BUS 499 Final

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

The UDP header has ________ fields.

4

An IP packet may include a(n) ________.

Application message or fragment AND TCP segment or UDP datagram

Optical fiber cords use two strands ________.

For full-duplex transmission

In a four-step close, which side transmits a FIN segment?

The side that does not initiate the close AND the side that initiates the close

Point-to-point single network

a network that uses a single set of standards for all devices. If one host is on one single network and another is on a single network of a different type, they cannot communicate

Frames and packets

a packet must always be carried inside a frame when it passes through a single network. Single networks understand frames and what to do with them but have no idea what a packet is

Only applications from the IETF are likely to be able to run over TCP.

false

The transport process always fragments the application message.

false

IoT

"slow and close" communication extends battery life. Security threats include eavesdropping, data modification, and impersonation. Some have no cryptologic security while others have reasonably good security, such as Bluetooth. Device loss or theft can pose a problem as most devices are only protected by short PINs.

A host sends a packet to another host with six single networks along the way. How many packets are involved in this transmission?

1

During a connection opening, how many TCP segments will the side that initiates the connection send?

2

If there are 10 routers between the source and destination hosts, how many transport processes will be involved on all devices?

2

A host sends a packet to another host with six single networks along the way. How many frames are involved?

6

Transmitting "Oh, My!" without the quotes in ASCII requires ________ octets.

7

ARP cache poisoning is ________.

A man-in-the-middle attack

Reset (RST)

A reset may occur if a problem is encountered during a connection, for security reasons, or for several other reasons. RST is an abrupt close. There is no ACK because the RST's sender is no longer listening

IPv6

Although IPv4 dominates the Internet's traffic, the Internet Assigned Numbers Authority did a poor job distributing IPv4 addresses and there is no more to distribute. With new devices needing their own IPv6 addresses, all firms must support IPv6. IPv6 has 128 bit addresses. Each additional bit doubles the number of addresses. There are just under 4.3B IPv4 addresses, there are 34 undecillion IPv6 addresses. For perspective, there are billions of IPv6 addresses per person alive. This will solve the availability problem for many years to come, even with the IoT. Companies have found that IPv6 implementation is a long and complex process. They need employees who understand this and other "v6" protocols such as ICMPv6 and DHCPv6. Also, the tools to manage IPv6 are less robust than those used to manage IPv4

It is typically advantageous to change a standard if the layer ________ gets an upgraded standard.

Below it

At what layer will you find standards for EUI-48 addresses?

Data link

paths across a single network are called ________.

Data links

The final router in a route sends the packet being routed in a frame addressed to the ________.

Destination host

Flooding a host with traffic so that it cannot serve its legitimate users is a ________ attack.

DoS

Local area networks (LANs)

networks that operate on a customer premises: the property owned by the organization that uses the network

Routing table

Each router has a routing table that it uses to make routing decisions. Routing tables have rows, each of which represents a route for a range of IP addresses - often packets going to the same network or subnet. These rows don't specify the full route and only the next step in the route. The routing table does not need a row for each IPv4 address as an Ethernet switching table does for EUI-48 addresses. It only needs a row for each group of IPv4 addresses. This equates to many fewer rows than an Ethernet switch would need for an equal number of addresses. To route a packet, a router must find all rows that apply to an incoming packet. Then it must pick the best alternative route from this list of matches. This requires more work per packet, making routing much more expensive than switching per message handled. Routing tables don't have a first column with route (row) numbers

To know what kind of message is in the Ethernet II data field, the receiver must look in the ________ field.

EtherType

Ethernet has reliability issues because of its ________.

Hierarchical organization

________ have access points.

Home access routers

Hierarchical

IPv4 addresses are 32 bits, hierarchical, and consist of 3 parts (groups of bits) that locate a host in progressively smaller parts of the Internet. These are the network, subnet, and host parts. Parts may not even break conveniently at 8 bit boundaries, which are separated by periods. IPv6 routing works the same way but with 128-bit IPv6 addresses and masks

No checksum field

IPv4 has a header checksum field to check for packet header errors. Experience showed this isn't a problem, so IPv6 dropped it, which slashes packet handling time on routers

Propagation effects

In wired transmission, it can be well controlled by respecting cord distance limits and taking other installation precautions. In wireless networks however, the effects are complex and difficult to solve

Serial transmission

N bits per clock cycle

At what layer will you find standards for packets?

Internet

Internet communication that does not involve a human is referred to with the term ________.

IoT

What decision does the switch take when it receives a frame? What is the name of this decision? How do switches make this decision?

It makes switching decision not packet forwarding. Switches make this decision not based on destination port but based on destination MAC address and the switching table

Multimode fiber

LAN fiber cores are 50 microns in diameter, about the diameter of a human hair. Cores of this diameter can admit several modes

________ occurs when the light energies of two pulses arrive at the far end at overlapping times.

Modal dispersion

After the side wishing to close a TCP connection sends a FIN segment, it will ________.

Only send ACK segments

In a single switched network, a ________ connects consecutive switches.

Physical link

UTP and fiber distance limits are for ________.

Physical links

Having only a single possible path between devices ________.

Reduces switching cost

If you can span the distance between two switches with either a single optical fiber link or two UTP lengths with an intermediate switch, which should you choose?

Single optical fiber link

Sequence numbers

TCP can handle application messages of almost any length. For the receiver to put the pieces of the application messages back in order, each TCP segment has a sequence number field that gives its position in the stream of segments. The receiving TCP process puts the segments in order of increasing sequence number and reassembles the application message. The TCP process then passes the application message up to the correct application process indicated in the port number

Normal closing

TCP close consists of two FIN segments, one in each direction, plus their acknowledgements, for a "polite" ending to the conversation

Flag fields

TCP has 9 single bit fields, each of which is a flag field. If 1, then set; if 0, then the flag field is not set. If the ACK bit is set, then the segment acknowledges another segment and the acknowledgement field must be filled in to indicate which message is being acknowledged. If the SYN (synchronization) bit is set, then the segment requests a connection opening. If the FIN (finish) bit is set, then the segment requests a normal connection closing; are 1 bit fields and include SYN, ACK, and FIN bits. Also known as single-bit fields. If it has the value 1, it is said to be set (and vice versa)

From which standards architectures do organizations typically take their standards?

