is the header of a network packet important in forensic analysis?
It provides information about the packet's source and destination
Which protocol's header contains the source and destination MAC address?
Ethernet
What information does the IP header contain?
Source and destination IP addresses, and the protocol number of the payload
What is the purpose of the synchronization bits in the TCP header?
To establish and terminate communications between parties
Which type of header lacks a sequence number and synchronization bits?
UDP
What is the significance of the sequence number in the TCP header?
It provides information about the packet's order
What is added to the packet when encryption is used, such as with IPSec or TLS?
An additional header
What is the purpose of the ACK bit in a network packet?
To acknowledge the attempt to synchronize communications
What is the result of sending a packet with the RST bit turned on?
The connection is reset
What is the purpose of the SYN bit in a network packet?
To synchronize sequence numbers
What is the purpose of sending a packet with the FIN bit turned on?
To indicate no more data from the sender
What is the SYN flood DoS attack based on?
Flooding the target with SYN packets
What is the purpose of the IP precedence bits?
To prioritize traffic
What information does the IP header contain?
Source IP address, destination IP address, and protocol number
What is the purpose of the sequence number in the TCP header?
To keep track of the order of packets in a transmission
What type of header is used instead of TCP in certain types of traffic?
UDP header
What information does the Ethernet header contain?
Source and destination MAC addresses
What is added to the packet when encryption is used, such as with IPSec or TLS?
An additional header
What is the significance of the synchronization bits in the TCP header?
They establish and terminate connections between communicating parties
What is the purpose of the URG bit in a network packet?
To mark traffic as urgent
What is the normal sequence of events in a network conversation?
SYN, SYN/ACK, ACK, FIN
What is the purpose of an RST packet in a session hijacking attack?
To reset the connection
What is the purpose of a SYN flood DoS attack?
To flood the target with SYN packets
What is the purpose of the IP precedence bits?
To prioritize traffic when necessary
What is the purpose of the FIN bit in a network packet?
To indicate that no more data will be sent
What is the primary purpose of a port scan?
To identify open ports on a target system
Which type of port scan sends a packet with the FIN flag turned on?
FIN scan
What is the characteristic of a packet sent in a null scan?
All flags are turned off
What is the purpose of a hacker sending a packet with the URG, PUSH, and FIN flags set?
To identify open ports
Why do administrators block incoming ICMP packets?
To prevent port scanning
What is the result of sending a packet with the FIN flag turned on to an open port?
An error message is generated
What is the purpose of a port scanning tool?
To identify open ports
What is the characteristic of a Xmas tree scan?
Alternating flags are turned on and off
Why do hackers use stealthy port scanning techniques?
To avoid detection by administrators
What is the purpose of a hacker performing reconnaissance on a target system?
To gather information about the system
What is the part of a packet that contains the actual information being transmitted?
Payload
What is the purpose of the CRC in an Ethernet frame?
To check for errors in the transmission
What happens when a packet fails the CRC check in Ethernet?
The packet is discarded and the receiver updates an internal counter
What is the function of the trailer in a Layer 2 frame?
To provide error checking and indication of the end of transmission
Which protocol requests a retransmission if a frame does not pass the CRC check?
TCP
What is the purpose of padding in a packet?
To make the packet the right size
What information can be gathered from the headers of an encrypted packet?
The protocol being used
What is the purpose of the sequence number in the TCP header?
To track the sequence of packets in a connection
Which layer of the OSI model does the trailer belong to?
Layer 2
What is the result of a packet not passing the CRC check in Ethernet?
The packet is discarded
What is the primary goal of a hacker performing reconnaissance on a target system?
To gather information about the target system's network architecture
What is the purpose of a port scan?
To identify open ports on a target system
What is the characteristic of a FIN scan?
It sends a packet with the FIN flag turned on
What is the purpose of a Xmas tree scan?
To identify open ports on a target system
What is the result of a null scan?
An error packet is sent, indicating that the port is open
Why do hackers often use stealthy scans?
