Understanding Network Protocols: IP, TCP, DNS & More

Questions and Answers

What does IP stand for and at which OSI layer does it operate?

Internet Protocol - Layer 3

What does ISP stand for?

Internet Service Provider

What does TTL stand for in networking?

Time to Live

What is the primary function of the Internet Protocol (IP)?

It is the method or protocol by which data is sent from one computer to another on the Internet, assigning a numerical label (IP address) to each device.

Public IP addresses are assigned to devices within a local network, while private IP addresses are received from an ISP for accessing the internet.

False (B)

What is the key difference between a public IP address and a private IP address?

A public IP address is unique globally and routable on the internet, assigned by an ISP. A private IP address is used within a local network (e.g., home or office) and is not routable on the internet; these addresses can be reused in different private networks.

Which of the following IP address ranges is reserved for private networks?

All of the above (D)

IPv4 addresses are 128 bits long, while IPv6 addresses are 32 bits long.

False (B)

Which characteristic primarily differentiates an Intranet from the Internet?

It is a private network contained within an enterprise (B)

An Intranet typically has more users and higher traffic than the global Internet.

False (B)

What process allows multiple computers on a private network to share a single public IP address?

Network Address Translation (NAT)

What technology extends a private network across a public network, allowing secure data transmission?

Virtual Private Network (VPN)

What is the function of the Domain Name System (DNS)?

DNS translates human-readable domain names (like www.google.com) into machine-readable IP addresses and vice versa.

Which protocol is used for secure remote command-line access and command execution?

SSH (C)

What protocol is primarily used for transferring files between computers over a TCP/IP connection?

File Transfer Protocol (FTP)

What is the secure version of HTTP, used for encrypted communication over the internet?

Hypertext Transfer Protocol Secure (HTTPS)

Which protocol is specifically used for sending electronic mail (email)?

Simple Mail Transfer Protocol (SMTP)

Which protocol is primarily used for monitoring and managing network devices?

SNMP (B)

What is Syslog used for in networking?

Syslog is a standard for message logging, allowing network devices to send event messages (like system reboots, login attempts, status changes) to a central logging server.

What is the main difference in the mechanism between SNMP polling and Syslog messaging?

SNMP uses a pull (Poll-Response) mechanism, Syslog uses a push mechanism (D)

Which protocol automates the assignment of IP addresses, subnet masks, and default gateways to network devices?

Dynamic Host Configuration Protocol (DHCP)

What protocol is used by tools like ping and traceroute for network diagnostics?

Internet Control Message Protocol (ICMP)

What is a Distributed Denial-of-Service (DDoS) attack?

A malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming it with a flood of internet traffic from multiple compromised sources.

What is the purpose of the ping utility?

To test if a particular host (server or device) is reachable across an IP network and to measure the round-trip time for packets.

What information does the traceroute (or tracert) utility provide?

It determines the network path (sequence of routers) packets take from the source computer to a destination host and measures the transit delays.

What does the Time-to-Live (TTL) value in an IP packet signify?

It limits the lifespan of a packet, indicating how many more hops (router traversals) it can make before being discarded.

What problem does the Address Resolution Protocol (ARP) solve?

It resolves an IP address (Layer 3) to its corresponding physical MAC address (Layer 2) on a local network segment.

In classful networking, what is the default subnet mask for a Class C network?

255.255.255.0

The IP address range 127.0.0.0 to 127.255.255.255 is a standard private IP range used for large corporate networks.

False (B)

What does CIDR stand for, and what does it enable?

Classless Inter-Domain Routing. It enables more flexible allocation of IP addresses compared to the older classful system, allowing network prefixes of variable lengths.

Flashcards

Internet Protocol (IP)

The method by which data is sent from one computer to another over the Internet

IP address

A unique numerical label assigned to each device connected to a computer network, used for identification and location.

Public IP Addresses

A public IP address is required for any publicly accessible network hardware, such as a home router and the servers that host websites.

Private IP Addresses

A unique identifier for all the devices behind a router or other device that serves IP addresses.

