Network Protocols: IP, TCP, DNS, VPN & More

Questions and Answers

At which layer of the OSI model does the Internet Protocol (IP) primarily operate?

• Layer 7 (Application Layer)
• Layer 2 (Data Link Layer)
• Layer 3 (Network Layer) (correct)
• Layer 4 (Transport Layer)

Which of the following is the primary function of DNS (Domain Name System)?

• To assign IP addresses automatically to devices on a network.
• To manage network devices remotely.
• To encrypt network traffic for secure communication.
• To translate domain names to IP addresses. (correct)

Which protocol is commonly used for secure remote command-line access to a server?

• HTTP (Hypertext Transfer Protocol)
• FTP (File Transfer Protocol)
• SSH (Secure Shell) (correct)
• SMTP (Simple Mail Transfer Protocol)

Which protocol is specifically designed for transferring files between computers over a TCP/IP connection?

FTP (File Transfer Protocol) (D)

What is the function of the 'Time to Live' (TTL) field in an IP packet?

To limit the lifespan of a packet and prevent it from circulating endlessly. (A)

Which protocol is responsible for finding the MAC address associated with a given IP address on a local network?

ARP (Address Resolution Protocol) (D)

Which of the following is a key characteristic of a public IP address?

It's unique across the entire internet. (B)

Which range of IP addresses is reserved for private networks and is not routable on the public internet?

10.0.0.0/8 (A)

What is the primary function of Network Address Translation (NAT)?

To translate private IP addresses to a single public IP address. (D)

What is the main purpose of a Virtual Private Network (VPN)?

To create a secure, encrypted connection over a public network. (A)

How does IPv6 improve upon IPv4?

By using 128-bit addresses, providing a vastly larger address space. (D)

Which of the following is a characteristic that distinguishes an intranet from the internet?

An intranet is a private network accessible only to members of an organization. (B)

Which of the following best describes the role of DHCP (Dynamic Host Configuration Protocol) in a network?

Assigning IP addresses and other network configuration parameters automatically. (D)

In network communication, what is the role of HTTP?

Enabling communication between web clients and servers. (B)

What is the key difference between Syslog and SNMP?

SNMP shares data mostly in binary format, opposed to Syslog which sends plain text (D)

What does SMTP do, and how does it relate to email retrieval protocols?

SMTP sends; POP3 and IMAP retrieve (D)

What is the primary function of the Internet Control Message Protocol (ICMP)?

To provide error reporting and diagnostic functions. (D)

A network administrator uses the ping command to test connectivity to a server. What does a successful ping indicate?

There is a network connection between the host and the server. (C)

What is the purpose of the traceroute utility?

To display the path a packet takes to reach a destination. (A)

What defines the range of network in which a packet can be forwarded?

Time To Live (TTL) (D)

What is the purpose of Classfull networks (Class A, B, C)?

A legacy system of assigning IP addresses, limiting total usable hosts. (A)

Why are Class A addresses from 127.0.0.0 to 127.255.255.255 not in use?

They are assigned for loopback and diagnoses functions, and should not be used. (A)

What is the purpose of VLSM?

To vary the subnetwork masks assigned for a computer. (B)

What identifies a DDoS attack?

DDoS causes network traffic by overwhelming a system. (D)

HTTPS is used...

To send secured information over a network. (D)

What part of the HTTP circle occurs first?

The browser requests an HTML page. (D)

Which of the options represents a class C Network host?

Network.Network.Network.Node (D)

What would be the address range for a Class B private network?

172.16.0.0 - 172.31.255.255 (B)

Flashcards

What is Internet Protocol (IP)?

A method or protocol to transmit data between computers on the Internet.

What is an IP address?

A numerical label assigned to each device connected to a computer network.

What is a Public IP address?

An IP address your home or business router receives from your ISP, needed for publicly accessible network hardware.

What is a Private IP address?

A unique identifier for devices behind a router, not directly routable on the internet.

What is DNS (Domain Name System)?

A system that translates domain names into IP addresses.

What is HTTPS?

A protocol for secure communication over a computer network.

What is SMTP (Simple Mail Transfer Protocol)?

A set of rules for sending email, a push protocol for transmitting emails over the internet.

What is DHCP?

Dynamic Host Configuration Protocol: automatically assigns IP addresses, subnet mask, gateway and DNS information.

What is ICMP?

Internet Control Message Protocol: used for network devices to communicate, troubleshoot Internet connections.

What is DDoS attack?

A malicious attempt to disrupt normal traffic by overwhelming a network with a flood of traffic.

What is Ping?

A tool to test if a specific host is reachable on a network.

What is Traceroute?

A network tool to determine the path packets take to reach a destination.

What is TTL (Time to Live)?

A value that limits the lifespan of a packet, preventing it from circulating endlessly.

What is ARP (Address Resolution Protocol)?

Finds the hardware address (MAC) of a host from an IP address in a local network.

What is NAT (Network Address Translation)?

The process where a network device assigns a public address to a computer behind it

What is VPN (Virtual Private Network)?

