Network Administration

¡Supera tus tareas y exámenes ahora con Quizwiz!

In the IP Header, the first four bits signify the IP version.

0100, 4, 0110, 6

Notice the six flags listed in the header, designated URG,ACK,PSH,RST,SYN,FIN. These represent Urgent, Acknowledge, Push, Reset, Synchronize and Finish. There are also two reserved bits in that byte, which are normally 0. What would be the value, in hex, associated with a SYN (only)?

0x02 . Correct. The bits (including the reserved) would be 0000 0010.

Notice the six flags listed in the header, designated URG,ACK,PSH,RST,SYN,FIN. These represent Urgent, Acknowledge, Push, Reset, Synchronize and Finish. There are also two reserved bits in that byte, which are normally 0. What would be the value, in hex, associated with a SYN-ACK?

0x12 .Correct. The bits (including the reserved) would be 0001 0010.

While doing an analysis in Wireshark, you come across these three packets. You recognize this as a TCP 3-way handshake (ask yourself how you would know that from this image). Which machine initiated the handshake?

10.0.2.6 The Source and Destination columns are the IP Addresses involved. 49468 -> 80 are the ports involved (source -> destination). All connections between two machines use a Source Address-Source Port and a Destination Address-Destination Port combination. This combination is called a Socket (covered in more detail later). This packet capture represents the initial packets establishing an HTTP connection (Port 80) to a server.

Which of the following could represent 1 Byte?

1010 0101 Remember that we use Hex characters because there is a direct relationship between 4 bits of binary and 1 hex character. This means that a single Byte, which is 8 bits, can be represented by 2 Hex characters. Thus 1010 0101 in binary is 0xA5 in Hex (0x at the beginning indicates Hex characters)

What is 0xFF in binary?

1111 1111

The loopback address is a very important address for computer communications. Which of the following is a loopback address?

127.0.0.1

A Class A network has the following format: network.host.host.host. That is, the network is the first octet. The host portion of the IP address is the last three octets and has the values 0-255.0-255.0-255. How many hosts are possible on a Class A network?

16,777,216 [256*256*256 = 16,777,216]

How many bits is 20 Bytes?

160 Bits ( 20 Bytes x 8 Bits/Byte = 160 Bits)

Which of the following is a valid IPv4 address?

192.168.10.50

How large is a TCP Segment Header?

20 Bytes

What port is typically used for SSH?

22

How many twisted pairs are in a typical Cat 5/6 cable?

4 pairs (8 wires)

The Hex digit immediately following the IP Version is the header size. What size is this header?

5 * 4 bytes = 20 bytes Remember that the first byte (2 hex characters) is the IP Version and the IHL (Internet Header Length). In this case, the first byte is 0x45. The 4 means it is IPv4 and has nothing directly to do with the header length. The 5 means that the header is 5 four byte groups. That is, it is 5 * 4 bytes = 20 bytes (160 bits).

How big is a MAC address? Hint: In HEX a MAC address might look like: 08:00:27:AC:64:0A

6 Bytes (48 Bits)

The Source Port and Destination Port are each 16 bits long. What is the largest port number in decimal?

65535. With 16 bits and 2 possibilities per bit (1 or 0), that means there are: 216=65,536 However, that is the total number of possibilities and they go from 0 - 65,535.

How large is a UDP Datagram Header?

8 Bytes

What is the IEEE standard that describes WiFi?

802.11

What is a VLAN?

A broadcast domain

What is a pcap file?

A saved Packet CAPture file that can be analyzed offline

In the following Frame header, the TCP flags have been highlighted. What type of TCP packet is this?

ACK

What is Trunking?

Allows switches to route traffic between VLANs

What does a bridge device do in networking?

Allows traffic from one network segment to be sent to another network segment

As a Cybersecurity tool, what does Wireshark allow us to do? Select the best answer!

Analyze data packets on the network

OSI model Layer 7

Application Layer

What is the decimal 192 in Hex?

C0

OSI model Layer 2

Data Link Layer

What is encapsulation?

Embedding the layer above as the payload, so that the data can be handled by the current layer

What is a packet?

Encapsulated data sent on Layer 3.

Why is TCP better than UDP?

Ensures there are no errors in the transmission of data.