Private IP address range

Not routable on the internet; used for internal networks.

Public IP address range

Routable on the internet; each device must have a unique one.

NAT (Network Address Translation)

Translates IP addresses between private and public networks

VPN (Virtual Private Network)

Extends a private network across a public network, enabling users to send and receive data as if directly connected to the private network.

DNS (Domain Name System)

Translates domain names to IP addresses and vice versa, acting as the "phonebook of the Internet."

SSH (Secure Shell)

A cryptographic network protocol for secure communication over an unsecured network.

FTP (File Transfer Protocol)

A standard Internet protocol for transmitting files between computers over TCP/IP connections.

HTTP (HyperText Transfer Protocol)

Protocol for communication between web clients and servers by sending HTTP Requests and receiving HTTP Response

HTTPS (Hypertext Transfer Protocol Secure)

Used for secure communication over a computer network, widely used on the Internet.

SMTP (Simple Mail Transfer Protocol)

A collection of communication rules that permits software to send electronic mail (email) over the internet.

SNMP (Simple Network Management Protocol)

An application-layer protocol defined for exchanging management information between network devices.

Syslog

A way for network devices to send event messages to a logging server.

DHCP (Dynamic Host Configuration Protocol)

A protocol used to provide quick, automatic, and central management for the distribution of IP addresses within a network.

ICMP (Internet Control Message Protocol)

An internet layer protocol used by network devices to communicate, often for troubleshooting.

DDoS attack

A malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target.

Ping

A networking utility program or a tool to test if a particular host is reachable.

Traceroute

A network tool used to determine the path packets take from one IP address to another.

TTL (Time to Live)

A value in an Internet Protocol (IP) packet that tells a network router whether or not the packet has been in the network too long and should be discarded.

ARP (Address Resolution Protocol)

A communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address.

Internet

A global system of interconnected computer networks that use the internet protocol (TCP/IP) to link devices worldwide

Intranet

A private network that is contained within an enterprise

Study Notes

Various Network Protocols

• Internet Protocol (IP) operates at Layer 3
• ISP stands for Internet Service Provider.
• NAT stands for Network Address Translation.
• VPN stands for Virtual Private Network.
• TCP and UDP are transport layer protocols.
• DNS stands for Domain Name System.
• SSH stands for secured Shell.
• FTP stands for File Transfer Protocol.
• HTTP stands for HyperText Transfer Protocol.
• SMTP stands for Simple Mail Transfer Protocol.
• SNMP stands for Simple Network Management Protocol.
• DHCP stands for Dynamic Host Configuration Protocol.
• ICMP stands for Internet Control Message Protocol.
• TTL stands for Time to Live.
• ARP stands for Address Resolution Protocol.

IP - Internet Protocol

• IP is the method or protocol by which data is sent across the Internet.
• A numerical label is assigned to each device connected to a network.
• Public IP addresses are used on the public internet.
• Example IPv4 address: 192.168.128.2
• Example IPv6 address: 200.7.149.50
• Private IP addresses are used within private networks.
• IP addresses can be static or dynamic.
• Public IP addresses are received from an ISP by a home or business router and are needed for publicly accessible network hardware.
• Public IP addresses distinguish devices connected to the public internet.
• Each device accessing the internet must have a unique IP address.
• Public IP address is sometimes called an Internet IP.
• Each Internet Service Provider uses the public IP address to forward internet requests to a specific home or business.
• Digital requests are sent to the correct network using the exclusivity of IP addresses.
• Private IP addresses uniquely identify devices behind a router or a device serving IP addresses.
• Devices within a home network can share the same private IP addresses as other devices globally.
• Private IP ranges are non-routable on the internet.
• 192.168.0.0 - 192.168.255.255 gives 65,536 IP addresses
• 172.16.0.0 - 172.31.255.255 gives 1,048,576 IP addresses
• 10.0.0.0 - 10.255.255.255 gives 16,777,216 IP addresses
• Each machine on the Internet needs a unique, routable public IPv4 address.
• Ipv4 theoretically holds only 4.3 billion machines
• IPv6- Consists of 128 bits
• IPv6 solves the problem of address limitation
• IPv6 brings autoconfiguration and improved security.

