Network Protocols Explained

Questions and Answers

At which layer of the OSI model does the Internet Protocol (IP) primarily operate?

• Data Link Layer (Layer 2)
• Network Layer (Layer 3) (correct)
• Application Layer (Layer 7)
• Transport Layer (Layer 4)

What key function does the Domain Name System (DNS) provide in network communication?

• Translating domain names to IP addresses (correct)
• Encrypting data packets for secure transmission
• Managing network device configurations
• Providing dynamic IP address allocation

Which protocol is commonly used for secure remote access to network devices through a command-line interface?

• HTTP (Hypertext Transfer Protocol)
• SMTP (Simple Mail Transfer Protocol)
• SSH (Secure Shell) (correct)
• FTP (File Transfer Protocol)

What is the primary function of the Dynamic Host Configuration Protocol (DHCP) in a network?

To automatically assign IP addresses to devices (B)

Which of the following describes the role of Network Address Translation (NAT)?

Assigning a public IP address to devices inside a private network. (B)

Which term describes a network that extends a private network across a public network, enabling users to send and receive data securely?

VPN (Virtual Private Network) (B)

What is the purpose of the Time to Live (TTL) field in an Internet Protocol (IP) packet?

To limit the lifespan of a packet in a network and prevent routing loops. (A)

Which protocol is responsible for discovering the MAC address associated with a given IP address on a local network?

ARP (Address Resolution Protocol) (B)

An organization requires a protocol to monitor and manage network devices. Which protocol is most suitable for this purpose?

Simple Network Management Protocol (SNMP) (B)

Which protocol is used to send event messages from network devices to a central logging server?

Syslog (A)

What is the primary function of the Internet Control Message Protocol (ICMP)?

Troubleshooting network connections and reporting errors. (C)

Which of the following is a characteristic of IPv6 that distinguishes it from IPv4?

It includes autoconfiguration capabilities for routers. (C)

A network administrator needs to remotely manage a server. Which protocol should they use to establish a secure command-line interface?

SSH (D)

Which of the following BEST describes the difference between a public and private IP address?

Public IP addresses are unique and routable on the Internet, while private IP addresses are not directly routable. (A)

What is the primary function of File Transfer Protocol (FTP)?

Transferring files between computers (B)

Which of the following is a characteristic of the Simple Mail Transfer Protocol (SMTP)?

It is used to send emails. (C)

What is the purpose of 'ping' command in network troubleshooting?

To test the reachability of a host on a network. (B)

When a 'traceroute' command shows an asterisk (*) for some hops, what does this typically indicate?

Packet loss or a timeout at that hop. (C)

Which of the following describes the key benefit of using HTTPS over HTTP?

Encrypted communication for secure data transmission. (D)

What is a primary difference between an Intranet and the Internet?

The Internet is a global network, while an Intranet is a private network within an organization. (D)

In network addressing, what is the purpose of the subnet mask?

To identify the network and host portions of an IP address. (B)

What is the term for the volume of unwanted Internet traffic that disrupts normal operation of a server?

DDoS attack (A)

Which is the most appropriate class for network adres 192.168.0.0/24

Class C (B)

Which of the following IP Address ranges is not routable on the internet?

All of the above (D)

Which protocol is used for operating network services securely over an unsecured network, including remote command-line, login, and remote command execution?

SSH (C)

Which of the following options has the correct subnet Mask for CIDR Value /16

255.255.0.0 (A)

What is the main difference between Syslog and SNMP?

SNMP allows remote monitoring, Syslog allows exchanging log messages (C)

What does the acronym VLSM stand for?

Variable Length Subnet Mask (B)

Which of the following private IP classes are from the range 172.16.0.0 - 172.31.0.0?

Class B (B)

Flashcards

Internet Protocol (IP)

A method for sending data from one computer to another over the Internet.

Internet Service Provider (ISP)

A company that provides access to the Internet.

Network Address Translation (NAT)

Translates private IP addresses to a single public IP address.

Virtual Private Network (VPN)

A private network across a public network, ensuring secure communication.

TCP / UDP

Core protocols for data communication; TCP ensures reliable connection, UDP is faster but unreliable.

Domain Name System (DNS)

Translates domain names (like google.com) to IP addresses.

Secure Shell (SSH)

A secure protocol for remote access to a computer.

File Transfer Protocol (FTP)

Protocol for transferring files between computers.

HyperText Transfer Protocol (HTTP)

Protocol for transferring data over the web.

Simple Mail Transfer Protocol (SMTP)

Protocol for sending email.

Simple Network Management Protocol (SNMP)

Protocol for managing network devices.

Dynamic Host Configuration Protocol (DHCP)

Automatically assigns IP addresses to devices on a network.

Internet Control Message Protocol (ICMP)

Used for network diagnostics, like ping.

Time to Live (TTL)

Indicates how long a packet can live on a network.

Address Resolution Protocol (ARP)

Resolves IP addresses to MAC addresses.

IP Address

A numerical label assigned to each device connected to a computer network.