TCP/IP and OSI

Orthogonal frequency division multiplexing (OFDM) spread spectrum transmission

The 802.11 Working Group's current standards almost exclusively use this. In OFDM, each broadband channel is divided into many smaller subchannels called subcarriers. OFDM transmits part of a frame in each subcarrier and sends data redundantly across the subcarriers, so if there's impairment in one or even a few subcarriers, all of the frame will usually still get through. Why use subcarriers instead of simply spreading the signal over the entire channel? The problem is that sending data over a very wide channel is technically difficult and it is much easier to send many slow signals in many small subcarriers

WiFi direct (or WiDi)

The WiFi Alliance 802.11 standard has always included an ad hoc mode in which two wireless WiFi hosts communicate directly, providing medium speed communication over typical WiFi distances. Does not need an access point. Two standards have been created to network IoT devices in a mesh, which are Zigbee and Z-Wave

Wireless Protected Access (WPA)

The WiFi Alliance created an interim security standard based on an early draft of 802.11i but using much weaker standards for cryptographic protections.

Wired equivalent privacy (WEP)

The Working Group created this as part of the original 802.11 standard in 1997. It was deeply flawed

Standards layers provide services directly to ________.

The next-higher layer

physical links

The number of these links the frame travels over ranges from one with PPP to many for ethernet. By definition, there is always a single data link when a source device sends a frame to a destination device through a single network

Distribution system

this is normally done through the company's switched Ethernet network

Host part

These are the remaining bits of the 32 bit IPv4 address, which specifies a particular host in a subnet. Host parts in different organizations differ in length

Passive radio frequency ID (RFID)

This is an extreme case of NFC with no power at all.

Dynamic host configuration protocol (DHCP)

This kind of server typically gives a client a different IP address each time it boots up. Client boots up, realizes that it does not have an IP address. Client broadcasts a DHCP request message requesting one. The DHCP server selects one from its database of available IP addresses. The server sends this IP address to the client in a DHCP response message. The client's IP address is now the one received.

Default row

This row has the destination 0.0.0.0 and the mask 0.0.0.0. This row will match every IPv4 address because masking any IPv4 address with 0.0.0.0 will give 0.0.0.0, which is the value in the Destination Field. This row ensures that at least one row will match the destination IPv4 address of every arriving packet. In general, a "default" is something you get if you don't have a more specific choice

Flow label field

This value indicates that the packet is a member of a particular flow. The router has rules that apply to every packet in the flow

Which of the following provides security in Ethernet?

VLANs

In a single switched network with seven switches between a source and destination host, the source host addresses the frame ________.

To the destination host

User Datagram Protocol (UDP) datagrams

UDP, unlike TCP, cannot do segmentation. The entire application message must fit into a single UDP datagram. The length field in the UDP header is 16 bits long, which means the max length of the UDP data field and an application message is 65,536 octets. On the plus side, there is no need for sequence numbers, opening, closings, acknowledgements, or other things that require a longer header

The KrebsOnSecurity.com attack ________.

Used IoT devices to attack the site and it was DOS attack

Depicting the Internet as a cloud symbolizes ________.

Users do not have to know how the Internet operates

What are VLANs? Why VLANs are used?

VLANs are groups of servers and hosts that can communicate with each other. They are used to establish simple networks between trusted users that prevent outsiders entirely from joining, communicating, or interacting with the network in any way. In this sense, they are a secure method to use.

Backwards compatibility

WiFi devices are required to have this. Signals are limited to the worst 802.11 type hardware installed

Extension headers

a few IPv4 packets have options but each router must check each packet for options, which can cost significant time. In IPv6, the main header can be followed by multiple extension headers, each of which has a well-defined purpose and serves the role that an option does in IPv4. The headers are daisy chained together based on the Next Header Field

Data link

a frame's path from the source device to the destination device through a single network of any type

Octet

a group of 8 bits. These are usually encountered in data link layer syntax. Also called a "byte"

Extended service set (ESS)

a group of BSSs with the same SSID that connect via a distribution system

Prefix notation

a mask is represented by a slash followed by the number of initial 1s in the mask. An advantage is that it's simple even if the number of leading 1s is not a multiple of 8. For example, mask 255.255.255.0 is twenty-four 1s and eight 0s, which equals /24

master-slave control

a master may have up to 7 slaves. A slave may have up to 7 masters. A master and its slaves form a piconet. Profiles provide application-level functionality, including printing, synchronization, etc.

Frame

a message in a single network (isn't a packet). The data link standard governs how this component is organized

Bluetooth

a short-range radio technology designed for personal area networks (PANs), which are small groups of devices around a person's body or a single desk. It is essentially a cable replacement technology. Classic Bluetooth and Bluetooth Low Energy (LE) are incompatible. Devices with rechargeable batteries, such as mobile phones, usually offer both. However, small IoT devices are usually only single-mode. Bluetooth always uses point-to-point/one-to-one communication and master-slave control. The Classics operate around 1 W.

Z-Wave

a similar ad hoc wireless networking protocol. Similar in range and speed to Zigbee for small/mid-size networks. Has 128 bit AES encryption and other good security. Only operates in the 800/900 MHz ISM bands.