Internet and Intranet

• The internet is a global system of interconnected networks using TCP/IP protocol.
• The internet is a public network accessible to anyone.
• The intranet is a private network contained within an enterprise.
• The intranet is a private network accessible only to organization users and is more secure.
• More traffic is found on the internet as it is a global network, compared with the minimum traffic of an intranet.

NAT - Network Address Translation

• NAT assigns a public address to devices inside a private network, typically done by a firewall.

VPN - Virtual Private Network

• A VPN extends a private network across a public one.
• VPNs enable users to send and receive data across shared or public networks as if directly connected to the private network.

DNS - Domain Name System

• DNS translates IP addresses to domain names (and vice versa).
• Some consider DNS to be the "phonebook of the Internet".
• DNS translates domain names such as www.google.com to IP addresses.
• With DNS translations, web browsers can load internet resources using IP addresses.

SSH & Telnet

• Secure Shell (SSH) is a cryptographic network protocol.
• SSH operates network services securely over unsecured networks.
• SSH is used for remote command-line login and execution and secures any network service.
• Telnet provides a command-line interface for device communication.
• Telnet is used for remote management and initial setup of network hardware like switches and access points.

FTP - File Transfer Protocol

• FTP is a standard Internet protocol for file transmission between computers over TCP/IP.
• FTP operates on a client-server architecture, where a client requests a file from a local or remote server.
• FTP clients are used to upload, download, and manage server files.
• WinSCP is a Windows FTC client with FTP, SSH, and SFTP support.

HTTP and HTTPS

• HTTP is Hyper Text Transfer Protocol.
• WWW (World Wide Web) uses web clients and servers for communication.
• Client-server communication is done by sending HTTP Requests and receiving HTTP Responses.
• HTTPS (Hypertext Transfer Protocol Secure) is an HTTP extension for secure communication over a network.
• HTTPS is widely used on the Internet.
• In an HTTP request/response circle: a browser requests an HTML page from a server, which returns the HTML file.
• -The browser then requests a style sheet, and the server returns a CSS file, and so on.
• Communication between clients and servers requires requests and responses.
• A client sends an HTTP request to the web, then a web server receives the request.
• The server runs an application to process the request.
• The server returns response(output) to the browser which is then received by the client.

SMTP

• SMTP is a set of communication rules which allows software to send email over the internet.
• SMTP is a push protocol used in sending emails.
• IMAP or POP is used in retrieving emails at the receiver's end.
• SMTP operates under an application layer protocol.
• When an email is sent, a TCP connection to the SMTP server is started where user transmits the email.
• The SMTP server listens continually and transmits messages based on email addresses for message interchange between devices.
• SMTP can transmit a message to multiple recipients.
• SMTP can attach text, video, voice, or graphics.
• SMTP can transmit messages on networks external to the internet.

SNMP Syslog

• Simple Network Management Protocol (SNMP) is an application-layer protocol.
• SNMP Exchanges management information between network devices.
• Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite uses SNMP to manage and monitor network elements.
• Syslog sends event messages from network devices to a logging server.
• Syslog protocol logs wide range of device events.
• Examples of these events include: system reboots, port up/down status, login information, and system changes.

SNMP vs. Syslog

• SNMP facilitates remote monitoring of network devices.
• SNMP issues alerts on critical actions like HSRP state changes.
• SNMP uses a Poll-Response mechanism, with the SNMP Server polling devices.
• SNMP retrieves real-time information.
• End device configuration can be performed via SNMP set e.g reboot system
• SNMP traps are shared in binary format and are secure, which is in contrast to Syslog.
• SNMP is active and uses UDP ports 161 and 162.
• Syslog exchanges log messages indicating the severity to network device with the ability to receive syslog messages.
• Syslog is collected to dig deeper to figure out why the HSRP state change occurred.
• Syslog uses a PUSH mechanism where the end device sends logging information.
• Syslog acquires historical data and cannot perform end device configuration via syslog set.
• Syslog events are shared in plain text and are insecure,
• Syslog is passive and uses TCP/UDP port number 514.