Public IP Address

An IP address that your home or business router receives from your ISP; required for publicly accessible network hardware.

Private IP Address

A unique identifier for all the devices behind a router or other device that serves IP addresses.

Internet

A global system of interconnected computer networks that use the internet protocol (TCP/IP) to link devices worldwide.

Intranet

A private network that is contained within an enterprise.

Ping

A tool used to check if a particular host is reachable.

Traceroute

A network tool used to determine the path packets take from one IP address to another

DDoS Attack

Denial-of-service attack. A malicious attempt to disrupt normal traffic of a targeted server.

Study Notes

Various Network Protocols

• Internet Protocol (IP) operates at Layer 3.
• Internet Service Provider (ISP) is a provider of internet access.
• Network Address Translation (NAT) translates network addresses.
• Virtual Private Network (VPN) provides a private network over a public network.
• Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) are transport layer protocols.
• Domain Name System (DNS) translates domain names to IP addresses.
• Secure Shell (SSH) provides a secure, encrypted connection to a remote computer.
• File Transfer Protocol (FTP) is used for transferring files between computers.
• HyperText Transfer Protocol (HTTP) is used for communication on the World Wide Web.
• Simple Mail Transfer Protocol (SMTP) is used for sending email.
• Simple Network Management Protocol (SNMP) is used for managing network devices.
• Dynamic Host Configuration Protocol (DHCP) automatically assigns IP addresses to devices on a network.
• Internet Control Message Protocol (ICMP) is used for network diagnostics.
• Time to Live (TTL) indicates how long a packet can live on a network before it's discarded.
• Address Resolution Protocol (ARP) resolves IP addresses to MAC addresses.

IP - Internet Protocol

• It is a method for sending data from one computer to another over the Internet.
• A numerical label assigned to each device connected to a computer network.
• IPv4 utilizes addresses such as 192.168.128.2.
• IPv6 utilizes addresses such as 200.7.149.50.
• Public IP addresses differentiate devices plugged into the public internet and are sometimes called Internet IPs.
• Each device accessing the internet uses a unique public IP address.
• ISPs use public IP addresses to forward internet requests to specific locations with similarity to how delivery vehicles use physical addresses to get the delivery done.
• Private IP addresses, like their public counterparts, are unique device identifiers behind a service providing device.
• Devices on a home network can share the same private IP addresses as devices elsewhere because private IP addresses are not routable on the internet.
• A private IP address ranges include:
  • 192.168.0.0 - 192.168.255.255 (65,536 IP addresses)
  • 172.16.0.0 - 172.31.255.255 (1,048,576 IP addresses)
  • 10.0.0.0 - 10.255.255.255 (16,777,216 IP addresses)
• IPv4 requires each internet-connected machine to have a unique IP address which allows for roughly 4.3 billion devices.
• IPv6 uses 128-bit addresses (e.g., fe80::240:d0ff:fe48:4672), solving address limitations.
• IPv6 also improves security and allows for router autoconfiguration.

Internet and Intranet

• The Internet operates as a global network using TCP/IP to connect devices worldwide and is a public network accessible to anyone.
• The Internet exhibits less security and high traffic due to its global scale and large user base.
• An intranet is a private network within an enterprise.
• The Intranet is more secure and has minimal traffic due to it's restricted user base.

NAT (Network Address Translation)

• NAT is a process in which a network device, usually a firewall, assigns a public address to a computer or group of computers inside a private network.

VPN (Virtual Private Network)

• A VPN extends a private network across a public network.
• VPN enables users to send and receive data across shared or public networks as if their devices were directly connected to the private network.

DNS (Domain Name System)

• DNS translates IP addresses to domain names and vice versa.
• DNS can be considered as the "phonebook of the Internet"
• Humans can access online content by using domain names like www.google.com.
• Web browsers interact using IP addresses, wherefore DNS translates domain names to IP addresses.

SSH & Telnet

• Secure Shell (SSH) is a cryptographic network protocol for secure network service operation over unsecured networks with remote command-line, login, and command execution applications.
• Telnet is a network protocol providing a command-line interface for device communication, often used for remote management and device setup (switches and access points).

FTP (File Transfer Protocol)

• FTP is a standard Internet protocol transmitting files between computers over TCP/IP connections using a client-server architecture.
• FTP clients are for uploading, downloading, and managing server files.
• WinSCP can be used as a Windows FTC client supporting FTP, SSH, and SFTP.

HTTP and HTTPS

• HTTP stands for Hyper Text Transfer Protocol.
• WWW (World Wide Web) is about communication between web clients and servers.
• Client computers and web servers communicate by sending HTTP Requests and receiving HTTP Responses.
• HTTPS secures communication over a network using the Hypertext Transfer Protocol (HTTP).

The HTTP Request/Response Circle

• A browser requests an HTML page and the server returns the HTML file.
• When a browser requests a style sheet, the server returns a CSS file.
• Browsers and servers mirror the above process for JPG images and JavaScript codes.
• Browsers request and get data in XML or JSON formats.
• Clients send HTTP requests to a web server.
• The web server receives the request and runs an application to process it.
• The server sends an HTTP response (output) to the browser.
• Then the client (browser) receives the response (output).