IPv4 mask

a string of 32 bits, like an IPv4 address. However, a mask always begins with a series of 1s, which is always followed by a series of 0s. For example, if a mask begins with twelve 1s, it will end with twenty 0s. Since there is no way to tell by looking at an IP address what sizes the network, subnet, and host parts are since they are always 32 bits, the solution is masks

Networked applications

those that require a network to communicate with one another

ISO and ITU-T

a variety of network standards, especially for physical and data link processes

________ links connect users to workgroup switches.

access

Service set ID (SSID)

all WiFi devices show you the available SSIDs, or name to identify an access point, of nearby access points

The strength of a wave is its ________.

amplitude

IPv6 main header

an IPv6 packet can have multiple extension headers before the Data Field. Although the IPv6 main header is longer than IPv4, it is simpler with fewer fields for routers and hosts to consider. This relative simplicity means that routers process longer IPv6 headers faster than they process IPv4 headers. This makes them cheaper for the amount of traffic that they process. IPv4 begins with a 4 bit version number field, 0100 (4), while IPv6 begins with the 4 bit version number field 0110 (6). Next are the traffic class and flow label fields. Next is payload length, hop limit field, and no checksum field

Basic service set (BSS)

an access point and its wireless hosts

Zigbee (named after the dance that bees do to communicate directions to flowers with nectar)

an ad-hoc wireless network means that the network is self-organizing with no need to create a complete design in the beginning, and the network adapts automatically to changes. The heart of the network is the Zigbee controller, which coordinates the network. Larger Zigbee networks may have several. In home and small business networks, the controller may also be a gateway (i.e. router) to the Internet. Zigbee end devices are IoT devices such as light switches, light bulbs, TVs, etc. which must be able to communicate via the Zigbee protocol. End devices may connect to a controller, but they may also connect to Zigbee routers, which permit Zigbee networks to span larger distances than a single controller. Zigbee operates in 2 unlicensed bands, which are the 2.4 GHz unlicensed band and the 800/900 MHz unlicensed band. It's split designation because it is 800 MHz in Europe but 900 MHz in North America. The lower band can carry signals slightly farther while the higher band can transmit signals slightly faster at the cost of slightly greater energy use. Has 128 bit AES encryption and other good security.

Network core

an ethernet network's collection of core switches

Manageable switch

an ethernet switch must have an SNMP agent. Also needs the electronics to gather the data the SNMP manager asks for in Get commands and to make changes indicated in Set commands

Rogue access point

an unauthorized access point setup within a firm by an employee or department. They are dangerous because they are typically configured with poor to no security. A single one of these will give a drive-by hacker access to the firm's internal network. It is a weakest link problem where the least secure access point determines the strength of the entire network

Layers standards

application, transport, internet, data link, and physical

TCP messages

are called TCP segments

Absorptive attenuation

as a radio signal travels, it is partially absorbed by the air molecules, plants, and other things it passes through. Water is an especially good absorber of radio signals

Channel bandwidths

as this increases, the number of channels in a service band decreases proportionately. 802.11n products deliver speeds of 100 to 600 Mbps. The newer 802.11ac standard delivers far higher rated speeds of 433 Mbps to 6.9 Gbps

Single-mode fiber

at 8.3 microns, only a single mode can enter the core. There is no modal dispersion, so signals travel much farther than they do in multimode fiber. The only remaining limitation is absorption of the light by the core's glass. This glass is very pure, so absorptive attenuation is small

Bluetooth profiles

basic printing profile (BPP), synchronization profile (SYNCH), and human interface device (HID)

Multiuser MIMO (MU-MIMO)

beamforming allows this, in which the access point focuses on two wireless devices at the same time. With focused transmissions, it can communicate with two or more devices simultaneously. This eliminates the time a device may have to wait before transmitting in order to avoid collisions

Differentiated Service Control Point Field

can be used for priority or other quality of service purposes

Explicit Congestion Notification (ECN) field

can be used to reduce the transmission frequency between a pair of hosts to cope with congestion in the transmission system between them

Wi-Fi

certification system managed by the Wi-Fi Alliance; is now synonymous for 802.11

The source socket is 60.171.18.22:2707. The source is a(n) ________.

client

Virtual LANs (VLANs)

clusters of servers and hosts that are allowed to communicate with one another

Hybrid TCP/IP-OSI architecture

combines OSI standards at the physical and data link layers with TCP/IP standards at the internet and transport layers and

Hierarchical topology

ethernet requires this. Otherwise loops would exist, and a single loop will cause the network to shut down. Topology is the physical organization of switches and transmission links

Workgroup switches

connect individual hosts to the network

Access links

connect individual hosts to their workgroup switches

Core switches

connect switches to other switches

Trunk links

connect switches to other switches

Internal router

connects different subnets within a network

Access point

connects hosts directly and connects wireless clients to servers and Internet access routers on the Ethernet network

Alphanumeric info

consists of text, numbers, and other keyboard characters, which normally all consists of ASCII code

Fiber cord

consists of two fiber strands, one for propagation in each direction. Light travels in waves; a wave's amplitude is its power. Optical fiber transmission is described in terms of wavelength. Wavelength is the physical distance between comparable points on adjacent cycles. Wavelengths for optical fiber are measured in nanometers (nm). LAN fiber uses 850 nm almost exclusively because it is cheap and usually sufficient. Wide area networks use 1,310 and 1,550 nm light to support longer distances

Internet Assigned Numbers Authority (IANA)

controls internet addresses to avoid address duplication

For every conversation, a client randomly generates an ephemeral port number for ________.

conversations

How to write IPv6 addresses in IPv6 canonical text representation following RFC 5952

convert to hexadecimal notation; write letters in lowercase, divide four-symbol fields by colons. Remove leading 0s from each field. However, there must be at least a single value left, so change 0000 to 0. Do not remove trailing 0s. Shorten one group of more than two groups of single 0 fields to two colons. If there are multiple groups of more than two colons, shorten the longest. If there is a tie for longest, choose the first. The final address in simplified IPv6 notation is shortened but still not short

In optical fiber, light travels through the ________.

core

Physical standard

covers three things: the transmission medium (optical fiber, radio transmission, etc.), a physical connector on each device, and how 1s and 0s are transmitted over this physical link

Pre-shared key (PSK) initial authentication mode

created for a home or business with a single access point. Does not require a central 802.1X authentication server. Authentication basis of knowledge of pre-shared keys. Technically strong (a bit weaker than 802.1X), but weak human security can compromise technological security. Has an operation threat of mismanaging the pre-shared key. It is important to regularly cycle this pre-shared key (password). Another danger is a weak pass-phrase. Pass-phrases are much longer than a password. At least 20 characters long is suggested for a strong PSK. After authentication using the PSK, the wireless access point gives each authenticated device a new unshared pairwise session key while subsequently communicating with the access point

