Sample Oral Questions With Answers For CNSL Oral Preparation

FAQs with Answers
Computer Network and Security Laboratory

Class: TE IT
Experiment 1 (a)
Q 1) Explain how RIP works.

Ans.
RIP uses a distance vector algorithm to decide which path to put a packet on to get to its
destination. Each RIP router maintains a routing table, which is a list of all the destinations
the router knows how to reach. Each router broadcasts its entire routing table to its closest
neighbors every 30 seconds. In this context, neighbors are the other routers to which a router
is connected directly -- that is, the other routers on the same network segments as the selected
router. The neighbors, in turn, pass the information on to their nearest neighbors, and so on,
until all RIP hosts within the network have the same knowledge of routing paths. This shared
knowledge is known as convergence.
If a router receives an update on a route, and the new path is shorter, it will update its table
entry with the length and next-hop address of the shorter path. If the new path is longer, it
will wait through a "hold-down" period to see if later updates reflect the higher value as well.
It will only update the table entry if the new, longer path has been determined to be stable.
If a router crashes or a network connection is severed, the network discovers this because that
router stops sending updates to its neighbors, or stops sending and receiving updates along
the severed connection. If a given route in the routing table isn't updated across six successive
update cycles (that is, for 180 seconds) a RIP router will drop that route and let the rest of the
network know about the problem through its own periodic updates.
Q 2) What are features of RIP?

Ans
Features of RIP
1. Updates of the network are exchanged periodically.
2. Updates (routing information) are always broadcast.
3. Full routing tables are sent in updates.
TE IT CNSL Sample Oral FAQs with Answers

4. Routers always trust routing information received from neighbor routers. This is also
known as Routing on rumors.
Q 3) What is RIP protocol used in networking?

Ans.
Routing Information Protocol (RIP) is a dynamic routing protocol that uses hop count as a
routing metric to find the best path between the source and the destination network. It is a
distance-vector routing protocol that has an AD value of 120 and works on the Network layer
of the OSI model. RIP uses port number 520.
Hop Count
Hop count is the number of routers occurring in between the source and destination network.
The path with the lowest hop count is considered as the best route to reach a network and
therefore placed in the routing table. RIP prevents routing loops by limiting the number of
hops allowed in a path from source and destination. The maximum hop count allowed for RIP
is 15 and a hop count of 16 is considered as network unreachable.
Q 4) What is the default routing update period for RIP?

Ans.
The update interval is the interval at which routes that are learned by RIP are advertised to
neighbors. This timer controls the interval between routing updates. The update interval is set
to 30 seconds, by default, with a small random amount of time added when the timer is reset.
This added time prevents congestion that can occur if all routing devices update their
neighbors simultaneously.
Q 5) What are the main problems with RIP routing protocol?

Ans.
The are four main problems here: slow convergence, routing loops, “counting to infinity” and
“small infinity”
Slow Convergence
The distance-vector algorithm is designed so that all routers share all their routing
information regularly. Over time then, all routers eventually end up with the same
information about the location of networks and which are the best routes to use to reach them.
This is called convergence. Unfortunately, the basic RIP algorithm is rather slow to achieve
convergence. It takes a long time for all routers to get the same information, and in particular,
it takes a long time for information about topology changes to propagate.
Routing Loops

A routing loop occurs when Router A has an entry telling it to send datagrams for
Network 1 to Router B, and Router B has an entry saying that datagrams for
Network 1 should be sent to Router A. Larger loops can also exist: Router A says to send
to B, which says to send to C, which says to send to A.
Q 6) Discuss few router configuration commands in packet tracer.

Ans.
Purpose
Command
Step configure terminal Enters global configuration mode, when using the
1 console port.
Example:
Router> enable
Router# configure terminal
Step hostname name Specifies the name for the router.
2
Example:
Router(config)# hostname
Router
Step enable secret password Specifies an encrypted password to prevent
3 unauthorized access to the router.
Example:
Router(config)# enable
secret cr1ny5ho
Step no ip domain-lookup Disables the router from translating unfamiliar

4 words (typos) into IP addresses.
Example:
Router(config)# no ip
domain-lookup
Q 7) How we can set LAN interface in packet tracer?

Ans.
Procedure:
Step-1(Configuring Router1):
1. Select the router and Open CLI.

2. Press ENTER to start configuring Router1.
3. Type enable to activate the privileged mode.
4. Type config t(configure terminal) to access the configuration menu.
5. Configure interfaces of Router1:
6. Type no shutdown to finish.
Router>enable
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface FastEthernet0/0
Router(config-if)#ip address 192.168.10.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up
Router(config-if)#interface FastEthernet0/1
Router(config-if)#ip address 192.168.20.1 255.255.255.0
Router(config-if)#no shutdown
Step-2(Configuring PCs):
1. Assign IP Addresses to every PC in the network.
2. Select the PC, Go to the desktop and select IP Configuration and assign an IP address,
Default gateway, Subnet Mask
3. Assign the default gateway of PC0 as 192.168.10.1.
4. Assign the default gateway of PC1 as 192.168.20.1.
Step-3(Connecting PCs with Router):
1. Connect FastEthernet0 port of PC0 with FastEthernet0/0 port of Router1 using a
copper straight-through cable.
2. Connect FastEthernet0 port of PC1 with FastEthernet0/1 port of Router1 using a
copper straight-through cable.
Q 8) What is the main reason for using RIP?

Ans.

Stands for "Routing Information Protocol." RIP is a protocol used by routers to exchange
routing information on a network. Its primary functions are to 1) determine the most efficient
way to route data on a network and 2) prevent routing loops.
RIP maintains a routing table, which lists all routers reachable within a network. Each router
uses this table to determine the most efficient way to route data. RIP incorporates distance-
vector routing, which calculates the best path based on the direction and distance between
routers. Each packet is forwarded to the appropriate routers until the packet reaches its
destination.
RIP also prevents endless routing loops by limiting the number of "hops" between the source
and destination. A hop is recorded each time a packet is forwarded from one router to
another. The maximum number of hops allowed by RIP is 15. If the hop count hits 16, RIP
determines the destination is not reachable and the transfer is terminated.

