CISCO Finals

Given the IP block 10.5.0.0/24, how do you create a subnet for a department needing 30 hosts?

• What is the smallest subnet mask (/xx) you can use?

• What is the subnet address?

• What is the subnet mask in decimal?

• What is the broadcast address?

• What is the valid host range?

• How many usable hosts does this subnet provide?

• How many IPs are unused in this subnet?

• Find smallest subnet mask:
  Use the formula 2^n - 2 ≥ 30 (where n = number of host bits)

  • Try n=4: 2^4 - 2 = 14 (too small)

  • Try n=5: 2^5 - 2 = 30 (just enough)
    → So 5 bits for hosts, which means 32 - 5 = 27 bits for network
    → Subnet mask is /27

• Subnet address:
  Use the base network with the new mask → 10.5.0.0/27

• Subnet mask in decimal:
  Convert /27 to dotted decimal:

  • 27 bits set to 1: 11111111.11111111.11111111.11100000

  • Which equals 255.255.255.224

• Broadcast address:
  Last IP in the subnet block of size 2^5 = 32 IPs

  • Range: 10.5.0.0 to 10.5.0.31

  • Broadcast = last IP → 10.5.0.31

• Valid host range:

  • First IP (10.5.0.0) is network address, not usable

  • Last IP (10.5.0.31) is broadcast address, not usable
    → Usable IPs are from 10.5.0.1 to 10.5.0.30

• Usable hosts:

  • 2^5 - 2 = 30 usable hosts

• Unused IPs:

  • Needed exactly 30 hosts and subnet provides 30 usable IPs →
    → 0 unused IPs

What are the different types of IPV4 addresses?

There are two main types of IPv4 addresses:

• Public IP address: Used on the internet. It’s unique and lets devices communicate online.

• Private IP address: Used inside a local network. It’s not visible on the internet and helps devices talk to each other in the same network.

What are the ranges for private addresses?

• 10.0.0.0 – 10.255.255.255 (10.0.0.0/8)

• 172.16.0.0 – 172.31.255.255 (172.16.0.0/12)

• 192.168.0.0 – 192.168.255.255 (192.168.0.0/16)

What is NAT?

NAT (Network Address Translation) is a function used by routers to convert private IP addresses into a public IP address. This allows many devices in a local network (like at ISEP) to share a single public IP to access the internet.
The router uses port numbers to know which device should receive each response.

NAT helps save public IPv4 addresses, but it’s not needed in IPv6 because there are enough addresses for every device.

What is the benefit of segmentation (subnetting) in networks?

Segmenting a network into subnets helps to:

• Reduce traffic and improve network performance.

• Improve security by controlling which subnets can communicate.

• Limit the impact of problems, like broadcast storms or attacks, to only part of the network.

• Organize devices better (by location, department, or device type).

How are subnets created in IPv4 (using VLSM)?

In IPv4, you can create subnets in two ways:

• Fixed-length subnetting: All subnets are the same size (same number of hosts).

• VLSM (Variable Length Subnet Mask): Subnets have different sizes depending on how many hosts they need. This saves IP addresses by using only what’s needed.

How is subnetting done in IPv6?

IPv6 was designed for easy subnetting.
It includes a subnet ID field, so to create subnets, you just change the subnet ID part of the address. No need to "borrow bits" like in IPv4.

Why was IPv6 created?

IPv6 was created because IPv4 ran out of addresses. With more and more devices connecting to the internet, we needed a much larger address space.
IPv6 offers:

• More IP addresses (almost unlimited)

• Simpler routing

• Built-in security features

• Better support for mobile and IoT devices

What are the methods for IPv4 and IPv6 coexistence?

To help IPv4 and IPv6 work together during the transition, these methods are used:

• Dual Stack: Devices use both IPv4 and IPv6 addresses at the same time.

• Tunneling: IPv6 traffic is wrapped inside IPv4 packets to pass through IPv4 networks.

• Translation (e.g. NAT64): Converts IPv6 addresses to IPv4 and back so that devices using different versions can communicate.

How are IPv6 addresses represented?

IPv6 addresses are 128 bits long and written as 8 groups of 4 hexadecimal digits, separated by colons (:).

To make them easier to read and write, we use two rules:

1. Remove leading zeros in each group.

2. Use :: to replace one set of consecutive zero groups (only once per address).

Example:
Full: 2001:0db8:0000:0000:0000:ff00:0042:8329
Simplified: 2001:db8::ff00:42:8329

Types of IPv6 Addresses

There are three main types:

1. Unicast:

   • Used to send data to one device.

   • Two important kinds:

     • Global Unicast Address (GUA): Public, works on the internet.

     • Link-Local Address (LLA): Only works inside a local network.

2. Multicast:

   • Sends data to a group of devices at once.

   • Starts with ff00::/8.