To avoid detection by intrusion detection systems
What is the primary function of the trailer in a Layer 2 frame?
To provide error checking and indicate the end of transmission
What is the significance of a port scan sending a packet with the FIN flag turned on?
It generates an error message if the port is open
What happens when a receiving device detects an error in a Layer 2 frame?
It discards the frame and updates an internal counter
What is the purpose of a hacker performing a port scan on a target system?
To identify open ports on the target system
What is the purpose of padding in a packet?
To make the packet a fixed length
What is the characteristic of a packet sent in a Xmas tree scan?
It has the URG, PUSH, and FIN flags set
What is the difference between the TCP and UDP protocols in terms of error handling?
TCP requests retransmission, while UDP does not
What is the result of a port scan identifying an open port on a target system?
The hacker can launch further attacks on the port
What is the purpose of the header in a packet?
To specify the source and destination addresses and protocols
What is the significance of the sequence number in the TCP header?
It helps the receiving device reassemble the packets in the correct order
What is the purpose of the cyclic redundancy check (CRC) in an Ethernet frame?
To provide error checking and ensure the integrity of the data
What happens when a packet has a fixed length but the payload is smaller than the fixed length?
The payload is padded with blank information or a specific pattern
What is the difference between the payload and the header in a packet?
The payload is the actual data, while the header is the error-checking mechanism
What is the significance of the MAC address in a Layer 2 frame?
It is used to identify the device at the data link layer
What is the total number of possible ports available for communication?
65,635
What is the primary purpose of port 22?
To remotely and securely log on to a system
What is the difference between port 20 and port 21?
Port 20 is for data and port 21 is for control
Which protocol is commonly used by network administrators to remotely log on to a system?
SSH
What can be determined from the port number of a packet?
The protocol used by the packet
What is the purpose of port 23?
To remotely log on to a system
Why is it important for a forensic analyst to know certain port numbers?
To determine the protocol used by a packet
What is the relationship between ports and channels?
A port is a channel through which communication can occur
How many ports are commonly used by a forensic analyst?
A subset of commonly used ports
What is the purpose of memorizing certain port numbers?
To determine the protocol used by a packet
What is the purpose of SSH?
To provide greater security
What is the function of port 80?
Displays web pages
What is the purpose of Kerberos on port 88?
To authenticate
What is the function of port 443?
To display web pages securely
What is the purpose of capturing traffic on a database server on port 21?
To identify an intruder or insider not adhering to system policy
What is the purpose of an old hacker trick using Telnet on port 23?
To grab the server's banner and determine the operating system
What is the purpose of utilities like Back Orifice?
To give an intruder complete access to the target system
What is the purpose of Timbuktu?
To allow remote access to a system
What is the significance of observing frequent attempts to connect to a web server on port 23?
It is a sign of an intruder or insider not adhering to system policy
What is the purpose of knowing the ports and their uses?
To identify an intruder or insider not adhering to system policy
What is the primary goal of a Denial of Service (DoS) attack?
To prevent legitimate network traffic from passing
What is the typical effect of a Ping of Death attack on a system?
The system crashes or locks up
What is the main target of a network attack?
The network itself
What is the purpose of a firewall in preventing a Ping of Death attack?
To block malformed or improperly sized ICMP packets
What is the typical result of a successful DoS attack?
The network becomes unavailable
What is the primary method used by an attacker in a DoS attack?
Sending malicious packets to the target system
What is the impact of a DoS attack on the target network?
The network becomes unavailable
What is the size of an ICMP echo packet that can cause a system to crash or lock up?
Greater than 84 bytes
What is the intention of an attacker in using a Ping of Death attack?
To crash or lock up the target system
What is the relationship between a DoS attack and the target network?
The DoS attack targets specific machines, which affects the network
What is the primary goal of a teardrop attack?
To crash the target system by fragmenting packets
What is the main issue with SYN flood attacks?
The target system is unable to respond to legitimate requests
How do modern firewalls typically block SYN flood attacks?
