Networking Interview Questions - for Testers

Basics of Network Communication
For a network to exist, we need a minimum of two connected devices.

• Network communication happens at different levels or layers (OSI model and TCP/IP model)
• Each layer of network communication is responsible for passing the information on to the next layer in the stack.
• Data transferred between layers is known as a Protocol Data Unit (PDU).
• These network layers of communication allow for better troubleshooting.
• The rise of the internet and new technology has changed the way devices communicate with each other and thus may require new protocols.

What is a reverse proxy?

• A proxy is a server that accepts connections from clients, which actively configured the proxy server on their machines, in their network settings.
• When a client makes a connection to a server, the requests always pass through that proxy server.
• Companies and organizations can set up proxy servers to filter connections, provide more security, and log traffic. Without using the proxy, clients can’t reach the outside network. Proxy servers are also useful to provide privacy and avoid network restrictions imposed by countries governments.
• A reverse proxy on the other hand is set up by the server. It’s completely transparent to clients, they don’t know this middleman exists, but it does a very useful job on the servers, filtering requests and sending them to the appropriate service that handles them
• It’s common to use Nginx as a reverse proxy, and have services written for example in Node.js listening on internal ports, inaccessible from the outside.

Network Protocol Terminologies

LAN: LAN stands for “Local Area Network” and refers to a network that is not publicly accessible by the internet. Examples of this are home or office network.

WAN: WAN stands for “Wide Area Network” and generally refers to large dispersed networks and, more broadly, the internet.

ISP: ISP stands for “Internet Service Provider” and refers to the company responsible for providing you access to the internet.

NAT: Network Address Translation allows requests from outside your local network to be mapped to devices within your local network.

Firewall: A firewall is a piece of hardware or software that enforces what type of network traffic is and is not allowed. This is generally done by establishing rules for which ports should be externally accessible.

Router: A router is a network device whose main goal is to transfer data back and forth between different networks. This device allows requests to be made to the internet and for information to be sent back to the devices on a local network.

Switch: The basic function of a switch is to provide access between devices on a local network. An example is an Ethernet switch.

Network Interface: This component allows you to connect to a public or private network. It provides the software required to utilize networking hardware. An example of this is the Network Interface Cards (NICs).

Port: A port is a logically defined connection location. Ports provide a destination endpoint for communication and the transfer of data. The ports range from 0 to 65535.

Packet: A packet is the basic unit of data transferred over a network. A packet has a header that gives information about the packet (source, destination, etc) and a body or payload containing the actual data being sent.

What happens when you type something into the Google search box and press enter”.

I analyze URL requests only

• Modern browsers have the capability of knowing if the thing you wrote in the address bar is an actual URL or a search term, and they will use the default search engine if it’s not a valid URL.
• I assume you type an actual URL.
• When you enter the URL and press enter, the browser first builds the full URL.
• If you just entered a domain, like testing.com, the browser by default will prepend HTTP:// to it, defaulting to the HTTP protocol.

DNS Lookup phase

• The browser starts the DNS lookup to get the server IP address.
• The domain name is a handy shortcut for us humans, but the internet is organized in such a way that computers can look up the exact location of a server through its IP address, which is a set of numbers like 222.324.3.1 (IPv4).
• First, it checks the DNS local cache, to see if the domain has already been resolved recently.
• Chrome has a handy DNS cache visualizer you can see at chrome://net-internals/#dns
• If nothing is found there, the browser uses the DNS resolver, using the gethostbyname POSIX system call to retrieve the host information.

gethostbyname

gethostbyname first looks in the local hosts file, which on macOS or Linux is located in /etc/hosts, to see if the system provides the information locally.

If this does not give any information about the domain, the system makes a request to the DNS server.

The address of the DNS server is stored in the system preferences.

Those are 2 popular DNS servers:

• 8.8.8.8: the Google public DNS server
• 1.1.1.1: the CloudFlare DNS server

Most people use the DNS server provided by their internet provider.

The browser performs the DNS request using the UDP protocol.