   • Two types:

     • Assigned multicast: For specific groups (like all printers).

     • Solicited-node multicast: Used to find devices on the local network.

3. Anycast:

   • Sent to the nearest device out of a group with the same address.

What are the specificities of GUA and LLA addresses: structure, range, etc.

1. GUA (Global Unicast Address):

• What it is: A public IPv6 address, unique and routable on the internet.

• Structure:

  • Global Routing Prefix: Identifies the network (often /48, given by ISP).

  • Subnet ID: Used to create subnets (often /16).

  • Interface ID: Identifies the device (host).

• Range: Starts with 2xxx::/3.

2. LLA (Link-Local Address):

• What it is: A private IPv6 address used only on the local network.

• Required: Every IPv6 device must have one.

• Use: Communication with nearby devices (e.g., routers).

• Range: Always starts with fe80::/10.

7) How is dynamic addressing of GUA addresses carried out (3 SLAAC methods etc.)? LLA addresses?

🔹 GUA (Global Unicast Address):

To assign a GUA address automatically, the device uses ICMPv6 messages:

• RS (Router Solicitation): Sent by the device to ask for configuration.

• RA (Router Advertisement): Sent by the router with info like the prefix, gateway, and more.

There are 3 dynamic methods:

1. SLAAC (Stateless Address Autoconfiguration)

   • The device gets everything it needs (prefix + gateway) from the RA message.

   • No DHCP server is needed.

2. SLAAC + Stateless DHCPv6

   • The device gets the prefix from the router (RA).

   • But it uses DHCPv6 to get extra info like DNS servers.

3. Stateful DHCPv6

   • Like IPv4 DHCP.

   • The DHCPv6 server gives the full address, DNS, gateway, etc.

🔹 LLA (Link-Local Address):

• Automatically generated by each device.

• It uses the prefix fe80::/10 + the device’s interface ID.

• No router or DHCP needed.

What is an ICMP message?

ICMP (Internet Control Message Protocol) is used to send error and info messages in IP networks.

What are ICMP messages used for?

• To test if a device is reachable

• To report routing or delivery errors

• In IPv6, for addressing and neighbor discovery

Types of ICMP messages:

• Echo Request/Reply → Used to check if a host is reachable (e.g. ping)

• Destination Unreachable → When a packet can’t be delivered

• Time Exceeded → When TTL reaches 0 before arriving

• Router Solicitation (RS) & Router Advertisement (RA) → Used for IPv6 autoconfig

• Neighbor Solicitation (NS) & Neighbor Advertisement (NA) → Like ARP, but for IPv6

Commands using ICMP

• ping → Tests if a device is reachable and shows response time

• traceroute (tracert) → Shows the path a packet takes across routers

What do port numbers correspond to? What are they used for?

Port numbers are used to identify applications or services on a device and allow a computer to manage multiple network connections at the same time.

They help ensure that data sent over the network reaches the correct application on a device. Each connection is identified by a combination of:

• Source IP address

• Source port

• Destination IP address

• Destination port

This full combination helps track and manage individual network sessions.

What are the types of port numbers?

• Well-known ports (0–1023) → Reserved for common services

  • HTTP → 80

  • HTTPS → 443

  • DNS → 53

  • FTP → 21

  • SMTP → 25

  • SSH → 22

  • Telnet → 23

• Registered ports (1024–49151) → Assigned for specific apps

• Dynamic/private ports (49152–65535) → Often used as source ports, chosen randomly by the OS

Purpose of port number?

When a device receives data, the port number tells it which app or service should handle that data (e.g. a web browser, email client, etc.).

How to establish/break a TCP connection?

Establishing a TCP (Transmission Control Protocol) session involves a 3-step process known as the three-way handshake, which ensures a reliable connection between two devices:

Step 1 – SYN (Synchronize):

The client sends a SYN message to the server to request a connection.

➡ "Hi, I want to start a connection."

Step 2 – SYN-ACK (Synchronize + Acknowledge):

The server replies with a SYN-ACK message to acknowledge the request and initiate its own session back to the client.

➡ "Okay, I got your request. Here’s my response to start the connection on my side too."

Step 3 – ACK (Acknowledge):

The client sends back an ACK to confirm the session is now fully established.

➡ "Great, connection confirmed!"

How does TCP handle reliability and flow control?

TCP (Transmission Control Protocol) is a connection-oriented and reliable protocol. It ensures that data is transmitted correctly, in order, and without loss.

✅ Reliability mechanisms in TCP:

• Packets are numbered to allow correct reassembly.

• Acknowledgments are sent back to confirm successful delivery.

• If packets are lost or damaged, they are automatically retransmitted.

✅ Flow control:

• TCP uses a 16-bit window size field in the header to manage flow.

• This indicates how much data the receiver can accept without being overwhelmed.

• This prevents congestion and ensures stable data transfer.