Experiment 1 (b)
Q 1) What is the purpose of access list?
Ans.
Access-list (ACL) is a set of rules defined for controlling network traffic and reducing
network attacks. ACLs are used to filter traffic based on the set of rules defined for the
incoming or outgoing of the network.
ACL features –
1. The set of rules defined are matched serial wise i.e matching starts with the first line,
then 2nd, then 3rd, and so on.
2. The packets are matched only until it matches the rule. Once a rule is matched then no
further comparison takes place and that rule will be performed.
3. There is an implicit deny at the end of every ACL, i.e., if no condition or rule matches
then the packet will be discarded.
Q 2) What is the difference between standard and extended ACL?

Ans.
a) In Standard ACL, filtering is based on source IP address.
where as in extended ACL, filtering is bases on Source IP
address, Destination IP address, Protocol Type, Source Port
Number & Destination Port Number.
b) Standard ACL are used to block particular host or sub

network. where as Extended ACL is used to block particular
services.
c)Standard ACL is implemented as possible closer to

destination. where as Extended ACL is implemented as
possible closer to source.
d) Standard ACL is created from 1 - 99 & extended range 1300

- 1999. where as Extended ACL is created from 100 - 199 &
extended range 2000 - 2699.
e) In Standard ACL, two communication will be blocked, where

as in Extended ACL, one way communication will be blocked.
f) In Standard ACL, all services will be blocked. Where as

in Extended ACL, particular services wil be blocked.

Q 3) What are the advantages of ACL?
Ans.
Advantages of ACL –
 Improve network performance.
 Provides security as the administrator can configure the access list according to the
needs and deny the unwanted packets from entering the network.
 Provides control over the traffic as it can permit or deny according to the need of the
network.
Q 4) Explain the command in packet tracer to configure standard ACL.

Ans.
We have two commands to create a standard access list. These commands are 'access-
list' and 'ip access-list'. The 'ip access-list' command has an advantage over the 'access-
list' command. It allows us to update or modify statements. We have already learned how to
use the 'access-list' command to create a standard access list in the previous part of this
tutorial. In this part, let’s use the 'ip access-list' command.
The 'ip access-list' is a global configuration mode command. To create a standard access list,
it uses the following syntax.
Router(config)# ip access-list standard ACL_#
In the above syntax, the ACL_# is the name or number of the standard ACL. When you hit
the enter key after entering this command, the command prompt changes and you enter
standard ACL configuration mode.
Router(config-std-acl)#
In standard ACL configuration mode, you can use the following syntax to create statements.
Router(config)# ip access-list standard ACL_name
Router(config-std-acl)#permit|denysource_IP_address [wildcard_mask]
An ACL does nothing until it is applied to an interface. To apply a standard ACL to an
interface, enter the interface configuration mode of the interface and use the following
command.
Router(config)# interface type [slot_#]port_#
Router(config-if)#ip access-group ACL_# in|out
Once an ACL is activated on an interface, the interface processes all packets through it.
Q 5) Which command will create an extended named access-list?

Ans.
Using the command ip access-list extended named_list will create an extended named access
list.
Q 6) Which router command allows you to view the entire contents of all access list?
Ans.
The show access-lists command will allow you to view the entire contents of all access lists,
but it will not show you the interfaces to which the access lists are applied.
Q 7) Which command would you use to apply an access list to a router interface?
Ans.
To apply an access list, the proper command is ip access-group 101 in.
Q 8) What is wildcard mask?

Ans.
Wildcard mask allows or denies all the traffic from a network IP address. The wildcard mask
tells the router which bits in the IP address need to match the access list and which do not.
A wildcard mask is a sequence of binary bits which helps in streamlining the routing of
packets within a subnet of a network. It is shown over the subnet number, providing the
router information about which parts of the subnet number to focus on. The use of the
wildcard mark helps the router to only focus on the digits chosen by the mask rather than on
the entire IP address. Wildcard masks are normally used to specify which IP addresses can be
allowed or denied in the access control lists and with router protocols like the Open Shortest
Path First.
Q 9) Which type of ACL should be placed closest to the source of traffic?

Ans.
Extended ACLs should always be placed closest to the source of traffic since they are
extremely granular.

Experiment 1 (c)
Q 1) What is NAT?
Ans.
To access the Internet, one public IP address is needed, but we can use a private IP address in
our private network. The idea of NAT is to allow multiple devices to access the Internet
through a single public address. To achieve this, the translation of a private IP address to a
public IP address is required. Network Address Translation (NAT) is a process in which
one or more local IP address is translated into one or more Global IP address and vice versa
in order to provide Internet access to the local hosts. Also, it does the translation of port
numbers i.e. masks the port number of the host with another port number, in the packet that
will be routed to the destination. It then makes the corresponding entries of IP address and
port number in the NAT table. NAT generally operates on a router or firewall.
Q 2) What is static NAT?

Ans.
Static NAT – In this, a single unregistered (Private) IP address is mapped with a legally
registered (Public) IP address i.e one-to-one mapping between local and global addresses.
This is generally used for Web hosting. These are not used in organizations as there are many
devices that will need Internet access and to provide Internet access, a public IP address is
needed.
Suppose, if there are 3000 devices that need access to the Internet, the organization has to buy
3000 public addresses that will be very costly.
Q 3) What is PAT?
Ans.
Port Address Translation (PAT) is an extension of Network Address Translation (NAT) that
permits multiple devices on a LAN to be mapped to a single public IP address to conserve IP
addresses.
PAT is similar to port forwarding except that an incoming packet with destination port
(external port) is translated to a packet different destination port (an internal port). The
Internet Service Provider (ISP) assigns a single IP address to the edge device. When a
computer logs on to the Internet, this device assigns the client a port number that is appended
to the internal IP address, giving the computer a unique IP address.
If another computer logs on the Internet, this device assigns it the same public IP address, but
a different port number. Although both computers are sharing the same public IP address, this
device knows which computer to send its packets, because the device uses the port numbers
to assign the packets the unique internal IP address of the computers.