TCP and UDP are two of the foundational protocols of computer networking. They sit at the same conceptual level, but TCP is connection-oriented, while UDP is a connectionless protocol, more lightweight, used to send messages with little overhead.

How the UDP request is performed is not in the scope of this tutorial

• The DNS server might have the domain IP in the cache. If not, it will ask the root DNS server. That’s a system (composed of 13 actual servers, distributed across the planet) that drives the entire internet.
• The DNS server does not know the address of each and every domain name on the planet.
• What it knows is where the top-level DNS resolvers are.
• A top-level domain is the domain extension: .com, .it, .pizza and so on.
• Once the root DNS server receives the request, it forwards the request to that top-level domain (TLD) DNS server.
• Say you are looking for flaviocopes.com. The root domain DNS server returns the IP of the .com TLD server.
• Now our DNS resolver will cache the IP of that TLD server, so it does not have to ask the root DNS server again for it.
• The TLD DNS server will have the IP addresses of the authoritative Name Servers for the domain we are looking for.

How? When you buy a domain, the domain registrar sends the appropriate TDL the name servers. When you update the name servers (for example, when you change the hosting provider), this information will be automatically updated by your domain registrar.

Those are the DNS servers of the hosting provider. They are usually more than 1, to serve as backup.

For example:

• ns1.dreamhost.com
• ns2.dreamhost.com
• ns3.dreamhost.com

The DNS resolver starts with the first, and tries to ask the IP of the domain (with the subdomain, too) you are looking for.

That is the ultimate source of truth for the IP address.

Now that we have the IP address, we can go on in our journey.

TCP request handshaking

• With the server IP address available, now the browser can initiate a TCP connection to that.
• A TCP connection requires a bit of handshaking before it can be fully initialized and you can start sending data.
• Once the connection is established, we can send the request

Sending the request

The request is a plain text document structured in a precise way determined by the communication protocol.

It’s composed of 3 parts:

• the request line
• the request header
• the request body

The request line

The request line sets, on a single line:

• the HTTP method
• the resource location
• the protocol version

Example:

GET / HTTP/1.1

The request header

The request header is a set of field: value pairs that set certain values.

There are 2 mandatory fields, one of which is Host, and the other is Connection, while all the other fields are optional:

Host: testing.com

Connection: close

Host indicates the domain name which we want to target, while Connection is always set to close unless the connection must be kept open.

Some of the most used header fields are:

• Origin
• Accept
• Accept-Encoding
• Cookie
• Cache-Control
• Dnt

but many more exist.

The header part is terminated by a blank line.

The request body

The request body is optional, not used in GET requests but very much used in POST requests and sometimes in other verbs too, and it can contain data in JSON format.

Since we’re now analyzing a GET request, the body is blank and we’ll not look more into it.

The response

Once the request is sent, the server processes it and sends back a response.

The response starts with the status code and the status message. If the request is successful and returns a 200, it will start with:

200 OK

The request might return a different status code and message, like one of these:

404 Not Found

403 Forbidden

301 Moved Permanently

500 Internal Server Error

304 Not Modified

401 Unauthorized

The response then contains a list of HTTP headers and the response body (which, since we’re making the request in the browser, is going to be HTML)

Parse the HTML

The browser now has received the HTML and starts to parse it, and will repeat the exact same process we did for all the resources required by the page:

• CSS files
• images
• the favicon
• JavaScript files

What protocol is used by DNS name servers?

DNS uses UDP for communication between servers. It is a better choice than TCP because of the improved speed a connectionless protocol offers. Of course, transmission reliability suffers with UDP.

Explain difference between ARP and RARP

The address resolution protocol (ARP) is used to associate the 32 bit IP address with the 48 bit physical address, used by a host or a router to find the physical address of another host on its network by sending a ARP query packet that includes the IP address of the receiver. The reverse address resolution protocol (RARP) allows a host to discover its Internet address when it knows only its physical address.

Explain ICMP

ICMP is Internet Control Message Protocol, a network layer protocol of the TCP/IP suite used by hosts and gateways to send notification of datagram problems back to the sender. It uses the echo test / reply to test whether a destination is reachable and responding. It also handles both control and error messages.