By analyzing the entire conversation between client and server
What is the primary difference between a teardrop attack and a SYN flood attack?
The goal of the attack
What is the result of a target system receiving a large number of SYN packets?
The system is overwhelmed with phantom connection requests
Why are SYN flood attacks often blocked by modern firewalls?
Because they are easily detected by analyzing the entire conversation
What is the purpose of the ACK bit in a SYN packet?
To acknowledge the synchronization request
What is the main weakness of a teardrop attack?
It can be blocked by patches released by vendors
What is the primary goal of a SYN request?
To initiate a connection with a target system
What is the consequence of not responding to a SYN request with an ACK packet?
The target system is overwhelmed with connection requests
What is the purpose of Stateful Packet Inspection (SPI) in firewall technology?
To block SYN flood attacks
What is the effect of a Land Attack on a target computer?
It tricks the computer into thinking it is sending messages to itself
What is the result of a Fraggle attack on a target network?
It causes a traffic jam in the target network
What is the goal of a DHCP Starvation attack?
To exhaust the address space allocated by the DHCP servers
What is the effect of an HTTP Post Attack on a web server?
It hangs the web server waiting for a message to complete
What is the purpose of a PDoS attack?
To damage the system so badly that it needs an operating system reinstall
What is the effect of a Login DoS attack on a website?
It makes the login process unavailable or unreasonably slow to respond
What is the result of a packet mistreating attack on a network?
It results in congestion in a part of the network
What is the purpose of a Smurf attack?
To generate a large number of ICMP echo requests
What is the characteristic of a Fraggle attack?
It uses spoofed UDP packets
What is the primary purpose of an IDS?
To analyze logs and detect possible incidents
What type of logs show accounts related to a particular event and the authenticated user’s IP address?
Authentication logs
What is the primary record of a person’s activities on a system or network?
A person’s log files
What type of devices produce logs that can be used as evidence in an investigation?
Routers, VPNs, and other network devices
What is the purpose of examining live traffic or logs in network traffic analysis?
To determine if a crime has been or is being committed
What do application logs record?
The date and time the user started the application and how long it was used
What is the focus of an end-to-end investigation?
The entire attack, from start to finish
What is the purpose of network security devices such as firewalls and IDS?
To block malicious traffic and prevent hacking
What type of information is contained in a device’s log files?
The primary records of a person’s activities on a system or network
What type of events do operating systems typically log?
Use of devices, errors, and reboots
What can be achieved by analyzing logs from servers and Windows security event logs?
Attributing activities to a specific user account
What is a limitation of using log files for analysis?
They can be easily altered by hackers
What is the purpose of an intrusion detection system (IDS)?
To record events that match known attack signatures
What can be discovered by configuring an IDS to capture all network traffic associated with a specific event?
What commands an attacker ran and what files they accessed
What type of logs provide information about activities on a network?
Network device logs
What can be achieved by coordinating and synchronizing logs from different systems?
Creating a more complete picture of an attack
What is a challenge of using log files as evidence?
They are easily lost or altered
What can log files show about an attack?
How an attacker entered a network
What is the indoor range of 802.11g wireless networks?
125 feet
What is the bandwidth of 802.11n wireless networks?
100 to 140 mbps
What technology uses multiple-input multiple-output (MIMO) to coherently resolve more information than is possible using a single antenna?
802.11n
What is the throughput of 802.11ac wireless networks?
1 gbps
Which wireless standard is also referred to as 'White-Fi' and 'Super Wi-Fi'?
802.11af
What is the maximum data transmission rate of 802.11ad wireless networks?
7 gbps
What is the frequency range of 802.11af wireless networks?
54 MHz to 790 MHz
What is the rebranded version of 802.11ad for use in the 45-GHz unlicensed spectrum available in some regions of the world?
802.11aj
What is the maximum bandwidth of 802.11n-2009 wireless networks with the use of four spatial streams at a channel width of 40 MHz?
600 mbps
What is the primary benefit of using wireless connections?
