Pages

Friday, May 11, 2012

Interview Q&A - 1

Q. 1 Explain how is the TTL field used to prevent indefinite looping of IP datagrams?
The TTL field contains a counter value set by the source host. Each gateway that
processes this datagram, decreases the TTL value by one. When the TTL value reaches
zero, the datagram is discarded.

Q. 2 What is spanning tree? How does it work in VLAN?
Spanning tree protocols main task is to stop network loops from occurring on your
layer 2 networks. Network loops create broadcast storms and are responsible for
additional overhead on the network.

Q. 3 Difference between a broadcast and flooding?

When a switch receives a frame, and if the destination mac-address of the frame is
unknown ( not available in the mac-address-table) the switch would “flood” the
frame to all ports, which means a “copy” of the frame is send to all ports.

Broadcast frames have the destination mac-address has all F (FF-FF-FF-FF-FF-FF)
This characteristic is specific to the frame. Examples of broadcast frames are ARP,
DHCP Discover etc. When these frames are received on a switch port , the frames is
“broadcasted” to all the ports since the destination mac-address is of type
“broadcast”. The destination mac-address of the broadcast frame (FF-FF-FF-FF-FF-FF) is
not added to the mac-address-table.

Q. 4 What is the difference between Encapsulation and Tunneling?
Tunneling is a method used to transport payload of a protocol using an
infrastructure for inter-network to another protocol. Encapsulation is the process
of containing the frame with an additional header for it to be sent (tunneled)
correctly by the intermediate network. Tunneling is returned to the entire process
of encapsulation, transmission and de-encapsulation during encapsulation is only a
step in this whole process. Yet, regardless of the integer part report, tunneling
is sometimes also known as encapsulation.

Q. 5 Can DHCP packets be send on TCP ?
DHCP discovery packets are send on UDP protocol. Why is this? DHCP discovery is
initiated by the client, for getting an IP address. The client does not have “info”
related to the IP address of the DHCP servers on its network. Due to this,
logically the client will have to send a “broadcast (DHCP discover)” searching for
DHCP servers on the network. TCP is used when the destination host is known as in
the case of http, FTP, Telnet etc. if TCP was used, the dhcp client would need to
have info related to which host it has to contact (in this case the DHCP Servers IP
address) to receive an IP address.

Q. 6 How is ICMP handled by a NAT Router?
Port address translation is a kind of NAT which is typically used when a single IP
address would be shared by the internal network hosts. The scenario is similar to
an internet connection ( one IP address ) which is been shared by the users.PAT
keeps a translation table of the source IP address and the source port number in
the translation table to destination IP address and the destination port number
which is been used. Incase of icmp ( ping uses icmp) a port is not involved since
it does not involve a transport layer.

So imagine a situation where two pings are initiated by the user to the same
destination. How does the router differentiate between these connections?
Every ICMP header has an identification number. This would be used by the router to
differentiate the connections and instead of the “port” numbers the identification
number would be used in the translation table.

Ever thought why ICMP does not have a transport layer ?? Well maybe the data of an
ICMP packet is static and not dynamic as in the case of other applications.

ICMP does not have its own transport layer (Layer 4) because it is a protocol that is tightly integrated with the IP layer. ICMP messages are encapsulated within IP packets and are not carried by any transport layer protocol like TCP or UDP. Instead, ICMP messages are directly encapsulated within IP packets and are treated as IP protocol number 1.

Q. 7 A PC is directly connected to an Ethernet routers LAN interface. The IP address of
the PC is 192.168.1.1/24 and the IP address of the LAN interface of the router is
192.168.2.1/24. If the PC pings the IP address 192.168.2.1 will a response be
received back from the router?
Note: The IP address of the default gateway is not configured on the PC.
A) A response will be received because both are directly connected
B) A response will be received if a crossover cable is used to connect the PC
directly to the router's interface.
C) A response will not be received from the router
D) A response will be received if the default gateway of the PC’s TCP/IP address is
set as 192.168.2.1 (Routers interface

Q. 8 3 switches SW1, SW2, and SW3 are interconnected and STP deployed on the switches.
PC1 is on SW1 PC2 is on SW2 and PC3 is connected to SW3. All the PC’s are on the
same network address of 192.168.1.0/24. PC1 triggers ARP to find the mac-address of
PC3. Will the ARP packet reach the PC3?
A) PC3 will receive the ARP packet and a response will be send back to the PC1
B) Because STP is enabled ARP packets will not cross Layer 2 infrastructure
C) ARP packet will not cross SW1
D) PC3 is on a different switch. So ARP will not be triggered by PC1

Q.9 Thomas spoofs the mac-address of his PC to that of George. He then attempts an ARP
request on the LAN network to find the mac-address of the gateway. What will be the
sender mac-address value in the ARP protocol header?
A) mac-address of George
B) mac-address of Thomas
C) ARP request will not be triggered with a spoofed mac-address
D) The gateways mac-address

Q. 10 On a layer 3 switch, 3 pc’s (PC1, PC2, PC3) are connected on the same VLAN. The IP
address of PC1 and PC3 are 192.168.1.1/24 and 192.168.1.2/24 respectively. The IP
address of PC 2 is 192.168.2.1/24. PC2 has a packet analyzer running. If an ARP
request for PC1 is triggered from PC3 will the packet analyzer on PC2 capture the
ARP request?
A) Yes
B) No
C) Devices in a VLAN has to reside on the same IP network
D) This configuration is not possible

Q. 11 A user restarts his PC and tries to access a web page. The ARP cache on the user’s
PC does not have any entry before the web page is accessed. The TCP/IP adapter
setting of the PC has the default gateway and the DNS server (in the same network
subnet). To which IP address would the PC send its first ARP request when the
browser with the web page is opened?
A) DNS Server IP address
B) Default gateway IP address
C) Webserver IP address
D) None of these