What are the data units at different layers of the TCP / IP protocol suite

The data unit created at the application layer is called a message, at the transport layer the data unit created is called either a segment or an user datagram, at the network layer the data unit created is called the datagram, at the data link layer the datagram is encapsulated in to a frame and finally transmitted as signals along the transmission media

What is Network Scanning?

• Network scanning refers to the process of obtaining additional information and performing a more detailed reconnaissance based on the collected information in the foot printing phase.
• In this phase, a number of different procedures are used with the objective to identify hosts, ports, and services in the target network. The whole purpose is to identify vulnerabilities in communication channels and then create an attack plan.

Types of Network Scanning

Scanning has three types:

1. Port scanning - used to list open ports and services
2. Network scanning - used to list IP addresses
3. Vulnerability scanning - used to discover the presence of known vulnerabilities

Scanning Techniques

Port scanning techniques are extremely useful when it comes to identifying open ports. Scanning techniques represent different categories which are used based on protocol types. They are categorized into three categories:

1. Scanning ICMP network services
2. Scanning TCP network services
3. Scanning UDP network services

Scanning ICMP network services

1) ICMP Scanning

ICMP scanning is used for identifying active devices and determining whether ICMP can pass through a firewall.

2) Ping Sweep

Ping sweep is used to determine the range of IP addresses that is mapped to active devices. It allows hackers to calculate subnet masks and identify the number of present hosts in the subnet. This in turn enables them to create an inventory of active devices in the subnet.

3) ICMP Echo Scanning

ICMP Echo Scanning is used to determine which hosts are active in a target network by pinging all the machines in the network.

Scanning TCP Network Services

1) TCP Connect

TCP connect scan used for detecting open ports upon the completion of the three-way handshake. It works by establishing a full connection and then dropping it by sending a RST packet.

2) Stealth Scan

Stealth scan is used for bypassing firewall and logging mechanisms. It works by resetting the TCP connection before the three-way handshake is completed, which in turn makes the connection half open.

3) Inverse TCP Flag Scanning

Inverse TCP flag scanning works by sending TCP probe packets with or without TCP flags. Based on the response, it is possible to determine whether the port is open or closed. If there is no response, then the port is open. If the response is RST, then the port is closed.

4) Xmas Scan

Xmas scan works by sending a TCP frame with FIN, URG, and PUSH flags set to the target device. Based on the response, it is possible to determine whether the port is open or closed. If there is no response, then the port is open. If the response is RST, then the port is closed. It is important to note that this scan works only for UNIX hosts.

5) ACK Flag Probe Scanning

ACK flag probe scanning works by sending TCP probe packets with ACK flag set in order to determine whether the port is open or closed. This is done by analyzing the TTL and WINDOW field of the received RST packet’s header. The port is open if the TTL value is less than 64.

Similarly, the port is also considered to be open if the WINDOW value is not 0 (zero). Otherwise, the port is considered to be closed.

ACK flag probe is also used to determine the filtering rules of the target network. If there is no response, then that means that a stateful firewall is present. If the response is RST, then the port is not filtered.

Scanning UDP Network Services

1) IDLE/IPID Header Scan

IDLE/IPID header scan works by sending a spoofed source address to the target to determine which services are available. In this scan, hackers use IP address of a zombie machine for sending out the packets. Based on the IPID of the packer (fragment identification number), it is possible to determine whether the port is open or closed.

2) UDP Scanning

UDP scanning uses UDP protocol to test whether the port is open or closed. In this scan there is no flag manipulation. Instead, ICMP is used to determine if the port is open or not. So, if a packet is sent to a port and the ICMP port unreachable packet is returned, then that means that the port is closed. If, however, there is no response, then the port is open.

3) SSDP and List Scanning

SSDP, or Simple Service Discovery Protocol, service responds to queries sent over IPv4 and IPv6 broadcast addresses. Attackers use this scan to exploit UPnP vulnerabilities and carry out buffer overflow or DoS attacks. List scanning indirectly discovers hosts. This scan works by listing out IP addresses and names without pinging the hosts and with performing a reverse DNS resolution to identify the names of the hosts.