How does UDP work in terms of reliability and flow control?

UDP (User Datagram Protocol) is a connectionless and unreliable protocol. It is designed for speed and low latency, not for guaranteed delivery.

⚠ No reliability features:

• No packet numbering, so data may arrive out of order.

• No acknowledgments or retransmissions if a packet is lost.

• The protocol does not correct errors or track data delivery.

⚡ No flow control:

• UDP does not adjust to the receiver's capacity.

• This makes it faster, but less reliable.

UDP is best for applications like video streaming, VoIP, or online gaming, where speed is more important than perfect accuracy.

What are the application, session, and presentation layers used for? Give an example of a protocol for each layer.

• The application layer lets users and apps communicate over the network. Example: HTTP.

• The presentation layer formats and encrypts data to make it readable. Example: JPEG (image format).

• The session layer manages connections between devices. Example: NetBIOS.

What is a Peer-to-Peer network?

A peer-to-peer network is one where each device can act as both a client and a server, sharing resources directly with others without a central server. For example, a computer can send and receive data at the same time.

How does http work?

When you type a URL in a browser, HTTP follows these steps:

1. URL Breakdown: The browser reads the protocol (http), the domain (www.cisco.com), and the file to request (index.html).

2. DNS Resolution: It converts the domain into an IP address.

3. Request: The browser sends an HTTP request to the server.

4. Response: The server replies with the requested HTML file.

5. Rendering: The browser reads the HTML and displays the web page.

HTTP uses request/response types like:

• GET – to fetch a page

• POST – to send data (like form info)

• PUT – to upload resources

For secure communication, we use HTTPS instead of HTTP.

How do email protocols (SMTP, POP, IMAP) work?

• SMTP (Simple Mail Transfer Protocol) is used to send emails. It sends messages from the client to the server or between servers (usually on port 25).

• POP (Post Office Protocol) is used to receive emails. It downloads emails from the server to the client, then usually deletes them from the server.

• IMAP (Internet Message Access Protocol) also helps to receive emails, but it keeps messages on the server and lets users view or manage them from different devices.

➡ SMTP = Send
➡ POP/IMAP = Receive (POP = download + delete, IMAP = sync across devices)

How do DNS and DHCP work?

• DNS (Domain Name System) translates domain names into IP addresses.

  Steps:

  1. User types a domain name (like example.com).

  2. A DNS query is sent to a DNS server.

  3. The server finds the matching IP address or asks another server.

  4. It sends the IP back to the client.

  5. The browser uses this IP to contact the website.

• DHCP (Dynamic Host Configuration Protocol) automatically gives IP addresses and settings to devices.

  Steps:

  1. The client sends a DHCP Discover message to find servers.

  2. A DHCP server replies with an IP offer (DHCP Offer).

  3. The client accepts one offer (DHCP Request).

  4. The server confirms (DHCP ACK) and assigns the IP for a limited time.

What are the threats to a network? What are the vulnerabilities?

• Network threats are dangers that can harm data or services:

  • Information theft (stealing data)

  • Data loss or manipulation

  • Identity theft

  • Service interruption (e.g. DDoS attacks)

• Network vulnerabilities are weaknesses that threats can exploit:

  • Technological: weak protocols (e.g. HTTP), outdated systems or devices

  • Configuration: weak passwords, unsecured accounts

  • Strategic: no security plan, poor setup or policies

What are 4 types of network attacks and their features?

• Malware Attack: Includes viruses, worms, and trojans that infect and damage systems.

• Reconnaissance Attack: Scans the network to discover systems, services, and vulnerabilities without authorization.

• Access Attack: Tries to gain unauthorized access to data, systems, or user privileges.

• Denial of Service (DoS) Attack: Overloads or corrupts systems to make services unavailable.

What is the difference between a virus, a worm, and a Trojan horse?

• Virus: Attaches to files and needs user action to spread (e.g., opening a file).

• Worm: Spreads by itself over networks without needing to attach to a file.

• Trojan Horse: Appears to be a safe program but secretly performs harmful actions once executed.

Cite methods to mitigate the risks of attacks and protect yourself

• VPN: Creates secure, encrypted tunnels between your device and the internet.

• Firewall: Controls and filters incoming and outgoing network traffic to block unauthorized access (by IP, port, or URL).

• IPS (Intrusion Prevention System): Monitors traffic to detect and stop attacks or malware.

• ESA/WSA (Email Security Appliances/Web Security Appliances): Filters spam and suspicious emails to prevent phishing and malware.

netsat + nslookup + show ip route commands

• nslookup: Shows the DNS server your computer uses and lets you find the IP address for a domain name.

• netstat: Displays information about current network connections, including which ports are open and active TCP/UDP connections.

• show ip route: (Cisco command) Shows the device’s routing table — how it decides where to send network traffic, including known routes and their details.