Q 4) What is Dynamic NAT?
Ans.
Dynamic NAT – In this type of NAT, an unregistered IP address is translated into a
registered (Public) IP address from a pool of public IP addresses. If the IP address of the pool
is not free, then the packet will be dropped as only a fixed number of private IP addresses can
be translated to public addresses.
Suppose, if there is a pool of 2 public IP addresses then only 2 private IP addresses can be
translated at a given time. If 3rd private IP address wants to access the Internet then the
packet will be dropped therefore many private IP addresses are mapped to a pool of public IP
addresses. NAT is used when the number of users who want to access the Internet is fixed.
This is also very costly as the organization has to buy many global IP addresses to make a
pool.
Q 5) What is Source NAT?

Ans.
Source NAT is the translation of the source IP address of a packet leaving the Juniper
Networks device. Source NAT is used to allow hosts with private IP addresses to access a
public network.
Source NAT allows connections to be initiated only for outgoing network connections—for
example, from a private network to the Internet. Source NAT is commonly used to perform
the following translations:
 Translate a single IP address to another address (for example, to provide a single
device in a private network with access to the Internet).
 Translate a contiguous block of addresses to another block of addresses of the same
size.
 Translate a contiguous block of addresses to another block of addresses of smaller
size.
 Translate a contiguous block of addresses to a single IP address or a smaller block of
addresses using port translation.
 Translate a contiguous block of addresses to the address of the egress interface.
Q 6) Does NAT occur before or after routing ?

Ans.
The order in which the transactions are processed using NAT is based on whether a packet is
going from the inside network to the outside network or from the outside network to the
inside network. Inside to outside translation occurs after routing, and outside to inside
translation occurs before routing.

Q 7) Explain each keyword of following NAT command – “ipnat inside source list 10
interface FastEthernet 0/0 overload?
Ans.
Q 8) Explain the terms

 Inside local address—The IP address assigned to a host on the inside network. This
is the address configured as a parameter of the computer OS or received via dynamic

address allocation protocols such as DHCP. The address is likely not a legitimate IP
address assigned by the Network Information Center (NIC) or service provider.
 Inside global address—A legitimate IP address assigned by the NIC or service
provider that represents one or more inside local IP addresses to the outside world.
 Outside local address—The IP address of an outside host as it appears to the inside
network. Not necessarily a legitimate address, it is allocated from an address space
routable on the inside.
 Outside global address—The IP address assigned to a host on the outside network
by the host owner. The address is allocated from a globally routable address or
network space.
Q 9) While configuring NAT on Router, Which command would you place on interface
connected to the Internet?
Ans.
As in access-lists, you must configure your interfaces before NAT will provide any
translations. On the inside networks you would use the command ipnat inside. On the outside
interface, you will use the command ipnat outside.
Q 10) What is difference between NAT and PAT?

Ans.
Difference Between Network Address Translation (NAT) and Port Address Translation
(PAT):
S.NONetwork Address Translation (NAT) Port Address Translation (PAT)
NAT stands for Network Address

1. Translation. PAT stands for Port Address Translation.
In NAT, Private IP addresses are translated In PAT, Private IP addresses are translated
2. into the public IP address. into the public IP address via Port numbers.
3. NAT can be considered PAT’s superset. PAT is a dynamic NAT.
PAT also uses IPv4 address but with port

4. NAT uses IPv4 address. number.

It have 3 types: Static, Dynamic NAT and It also have two types: Static and
5. PAT/ NAT Overloading/IP masquerading. Overloaded PAT.
Q 11) Where is ipnat inside and ipnat outside used?

Ans.
As in access-lists, you must configure your interfaces before NAT will provide any
translations. On the inside networks you would use the command ipnat inside. On the outside
interface, you will use the command ipnat outside.
ipnat inside source:
 Translates the source IP address of packets that travel from inside to outside.
 Translates the destination IP address of packets that travel from outside to inside.
ipnat outside source:
 Translates the source IP address of packets that travel from outside to inside.
 Translates the destination IP address of packets that travel from inside to outside.

ASSIGNMENT 2(A)
Que. Question CO BT
Q1.
CO2 Level 1
What is EIGRP?
Q2. What are the requirements for neighborship in EIGRP? CO2 Level 1
Q3. Give the formula by which EIGRP calculates metric? CO2 Level 1
Q4. Explain the various tables used in EIGRP?
CO2 Level 1
Q5. Explain the different types of packets in EIGRP?

CO2 Level 1
Q6. What is the administrative distance of EIGRP?

CO2 Level 1
Q7. Which commands are used for implementing EIGRP on

Cisco Router? CO2 Level 1
Q8. What are the EIGRP Tables?

CO2 Level 1
Q9. What is the maximum Hop-count for EIGRP?

CO2 Level 1
Q10. Is it is necessary to have the same AS on routers

participating in EIGRP? CO2 Level 1
Q11. How two EIGRP router become neighbors with each other?
CO2 Level 2
Q12. Which algorithm EIGRP use for finding best path?

CO2 Level 1
A1. Enhanced Interior Gateway Routing Protocol is an advanced distance vector routing
protocol based on the principles of the Interior Gateway Routing Protocol (IGRP). It has a
unique characteristic that improves the operational ability and fast converging rate. It can
determine the shortest path distance vector, and it works on the principle of Interior Gateway
Routing Protocol, a classless routing protocol.
A2. Requirements –

1. The devices must be in the same autonomous system (AS)
2. The devices must have the same authentication configuration
3. The devices must have the same k-values
A3.
A4. To perform the functions of EIGRP, it creates three tables which are:
 Neighbor Table
 Topology Table
 Routing Table
Following represents the ideology and concepts behind the three major tables:
1. Neighbor Table
 The neighbor table contains information about routers and neighborship relationships
with those whom have been established.
 Command to list router information: ‘show ipeigrpneighbors’.
 The Neighbor Table has Fields like H: Handle, Address, Interface, Hold Time,
Uptime, Smooth Round Trip Time, Retransmission Timeout, Queue Count, Sequence
Number.
2. Topology Table
 The topology table holds information about all the paths to networks understood by
EIGRP routers.
 Command to list router information- ‘show ipeigrp’ topology.
 The topology table holds the following fields Passive, Feasible Distance, Advertised
distance, Feasible distance
3. Routing Table
 The routing table stores the routes which are currently active in sending packets to the
network. It stores the optimal route for the destination from the sender.
 Command to List Router Information: ’show ipv6 route’.
 The routing table holds the following fields D, 90/ 5632. Via 11.0.0.2,
GigabitEthernet0/1.

