Transport and application layer protocols

Question 1

How is a connection uniquely identified in a TCP/IP network?

Answer 1

A connection in a TCP/IP network is uniquely identified by the combination of both the server’s and client’s port numbers and IP addresses, ensuring precise identification of each end of the connection.

Question 2

What is the 3 way handshake process?

Answer 2

1. client send TCP flag SYN (enters SYN-SENT state)
2. Server in the LISTEN state responds with SYN/ACK and enters SYN-RECEIVED
3. Client responds with ACK
4. Server opens a connection with the client and enters ESTABLISHED state.

Question 3

How does TCP teardown work?

Answer 3

1. Client sends FIN segment to server and enters FIN-WAIT1 state
2. server responds with ACK and enters CLOSE-WAIT state
3. client receives ACK and enters FIN-WAIT2 state, server responds with its own FIN and goes into LAST-ACK state
4. Client responds with ACK and enters TIME-WAIT state
5. Server closes connection when it receives ACK from client

Question 4

How can a host abruptly end a service?

Answer 4

using a RST (reset) segement.

Question 5

What is DHCP and what does it do?

Answer 5

Dynamic Host Configuration protocol
Provides an automatic method for allocating an IP address, subnet mask, and optional parameters, such as the default gateway and DNS server addresses, when a host joins the network.

Question 6

What is the DHCP process?

Answer 6

1. Discover
2. Offer
3. Request
4. Acknowledge

Question 7

How does DHCP reservation differ from static IP assignment?

Answer 7

The administrator cannot predetermine which specific IP address will be leased.

Question 8

What is ND and what does it do?

Answer 8

Neighbor discovery.
Performs some of the functions on a IPv6 address that ARP and ICMP perform on IPv4.

Question 9

What are the main functions of ND?

Answer 9

Address autoconfiguration- enables automatic IPv6 configuration and automatically detects if an address is already in use, by using neighbor solicitation (NS) and neighbor advertisement (NA)

Prefix Discovery-Enables a host to discover the known network prefixes that have been allocated to the local segment. This facilitates next hop determination. Prefix Discovery uses router solicitation (RS) and router advertisement (RA)

Local Address Resolution- Allows a host to discover other nodes and routers on the local network (neighbors). Uses NS and NA

Redirection- Enables a router to inform a host of a better route to a particular destination.

Question 10

What is SLACC and how does it work?

Answer 10

Stateless Address Autoconfiguration
Used by IPv6 for automatic generation of IPv6 addresses, and configures network settings without a DHCP server.

The host generates a link local address and uses Neighbor Discovery (ND) messages to test that it is unique.
The host listens for a router advertisement (RA) or transmits a router solicitation (RS) using ND protocol messaging. The router can either provide a network prefix, direct the host to a DHCPv6 server to perform stateful autoconfiguration, or perform some combination of stateless and stateful configuration.

Question 11

What new features does ICMPv6 have?

Answer 11

Error Messaging- adds packet too big class of error.
Informational messaging- ahs a new class of messages to support ND (neighbor discovery) and MLD multicast listener discovery.

Question 12

What ports does DHCPv6 use?

Answer 12

546(clients) and 547(server)

Question 13

What is IPv6 multicast address?

Answer 13

ff02::1:2

Question 14

What is the difference between stateful and stateless DHCPv6?

Answer 14

Stateless gets information to create its IPv6 address from the NDP router only asks the DHCPv6 server for extra I information like: DNS, SIP, SNTP, Domain Option etc
Stateless Gets IP addressing AND extra information from the DHCPv6 server.

Question 15

What is DHCP relay?

Answer 15

Configuration of a router to forward DHCP traffic where the client and server are in different subnets.

DHCP relay intercepts broadcast DHCP frames, applies a unicast address for the appropriate DHCP server and forwards them over the interface for the subnet containing the server.
The DHCP relay also performs the reverse process of directing responses from the server to the appropriate client subnet.

Used if DHCP server is outside the local network

Question 16

What are routers that can provide DHCP relay forwarding described as?

Answer 16

RFC 1542 compliant

Question 17

What does IP helper functionality do?

Answer 17

Can be configured on routers to allow set types of broadcast traffic to be forwarded on a interface (ex DHCP)

Question 18

What are possible reasons for a client to fail to obtain a DHCP lease?