Which is the most dominant technology for wireless and wired networking?

Ethernet

A 10Mbps (Megabit per second) device cannot communicate with a 1Gbps (Gigabit per second) device

False

Using a pcap file can help us spot an adversary in real time.

False

Wireshark can be used to view network traffic on any network in the world.

False. Wireshark can only view traffic on a local NIC or from a saved pcap file. We cannot view traffic beyond our network.

While examining packets in Wireshark, you come across 4 packets that have the following IP addresses and flags set: What just happened?

IP1 initiated a TCP Shutdown

This is a Hex dump of an Ethernet Frame. The IP header is highlighted in blue. Is this IPv4 or IPv6?

IPv4

What does the OID (Organizational IDentifier) portion of a MAC address (Media Access Control) do?

Identifies the Vendor or Manufacturer. This is also referred to as the OUI (Organizationally Unique Identifier)

Why was IPv6 introduced?

Lack of available IPv4 addresses

What is a CRC (Cyclical Redundancy Check)?

Layer 1/2 detection of errors in a frame and drops the frame if an error occurs

Which Layer does Ethernet primarily work on?

Layer 2

Which layer of the OSI model is the end user mostly likely to be interact with directly?

Layer 7, Application

What does MAC stand for?

Media Access Control

What does NIC stand for?

Network Interface Card

OSI model Layer 3

Network Layer

TCP Model Layers to OSI Layers (Internet Layer)

Network Layer

Frame Method: Broadcast

One node communicating to all destinations on a broadcast domain

Frame Method: Unicast

One node communicating with one destination

Frame Method: Mulicast

One node communicating with one or more specific nodes on a network

OSI model Layer 1

Physical Layer

TCP Model Layers to OSI Layers (Network Access Layer)

Physical and Data Link Layers

OSI model Layer 6

Presentation Layer

Why is the Spanning Tree Protocol necessary?

Prevents loops on Layer 2

What is the connector typically used by Cat 5/6 cables?

RJ45

Which of the following would be a Layer 1 Physical medium?

RJ45

What is a TCP three way handshake?

SYN - SYN/ACK - ACK packets

OSI model Layer 5

Session Layer

TCP Model Layers to OSI Layers (Application Layer)

Session, Presentation and Application Layers

What does the command ip a do?

Shows the IP Addresses associated with all the NICs

What does a repeater do?

Strengthens weak signals to allow for a greater distance between nodes

OSI model Layer 4

Transport Layer

TCP Model Layers to OSI Layers (Transport Layer)

Transport Layer

Data gets encapsulated from Layer 7 in the OSI model down to Layer 1.

True

Ethernet speed can be affected by Layer 1 media

True

Cat 5, 5e, 6 and 6e are types of what kind of cable?

Twisted Pair

What does the ping command do?

Verifies connectivity between two systems using the ICMP protocol.

What does Wireshark allow us to do?

View the actual bits on the wire so we can analyze the frames, packets, etc.

When would UDP be better than TCP?

When you need a faster connection, but you're not worried about every packet arriving

You use the cat command on an /etc/hosts files and see the following entry: 127.0.0.1 google.com What will happen if you ping google.com?

You will get a successful ping result, but it will be coming from the local computer

Wireshark

a tool often used by Network Administrators, cybersecurity professionals and others needing to view the actual information on the wire.

The last eight bytes of the IP header contain the Source Address and Destination address (if there are no options or padding present). Remember that two hex characters is one byte. In the following header, there are no options or padding. What is the Source and Destination addresses (look only in the blue highlighted IP header)?

acd9020a or ac d9 02 0a ; c0a8005a or c0 a8 00 5a

Which of the following would give 1 ping only to the specified address?

ping -c 1 192.168.10.50


Conjuntos de estudio relacionados

Extra Conceptual Questions Chapter 15

View Set

Social Studies-life In The 13 Colonies

View Set

OB Chapter 14 - Before Conception (Exam 2)

View Set

LIFE POLICY PROVISIONS, RIDERS, AND OPTIONS

View Set

CH. 26 Nursing Care and Discharge Teaching

View Set

GOVT-2306 Chapter 1,2,3 Exam 1 Review

View Set

Science: The Laws of Conservation of Matter and Energy

View Set