Q. 12 PC1 and PC2 is connected to a Layer 2 Ethernet switch and IP addresses configured
in the same subnet.The switch is aware of the mac-addresses of PC1 and PC2 on it’s
mac-address-table. PC1 pings PC2. How does PC1 know about the mac-address of PC2
for sending the ping packet?
A) The switch sends the mac-address of PC2 to PC1 through the directly connected link
B) Mac-address of PC2 is not required for ping
C) PC1 triggers an ARP request to find the mac-address of PC2
D) PC1 uses the ARP cache on the switch

Q. 13 An attacker tries to spoof the IP address of a peer which is on the same local
Ethernet segment but receives a Duplicate IP address message. Which protocol is
responsible for the Duplicate IP address identification?
A) ARP
B) Gratuitous ARP
C) Proxy ARP
D) Ethernet

What type of frame is an ARP response?
A) broadcast
B) multicast
C) unicast
D) Type cast

Q. 15 The following are the TCP/IP adapter settings on a PC which is connected to a
switch
IP address: 192.168.1.5
Subnet mask: 255.255.255.0
Default gateway: Not provided
A user pings an IP address 192.168.2.3.
What would be consequent action?
A) ARP request would be send to 192.168.2.3
B) Destination host unreachable message would be displayed
C) The ping packet would be send to the switch where it would be send to the
respective IP address
D) The ping packet would be send to the router where it would be send to the
respective IP address

Q. 16 What would happen if an attacker sends a spoofed ARP response packet to a device?
A) The ARP table of the device would be updated with the info in the spoofed packet.
B) TCP/IP stack would drop the ARP response.
C) ARP Reject packet would be send to the attacker
D) None of these

Q. 17 Which of the following layer 2 technologies does not use ARP?
A) Ethernet
B) PPP
C) Token Ring
D) 802.11

Q. 18 The following is the TCP/IP adapter setting of a PC which is on an ethernet
segment.
IP Address: 192.168.1.5
Subnet mask: 255.255.255.0
Default Gateway: 192.168.1.1
The user on the PC pings the IP address 192.168.1.4. To which IP address would the
ARP request be triggered?
A) 192.168.1.1
B) 192.168.1.4
C) ARP will not be triggered on an ethernet segment
D) Ping protocol uses ICMP which does not require ARP to communicate

Q. 19 What is the destination mac-address of a STP frame?
A) 01:80:C2:00:00:00
B) The destination mac-address of the directly connected port
C) FF: FF: FF: FF: FF: FF
D) The default gateways mac-address

Q. 20 What is the destination mac-address of an ARP encapsulated ethernet frame?
A) FF:FF:FF:FF:FF:FF
B) Reserved multicast mac-address
C) Mac-address of the switch port
D) None of these

Q. 21 What does the “Protocol Type” field in a ARP packet contain on an IP network?
A) IP
B) Ethernet
C) ARP Request or Response code
D) Type of ARP- Proxy ARP, Inverse ARP etc.

Q. 22 What does the hardware size in the ARP packet imply?
A) The size of the Network Interface card
B) Mac-Address Size
C) Link transfer data
D) Duplex info

Q. 23 Which of the following field is not a standard in an ARP packet?
A) Sender mac-address
B) Receiver mac-address
C) Target IP address
D) Sender IP address

Q. 24 In which of the following scenarios is ARP protocol not used to find the mac-address of the destination IP address?
A) Two routers directly connected via serial link using PPP
B) Two PC’s directly connected via ethernet cable
C) Two PC’s connected to an Ethernet Hub
D) None of the above


who determine the TTL value?
The TTL (Time-to-Live) value in networking is typically determined and set by the sender of the packet. The TTL value is a field in the IP header of a packet and represents the maximum number of hops (routers or network devices) that the packet is allowed to traverse before being discarded. When a packet is sent, the sender sets the TTL value to a specific number, usually depending on the operating system's default or configuration. This value is decremented by one by each router or network device that forwards the packet. If the TTL value reaches zero before the packet reaches its destination, the packet is discarded, and an ICMP (Internet Control Message Protocol) Time Exceeded message may be sent back to the sender. Setting the TTL value serves several purposes: 1. **Prevention of Infinite Loops:** The TTL value prevents packets from circulating indefinitely in the event of routing loops or misconfigurations. By limiting the number of hops a packet can traverse, the TTL value ensures that packets eventually expire and are not endlessly forwarded. 2. **Security and DoS Protection:** Setting a TTL value helps prevent certain types of attacks, such as packet amplification attacks or Distributed Denial of Service (DDoS) attacks, where attackers attempt to flood a network with packets. By limiting the TTL value, networks can mitigate the impact of such attacks. 3. **Network Tracing and Debugging:** The TTL value also aids in network tracing and debugging. By examining the TTL value of received packets, network administrators can infer the number of hops the packet traversed and identify potential routing issues or bottlenecks. Overall, the sender of the packet determines the TTL value based on network requirements and considerations, and it is an essential parameter in ensuring efficient and secure packet delivery in IP networks.


nlekhak@nlekhakGMD6R Downloads % ping google.com.  

PING google.com (142.250.196.174): 56 data bytes. ===> request 

64 bytes from 142.250.196.174: icmp_seq=0 ttl=119 time=9.182 ms -==> reply

64 bytes from 142.250.196.174: icmp_seq=1 ttl=119 time=16.743 ms

64 bytes from 142.250.196.174: icmp_seq=2 ttl=119 time=10.648 ms






















No comments:

Post a Comment