A6. 90
A7. Router EIGRP <AS>
Network <Subnet-ID>
A8. To perform the functions of EIGRP, it creates three tables which are:
 Neighbor Table
 Topology Table
 Routing Table
A9. 224
A10. Yes
A11. The neighbor process among two EIGRP router is as following:
Router-A will send out a hello message to router-B
Router-B sends back a hello-msg and an update. The update have routing info about new
network
Router-A acknowledges the update
Router-A sends its updates
Router-B acknowledges back
A neighbor will be remove from routing table if no hello-msg is relieved during three hello
messages.
A12. It uses DUAL Diffusing-update algo for finding and calculating the best path for
EIGRP routes.
ASSIGNMENT 2(B)

Que. Question CO BT
1
CO2 Level 1
What is OSPF?
2 What are the requirements for neighborship in OSPF? CO2 Level 1
3 Give the formula by which OSPF calculates metric? CO2 Level 1
4 Explain the various tables used in OSPF?
CO2 Level 1
5 Explain the different types of packets in OSPF?

CO2 Level 1
6 What is the administrative distance of OSPF?

CO2 Level 1
7 Which commands are used for implementing OSPF on Cisco

Router? CO2 Level 1
8 What are the OSPF Tables?

CO2 Level 1
9 What is the maximum Hop-count for OSPF?

CO2 Level 1
10 What metric does OSPF use? CO2 Level 1

11 How two OSPF router become neighbors with each other?
CO2 Level 2
12 Why OSPF is faster than RIP? CO2 Level 1

13 Why OSPF is called link-state? CO2 Level 1
14 What are the benefits of OSPF? CO2 Level 1
15 Which commands are used for OSPF in a host? CO2 Level 1
16 How many states are in OSPF? CO2 Level 1
17 What are features of OSPF? CO2 Level 1
18 How is OSPF configured?
CO2 Level 1
19 What are the OSPF area types? CO2 Level 1

20 What is OSPF packet types? CO2 Level 1
21 Which databases does OSPF use for its operations? CO2 Level 1
22 What is single area OSPF? CO2 Level 1

23 How many tables are there in OSPF? CO2 Level 1
24 Is OSPF unicast or multicast? CO2 Level 1
25 How does OSPF prevent loops? CO2 Level 1
26 What are the advantages and disadvantages of OSPF? CO2 Level 1
27 Is OSPF distance vector? CO2 Level 1
28 What is the administrative distance of OSPF? CO2 Level 1
29 What is role of topology and routing table in OSPF ? CO2 Level 1
30 What different activities neighbour router perform in
CO2 Level 1
OSPF?
31 On which algorithms OSPF depends? What is the principle
CO2 Level 1
behind it?
32
What is OSPF Router ID and how is it elected? CO2 Level 1
A1. Open Shortest Path First is a routing protocol for Internet Protocol networks. It uses a
link state routing algorithm and falls into the group of interior gateway protocols, operating
within a single autonomous system.
A2. OSPF Neighborship Requirement

In order to become OSPF neighbor following values must be match on both routers.
 Area ID
 Authentication
 Hello and Dead Intervals
 Stub Flag
 MTU Size
A3. Cost = Reference bandwidth / Interface bandwidth in bps.

A4.
A5. What are the different types of OSPF packets?

There are 5 Types of OSPF packets:
 The Hello Packet : ...
 The Database Description Packet : ...
 The Link State Request packet : ...
 The Link State Update packets: ...
 The Link State Acknowledge packets:
A6. 110
A7. router ospf process ID
A9. infinite
A10.
the sum of the interface costs for all outgoing interfaces in the route.
A11.
A12. OSPF protocol has no limitations in hop count, unlike RIP protocol that has only
15 hops at most. So OSPF converges faster than RIP and has better load balancing.

A13. The OSPF protocol is a link-state routing protocol, which means that the routers
exchange topology information with their nearest neighbors. The topology information is
flooded throughout the AS, so that every router within the AS has a complete picture of the
topology of the AS.
A14. What are the benefits of OSPF?

OSPF supports/provides/advantages –
 Both IPv4 and IPv6 routed protocols.
 Load balancing with equal-cost routes for the same destination.
 VLSM and route summarization.
 Unlimited hop counts.
 Trigger updates for fast convergence.
 A loop-free topology using SPF algorithm.
 Run-on most routers.
 Classless protocol.
A15.
A16. OSPF has eight neighbor states: Down, Attempt, Init, 2-way, Exstart, Exchange,
Loading, and Full.
A17. OSPF is a link-state protocol in which all routers in the routing domain exchange
information and thus know about the complete topology of the network. Because each router
knows the complete topology of the network, the use of the SPF algorithm creates an
extremely fast convergence. Other key characteristics of OSPF are as follows:
 Provides routing information to the IP section of the TCP/IP protocol suite, the most
commonly used alternative to RIP.
 Sends updates to tables only, instead of entire tables, to routers.
 Is a more economical routing protocol than RIP over time because it involves less
network traffic.
OSPF is usually more efficient than RIP in exchanging routing information when a network
is stable; however, for this rule to hold true, it depends on network events. For example,
during an external convergence event, OSPF could flood more traffic than RIP. Consider that
RIP carries 25 routes per update; on the other hand, OSPF floods a single LSA per external
route that is affected by the convergence event. So, provided that you have a (relatively)
stable environment, OSPF involves less traffic, and over time, it is statistically more
economical than RIP. Using a single LSA per external route is inefficient, but OSPF was
never designed to be an EGP. Therefore, OSPF/BGP deployment when large numbers of
external routers are present.