Ease of connection without cables
What is the standard for wireless networking?
IEEE 802.11
What is the frequency of operation for IEEE 802.11a?
5 GHz
What is the bandwidth of IEEE 802.11b?
11 megabits per second (mbps)
What is the indoor range of IEEE 802.11b?
125 feet
What is a new security feature of WPA3?
Encryption of individual traffic even on open networks
Where is wireless internet widely available?
In many public locations including fast-food restaurants, coffee shops, and retail stores
What is Wi-Fi?
A type of wireless network
What is the primary purpose of the initialization vector (IV) in WEP?
To prevent repetition of the same key
What is the encryption method used in WPA2 to provide data confidentiality, origin authentication, and integrity?
AES using CBC-MAC
What is the main advantage of WPA3 over its predecessors?
Making it harder and time-consuming to crack
What is the key size used in WEP-40?
64-bit
What is the purpose of TKIP in WPA?
To dynamically generate a new key for each packet
What is the main weakness of WEP?
IV reuse and related key attacks
What is the main function of ZigBee?
For mainly residential applications of wireless devices
What is the purpose of Wi-Fi Easy Connect?
To connect devices by scanning a QR code
What is the primary use of ANT+?
Bio-sensor data transmission
What is the name of the wireless protocol used primarily for home automation?
Z-Wave
What is the IEEE standard for Bluetooth?
IEEE 802.15.1
What is the significance of Harald Bluetooth in the context of wireless protocols?
He united the tribes of Denmark
What is the purpose of discovering wireless networks?
To identify potential security threats
What is the primary concern when it comes to wireless networks in terms of forensic analysis?
Data theft through direct network attacks
What is the purpose of tools like NetStumbler, MacStumbler, and iStumbler?
To discover and scan for wireless networks
What is a common mistake people make when setting up wireless devices?
Not changing the default settings
What is the significance of the MAC address in a packet?
It is used to determine the packet's destination
What is the main difference between a switch and a router?
A switch can only connect computers on the same LAN, while a router can connect different logical networks
What is the purpose of a router's routing table?
To determine the path of outgoing packets
What is the main advantage of modern routers over older routers?
They can learn new routes automatically
What is the main advantage of a switch over a hub?
It prevents traffic jams by ensuring data goes straight to its destination
What is the primary function of a router?
To send packets to their destinations along thousands of pathways
What is the primary function of a router in a network?
To forward data packets to a destination network
What type of memory may contain the router's operating system?
Flash memory
What is the main difference between a hub and a router?
A hub sends packets to every port except the one it received the packet from, while a router directs packets to their destination network
What is the primary function of a network interface card (NIC)?
To handle media access control and data encapsulation
What type of information does a router contain?
All of the above
What is the primary difference between a switch and a router?
A switch is used to connect computers on a single network, while a router is used to connect multiple networks
What is the primary goal of a router table poisoning attack?
To allow an attacker to access data in the compromised network
Why is it important to not shut down the router when conducting forensic analysis?
Because it will potentially lose valuable evidence
What is the function of Hyperterminal in router forensics?
To connect to and interact with the router
What is the significance of documenting the process when conducting router forensics?
To record everything that is done to the router
What is the result of altering the routing data update packets in a router table poisoning attack?
Incorrect entries are made in the routing table
What is the primary challenge of conducting router forensics?
Being careful not to alter anything
What information does the show version command provide about the router?
The platform, operating system version, system image file, and interfaces
What is the primary purpose of comparing the startup and running configurations?
To identify potential hacker modifications to the system
What is the primary purpose of the show ip route command?
To display the routing table
What is the significance of the show running-config command?
It displays the currently executing configuration
What is the primary way that hackers infiltrate routers, according to the text?
By altering the routing table
What is the purpose of the show startup-config command?
To display the system's startup configurations
What type of firewall is also referred to as a screened firewall?
Packet Filer
What is the primary benefit of using Stateful Packet Inspection firewalls over Packet Filer firewalls?