What is a port?

When making network requests, you use an IP address, or a host name, and a port.

Like this:

http://localhost:8080 (port 8080)

ftp://127.0.0.1:29392 (port 29392)

What is a port, exactly?

It’s a technique introduced to allow multiple applications to respond on the same computer, on the same protocol.

For example we might have a web server running on our machine. A second web server can be started on a different port.

Say the first runs on port 80, which is the default for web servers using the HTTP protocol. The same can run on any other port except port 80. It’s common to use port 8080 or port 81, for example.

HTTPS runs on port 443 by default.

Every protocol has a different default port, but programs are not required to use that. They can use any unused port between 1 and 65535 (16 bits unsigned = 2^16). Here is a list of default port numbers for all protocols based on TCP and UDP.

Historically:

FTP uses 21

Telnet uses 23

SMTP uses 25

POP3 uses 110

HTTP vs HTTPS

HTTP (Hyper Text Transfer Protocol) is the protocol that powers the web as we know it.

It sits on top of TCP, which sits on top of IP.

Web pages can either use HTTP or HTTPS (Hyper Text Transfer Protocol Secure).

How are they different? And, why is now HTTP being marked as non-secure by Chrome?

Security

When you request an HTTP page from a server, the data goes through many different networks, each controlled by a separate company or entity.

Starting from the WiFi router, which might be owned by the coffee shop or by the city public network infrastructure, every single node in the network can see the request and the response, and modify it in any way.

They might inject ads, they might inject malware, they might log any credentials you enter. A server in the middle can play as a man-in-the-middle, sending compromised information.

This also applies to any internet protocol that’s not secured.

HTTPS traffic is end-to-end encrypted, and this means there is nothing in between that can read the information exchanged between you and the server at the other side of the network.

The ports

By default, HTTP is served on port 80, while HTTPS is served on port 443. Those are the default ports, but a web server can choose to serve content on a different, random port, in which case you need to specify it in the address bar:

http://flaviocopes.com

http://flaviocopes.com:80/javascript

https://flaviocopes.com:8081/javascript

Is HTTPS slower?

No! It’s the opposite.

There is a myth around page speed. People think that the TLS handshake required for HTTPS is making page speed slower, but in reality, an HTTPS page can load up way, way faster than HTTP.

Why? Because of HTTP/2, the newest version of the HTTP protocol. HTTP/2 can serve requests in parallel, and requires a secure connection, so if your server uses a modern Web Server, which supports HTTP/2, then your web pages are going to have a significant speed bump when using HTTPS.

HTTP/2 introduces better parallelism, multiplexing, and compression, and that is an awesome update to HTTP.

Does HTTPS affect SEO?

Yes.

In particular, Google says HTTPS is going to give you an advantage in SEO terms.

Also, Google is going to officially mark HTTP sites as non-secure in its Chrome browser, and this is clearly an indication that if you care what Google wants, and you want to take advantage of that, you should switch to HTTPS, as soon as possible. The best possible time would have been 3 years ago, the next best time is today.

Is HTTPS difficult to implement?

Not at all. Thanks to free SSL certificates provided by Let’s Encrypt, the push for HTTPS had a huge impact and how every decent hosting provider is implementing it for free on all the accounts. Thanks to this, in 2018 HTTPS connections were more than the HTTP connections.

In the past having an SSL certificate for your site was a premium option that few were willing to purchase for a regular site, that was not making money or didn’t process user data.