A18. Configuring OSPF Interface Parameters
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. ip ospf cost cost
5. ip ospf retransmit-interval seconds
6. ip ospf transmit-delay seconds
7. ip ospf priority number-value
8. ip ospf hello-interval seconds
9. ip ospf dead-interval seconds
10. ip ospf authentication-key key
11. ip ospf message-digest-key key-id md5 key
12. ip ospf authentication [message-digest | null ]
13. end
DETAILED STEPS
Command or Action Purpose
Step 1 enable Enables privileged EXEC mode.
Example:
 Enter your password if prompted.
Device> enable
Step 2 configure terminal Enters global configuration mode.
Example:
Device# configure terminal

Step 3 interface type number Configures an interface type and enters
Example:
interface configuration mode.
Device(config)# interface
Gigabitethernet 0/0
Step 4 ip ospf cost cost Explicitly specifies the cost of sending a
Example:
packet on an OSPF interface.
Device(config-if)#ipospf cost 65
Step 5 ip ospf retransmit-interval seconds Specifies the number of seconds between
Example:
link-state advertisement (LSA)

retransmissions for adjacencies belonging

to an OSPF interface.
Device(config-if)#ipospf retransmit-
interval 1
Step 6 ip ospf transmit-delay seconds Sets the estimated number of seconds
Example:
required to send a link-state update packet
on an OSPF interface.
Device(config-if)#ipospf transmit-
delay
Step 7 ip ospf priority number-value Sets priority to help determine the OSPF
Example:
designated router for a network.
Device(config-if)#ipospf priority 1
Step 8 ip ospf hello-interval seconds Specifies the length of time between the
Example:
hello packets that the Cisco IOS software
sends on an OSPF interface.
Device(config-if)#ipospf hello-interval
1
Step 9 ip ospf dead-interval seconds Sets the number of seconds that a device
Example:
must wait before it declares a neighbor
OSPF router down because it has not
Device(config-if)#ipospf dead-interval received a hello packet.
1
Step 1 ip ospf authentication-key key Assigns a password to be used by
0 Example:
neighboring OSPF routers on a network
segment that is using the OSPF simple
Device(config-if)#ipospf password authentication.
authentication-key 1
Step 1 ip ospf message-digest-key key-id md Enables OSPF MD5 authentication. The
1 5 key values for the key-id and key arguments
Example: must match values specified for other
neighbors on a network segment.
Device(config-if)#ipospf message-
digest-key 1 md5 23456789
Step 1 ip ospf authentication [message- Specifies the authentication type for an
2 digest | null ] interface.
Example:

Device(config-if)#ipospf
authentication message-digest
Step 1 end Exits interface configuration mode and
3 Example:
returns to privileged EXEC mode.
Device(config-if)# end
A19. There are five types of OSPF areas: Backbone area (area 0), Standard area, Stub
area, Totally stubby area, and No so stubby area (NSSA)
A21. OSPF routers collect this information into a link-state database (LSDB) that is shared
and synchronized among the various routers. Using this database, the various routers are able
to calculate the shortest path to other routers using the SPF algorithm.
A22. Single Area OSPF (Area 0)

Area 0 is also known as the backbone area for OSPF which links all other smaller areas
within the hierarchy. The single area OSPF is useful in smaller networks where only a few
routers are working and the web of router links is not complex, and paths to individual
destinations are easy. If an area becomes too big, the following issues happen with the
network.
 Large routing table

 Large link-state database (LSDB)
 Frequent SPF algorithm calculations
A23. 3 tables
A24. multicast
A25. inter-area OSPF is distance vector, it is vulnerable to routing loops. It avoids loops
by mandating a loop-free inter-area topology, in which traffic from one area can only
reach another area through area 0.

A26.
A27. No
A28. 110
A29. topology table The topology table keeps track of the entire network topology. It
stores all the information about all the routes that the router has received from its neighbors,
even duplicate routes. route table The routing table is the table that stores information about
the best routes to a particular destination.
A30.
 The Router ID of each neighbouring router.
 The current “state” of each neighbouring router.
 The interface directly connected to each neighbour.
 The IP address of the remote interface of each neighbour.
A31. Shortest Path First (SPF) algorithm
A32. Each OSPF router selects a router ID (RID) that has to be unique on your
network. OSPF stores the topology of the network in its LSDB (Link State Database) and
each router is identified with its unique router ID , if you have duplicate router IDs then you
will run into reachability issues.

ASSIGNMENT 2(C)
Que. Question CO BT
Q1.
CO2 Level 1
What is a wireless LAN?
Q2. What is IEEE 802.11b, 802.11g, and 802.11a? CO2 Level 1
Q3. What are the advantages and disadvantages of WLAN? CO2 Level 1
Q4. What are the needed devices of WLAN? CO2 Level 1
Q5. What are the common applications of WLAN? CO2 Level 1
Q6. What id infrastructured WLAN and Adhoc wireless network? CO2 Level 1
Q7.
Why use DHCP IP reservation or Static IP CO2 Level 1
Q8.
What is DHCP? CO5 Level 3
Q9. Explain the steps in WLAN configuration in packet tracer CO2 Level 2
Q10. What port does DHCP use? CO2 Level 3
Q11. Why is DHCP used? CO2 Level 1
Q12. Can you use a static IP on a DHCP network? CO2 Level 1
Q13. Which is faster DHCP or static? CO2 Level 1
Q14. What are the benefits of static IP? CO2 Level 1
Q15. What is the difference between DHCP and static? CO2 Level 1
1.
Wireless LAN stands for “Wireless Local Area Network.” A WLAN, or wireless
LAN, is a network that links and communicates wirelessly to computers.A wireless
local-area network (WLAN) is a group of colocated computers or other devices that
form a network based on radio transmissions rather than wired connections. Unlike a
conventional wired LAN, devices communicate via Ethernet cables and devices
linked via Wi-Fi on a WLAN. While a WLAN can look different from a conventional
LAN, it does operate the same way.
2.