802.1X initial authentication mode

created for corporations with many access points. Extremely strong but complex to implement. This would be overkill in residences as it requires a separate, central authentication server. WiFi Alliance has also named this as enterprise mode. Authentication basis with credentials on the 802.1X authentication server. Although it is technically extremely strong, it can be defeated by rogue access points and evil twin attacks. The verification function is distributed over two devices: the 802.1X authenticator and a central 802.1X authentication server. The first authenticator/access point is mostly a pass-through device during initial authentication. The second does the real work as it has the database on credentials and checks the supplicant's authentication credentials. The 4 steps in the 802.1X initial authentication process in 802.1i are requirements for credentials, providing credentials, credentials check, authorization message to the authenticator, and authorization message to the client. Now the client may send packets to any host on the network

Virtual private network (VPN)

defeats MITM evil twin access point attacks. Implemented between a client and the server it wishes to communicate with. A VPN is an encrypted path through an untrusted network. Because the transmission is encrypted, others cannot read it. Although the evil twin can still intercept traffic and decrypt it, it cannot get through the second encryption implemented on the frame by the VPN key.

Syntax

describes how messages are organized

Human interface device (HID)

desktop computers use this profile for mice, keyboards, and other input devices. There is no prior setup beyond selecting the device

Near field communication (NFC)

device can manipulate the near field to send data. This takes very little energy. Takes place at low speeds around 434 kbps and cannot transfer much information. Also distances are limited to a couple inches. NFC protocols use transmission in the 13.56 MHz unlicensed service band created for this purpose. The technical standards are also largely set.

Hosts

devices that connect to the internet

Trailer

everything that comes after the data field

Header

everything that comes before the data field

Payload

everything that follows the main header, which is the extension headers and the data field. On the other hand, a data field is the content of the message being delivered

A DHCP server to assigns the client host the same IP address each time.

false

A switch knows the entire data link between the source and destination hosts.

false

Rapid spanning tree protocol (RSTP)

disables loops. Loops only last a moment because the switches quickly realize that something is wrong and begin sending supervisory frames to one another using this

Site surveys

discovers any dead spots or other problems. Requires signal analysis software, which can run on a laptop or even a smartphone. These surveys must be done frequently and routinely, also may be done in response to specific reports of problems, as workplace conditions may change, such as more desks within an access point's service area, signal obstructions, etcetera. Signal power is usually measured in milliwatts and often compared at varying distances. The ratio of two powers are expressed in decibels

Connectionless protocol

does not formally establish and then formally end communication sessions

Transport processes

end-to-end (host-to-host), packet assembly and disassembly with TCP (not with UDP), error correction, packet sequencing, and congestion control with TCP (not with UDP)

Radiative attenuation

ethernet cable consists of long copper wires. This makes it an excellent antenna. As the signal travels down the cable, some of the signal radiates away, dissipating the signal's energy. Dissipation grows with distance. Beyond some distance, the signal becomes unreadable

Extended Unique Identifier-48 (EUI-48)

ethernet data link addresses follow this standard. An identifier is an address; these addresses must be unique. Used to be called Media Access Control (MAC) addresses.

5 GHz unlicensed service band

far wider than the 2.4 GHz band and provides between 11 and 24 nonoverlapping 20 MHz channels, depending on the country. The number of channels in the 5 GHz band is going down as channels become wider to provide higher speed per channel, and it will soon be as crowded as the 2.4 GHz unlicensed radio band. Slightly shorter propagation distance because of higher absorption and deader dead zones

Routing decision

find all row matches, find the best-match row, and then send the frame out based on information in the row

TCP has single-bit fields in its headers; these single-bit fields are called ________ fields.

flag

Dish antenna

focuses signals in a narrow range and signals can be sent over longer distances; must point at receiver

Beamforming

focuses the radio power instead of broadcasting it isotropically (in all directions equally). When the access point transmits to or receives from a wireless device, the signal will be stronger. The radio can either operate at lower power or send the signal farther

Unlicensed service bands

for companies that have wireless access points and mobile computers, even the requirement to license central antennas (in this situation, access points) is an impossible burden. Consequently, the International Telecommunications Union (ITU) created a few unlicensed service bands. In these bands, a company can add or drop access points any time it chooses. It can also have as many wireless hosts as it wishes. All 802.11 WiFi networks operate in these unlicensed radio bands. The downside of unlicensed service bands is that companies must tolerate interference from others. If you neighbor sets up a wireless LAN next door to yours, you have no recourse but to negotiate with him/her over such matters as which channels each of you will use. At the same time, the law prohibits unreasonable interference by using illegally high transmission power

Bluetooth low energy (LE)

for fitness trackers, etc with a low duty cycle. Low cost for very brief, low-speed, and infrequent communication with up to 2 Mbps but usually 125 kbps or 500 kbps. Very low power required with a coin battery or similar power source. Usually 0.01 W to 0.5 W. The LE slaves must frequently wake up and transmit a brief advertisement message to announce their existence and say what they can do. When the master needs a connection, it scans for such advertisements and then initiates a connection. These messages are brief and have significant time between them. LE extends the advertisement message by adding the concept of beacons, which are advertising messages that include potentially useful information, such as offering a coupon when you step into a store, give your mobile phone directions for navigating through a hospital, inform you of flight delays in an airport, etc. Masters can read this information from beacons without even making a connection. LE has profiles like Classic Bluetooth and they reflect their use cases.