The TCP Protocol

• TCP means Transfer Control Protocol, and it’s the basis of the Web and other applications like Email.
• TCP sits on top of the Internet Protocol (IP) and builds a base system upon which application-level protocols like HTTP, FTP, IMAP and many others.
• TCP, contrary to IP and UDP, is connection oriented.
• Before transmission can happen over TCP, a connection must be established. Data is sent, in form of little packets, and when the communication ends the connection is closed.
• When data is transmitted over TCP, there’s a relatively complex workflow called handshake that must happen.
• Handshake allows the end-to-end connection to happen, and this makes sure TCP can provide one of its peculiar features: reliability. Using TCP, we can always know if a packet the sender sent was received correctly by the receiver.
• If a packet gets lost, the protocol is able to handle it and the packet is re-sent.
• On the IP protocol, connections happen from computer to computer. In TCP, a connection happens form process to process, using a the concept of ports.
• The port, associated to an IP address, allows to uniquely identify a process on a computer. Like this:

localhost:8080

or

google.com:1234

• Each application protocol has a default port. For example HTTP has 80, HTTPS has 443 and FTP has 21. This is why you don’t usually have to specify the port, in the browser.
• Programs are not required to use the default, this is why especially on your local computer, you might see ports like 1313 or 8080 when you start a new application.
• Port numbers range from 1 to 65535 (the port number is a 16 bits unsigned, which corresponds to 2^16 possible values).

The UDP Protocol

• UDP, User Datagram Protocol, is a transfer protocol, an alternative to TCP.
• Its main difference from TCP is that it’s connectionless.
• This implies that it’s faster, each packet sent is more lightweight, as it does not contain all the information needed in TCP, and it does have a lighter handshake process.
• The drawback is that UDP is not reliable as TCP.
• In TCP, if a packet gets lost, the protocol is able to handle it and the packet is re-sent.
• In UDP, this is not built-in into the protocol, and must be handled at a higher level (built on top of it). There is no built-in check to control if a packet was received, and if it is received correctly.
• Some of the most notable application protocols that rely on the UDP layer are DNS and DHCP, and more importantly is the base layer of HTTP/3, the next version of HTTP.
• The UDP protocol uses ports to allow communication between processes, like with TCP.

How traceroute (or tracert) works?

Tracert are both command line utilities that are built into Windows

(traceroute and ping for Linux operating systems) computer systems.

Syntax : tracecert "hostname"

Discover the path: Tracert sends an ICMP echo packet, but it takes advantage

of the fact that most Internet routers will send back an ICMP ‘TTL expired in

transit’ message if the TTL field is ever decremented to zero by a router. Using

this knowledge, we can discover the path taken by IP Packets.

How tracert works: Tracert sends out an ICMP echo packet to the named host,

but with a TTL of 1; then with a TTL of 2; then with a TTL of 3 and so on.

Tracert will then get ‘TTL expired in transit’ message back from routers until the

destination host computer finally is reached and it responds with the standard

ICMP ‘echo reply’ packet.

Round Trip Times: Each millisecond (ms) time in the table is the round-trip

time that it took (to send the ICMP packet and to get the ICMP reply packet).

The faster (smaller) the times the better, ms times of 0 mean that the reply was

faster than the computers timer of 10 milliseconds, so the time is actually

somewhere between 0 and 10 milliseconds

Packet Loss: Packet loss kills throughput. So, having no packet loss is critical to

having a connection to the Internet that responds well. A slower connection with

zero packet loss can easily outperform a faster connection with some packet loss.

Also, packet loss on the last hop, the destination, is what is most important.

Sometimes routers in-between will not send ICMP ‘TTL expired in transit’

messages, causing what looks to be high packet loss at a particular hop, but all it

means is that the particular router is not responding to ICMP echo.

Which port number would you open on a firewall to allow access to a Windows

remote desktop server on the LAN network.

Windows remote desktop servers work on TCP port 3389, which should be opened on

the firewall for access.

What is a network / subnet mask? Explain how host A sends a message / packet to

host B when: (a) both are on same network and (b) both are on different networks.

Explain which layer makes the routing decision and how.

A mask is a bit pattern used to identify the network/subnet address. The IP address consists

of two components: the network address and the host address.

The IP addresses are categorized into different classes which are used to identify the network

address.

Example: Consider IP address 152.210.011.002. This address belongs to Class B, so:

• Network Mask: 11111111.11111111.00000000.00000000
• Given Address: 10011000.11010101.00001011.00000010

By ANDing Network Mask and IP Address, we get the following network address:

• 10011000.11010101.00000000.00000000 (152.210.0.0)
• Host address: 00001011.00000010

Similarly, a network administrator can divide any network into sub-networks by using subnet

mask. To do this, we further divide the host address into two or more subnets.