IEEE 802.11a (WiFi 2)
802.11a was one of the first standards issued under the 802.11 umbrella in 1999.
Rather than using the 2.4 GHz band, it opted into using the 5 GHz frequency band. Generally,
higher frequencies are coupled with faster speeds but shorter range. To achieve better speeds,
it was the first to implement OFDM (Orthogonal Frequency Division Multiplexing)
technology - a digital modulation method used to encode data on multiple frequencies- into
its coding scheme, allowing it to have a theoretical maximum speed of 54 Mbps, which was a
drastic improvement from the original WiFi standard.
In addition, since 802.11a operated under the 5 GHz band, it made the products more
expensive. Therefore, it was mostly used in business networks.
IEEE 802.11b (WiFi 1)
While 802.11a was being developed, so was the 802.11b standard; it was also published in
1999.
802.11b uses DSSS (Direct-Sequence Spread Spectrum) - a modulation method used to

reduce signal interference - in the 2.4 GHz band, allowing it to have speeds up to 11 Mbps.
The 2.4 band does a good job at penetrating obstacles to provide more WiFi coverage.
Unfortunately, the data travels at a much slower rate, especially when it’s coupled with
network interferences caused by devices operating on the same frequency, such as baby
monitors, microwave ovens, cordless phones, appliances, and Bluetooth devices. Luckily,
interferences can be mitigated by keeping your 802.11b devices away from the mentioned
equipment.
IEEE 802.11g (WiFi 3)
To fulfill a growing demand for faster internet under the 2.4 GHz band, 802.11g joined the
802.11 family in 2003.
The developers took the best qualities of 802.11a and 802.11b to create the 802.11g standard.
It supports a networking bandwidth up to 54 Mbps and operates under the 2.4 GHz band.
At the time backward compatibility was a must because many people still had access points
and computers that used the previous standards. 802.11g is backward compatible with
802.11b products. However, WiFi products are only capable of tapping into the standard
under which they operate. An 802.11b computer connected to an 802.11g AP can only go as
fast as what the b standard allows. On the flip side, a g device connected to a b AP will only
go as fast as what the AP offers.
3.

Advantages of wireless local area network (WLAN)
 It is a reliable type of communication

 As WLAN reduces physical wires so it is a flexible way of communication
 WLAN also reduces the cost of ownership
 It is easier to add or remove workstation
 It provides high data rate due to small area coverage
 You can also move workstation while maintaining the connectivity
 For propagation, the light of sight is not required
 The direction of connectivity can be anywhere i.e. you can connect devices in any
direction unless it is in the range of access point
 Easy installation and you need don’t need extra cables for installation
 WLAN can be useful in disasters situation e.g. earthquake and fire. People can still
communicate through the wireless network during a disaster
 It is economical because of the small area access
 If there are any building or trees then still wireless connection works
Disadvantages of wireless local area network (WLAN)
 WLAN requires license

 It has a limited area to cover
 Government agencies can limit the signals of WLAN if required. This can affect data
transfer from connected devices to the internet
 If the number of connected devices increases then data transfer rate decreases
 WLAN uses radio frequency which can interfere with other devices which use radio
frequency
 If there is rain or thunder then communication may interfere
 Attackers can get access to the transmitted data because wireless LAN has low data
security
 Signals may be affected by the environment as compared to using fiber optics
 The radiation of WLAN can be harmful to the environment
 As WLAN uses access points and access points are expensive than wires and hubs
 Access points can get signals of nearest access points
 It is required to change the network card and access point when standard changes
 LAN cable is still required which acts as the backbone of the WLAN
 Low data transfer rate than wired connection because WLAN uses radio frequency
 Chances of errors are high
 Communication is not secure and can be accessed by unauthorized users
4. l
5.
(1) Between buildings: Building network connections between buildings, replacing
dedicated lines, is simple and cheap.
(2) Catering and retail: The catering service industry can use wireless local area
network products to directly input...
(3) Medical treatment: Use portable computers with wireless local area network
products to obtain real-time information.

(4) Enterprise: When employees in an enterprise use wireless local area network
products,
6.
Most Wi-Fi networks function in infrastructure mode. Devices on the network all
communicate through a single access point, which is generally the wireless router. For
example, let’s say you have two laptops sitting next to each other, each connected to
the same wireless network. Even when sitting right next to each other, they’re not
communicating directly. Instead, they’re communicating indirectly through the
wireless access point. They send packets to the access point — probably a wireless
router — and it sends the packets back to the other laptop. Infrastructure mode
requires a central access point that all devices connect to.
Ad-hoc mode is also known as “peer-to-peer” mode. Ad-hoc networks don’t require a
centralized access point. Instead, devices on the wireless network connect directly to
each other. If you set up the two laptops in ad-hoc wireless mode, they’d connect
directly to each other without the need for a centralized access point.
7.
The main advantage of using DHCP reservations is that the assignment of a "static" IP
address is managed centrally. This can be helpful for example if you are often
rebuilding a particular computer or constantly changing the OS or if setting a "static"
IP address is cumbersome (DirectTV DVR for example).
Using DHCP reservations is also handy if you ever need to migrate to a new subnet.
In most cases then you just need to change the subnet on the router\DHCP server and
all the clients will automatically be updated to the new subnet.
Lastly, using DHCP reservations is nice because you have a central place that you can
go and lookup the IP address of a machine, provided the router\DHCP server allows
you to note a name in addition to the IP address and MAC Address.
8.
DHCP. Dynamic Host Configuration Protocol is a network management protocol that

is used to dynamically assign the IP address and other information to each host on the
network.
9.
Configuration WLAN using Static IP.