Classic Bluetooth enhanced data rate (EDR)

for headsets, speakers, keyboards, etc with a high duty cycle, which is a high percentage of usage time. Good performance at modest power with up to 3 Mbps. Low power required with a rechargeable mobile battery

Classic Bluetooth high speed (HS)

for headsets, speakers, keyboards, etc with a high duty cycle. Brief high-speed transfers at modest power with up to 24 Mbps. Low power required with a rechargeable mobile battery

Basic printing profile (BPP)

for printing, the mobile phone uses this. A Bluetooth device can print to any BPP compliant printer without having to install a printer driver on the Bluetooth device

Synchronization profile (SYNCH)

for synchronizing information with a desktop computer. It simply selects the computer and begins

IPv4 Fields

for the first row, the first 4 bits constitute the version number field. This field has the value 0100 (binary for 4), which indicates that this is an IPv4 packet. The next field gives the header length, and the last field on the first row gives the total length of the packet. Between the header and total length fields, two fields govern transmission quality: the differentiated service control point field and the explicit congestion notification field. The IPv4 header allows several possible options, and they may come in any order. Some are only read by the destination host. However, a lack of required order means that each router must look at every option to see if it applies. This is time consuming. For the second row, it has information that the destination host uses to assemble fragmented packets. Given the unimportance of IPv4 packet fragmentation due to problems it creates and thus operating systems by default tell routers not to fragment IPv4 packets, we will ignore the fields in this row. It is about as useful as the human appendix, often a burst appendix at that. For the third row, it has an IP time to live (TTL) field and IP protocol field

Dotted decimal notation

four decimal integers separated by dots; used in IPv4 addresses for human reading and writing

Payload length

gives the length of the packet payload, which is everything beyond the 40-octet main packet header. This field is 16 bits long, so a payload can be up to 65,536 octets long. It includes both extension headers and the data field

Transport layer standards

govern aspects of end-to-end communication between two end hosts that are not handled by the internet layer, including reliability and application message fragmentation. These standards allow hosts to work together even if two computers are from different vendors or have different internal designs

Application layer standards

govern how two applications work with each other, even if they are from different vendors; most can work with IETF standards at the transport layer. Consequently, companies that use the Hybrid TCP/IP-OSI architecture have no problem using applications from different standards agencies

Data link layer standards

govern the transmission of frames across a single switched network, typically by sending them through several switches along this. These also govern frame organization, timing constraints, and reliability. As in all other layers, the devices can come from different vendors

Internet link layer standards

govern the transmission of packets across an internet, typically by sending them through several routers along a route. Hosts and routers can be from different vendors.these layer standards govern packet organization and routing

Physical layer standards

govern transmission between adjacent devices connected by a transmission medium, regardless of who the two vendors are

Media access control (MAC) methods

govern when devices may transmit so that only one device transmits at a time to avoid collision. The access point and all of the wireless hosts it serves transmit and receive in a signal channel. When a wireless host or the access point transmits, all other devices must wait. The 802.11 standard has 2 mechanisms for MAC. The first, Carrier Sense Multiple Access with Collision Avoidance and Acknowledgement (CSMA/CA+ACK) is mandatory and access points and wireless hosts must support it. Thanks to this, 802.11 is a reliable protocol yet is inefficient. Two stations may transmit at the same time. The second, RTS/CTS, is optional and much less efficient and slower than the first as two stations cannot transmit at the same time

Roaming

handles traveling hosts by handing them off to a different BSS in the same ESS

Parallel transmission

has a benefit of higher transmission speed. Ethernet transmits on all four pairs in each direction simultaneously. Therefore, ethernet transmits four times as fast as it could if it only had a single pair. 4*N bits per clock cycle

Traffic class field

has two subfields. The 6 bit differentiated services (Diffserv) subfield specifies whether this particular packet should be given routine best-effort service, high-priority low-latency service, or some other type of service. The last 2 bits are for congestion notification

A message always has a ________.

header

TCP control segments normally have ________.

headers

Rack server dimensions

height is measured in multiples of U, which is 1.75 in. Servers are 19 in wide

Internet processes

hop-by-hop (host-router or router-router) and packet organization and forwarding

Network part

identifies the host's recognized network on the Internet. Different organizations have different network parts that range from 8 to 24 bits in length

Acknowledgement numbers

if a transport process receives a TCP segment correctly, it sends back a TCP segment acknowledging the reception. If the sending transport process does not receive an acknowledgement, it transmits the TCP segment again. The acknowledgement number field indicates which segment is being ACK

Header checksum

if an error is found, the packet is discarded by the receiver. If it is correct, no acknowledgement is sent. IP does error checking and discarding; it is not reliable

Header Checksum

if an error is found, the receiver discards the packet. If it is correct, no acknowledgement is sent. IP does error checking and discarding; it is not reliable

Decision caching (cheating)

if another packet arrives with the same destination IP address, do what was done the last time. This greatly reduces the work that a router will do for each successive packet to the same destination address. Decision caching is not in the Internet Protocol. This is because it is not entirely safe. The Internet changes constantly as routers come and go and as links between routers change. Consequently, a cached decision that is used for too long will result in non-optimal routing or even routes that will not work and that will effectively send packets into a black hole

Collision

if two devices transmit in the same channel at the same time, their signals will interfere with each other and make both unreadable

Layers

in a standards architecture, they specify everything that must be standardized for two different application programs on two different hosts on two different networks to interoperate. Each one provides services to the next-higher one

Optical multimode (OM)

in multimode fiber, quality standards are this. OM3 and OM4 are sold today

Hierarchy

in which each switch has only one parent switch above it. There is only a single possible path between any two hosts

Acknowledgement number

indicates which segment is being acknowledged

Ethernet

inexpensive but does what corporations need. This is its formula for dominance in wired local area networks. Used to be called the ether

802.11i Stages

initial authentication and then ongoing protection phase

Internet service provider (ISP)

internet transmission is commercially handled by these

Forms of attenuation

inverse square law and absorptive. These two effects get worse with frequency

Evil twin attack

is a man in the middle (MITM) attack in which the evil twin intercepts traffic passing between a wireless host and a legitimate access point. An evil twin access point (usually a notebook computer) has software to impersonate a real access point and operates at very high power. If the wireless host is configured to choose the highest-power access point it can reach, it will associate with the evil twin access point instead. The evil twin will establish a secure 802.11i connection with the victim client using one key. Next, the evil twin associates with the legitimate access point using 802.11i creating a second connection but using a different key for encryption. The evil twin now has two symmetric session keys, one that it shares with the victim client and one that it shares with the legitimate access point. MITM attacks are difficult to detect because it is transparent to both the wireless client and the access point. Both operate as usual and cannot tell they are dealing with an impostor.