Extends a private network across a public network enabling users to send and receive data securely.

What is SSH (Secure Shell)?

A cryptographic network protocol that provides secure remote access to a device.

What is FTP (File Transfer Protocol)?

A standard network protocol for transmitting files between computers over a TCP/IP connection.

Study Notes

Various Network Protocols

• Internet Protocol (IP) operates at Layer 3.
• ISP stands for Internet Service Provider.
• NAT (Network Address Translation) translates network addresses.
• VPN stands for Virtual Private Network.
• TCP and UDP are transport layer protocols.
• DNS stands for Domain Name System.
• SSH is a secured shell.
• FTP stands for File Transfer Protocol.
• HTTP stands for HyperText Transfer Protocol.
• SMTP stands for Simple Mail Transfer Protocol.
• SNMP stands for Simple Network Management Protocol.
• DHCP stands for Dynamic Host Configuration Protocol.
• ICMP stands for Internet Control Message Protocol.
• TTL stands for Time to Live.
• ARP stands for Address Resolution Protocol.

IP - Internet Protocol

• An IP is how data is sent from one computer to another on the Internet.
• An IP is a numerical label assigned to each device connected to a computer network.
• Public IPs include IPv4 such as 192.168.128.2 and IPv6 such as 200.7.149.50.
• There are Private IPs, Static IPs and Dynamic IPs

Public IP Addresses

• A public IP address is an IP address that a home or business router receives from its ISP.
• Public IP addresses are required for any publicly accessible network hardware includes home routers, and the servers that host websites.
• They differentiate devices that are plugged into the public internet, each using a unique IP address.
• An ISP uses these to forward internet requests to a specific home or business
• The exclusivity of a public IP ensures digital requests are sent to the correct network.

Private IP Addresses

• These are unique identifiers for all devices behind a router or similar device.
• Devices can share the same private IP addresses as devices in other networks globally.

IP Ranges

• Private IP ranges are not routable on the internet.
  • They include 192.168.0.0 - 192.168.255.255 which has 65,536 IP addresses.
  • They include 172.16.0.0 - 172.31.255.255 which has 1,048,576 IP addresses.
  • They include 10.0.0.0 - 10.255.255.255 which has 16,777,216 IP addresses.
• Public IP ranges are routable on the Internet.
  • IPv4 means each machine on the Internet should have a unique IP address, but this allows for only 4.3 billion machines.
  • IPv6 consists of 128 bits and solves the address limitation problem and brings other improvements, like autoconfiguration on routers.

Internet vs Intranet

• The internet is a global system of interconnected networks using TCP/IP to link devices, while an intranet is a private network contained within an enterprise.
• The internet is a public network accessible to anyone, whereas an intranet is a private network only accessible to users of the organization.
• The internet is less secure and has a large number of users, while an intranet is more secure and has a limited number of users.
• The internet experiences more traffic due to its worldwide nature, while an intranet has minimum traffic due to fewer users.

NAT - Network Address Translation

• NAT is a process where a network device, usually a firewall, assigns a public address to a computer, or group of computers inside a private network.

VPN - Virtual Private Network

• A VPN extends a private network across a public network.
• A VPN enables users to send and receive data across shared or public networks as if their devices were directly connected to the private network.

DNS - Domain Name System

• DNS translates IP addresses to domain names and vice versa and acts as the "phonebook of the Internet."
• DNS translates domain names to IP addresses so browsers can load Internet resources that access online information, like www.google.com.
• Web browsers interact through Internet Protocol (IP) addresses.

SSH & Telnet

• Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network.
  • Typical applications include remote command-line, login, and remote command execution.
• Telnet is a network protocol that provides a command-line interface to communicate with a device.
  • Telnet is used most often for remote management and sometimes for initial setup, especially on network hardware like switches and access points.

FTP - File Transfer Protocol

• FTP is a standard Internet protocol for transmitting files between computers over TCP/IP connections using a client-server protocol.
• FTP clients are used to upload, download and manage files on a server.
• WinSCP is a Windows FTC client that supports FTP, SSH and SFTP.

HTTP and HTTPS

• HTTP stands for Hyper Text Transfer Protocol.
• WWW or world wide web, is about communication between web clients and servers using HTTP Requests and HTTP Responses.
• Hypertext Transfer Protocol Secure (HTTPS) secures communication over computer network and is used widely on the Internet.
• In an HTTP request/response circle:
  • The browser requests an HTML page, and the server returns an HTML file.
  • The browser requests a style sheet, and the server returns a CSS file.
  • The browser requests an JPG image, and the server returns a JPG file.
  • The browser requests JavaScript code, and the server returns a JS file
  • The browser requests data, and the server returns data in XML or JSON.
• In HTTP request response, a client sends an HTTP request to the web, then a web server receives the request.
  • The server runs an application to process the request, and returns an HTTP response to the browser (client).