Make following network design

Now to apply MAC Filtering
Click on wirless router 0 Access RestrictionsWirless MAC Filter ->enable->MAC
Address filter list  add MAC address of any wireless PCsave
You will see the link goes away.
10. DHCP port number for server is 67 and for the client is 68
11.
 centralized management of IP addresses
 ease of adding new clients to a network
 reuse of IP addresses reducing the total number of IP addresses that are required
 simple reconfiguration of the IP address space on the DHCP server without
needing to reconfigure each client
12. Yes
13. static
14.
1. Speed
Since Static IP addresses are with less contradictions, the devices assigned with a Static
IP address tends to perform faster. Only if you are a broadband user, the speed difference
is extremely noticeable. Not for the DSL connections. This is especially beneficial if you
are constantly uploading and downloading files.
2. Security

The security level offered by a Static IP address is always up to a greater extent. Static IP
address is equipped with an additional layer of protection which makes sure that most of
the security problems are prevented.
3. Accessibility
Remote access is made possible in Static IP address using programs like Virtual Private
Network (VPN). Meaning that, devices can be accessed from any part of the world. As
long as the device is connected to the internet, all the information are made accessible.
4. Hosting
Currently all type of hosting from web server, email server and other types of servers are
accepted by Static IP address. Therefore, if you have a Static IP address all your
customers and clients can easily access your website. And also, when using Static IP
address the devices can easily locate and find all the servers worldwide.
5. Stability
All the Static IP address are known to be stable since they are restricted from changes.
Unlike in a Dynamic IP address, it does nor undergo frequent lapses. Whenever there is a
reboot, the computers will be able to reconnect quickly to the internet using the same IP
address.
6. Accuracy
A Static IP address is highly accurate when it comes to geolocation data. All the
geolocational services will be able to find the accurate business location. With these
accurate information, it can be assured that the businesses are always in the frontline. This
is beneficial for businesses in many ways.
7. Shared Resources

In some businesses, they commonly share office resources among their employees. For
this they use a business network with devices of Static IP address. Having a device which
is assigned with a Static IP address makes it easier to locate. In the contrary, devices with
Dynamic IP address are known to be difficult to discover.
15.

Assignment 3 :FAQs
1. What is the difference between TCP client and TCP server?
TCP/IP connections work in a manner similar to a telephone call where someone has
to initiate the connection by dialing the phone. At the other end of the connection, someone
has to be listening for calls and then pick up the line when a call comes in. In TCP/IP
communications, the IP Address is analogous to a telephone number and the port number
would be analogous to a particular extension once the call has been answered. The “Client” in
a TCP/IP connection is the computer or device that “dials the phone” and the “Server” is the
computer that is “listening” for calls to come in. In other words, the Client needs to know the
IP Address of whatever Server it wants to connect to and it also needs to know the port
number that it wants to send and receive data through after a connection has been established.
The Server only has to listen for connections and either accept them or reject them when they
are initiated by a client.
Once a connection through a TCP/IP port has been established between a TCP/IP client and a
TCP/IP server, data can be sent in either direction exactly the same way that data is sent
through any other type of port on a PC (serial, parallel, etc.). The only difference is that the
data is sent across your network. The connection between a Client and a Server remains open
until either the client or the server terminates the connection (i.e. hangs up the phone). One
extremely nice benefit of the TCP/IP protocol is that the low level drivers that implement the
sending and receiving of data perform error checking on all data so you are guaranteed that
there will be no errors in any data that you send or receive.
2. what is the difference between TCP and UDPprotocol.
Basis Transmission control protocol User datagram protocol (UDP)

(TCP)
Type of Service TCP is a connection-oriented UDP is the Datagram-oriented
protocol. Connection-orientation protocol. This is because there is no
means that the communicating overhead for opening a connection,
devices should establish a maintaining a connection, and
connection before transmitting terminating a connection. UDP is
data and should close the efficient for broadcast and multicast
connection after transmitting the types of network transmission.
data.
Reliability TCP is reliable as it guarantees The delivery of data to the
the delivery of data to the destination cannot be guaranteed in
destination router. UDP.
Error checking TCP provides extensive error- UDP has only the basic error
mechanism checking mechanisms. It is checking mechanism using
because it provides flow control checksums.
and acknowledgment of data.
Acknowledgment An acknowledgment segment is No acknowledgment segment.

present.
Sequence Sequencing of data is a feature of
There is no sequencing of data in
Transmission Control Protocol UDP. If the order is required, it has
(TCP). this means that packets to be managed by the application
arrive in order at the receiver. layer.
Speed TCP is comparatively slower than UDP is faster, simpler, and more
UDP. efficient than TCP.
Retransmission Retransmission of lost packets isThere is no retransmission of lost
possible in TCP, but not in UDP. packets in the User Datagram
Protocol (UDP).
Header Length TCP has a (20-60) bytes variable UDP has an 8 bytes fixed-length
length header. header.
Weight TCP is heavy-weight. UDP is lightweight.
Handshaking Uses handshakes such as SYN, It’s a connectionless protocol i.e.
Techniques ACK, SYN-ACK No handshake
Broadcasting TCP doesn’t support UDP supports Broadcasting.
Broadcasting.
Protocols TCP is used by HTTP, HTTPs, UDP is used by DNS, DHCP,
FTP, SMTP and Telnet. TFTP, SNMP, RIP, and VoIP.
Stream Type The TCP connection is a byte UDP connection is message stream.
stream.
Overhead Low but higher than UDP. Very low.
3. what is the benefit of socket programming?
Sockets allow communication between two different processes on the same or different
machines. To be more precise, it's a way to talk to other computers using standard Unix file
descriptors. In Unix, every I/O action is done by writing or reading a file descriptor. A file
descriptor is just an integer associated with an open file and it can be a network connection,
a text file, a terminal, or something else.
To a programmer, a socket looks and behaves much like a low-level file descriptor. This is
because commands such as read() and write() work with sockets in the same way they do
with files and pipes.
Advantages:
a. Flexible and powerful.
b. Cause low network traffic if efficiently used.
c. Only updated information can be sent.
4. What is the difference between Socket and port?