DHCP - Dynamic Host Configuration Protocol

• DHCP provides quick, automatic, and central IP address distribution within a network.
• DHCP configures the subnet mask, default gateway, and DNS server information (Dynamic IPs).
• Static IP (no DHCP)
• Dynamic IP (DHCP)

ICMP - Internet Control Message Protocol

• ICMP is used by network devices to communicate.
• ICMP is used by network administrators to troubleshoot connections using ping and traceroute utilities.
• ICMP can execute Denial of Service attacks via oversized IP packets.
• A DDoS (distributed denial-of-service) attack overwhelms a targeted server with a flood of traffic.
• DDoS attacks use multiple compromised computer systems as attack traffic sources.

Ping and Traceroute

• Ping tests if a particular host is reachable on a network and confirms connection through returned data packets.
• Traceroute determines the path packets take from one IP address to another.
• To Ping, use: ping "IP address" e.g., ping 8.8.8.8
• Continuously Ping: ping 8.8.8.8 -t
• Constantly Ping with Packet Size: ping 8.8.8.8 –t –l 1024
• To Trace Route" tracet 8.8.8.8

TTL - Time To Live

• TTL indicates if a packet has been in a network for too long and should be discarded.
• Ping and traceroute utilities use TTL to reach a host or trace a route.
• TTL values control the scope in which a packet may be forwarded.
• 0 is restricted to the same host.
• 1 is restricted to the same subnet.
• 32 is restricted to the same site.
• 64 is restricted to the same region.
• 128 is restricted to the same continent.
• 255 is unrestricted.

ARP

• ARP finds the hardware address of a host, when the IP is known.
• ARP discovers the link layer address (MAC address) linked with the internet layer, IPv4 address.
• This mapping is a critical function in the Internet protocol suite.

Network Addressing

• Classfull networks are categorized into classes A, B, and C
• Example: Network address: 192.168.0.0/24.
  • Router address: 192.168.0.1
  • Host addresses include 192.168.0.2 (Switch), 192.168.0.3 (Wireless modem), 192.168.0.4 (Wireless router).
• Class A
• Format: Network.Node.Node.Node
• Subnet Mask: 255.0.0.0
• CIDR Value: /8
• Number of Networks: 126 (2^7 – 2)
• Number of Hosts: 16,777,214 (2^24 – 2)
• Class B
• Format: Network.Network.Node.Node
• Subnet Mask: 255.255.0.0
• CIDR Value: /16
• Number of Networks: 16,382 (2^14 – 2)
• Number of Hosts: 65,534 (2^16 – 2)
• Class C
• Format: Network.Network.Network.Node
• Subnet Mask: 255.255.255.0
• CIDR Value: /24
• Number of Networks: 2,097,150 (2^21 – 2)
• Number of Hosts: 254 (2^8 – 2)

Network Addressing - Private IP Addresses

• Class A
• Private Networks: 10.0.0.0
• Subnet Mask: 255.0.0.0
• Address Range: 10.0.0.0 to 10.255.255.255
• Class B
• Private Networks: 172.16.0.0 - 172.31.0.0
• Subnet Mask: 255.240.0.0
• Address Range: 172.16.0.0 - 172.31.255.255
• Class C
• Private Networks: 192.168.0.0
• Subnet Mask: 255.255.0.0
• Address Range: 192.168.0.0 - 192.168.255.255
• The Class A Addresses 127.0.0.0 to 127.255.255.255 are reserved for loopback and diagnostic functions.

Network Addressing - Classless interdomain routing (CIDR)

• Classless Inter-Domain Routing (CIDR) is a method for allocating IP addresses.

VLSM - Variable Length Subnet Mask

• VLSM refers to Variable Length Subnet Mask.