For example, if the above network is divided into 18 subnets (requiring a minimum of 5 bits

to represent 18 subnets), the first 5 bits will be used to identify the subnet address.

• Subnet Mask: 11111111.11111111.11111000.00000000 (255.255.248.0)
• Given Address: 10011000.11010101.00001011.00000010

So, by ANDing the subnet mask and the given address, we get the following subnet address:

10011000.11010101.00001000.00000000 (152.210.1.0)

How Host A sends a message/packet to Host B:

• When both are on same network: the host address bits are used to identify the host within the network.
• Both are on different networks: the router uses the network mask to identify the network and route the packet. The host can be identified using the network host address.
• The network layer is responsible for making routing decisions. A routing table is used to store the path information and the cost involved with that path, while a routing algorithm uses the routing table to decide the path on which to route the packets.
• Routing is broadly classified into Static and Dynamic Routing based on whether the table is fixed or it changes based on the current network condition.

Name two reasons as to why ping response is not received from the destination

The ping can fail if the destination is shutdown or it can also be a firewall on the

destination blocking the packet.

Explain a technique by which web access can be blocked on a network with a

firewall.

An ACL can be configured which would block DNS packets originating from the

network. DNS is used for resolving URL into IP address. If DNS is blocked, web

communication would fail

Does HTTPS use TLS/SSL protocol at the transport layer

HTTPS uses TCP at the transport layer. TCP port 443 is used. TLS/SSL is used by

HTTPS for encrypting the data exchanged.

Can two vlans be assigned with two subnets from the same major network.

Vlans are used for segregating networks. So two subnets irrespective of whether they

are from the same of different major networks can be used with two vlans.

Explain what happens, step by step, after you type a URL into a browser. Use as much

detail as possible.

There’s no right, or even complete, answer for this question. This question allows you to go

into arbitrary amounts of detail depending on what you’re comfortable with. Here’s a start

though:

1. Browser contacts the DNS server to find the IP address of URL.

2. DNS returns back the IP address of the site.

3. Browser opens TCP connection to the web server at port 80.

4. Browser fetches the html code of the page requested.

5. Browser renders the HTML in the display window.

6. Browser terminates the connection when window is closed

One of the most interesting steps is Step 1 and 2 - “Domain Name Resolution.” The web addresses we type are nothing but an alias to an IP address in human readable form. Mapping of domain names and their associated Internet Protocol (IP) addresses is managed by the Domain Name System (DNS), which is a distributed but hierarchical entity.

Each domain name server is divided into zones. A single server may only be responsible for

knowing the host names and IP addresses for a small subset of a zone, but DNS servers can

work together to map all domain names to their IP addresses. That means if one domain

name server is unable to find the IP addresses of a requested domain then it requests the

information from other domain name servers.

What are the differences between TCP and UDP? Explain how TCP handles reliable

delivery (explain ACK mechanism), flow control (explain TCP sender’s / receiver’s window) and congestion control.

TCP (Transmission Control Protocol): TCP is a connection-oriented protocol. A connection can

be made from client to server, and from then on any data can be sent along that connection.

• Reliable - when you send a message along a TCP socket, you know it will get there unless the connection fails completely. If it gets lost along the way, the server will re-request the lost part. This means complete integrity; data will not get corrupted.
• Ordered - if you send two messages along a connection, one after the other, you know the first message will get there first. You don’t have to worry about data arriving in the wrong order.
• Heavyweight - when the low level parts of the TCP “stream” arrive in the wrong order, resend requests have to be sent. All the out of sequence parts must be put back together, which requires a bit of work.

UDP(User Datagram Protocol): UDP is connectionless protocol. With UDP you send messages

(packets) across the network in chunks.

• Unreliable - When you send a message, you don’t know if it’ll get there; it could get lost on the way.
• Not ordered - If you send two messages out, you don’t know what order they’ll arrive in.
• Lightweight - No ordering of messages, no tracking connections, etc. It’s just fire and forget! This means it’s a lot quicker, and the network card / OS have to do very little work to translate the data back from the packets

Which protocol would you block on a firewall for blocking tracert

Tracert uses ICMP at the network layer. ICMP should be denied on a firewall to block

tracert.