Answer 18

DHCP server is offline.

No more addresses available (DHCP scope exhausted)

The router between the client and DHCP server doesn’t support BOOTP forwarding. Either install RFC 1542-compliant routers or add another type of DHCP relay agent to each subnet or VLAN.

Question 19

What might be a symptom of a malicious attack on a DHCP server?

Answer 19

Address pool exhaustion

Question 20

What is a host name?

Answer 20

Label applied to a host computer that is unique on the local network.

Question 20

What is a FQDN?

Answer 20

Unique label specified in a DNS hierarchy to identify a particular host within a subdomain within a top-level domain.
The domain name must be registered with a registrar to ensure that it is unique within a top-level domain.

Question 21

What are certain rules the FQDN must follow?

Answer 21

The host name must be unique within the domain.

Total length of a FQDN cannot exceed 253 characters, with each label (part of the name defined by a period) no more than 63 characters, excluding the period.

A DNS label should use letter, digit, and hyphen characters only. A label should not start with a hyphen. Punctuation characters such as the period (.) or forward slash (/) should not be used.

DNS labels are not case-sensitive.

Additionally, Internet registries may have their own restrictions.

Question 22

What is the DNS hierarchy order from top to bottom?

Answer 22

Root: .
Top level domain: .org, .info, ..com etc
Country code subdomain: .uk, .ca, .de etc
Domain: site name
subdomain: shop , corp etc
resoource records: www

Question 23

What is a iterative lookup?

Answer 23

DNS query where a server responds with information from its own data store only.

Question 24

What is a recursive lookup?

Answer 24

DNS query where a server submits additional queries to other servers to obtain the requested information.

Question 25

What are resource records?

Answer 25

Data file storing information about a DNS zone. The main records are as follows: A (maps a host name to an IPv4 address), AAAA (maps to an IPv6 address), CNAME (an alias for a host name), MX (the IP address of a mail server), and PTR (allows a host name to be identified from an IP address).

Question 26

What is a DNS zone?

Answer 26

A specific manageable portion of the DNS. An administrative area used to store DNS records like A records, MX, or CNMAE etc

Question 27

What do A and AAAA records do?

Answer 27

Resolves a host name into a IPv4 and IPv6 address.

Question 28

What does a MX (mail exchange) record do?

Answer 28

Identifies a email server for the domain. note a MX record must not point to a CNAME record.

Question 29

What does a SRV (service) record do?

Answer 29

Contains the service name and port on which a particular application is hosted. SRV records are often used to locate VoIP or media servers.

Question 30

What does a TXT record do?

Answer 30

Used to store any free-form text that may be needed to support other network services. Is most commonly used as part of Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). SPF record is used to list the IP addresses or names of servers that are permitted to send email from a particular domain and is used to combat the sending of spam DKIM records are used to decide whether you should allow received email from a given source, preventing spam and mail spoofing, can also use encrypted service to prove that a message is legit.

Question 31

What does a PTR (Pointer) record do?

Answer 31

DNS query type to resolve an IP address to a host name. AKA reverse DNS

Question 32

What does a DNS server primary and secondary zone mean?

Answer 32

Primary: Means the zones records held on the server are editable. Can be hosted by multiple primary servers for redundancy. Since it is editable on all primaries, changes must be carefully replicated and synchronized. Secondary: Means the server holds a read only copy of the zone. This is maintained through a process of replication known as a zone transfer from a primary name server. The secondary zone would typically be provided on two or more separate servers to provide fault tolerance and load balancing. Serial numbers are important for both

Question 33

What is DNS caching?

Answer 33

data stored on DNS clients and servers holding results of recent queries.

Question 34

How does TTL work on DNS resource records?

Answer 34

By instructing resolvers how long a query result can be kept in cache (in time). Some common TTL values include 300 (five minutes), 3,600 (one hour), 86,400 (one day), and 604,800 (one week).

Question 35

Explain Internal vs External DNS.

Answer 35

External: refers to records that internet client must be able to access Internal: refers to domains used on the private network only.

Question 36

What does DNSSEC (Security Extensions) do?

Answer 36

Helps to mitigate against spoofing and poisoning attacks on DNS servers by providing a validation process for DNS responses. Validates records held by a name server.

Question 37

What does DNS client security do?