They are less susceptible to ping floods, SYN floods, and spoofing
What is the purpose of examining firewall logs in network forensic analysis?
To identify potential security threats
What is the fundamental part of network forensic analysis that involves examining the firewall?
Examining the firewall
What is the characteristic of a connection in firewall forensics?
It is all the traffic going through the firewall
What is the primary difference between Packet Filer and Stateful Packet Inspection firewalls?
The context in which they filter packets
What is the range of well-known ports?
0 through 1024
What is the purpose of analyzing TTL fields in packet responses?
To detect decoy scans and spoofed addresses
What is the term for the concatenation of an IP address and a port number?
Socket
What is the purpose of a decoy scan strategy?
To hide the attacker's IP address among decoy machines
What should you carefully check in the firewall logs?
Connections or attempted connections on common ports
What is the significance of the TTL field in a packet?
It indicates the number of routers between a source and destination
Study Notes
IPv6
- IPv6 uses a 128-bit address, which prevents IP address exhaustion
- IPv6 uses a hexadecimal numbering method to avoid long addresses
- IPv6 uses the CIDE format for subnetting (e.g. /48, /64)
- The loopback address for IPv6 is ::/128
- Link/machine-local IPv6 addresses start with fe80::
- Site/network-local IPv6 addresses start with FE and have C to F as the third hexadecimal digit (e.g. FEC, FED, FEE, FEF)
Firewall Forensics
- Firewalls are a crucial part of network forensic analysis
- Firewall logs contain valuable evidence of network activity
- There are two types of firewalls:
- Packet Filter: filters incoming packets based on set rules
- Stateful Packet Inspection (SPI): examines packets in context of the entire conversation
Collecting Data
- A connection consists of two IP addresses and two port numbers
- A socket is the combination of an IP address and a port number
- There are three ranges of port numbers:
- Well-known ports: 0-1023
- Registered ports: 1024-49151
- Dynamic ports: 49152-65535
Port Scanning
- Port scanning is a common reconnaissance technique used by hackers
- There are several types of port scans:
- FIN scan: sends a packet with the FIN flag set to test if a port is open
- Xmas tree scan: sends a packet with multiple flags set to test if a port is open
- Null scan: sends a packet with no flags set to test if a port is open
- These scans can be detected by analyzing packet headers and flags
Packet Structure
- A packet consists of a header, payload, and trailer
- The header contains information about the packet's protocol, source, and destination
- The payload is the actual content being transmitted
- The trailer is used for error checking and contains a Cyclic Redundancy Check (CRC)
Ports and Protocols
- There are 65,635 possible ports, but some are used more often than others
- Certain ports are associated with specific protocols:
- FTP: 20, 21
- SSH: 22
- Telnet: 23
- SMTP: 25
- DNS: 53
- HTTP: 80
- HTTPS: 443
- NetBIOS: 137-139
- SNMP: 161, 162
- Kerberos: 88, 464
- LDAP: 389
- IMAP: 220
Utilities and Tools
- Some ports are associated with malicious utilities and tools:
- Back Orifice: 31337
- B02K: 54320/54321
- Beast: 6666
- Donald Dick: 23476/23477
- Reachout: 43188
- Timbuktu: 407### Network Basics
- IP Addresses:
- IPv4 address: a series of four decimal numbers between 0 and 255, each representing 8 bits (an octet)
- 32-bit address, allowing for over 4.2 billion possible addresses
- Converting decimal to binary: divide by 2, using remainders, until you get to 1
IP Address Classes
- Class A: 0-126 (extremely large networks, all addresses have been assigned)
- Class B: 128-191 (large corporate and government networks, all addresses have been assigned)
- Class C: 192-223 (most common group of IP addresses, often used by ISPs)
- Reserved IP addresses: 127.x.x.x (testing, loopback address: 127.0.0.1)
Private IP Addresses
- Cannot be routed over the internet
- Used on private networks
- Three specific ranges: 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, 192.168.0.0 to 192.168.255.255