Which is the protocol used by both traceroute and ping 

ICMP is used by both the protocols at the network layer.

Name one technique which can be used for identifying existing IP addresses on a

LAN network.

NMAP which is a scanning tool can be used to perform a scan on the network which

would display the list of available IP addresses on the network. NMAP arp ping scan

can be used for the same.

Can the username and password sent from a HTTP client be viewed in clear text

on the server.

HTTP does not encrypt data. This would cause the username and password to be

viewed in clear text on the server

Can a FTP server installed on Linux accessed by a FTP client on Windows.

FTP is a TCP/IP protocol. TCP/IP is a vendor neutral protocol. So a FTP client on

Windows can access the FTP server which is installed on Linux

How can the number of TCP connections be viewed on a Windows system.

netstat command can be used for the purpose. The command netstat –p tcp would

display all tcp connections on the system

Explain how access to FTP server on a network can be restricted using a firewall.

An access control list can be configured on the firewall which would block access to

FTP server ports which are TCP port 20 and 21.

How do two computers connected to a switch communicate with each other.

An IP header with the source and destination IP address as IP1 and IP2 is created. PC1 sends an ARP request frame to find the mac-address of PC2. This is required to construct the ethernet frame to encapsulate the IP packet. After the mac-address of PC2 is received, the frame is constructed and the IP packet encapsulated. The frame is sent to the switch and is

received on port on E0. The switch looks into the destination mac-address in the frame,

which is PC2’s mac-address and checks if the entry is available in it’s mac-address table. If yes, the frame is forwarded to the port on which PC2 is connected. If unavailable, the switch floods the frame to all ports. After PC2, receives the frame, it looks into the destination mac-address to check if the frame is intended for itself. Once verified, the destination IP address is verified with it’s own IP address. As it is a match, the ping packet is processed and the response to the ping packet created. The response packet would contain the source IP address as IP2 and the destination IP address as IP1, and a new frame would be created with the source and destination mac-address as PC2 and PC1 respectively.

How do computers connected to two different switches communicate.

PC1 and PC2 are connected to respective ports on the switch. The switches are connected to each other using the E1 ports on the respective switches. When PC1 pings PC2, an ARP request packet is generated, for identifying the mac-address of PC2. The ARP request packet is a broadcast packet, which is broadcasted to all ports on SW1. The ARP packet would be sent through the E1 interface on SW1, reach the E1 interface on SW2 and eventually reach PC2. PC2 would respond with it’s mac-address to PC1. Now on SW2, the mac-address of PC1 is added to the E1 interface on SW2, as it had received the ARP request through the interface, which had the source mac-address as that of PC1. This information would be updated in the cam table of SW1. The ARP reply would be sent out through E1 on

SW2 and E1 on SW1 and eventually would reach PC1. The next time PC1 pings PC2, the cam table of the switch would list the mac-address of PC1 on E1 on SW1. All packets would be sent to E1 on SW1, which would then be forwarded out to SW2

Name two techniques by which a single internet connection can be shared by

multiple users on a LAN.

The requirement can be achieved by the use of NAT router (Network address

translation) or a proxy server.

Name two protocols which are vulnerable to brute force attacks.

Telnet and FTP are two protocols which are vulnerable to brute force attacks.

What is a Routing Table?

Think of a routing table like a map or a set of directions for your computer or router to figure out where to send data on the internet.

Imagine your computer wants to send a message to a friend's computer. It doesn't know exactly where your friend's computer is, but it knows some general areas.