SMTP (Simple Mail Transfer Protocol)

• SMTP is a set of communication rules allowing software to send electronic mail.
• SMTP is used to send email and acts as a push protocol with email retrieval using IMAP or POP and operates under an application layer protocol.
• When an email is sent, a user initiates a TCP connection to the SMTP server, transmitting the mail.
• The SMTP server, always in listening mode, creates a connection upon a TCP connection request.
• Once the TCP connection is established, mail is sent immediately.
• SMTP transmits messages through email addresses.
• It makes message exchanges between clients, either on the same computer or on different devices for the same user.
• It transmits to multiple recipients, attaches media, or sends messages to external networks.

SNMP (Simple Network Management Protocol)

• SNMP is an application-layer protocol defined by the Internet Architecture Board (IAB) in RFC1157.
• It's for exchanging network management information between devices and is part of the TCP/IP protocol suite to manage network elements.
• Syslog is for network devices sending event messages to a logging server.
• The Syslog protocol is supported by various devices for logging different event types.
• Examples of its functionalities include system reboots, port status, login details, and the documentation of system changes.

SNMP vs Syslog

• SNMP remotely monitors devices, being active and secure, using UDP ports 161 and 162.
• SNMP alerts on critical actions, like HSRP state changes.
• Syslog, on the other hand, handles log messages of different severities, pushing logging info passively for historical data over TCP/UDP port 514.
• SNMP server polls devices, Syslog server is capable of receiving syslog messages.
• SNMP provides real-time information, allowing end device configuration using SNMP set.
• Syslog, while generally insecure and shares events in plain text, is primarily used to collect and acquire historical data.

DHCP (Dynamic Host Configuration Protocol)

• DHCP is a protocol used for automatic and central IP address distribution within a network.
• It configures the subnet mask, default gateway, and DNS server information, which is also referred to as dynamic IP address setting
• Addresses can be assigned statically (without DHCP server) or dynamically (with DHCP server).

ICMP (Internet Control Message Protocol)

• ICMP communicates between internet network devices.
• ICMP is used by network administrators for troubleshooting Internet connections.
• This is normally done using utilities like 'ping' and 'traceroute'.
• ICMP has been used to execute DDoS attacks using oversized IP packets.
• In a DDoS attack, multiple compromised systems flood a target server or network with traffic.

DDoS Attack

Attacks typically feature an attacker, bots, and a targeted victim.

Ping & Traceroute

• Ping tests if a host is reachable.
• Ping sends data packets to a server; upon receiving a data packet back, a connection is established.
• Traceroute traces the path packets take to an IP address.
• "Ping 'IP address'" can test the connection; "-t" command enables continuous pinging; "-t -l 1024" activates continuous pinging with 1024 bytes data packets.

TTL (Time-to-Live)

• TTL is a value in an IP packet.
• It tells a network router whether the packet has been in the network too long and should be discarded.
• Ping and traceroute utilities use the TTL value to reach a host or trace a route.
• Packet scope is controlled by TTL according to convention.
• Scopes include 0 (same host), 1 (same subnet), 32 (same site), 64 (same region), 128 (same continent), and 255 (unrestricted).

ARP (Address Resolution Protocol)

• ARP finds a host's hardware address from a known IP address.
• ARP is a communication protocol that discovers the link layer address (MAC address) associated with a given internet layer address (IPv4 address).
• This mapping is vital in in the suite of internet protocols

Network Addressing

• Classfull network example: 192.168.0.0/24.
• Router address: 192.168.0.1.
• Host addresses (Switch: 192.168.0.2, Wireless modem: 192.168.0.3, Wireless router: 192.168.0.4).

Network Addressing types

• Class A: Network.Node.Node.Node, 255.0.0.0 subnet mask, 126 networks, and 16,777,214 hosts.
• Class B: Network.Network.Node.Node Node, 255.255.0.0 subnet mask, 16,382 networks, and 65,534 hosts.
• Class C: Network.Network.Network.Node, 255.255.255.0 subnet mask, 2,097,150 networks, and 254 hosts.

Network Addressing - Private IP Addresses

• Class A: 10.0.0.0, 255.0.0.0 subnet mask and has an address range of 10.0.0.0 - 10.255.255.255.
• Class B: 172.16.0.0 - 172.31.0.0 addresses, 255.240.0.0 subnet mask and has an address range of 172.16.0.0-172.31.255.255.
• Class C: 192.168.0.0, 255.255.0.0 subnet mask and has an address range of 192.168.0.0 - 192.168.255.255.
• The addresses from 127.0.0.0 to 127.255.255.255 can't be used and are reserved for loopback and diagnostic functions.

Addressing - Classless Interdomain Routing (CIDR)

• Subnet masks vary based on the CIDR value.
• Ranges from /8 (255.0.0.0) to /30 (255.255.255.252).

VLSM (Variable Length Subnet Mask)

• VLSM involves using different subnet mask lengths with a same network address.