SMTP

• SMTP is a collection of communication rules that permits the dispatch of electronic mail (email) over the internet.
• It is used in sending email and works as a push protocol.
• IMAP or POP is used in retrieving emails at the receiver’s end.
• SMTP falls under an application layer protocol using TCP connections to an SMTP server to transmit mail.
• SMTP transmits messages based on e-mail addresses and offers message interchange between clients on same or different devices, and:
  • Transmits to multiple recipient.
  • Can attach text, video voice or graphics.
  • Transmits messages on networks external.

SNMP Syslog

• Simple Network Management Protocol (SNMP) is an application-layer protocol defined by the Internet Architecture Board (IAB) in RFC1157.
  • Management information is exchanged between network devices.
  • SNMP is a part of the TCP⁄IP protocol suite used to manage and monitor network elements.
• Syslog is a way for network devices to send event messages to a logging server, it logs different types of events.
  • Examples include system reboots, port up/down status, log in and changes made on the system.

SNMP vs Syslog

• SNMP allows remote monitoring of SNMP-Allowable device on network, wheras SYSLOG is a different Protocol.
• SNMP alerts on critical actions, or mentioned HSRP state changes, whereas, SYSLOG used for exchanging log messages of varying degrees of severity to network device capable of receiving syslog messages
• SNMP works on Poll - Response mechanism, and SYSLOG works on PUSH mechanism on end device.
• SNMP acquires real time information, and SYSLOG acquires historical data.
• In SNMP the end device configuration can be performed via SNMP, but in SYSLOG the end device configuration cannot be performed via syslog.
• SNMP traps are shared in binary format, and Syslog events are shared in plain text.
• SNMP is active uses UDP ports 161 and 162, and SYSLOG is passive uses TCP/UDP port number 514

DHCP - Dynamic Host Configuration Protocol

• This protocol is used to provide quick, automatic, and central management for the distribution of IP addresses within a network and configure proper subnet mask, default gateway, and DNS server information.
• DHCP has Static IPs (no DHCP) and Dynamic IPs (DHCP)

ICMP - Internet Control Message Protocol

• ICMP is an internet layer protocol used by network devices for communication and troubleshooting Internet connections.
• Network administrators use ICMP in diagnostic utilities like ping and traceroute.
• ICMP has been used to execute Denial of Service attacks
• A DDoS attack overwhelms a target server, service, or network with a flood of Internet traffic using multiple compromised computer systems.

Ping and Traceroute

• Ping tests if a host is reachable, sending data packets and checking for a response, otherwise no connection.
• Traceroute determines the path packets take from one IP address to another.
• Commands include ping "IP address" such as:
  • Ping 8.8.8.8 –t (continuous ping).
  • Ping 8.8.8.8 –t –l 1024 (continuous ping with packet size).
  • Tracert 8.8.8.8.

TTL - Time To Live

• TTL has a value in an IP packet and tells a network router whether that packet has been in the network too long, and should be discarded.
• The ping and traceroute utilities use the TTL value to attempt to reach a given host computer or to trace a route to that host.
• TTL protocol controls the scope or range in which a packet may be forwarded with the following conventions:
  • 0 is restricted to the same host.
  • 1 is restricted to the same subnet.
  • 32 is restricted to the same site.
  • 64 is restricted to the same region.
  • 128 is restricted to the same continent.
  • 255 is unrestricted.

ARP - Address Resolution Protocol

• It finds the hardware address of a host from a known IP.
• ARP is a communication protocol used for discovering the link layer address, such as a MAC address.
  • It's associated with a given internet layer address, typically an IPv4 address, and the mapping is a function in the Internet protocol suite.

Network Addressing

• Classfull networks include Network adres such as 192.168.0.0/24
  • Router address such as 192.168.0.1
  • Hosts addresses such as Switch (192.168.0.2), Wireless modem (192.168.0.3) and Wireless Router (192.168.0.4)
  • Class A is Network.Node.Node.Node 255.0.0.0 /8 has126 (27 – 2) 16,777,214 (224 – 2) Hosts.
  • Class B is Network.Network.Node.No 255.255.0.0 /16 has 16,382 (214 – 2) 65,534 (216 – 2) Hosts.
  • Class C is Network.Network.Network. 255.255.255.0 /24, has 2,097,150 (221 – 2) 254 (28 – 2) Nodes.

Private IP Addresses

• There are Private Networks Classes, masks and address ranges:
  • Class A is 10.0.0.0 Private Network with a Subnet Mask 255.0.0.0, and Address Range of 10.0.0.0 - 10.255.255.255.
  • Class B is 172.16.0.0 -172.31.0.0 Private Network with a Subnet Mask of 255.240.0.0 and Address Range of 172.16.0.0 - 172.31.255.255.
  • Class C is 192.168.0.0 Private Network with Subnet Mask of 255.255.0.0 and Address Range of 192.168.0.0 - 192.168.255.255.
• Class A addresses 127.0.0.0 to 127.255.255.255 cannot be used and are reserved for loopback and diagnostic functions.

Classless Interdomain Routing (CIDR)

• CIDR is a variable length subnet masking (VLSM) scheme.

VLSM - Variable Length Subnet Mask

• Networks can use different subnet masks in VLSM.