2.4 GHz unlicensed service band

is the same in most countries in the world; unfortunately, it only has 83.5 MHz of total service band bandwidth. There are only 3 possible nonoverlapping 20 MHz 802.11 channels, which are channels 1, 6, and 11. There can only be a single 40 MHz channel. If an 802.11n station finds itself in a crowded area, it will drop back from 40 MHz to 20 MHz to reduce interference, which cuts transmission speed in half

IP error detection

it discards a packet containing an error. However, there is no retransmission of the lost message. This is unreliable because reliability requires both error detection and error correction

Pairwise session key

it is a session key because it will only be used for a single communication session. Next time a client authenticates itself, it will receive a different session key. It is a pairwise key in that each client will have a different session key to use with the access point. Other clients will not know these unshared pairwise session keys and thus unable to read these frames

Hop limit field

it's like the TTL field. Each router along the way decrements this field's value by one, and if a router decrements it to zero, the router discards the packet

Border router

its main job is to connect different networks

Router meshing

this gives more reliability because it allows many possible alternative routes between endpoints, but also means multiple ways to send a packet back out to reach its destination

Modal dispersion

light can only enter the core at certain angles called modes. This creates arrival time delays. The reflected mode travels a longer distance and so takes slightly longer to reach the end. At some distance, successive signals overlap and become unreadable.

Modes

light rays in optical fiber

Drive-by hacker

located outside the corporate premises, they connect to an unsecure access point within the site. If the attempt is successful, they can communicate with any hosts within the site without going through the border firewall. They can send attack packets to any host and will be able to intercept some conversations within the customer premises. These hackers use highly directional antennas that allow them to send very strong signals and receive signals that would be too weak to hear with normal WiFi equipment

Simple Network Management Protocol (SNMP)

makes remote access point management possible. The management console constantly requests data from individual access points, including signal strengths, indications of interference, error rates, configuration settings, power levels, channels, security settings of nearby access points, and other diagnostic information. If the admin detects a problem when reading data, they can send SNMP Set commands to access points to increase power, decrease power, switch commands, etcetera. A SNMP trap indicates abnormal error rates, the detection of a rogue access point, or disassociate messages that break connections. Centralized network management software and hardware on the management console and switches or access points is expensive but greatly reduces management labor, so there should be considerable net savings from it. Also, its wireless intrusion detection functionality is the only real way to manage WLAN security. Manual detection of threats would be too slow and require prohibitive amounts of labor.

ARP cache poisoning

man in the middle attacks use this. Every host has an ARP cache that associates known IP destination addresses with their known EUI-48 address. It is easy for an attacker's host to send an ARP update message to other hosts it can reach via ethernet. It tells them that the EUI-48 address of the router to which outgoing packets will be sent is actually the attacker's EUI-48 address. If hosts allow these unsolicited updates, as they often do, then every time they send packets believing that they are sending them to the router, they are actually sending them to the attacker's host. The attacker can read them and pass them on

Electromagnetic interference (EMI)

many devices produce EM radiation at frequencies used in wireless data communications, such as cordless telephones, microwaves, and nearby access points

Disassociate messages

may indicate that an attacker is committing a DOS attack by sending disassociated messages to wireless clients, telling them to stop using the access point and thus knocking them off the network.

Standard

means the same as protocol; they permit interoperability among vendors. This creates competition, which lowers prices. Competition encourages growth in functionality

Subnet part

most large organizations further divide their networks into smaller units called subnets. These bits specify a particular subnet within the network. In different organizations, the subnet lengths vary widely

Residential access router

multifunction device, trivial router, ethernet switch, consumer-grade access point, DHCP server, simple firewall

Long application message

must be divided into smaller fragments, each of which is placed in its own TCP segment, which is placed in its own IP packet

Ephemeral port numbers

on client computers, these are only used for a single set of interactions between the client and a server. These numbers are usually 1024-4999

Recognized organization

on the Internet, "network" does not mean a single network such as an Ethernet LAN. It is an organizational concept. It means the routers and switches owned by a recognized organization, which is an end-user organization or an ISP. Your home network is not a recognized network. The University of Hawaii, Amazon, and ISPs are a few recognized organizations. ISPs are not end-user organizations

Cycles

one full passing of a wavelength. One cycle is one hertz

ACK segment

one in which the ACK bit is set (has the value 1)

Short application message

one that is small enough to fit into a single IP packet

TCP

only one among the major protocols is reliable and connection-oriented; the rest are unreliable and connectionless

Tie breaker rule

only when needed, but if there is a tie on the longest match, select among the tie rows based on a metric. For cost metric, choose the row with the lowest metric value, and for speed metric, choose the row with the highest metric value

Standards agencies

organizations that create standards

Amplitude

power of the wave

Service bands

regulators divide the frequency spectrum into contiguous spectrum ranges, which are dedicated to specific services. AM radio in the US lies between 535 kHz and 1,705 kHz; FM radio lies between 87.5 MHz and 108.0 MHz. WiFi uses the 2.4 GHz service band, which extends to 2.4835 GHz. WiFi also uses the 5 GHz service band, which ranges from 5.25 GHz to 5.725 GHz (with some gaps in between that are used for other services). There are hundreds of other service bands for other purposes, such as first responders, satellites, etc.