1. Routing Table Entries: The routing table is like a list of places or neighborhoods your computer knows about. Each entry in the table represents a place your computer can send data to. These places are either specific locations or general areas on the internet.
2. Destination Addresses: Your computer looks at the address of your friend's computer and compares it to the entries in the routing table. It's like checking if your friend lives in one of the neighborhoods listed.
3. Next-Hop Directions: When your computer finds a match in the routing table, it also sees directions to the next "stop" on the way to your friend's computer. This next stop is usually a router or gateway device that knows how to get closer to the final destination.
4. Choosing the Best Route: Your computer picks the routing table entry that matches the most digits in your friend's address. It's like choosing the neighborhood that's the closest match. This is called "longest prefix match."
5. Sending the Data: Your computer sends the data to the next-hop router/gateway according to the directions in the routing table entry. The router then looks at its own routing table to figure out where to send the data next.

In a nutshell, a routing table is like a list of places your computer knows about on the internet, along with directions on how to get there. It helps your computer make smart decisions about where to send data, even if it doesn't know the exact location of the destination.

A routing table is a data structure used in computer networking to store information about the paths that data packets should take to reach their destination. It is a crucial component of routers and network devices responsible for forwarding data traffic between different networks or subnetworks.

where do we keep routing table details

Routing table details are typically stored in the memory of networking devices like routers and switches. These devices use routing tables to determine how to forward data packets from one network or host to another. Here's where you'll find routing table details:

1. Router's Memory: Routers are key networking devices responsible for forwarding data between different networks. Each router maintains its own routing table, which is stored in its memory (RAM). This routing table contains information about routes to various destinations, next-hop routers, and associated metrics.
2. Switches: Layer 3 switches, which can perform routing functions in addition to traditional switching, also have routing tables. These routing tables are stored in the device's memory and are used to make decisions about how to route traffic between different subnets or VLANs.
3. Operating Systems: In the case of host devices (computers, servers, etc.), routing tables are managed by the operating system. When you run a command like "route print" (Windows) or "netstat -r" (Unix/Linux) in a command prompt or terminal, you can view the routing table for that specific host. These routing tables help the host determine where to send network traffic.
4. Networking Equipment Configuration: Network administrators configure and manage routing tables on routers and switches. They use various protocols and commands to add, modify, or delete routing table entries. These configurations are often stored in the device's configuration files.
5. Dynamic Routing Protocols: In many cases, routing tables are not static but dynamically updated based on the network's topology and changes. Dynamic routing protocols (e.g., OSPF, BGP, RIP) enable routers to exchange routing information with their neighboring routers, allowing the tables to adapt to network changes automatically.
6. Routing Table Cache: Routing devices often maintain a routing table cache to speed up the routing process. This cache stores recently used routing information, allowing routers to make routing decisions more quickly. The cache is kept in memory and is updated as needed.

However, in most cases, routing table information is stored in the device's memory and can be accessed and manipulated through the device's configuration interface or command-line interface.

C:\Users\user1>route print

===========================================================================

Interface List

 16...c8 4b d6 43 62 a1 ......Intel(R) Ethernet Connection (16) I219-LM

  8...3c 21 9c e3 8d 1c ......Microsoft Wi-Fi Direct Virtual Adapter

 18...3e 21 9c e3 8d 1b ......Microsoft Wi-Fi Direct Virtual Adapter #2

  4...3c 21 9c e3 8d 1b ......Intel(R) Wi-Fi 6E AX211 160MHz

 19...3c 21 9c e3 8d 1f ......Bluetooth Device (Personal Area Network)

  1...........................Software Loopback Interface 1

===========================================================================

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.104     50

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331

      192.168.0.0    255.255.255.0         On-link     192.168.0.104    306

    192.168.0.104  255.255.255.255         On-link     192.168.0.104    306

    192.168.0.255  255.255.255.255         On-link     192.168.0.104    306

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331

        224.0.0.0        240.0.0.0         On-link     192.168.0.104    306

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331

  255.255.255.255  255.255.255.255         On-link     192.168.0.104    306

===========================================================================

Persistent Routes:

  None

IPv6 Route Table

===========================================================================

Active Routes:

 If Metric Network Destination      Gateway

  1    331 ::1/128                  On-link

  4    306 fe80::7b01:698c:f8c2:a4a5/128

                                    On-link

  1    331 ff00::/8                 On-link

  4    306 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None

C:\Users\user1>