Answer 37

Uses transport encryption to prevent an on-path threat actor tampering with responses to DNS queries. There are 2 main protocols for securing DNS queries- DNS over transport layer security (DoT)- Uses TLS to validate the resolver name servers digital certificate. DNS over hypertext transfer protocol secure (DoH)- encrypts DNS traffic by encapsulating it within HTTPS packets.

Question 38

What does the Start of Authority (SOA) record identify?

Answer 38

The SOA record identifies the primary authoritative name server that maintains complete resource records for the zone, including modifications.

Question 39

What domain is used for reverse DNS querying of IPv6 addresses?

Answer 39

ip6.arpa

Question 40

What role does a resolver play in DNS?

Answer 40

A resolver is responsible for handling DNS queries from clients. If the resolver does not have the answer in its cache, it performs recursive queries up the DNS hierarchy to find the authoritative server for the requested domain, thereby providing the correct IP address to the client.

Question 41

What is the purpose of round robin DNS?

Answer 41

Round robin DNS is a technique used to distribute network traffic evenly across multiple servers by configuring multiple A or AAAA records with the same hostname but different IP addresses.

Question 42

How can you troubleshoot DNS issues?

Answer 42

1. Check local name caches, use ipconfig /displaydns and ipconfig /flushdns to monitor and clear the system's DNS cache. 2. Check HOSTS. The HOSTS file is a static list of host name to IP address mappings The default location under Windows is %SystemRoot%\system32\drivers\etc\ Linux is just /etc. 3. Verify DNS records using the nslookup or dig tools.

Question 43

What is the result of running nslookup without any arguments?

Answer 43

The tool (nslookup) is started in interactive mode. Running nslookup without any arguments (or by specifying the server only) starts the tool in interactive mode, allowing the user to perform specific query types interactively.

Question 44

What is TLS and what does it do in the OSI model?

Answer 44

Transport Layer Security TLS works as a layer between the Application and Transport layers of the TCP/IP stack, or, in OSI terms, can sit at the Session or Presentation layer depending on how it is used. When sitting on the session layer, TLS is used to establish and manage sessions and ensures secure communication. When sitting on the presentation layer, it is used to handle encryption and data formatting. It's normally used to authenticate and encrypt TCP connections

Question 45

How is TLS implemented on a server?

Answer 45

The server is installed with a digital certificate issued by a trusted CA. The certificate contains the public key while the private key is kept a secret known only to the server. If authentication is successful the server and client use the key pair in the digital certificate and a chosen cryptographic cipher suite within the TLS protocol to set up an encrypted tunnel.

Question 46

What is PFS?

Answer 46

Perfect Forward Secrecy The latest versions of TLS use this mechanism, when it is configured not even obtaining the servers private key allows decryption of captured packets

Question 47

What is NTP?

Answer 47

Network time protocol. enables the synchronization of these time-dependent applications Capable of millisecond precision. Network Time Protocol (NTP) uses Coordinated Universal time (UTC) instead of time zones. Each device is responsible for converting the time to the local time zone.

Question 48

Tell me about the different stratums.

Answer 48

stratum 0- the authoritive time source and is used to configure the NTP server. Is the atomic clock source/ GPS atomic clock source. Stratum 1- is the NTP server that is attached to the authoritive time source (Stratum 0) Stratum 2- A NTP server that synchronizes its time with a stratum 1 over a network

Question 49

What are the 2 methods NTP uses to deal with time drift?

Answer 49

Slew method-If the time is off by only a few seconds, NTP adjusts the time a few milliseconds at a time to get it back on track. Slower but causes less problems Slam method-If the time is off by more than a few seconds and slewing will take too long, NTP will hard reset the time. Can cause some programs to function incorrectly.

Question 50

What is PTP?

Answer 50

Precision time protocol Used for more time accuracy for critical application requirements. Capable of nanosecond precision.

Question 51

What clock types does PTP use?

Answer 51

Grandmaster clock- the authoritative time source within a PTP domain Boundary clock- has interfaces in multiple PTP segments Ordinary clock- has a single PTP interface When two clocks are connected, one interface has a timeTransmitter role, and the other has a timeReceiver role. The grandmaster clock is always the timeTransmitter. Boundary is timeReceiver with grandmaster and timeTransmitter with Ordinary. Ordinary is usually receiver.