Corporate access point

pure access point, but very good access point, remotely manageable, access points work together, etc

Internet core router

pure router, high traffic volume, complex routing, remotely manageable

UTP categories rate the ________ of UTP cabling.

quality

Broadband channels

radio channels with large bandwidths. They can carry data very quickly. Transmission systems that are very fast are usually called broadband systems even when they dont use radio channels

Frequency

radio transmission (and radio waves used in WLANs) is measured in terms of this; the number of cycles per second. Measured in hertz (Hz)

Multipath interference

radio waves tend to bounce off walls, floors, and other objects. This may mean that a receiver will receive two or more signals: a direct signal and one or more reflected signals. The signals will travel different distances and may be out of phase when they reach the receiver. Direct and reflected signals combine. At some frequencies they cancel each other or double the intensity (low + high amplitude = zero). Averaged over a spread spectrum signal, there is no problem. This is controlled by spread spectrum transmission. This interference is the most serious propagation problem at WLAN frequencies

Transceivers

radios for data transmission that both transmit and receive

Signal bandwidth

real signals spread over a range of frequencies called a signal bandwidth. Measured by subtracting the lowest frequency from the highest frequency. Channels also have a bandwidth. AM radio channels are 10 kHz wide; FM channels are 200 kHz wide; TV channels are 6 MHz wide. Faster signals spread over a wider range of frequencies. Channel bandwidth must be wide enough for the signal's bandwidth. To transmit N times as fast, you need N times as much channel bandwidth

802.11i standard

realizing the danger of drive-by hackers, the Working Group created this standard with cryptographic protection between the wireless access point and the wireless host. This protection includes initial authentication plus message-by-message confidentiality, integrity, and authentication (CIA). A drive-by hacker cannot read traffic (confidentiality), modify traffic (integrity), or connect to the access point to send traffic (authentication). Unfortunately, this security is not mandatory and tends to be avoided by hot spot owners because it involves authentication and thus harder to use. This standard has a very limited objective: to protect wireless transmission between the access point and the wireless client host. This standard is also known as WiFi Protected Access 2 (WPA2). War driving isn't illegal, but attempting to connect to an access point without authorization is illegal

Router

receives an arriving packet, then forwards it to another router closer to its destination host

802.1AE

requires switches to authenticate themselves before another switch will listen to them. It also encrypts traffic between switches

IP Protocol Field

reveals the contents of the Data Field. TCP and UDP have protocol values 6 and 17, respectively. If the Protocol Field value is 1, the IPv4 packet carries an Internet Control Message Protocol (ICMP) message in its Data Field. ICMP is TCP/IP's tool for carrying internet layer supervisory messages. After decapsulation, the internet layer process must pass the contents of the packet's Data Field up to another process. The Protocol Field value tells the receiver which process should receive these contents. If the Protocol Field's value is 1, then the internet process will pass the contents of the Data Field to the ICMP process because these contents are an ICMP message

Interfaces

router connectors and their electronics

Routing tables for IPv6

routing tables for IPv6 addresses have the same columns that routing tables for IPv4 addresses have. However, the destination address in an arriving packet is a 128 bit IPv6 address, the mask is 128 bits long, and the destination network and subnet address value is 128 bits long

Network standards

rules of operation that specify how two hardware or software processes work together by exchanging messages

End-to-end security

security all the way between the wireless client and the server on the wired LAN (or a server on the Internet)

Link security

security on a given link between a client and wireless access point

Send the packet back out

send the packet out the interface (router port) designated in the best-match row. If the address says Local, the destination host is on that interface. Sends the packet to the destination IP address in a frame. In some cases, however, the destination host itself will be on the subnet out of a particular interface. In that case, there is no reason to send the packet onto another router. Instead, the router will send the packet directly to the destination host. To indicate that the next destination is the destination host, the Next-Hop Router column will say local

Fields in transmission control protocol (TCP)/IP segments

sequence numbers, acknowledgment numbers, flag fields, and options fields

The destination socket is 60.171.18.22:161. The destination host is a(n) ________.

server

Well-known port numbers

server programs use numbers (0-1023), which are normally associated with particular application protocols. The number of HTTP is 80

Channels

service bands are subdivided further into smaller frequency ranges. A different signal can be sent in each channel because signals in different channels do not interfere with one another. This is why you can receive different TV channels successfully

Omnidirectional antenna

signal spreads in all directions and rapid signal attenuation; no need to point at receiver

EtherType

this field tells the contents of the data field; 0800 for IPv4, 86DD for IPv6

Profile waves

some standards may be impossible or too expensive to implement initially, so the WiFi Alliance defines profile waves by doing compatibility testing. Devices must be tested for compatibility with a particular profile wave. Only then are they certified as WiFi compliant. Wave 1 profiles are usually good improvements over past standards. Wave 2 profiles provide more speed and other features. Wave profiles themselves have options, which sometimes gives unwelcome variability for performance between device pairs. For example, 802.11ac Wave 1 profile gives a data stream of up to 1.3 Gbps while Wave 2 profile gives a data stream of 2.5 Gbps, plus MU-MIMO

Next header field

specifies the first extension header. The full list of extension headers is very long but includes hop-by-hop options, destination options, mobility header, and encapsulating security payload header

Standards architectures

specify everything needed for two applications on two hosts on different single networks to interoperate

The main benefit of parallel transmission over serial transmission is ________.

speed

Spread spectrum transmission

spreads the signal over a wide range of frequencies so that multipath interference effects average out to zero; uses far wider channel bandwidth than the transmission speed requires without any increase in total energy. This addresses multipath interference. The signal is simply spread out with no increase in speed when these wider channels are used. Used to improve transmission reliability, not to increase speed. Not done for security as in military spread spectrum transmission

Internet engineering task force (IETF)

standards for the internet, especially internet processes, transport processes, and internet supervisory standards

Ports

switch connectors and their electronics

Inverse square law

the area of a sphere is proportional to the square of its radius, so signal strength in any direction weakens by this law. If distance is doubled, signal strength falls to a quarter of its original value (½ squared). For example, if a signal is 100 watts at 10 meters, it will only be 25 W at 20 m

Network mask

the bits in the network part of the mask are 1s and the remaining bits are 0s

Subnet mask

the bits of both the network and the subnet parts are 1s and the remaining bits are 0s

Encoding

the conversion of application messages into bits. Its is done by the application program

4-pair unshielded twisted pair (UTP)

the cord contains eight wires arranged in four pairs

HTTP request-response cycle

the cycle is always initiated by the client, never by the server

Fields

the header and trailer are divided into smaller parts called this; these are distinct pieces of info in the bit stream of a message

Point-to-point protocol (PPP)

the most common data link protocol for point-to-point single networks

Internet Engineering Task Force (IETF)

the organization that creates internet standards

From 802.11 to 802.3

the packet goes all the way from the wireless host to a server. The 802.11 frame travels only between the wireless host and the wireless access point. The 802.3 frame travels only between the wireless access point and the server