Network Address Translation (NAT)
- Translates private IP addresses to public IP addresses for internet communication
- Used by ISPs to assign public IP addresses to customers
Network Traffic Analysis
- Analyzing logs to determine if a crime has been committed and to gather evidence
- Uses logs from devices, firewalls, and intrusion detection systems
- Can help identify patterns of activity and unusual events
Denial of Service (DoS) Attacks
- Attacks that target the network itself
- Types of DoS attacks:
- Ping of Death: sends a large ICMP echo packet to crash the target machine
- Teardrop Attack: sends fragmented packets with bad values to crash the target system
- SYN Flood Attacks: sends unlimited SYN requests to overwhelm the target system
- Land Attack: sends a fake TCP SYN packet with the same source and destination IP addresses
- Smurf Attack: generates a large number of ICMP echo requests to cause a traffic jam
- Fraggle Attack: similar to Smurf attack, but uses spoofed UDP packets
- DHCP Starvation: exhausting the address space allocated by DHCP servers
- HTTP Post Attack: sends a legitimate HTTP post message with a slow message body
- PDoS (Permanent Denial of Service): damages the system so badly that it needs an OS reinstall or new hardware
- Login DoS: overloads the login process with repeated requests
- Packet Mistreating Attacks: compromised router mishandles packets, causing congestion### HTTP Messages
- HTTP messages can be classified into five categories based on their response codes:
- 100-199: Informational messages, informing the browser of the protocol change
- 200-299: Success messages, indicating successful processing of the request
- 300-399: Redirect messages, redirecting the browser to another URL
- 400-499: Client error messages, indicating errors on the client-side
- 500-599: Server error messages, indicating errors on the server-side
HTTP Request Methods
- GET: Request to read a web page
- HEAD: Request to read the head section of a web page
- PUT: Request to write a web page
- POST: Request to append to a web page
- DELETE: Remove the web page
- LINK: Connects two existing resources
- UNLINK: Breaks an existing connection between two resources
Network Packets
- A packet is divided into three sections: header, payload, and footer
- The header contains information on the packet's source and destination
- The payload carries the actual data being transmitted
- The footer contains error-checking data
TCP Header
- The TCP header contains the following information:
- Source and destination port numbers
- Sequence number
- Synchronization bits (URG, ACK, SYN, FIN, RST)
Synchronization Bits
- URG (1 bit): Marks traffic as urgent
- ACK (1 bit): Acknowledges the attempt to synchronize communications
- SYN (1 bit): Synchronizes sequence numbers
- FIN (1 bit): No more data from sender
- RST (1 bit): Resets the connection
Subnetting and CIDR
- Subnetting is dividing a network into smaller portions
- Variable Length Subnet Mask (VLSM) is used to define the network and node portions of an IP address
- The subnet mask is a 32-bit number that divides the 32-bit IP address into network and node portions
IPv6
- IPv6 uses 128-bit addresses
- IPv6 addresses are written in hexadecimal format
- IPv6 uses the CIDE format for subnetting
- The loopback address for IPv6 is ::/128
- IPv6 link/machine-local addresses start with fe80::
Wi-Fi Security
- WEP (Wired Equivalent Privacy) uses the stream cipher RC4 to secure data
- WPA (Wi-Fi Protected Access) uses Temporal Key Integrity Protocol (TKIP)
- WPA2 uses the Advanced Encryption Standard (AES) in Counter Mode with CBC-MAC Protocol (CCMP)
- WPA3 requires attackers to interact with your Wi-Fi for every password guess
Other Wireless Protocols
- ANT+: Used for sensor data in applications such as bio-sensors and exercise tracking
- ZigBee: Used for residential applications of wireless devices
- Z-Wave: Used for home automation
- Bluetooth: Used for short-distance radio communication
- Low-energy options are available in Bluetooth 5.2
Test your knowledge of network basics, including IP addresses, MAC addresses, and other essential concepts for analyzing network traffic.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free