Route

the packet's entire path through the internet: the source host and destination host; the transmission path of an IP packet between two routers

Wavelength

the physical distance between comparable points on adjacent cycles. Optical fiber transmission is described in terms of this

Frequency spectrum

the range of all possible frequencies from zero hertz to infinity

Find the best-match row

the router examines the matching rows it found in "find all row matches" to find the best-match row. Basic rule (always used): it selects the row with the longest match (initial 1s in the row mask); if it finds one, there is no need to go on to the tie-breaker rule. The router now knows the best-match row

Find all row matches

the router looks at the destination IP address in an arriving packet. For each row, apply the row's mask to the destination IP address in the packet, compare the result with the row's destination value, and if the two match, the row is a match. The router must do this to all rows because there may be multiple matches. This step ends with a set of matching rows

Throughput

the speed your network actually provides. Is always lower, often substantially lower, than the speed that is advertised on the box, or the rated speed of a network that it called for in the standard. For example, 500 Mbps for an access point is the aggregate throughput and the access point serves 50 devices. At one moment, 5 wish to transmit and would share the aggregate at an average of 100 Mbps of individual throughput. This isn't including signal degradation with distance and other factors

802.1X port-based network access control

the switch initially permits frames to be exchanged only between the supplicant host and a central authentication server. The authentication server asks the supplicant for specific credentials. The supplicant responds. If the server accepts the credentials and authenticates the host, it authorizes the switch to authorize access to the port. Otherwise, the port remains unauthorised and the supplicant is locked out of the network

Connection-oriented protocol

the two sides first agree that they will communicate and formally stop communicating at the end; each message is given a sequence number, which specifies the order in which it was sent

Digital transmission

there are a few states (2, 4, 8, 16...). More than one bit is sent in each clock cycle

Physical links and data links

there are no maximum distances for data links in switched networks, so there is no limit to the size of switched networks. The source sends a signal that is "High-Low." It transmits using 1000BASE-T signaling over the Cat 5e UTP link to the first switch. The signal gets distorted, but it is still readable as a 1 or 0 up to 100 meters. The first switch does not merely amplify the distorted signal. It completely regenerates the signal. It sends a brand-new High-Low signal. The link between the first and second switches uses OM4 fiber. With 1000BASE-SX, the signal can travel up to 1000 meters. The second switch, like the first, regenerates the arriving signal so that it can travel up to 100 meters to the destination host using 1000BASE-T signaling over Cat 6 UTP.

Binary transmission

there are two states. One bit is sent in each clock cycle. It is a special case of digital signaling. Not all signaling is this, but all signaling is digital

IP Time to Live (TTL) Field

to prevent misaddressed packets circulating endlessly among packet switches in search of their nonexistent destinations, IP added this, which assigns a value by the source host. Different operating systems have different TTL defaults. Most insert the TTL value 128. Each router along the way decrements the TTL field by 1 when a packet arrives before going through the routing process. A router decrementing the TTL to 0 will discard the packet

Dead zones (shadow zone)

to some extent, radio signals can go through and bend around objects. However, if there is a dense object blocking the direct path between the sender and the receiver, the receiver may be in this zone

Interoperate

to work together effectively

Licensed service bands

transceivers must have a government license to operate. They also need a license change if they move. Commercial TV bands are licensed bands, as are AM and FM radio bands. Government agencies control who may have licenses in these bands. By doing so, the government limits interference to an acceptable level. In some licensed service bands, the rules allow mobile hosts to move about but central transceivers are regulated. This is the case for mobile telephones

From a security perspective, the Internet's ability to give access to nearly everyone is a bad thing.

true

In a point-to-point single network, there is always the same number of physical and data links.

true

Co-channel interference

two or more adjacent access points on the same channel will interfere. This slows down transmissions but doesn't stop them.

Full-duplex transmission

two strands permit simultaneous two-way transmission

ACKs

unless a transport process receives a segment correctly, it does not send an acknowledgement

Wireless LANs (WLANs)

use radio for physical layer transmission on the customer premises. 802.11 standards are created by the IEEE 802.11 Working Group and equal Wi-Fi; governed by standards at the physical and data link layers. OSI dominates this later. This tells you that wireless LAN standards are OSI standards rather than IETF standards

Multiple input/multiple output (MIMO)

used to boost transmission speed without increasing bandwidth. Two spatial streams are sent in the same channel, but from different sending antennas. The two signals arrive at slightly different times at the two receiving antennas. This allows the receiver to distinguish between the two signals. Newer technology has made this possible. Two signals roughly equals double the speed. MIMO also boosts transmission range. Using more antennas and therefore more spatial streams can increase throughput even more

Link aggregation

using two links rather than one provide 2 gbps of trunk capacity between two switches. This increases speed, not distance (if you were to link two switches with another in the middle)

The distance between two corresponding points in adjacent cycles is the ________.

wavelength

Routing

when routers forward incoming packets closer to their destination hosts; processing an individual packet and passing it closer to its destination host

Clock cycle

when the sender transmits, it holds the transmission state constant for a brief period. The receiver cna read the signal at any time within this period. As this rate gets shorter, more state signals can be transmitted per second, but it becomes more difficult to read them at the receiving end

Abrupt close/reset

whenever either side wishes to end a conversation, it can simply send a TCP reset segment. This is a segment with the RST (reset) flag bit set

WLAN management

with access point placement, if the radius is too great, many hosts will be far from their access points, leading to lower transmission speeds with frames taking longer to send and receive. This reduces the access point's effective capacity. Also, a large circle may contain too many users to handle. If the radius is too small, the firm will need many more access points to cover the area to be served. More access points can increase co-channel interference if it is present. This planning is normally done with architecture blueprints. In multistory buildings, this is done in three dimensions with bubbles of course. The goal regardless to provide coverage to all points within a building while reducing overlap as much as possible. When each access point is installed, an initial site survey must be dones of the area.


Set pelajaran terkait

APUSH Unit 7 College Board Review Questions

View Set

HESI Practice- Fundaments of Skill and Assessment

View Set

Business Communication: Creating and Delivering Messages That Matter

View Set