Both Socket and Port are the terms used in Transport layer. A port is a logical construct
assigned to network processes so that they can be identified within the system. A socket is a
combination of port and IP address. An incoming packet has a port number which is used to
identify the process that needs to consume the packet.
The lowest numbered 1024 port numbers are used for the most commonly used services.
These ports are called the well-known ports. Higher-numbered ports are available for general
use by applications and are known as ephemeral ports.
Socket Port
The word “Socket” is the combination of The word “Port” is the number used by
port and IP address. particular software.
It is used to identify both a machine and The same port number can be used in different
a service within the machine. computer running on same software.
5. What are the two types of socket?
Sockets come in two basic types—connection-oriented and connectionless.
6. Which are the type of socket?
There are two types of Sockets: the datagram socket and the stream socket.
7. Can a socket have multiple ports?
Yes, multiple client sockets can be bound to the same local IP/port pair at the same time, if
they are connected to different server IP/Port pairs so the tuples of local+remote pairs are
unique.
8. What is socket number?
The combination of an IPv4 addressand a port number is known as the socket number. A pair
of sockets, one socket at the client side and other socket at the server side, define the
TCP/UDP connection end points. A socket number can uniquely identify a network resource
in the whole internet.
9. What does a socket consists of?

The combination of an IP address and a port number.
10. How many connections can a socket handle?
For most socket interfaces, the maximum number of sockets allowed per each connection
between an application and the TCP/IP sockets interface is 65535.
11. What list of calls are used to establish a TCP and/or UDP socket connections. What
information is need?
The Select function is used to select between TCP and UDP sockets. This function gives
instructions to the kernel to wait for any of the multiple events to occur and awakens the
process only after one or more events occur or a specified time passes.
Example – kernel will return only when one of these conditions occurs
 Any Descriptor from {1, 2, 3} is ready for reading
 Any Descriptor from {4, 5, 6} is ready for writing
 Time 5sec has passed
The entire process can be broken down into the following steps :
Server:
1.
Create TCP i.e Listening socket
2.
Create a UDP socket
3.
Bind both sockets to the server address.
4.
Initialize a descriptor set for select and calculate a maximum of 2 descriptors for
which we will wait
5. Call select and get the ready descriptor(TCP or UDP)
6. Handle new connection if the ready descriptor is of TCP OR receive datagram if the
ready descriptor is of UDP
UDP Client:
1. Create a UDP socket.
2. Send a message to the server.
3. Wait until a response from the server is received.
4. Close socket descriptor and exit.
TCP Client:
1. Create a TCP socket.
2. Call connect to establish a connection with the server.
3. When the connection is accepted write a message to a server.
4. Read the response of the Server.
12. What is TCP IP client/server communication?

TCP/IP stands for Transmission Control Protocol/Internet Protocol and is a suite of
communication protocols used to interconnect network devices on the internet. TCP/IP is also
used as a communications protocol in a private computer network (an intranet or extranet).
13. How many clients can connect to a TCP server?
On the TCP level the tuple (source ip, source port, destination ip, destination port) must be
unique for each simultaneous connection. That means a single client cannot open more than
65535 simultaneous connections to a single server. But a server can (theoretically)
serve 65535 simultaneous connections per client.
14. How does a server handle multiple clients?
The simple way to handle multiple clients would be to spawn new thread for every new client
connected to the server. This method is strongly not recommended because of various
disadvantages, namely:
 Threads are difficult to code, debug and sometimes they have unpredictable results.
 Overhead switching of context
 Not scalable for large number of clients
 Deadlocks can occur
Select()
A better way to handle multiple clients is by using select() linux command.
 Select command allows to monitor multiple file descriptors, waiting until one of the
file descriptors become active.
 For example, if there is some data to be read on one of the sockets select will provide
that information.
 Select works like an interrupt handler, which gets activated as soon as any file
descriptor sends any data.
15. Can a TCP client connect to a UDP server?
No, you can't connect directly to a tcp server with a udp client. The protocols must match.
16. How UDP client and UDP server communicates over socket?
In UDP, the client does not form a connection with the server like in TCP and instead just
sends a datagram. Similarly, the server need not accept a connection and just waits for

datagrams to arrive. Datagrams upon arrival contain the address of the sender which the
server uses to send data to the correct client.
The entire process can be broken down into the following steps :
UDP Server :
2. Bind the socket to the server address.
3. Wait until the datagram packet arrives from the client.
4. Process the datagram packet and send a reply to the client.
5. Go back to Step 3.
UDP Client :
3. Wait until response from the server is received.
4. Process reply and go back to step 2, if necessary.
17. How would you implement UDP client/server communication?
Server
The server program would follow the following steps:
2. Bind the socket with the proper IP (Internet Protocol) adress and the port number.
3. Wait for the datagram packet from the client.
4. Process the datagram and send the reply.
5. Finish.

Client
The client program would follow the following steps:
3. Wait for the reply from the server.
4. Process the packet.
5. Finish.
18. What happens if we use UDP client connect method?
The CONNECT command enables an application to associate a socket with the socket name
of a peer. The socket then is considered to be a connected UDP socket. You can call the
CONNECT command multiple times with different peer names to change the socket
association.
19. Does UDP client need to bind?
With UDP, you have to bind() the socket in the client because UDP is connectionless, so
there is no other way for the stack to know which program to deliver datagrams to for a
particular port.
20. How UDP client is different from TCP client?
TCP is used in case of non-time critical applications. UDP is used for games or applications
that require fast transmission of data. UDP's stateless nature is also useful for servers that
answer small queries from huge numbers of clients.
21. Does UDP need listen?
UDP is a connectionless, unreliable datagram, (message) protocol, so no need to listen for

new connections - datagrams can come in in any order from any source.

ASSSIGNMENT No.-4 FAQs
1. what is web server?
Specialized software that responds to client requests by providing resources
When users enter URL into Web browsers, they request specific documents from Web server
Maps URL to file on server and returns requested document to client
Communicates with client using HTTP.
2.what is web server give example.
Specialized software that responds to client requests by providing resources

When users enter URL into Web browsers, they request specific documents from Web server
Examples of web server uses

Web servers often come as part of a larger package of internet- and intranet-related programs
that are used for:
 sending and receiving emails;
 downloading requests for File Transfer Protocol (FTP) files; and
 building and publishing webpages
3.why do we need web server.
 A web administrator maintains web server services (such as Apache or IIS) that allow
for internal or external access to web sites. Tasks include managing multiple sites,
administering security, and configuring necessary components and software.
Responsibilities may also include software change management. They mainly deal
with the following : Although tasks can overlap with other areas of web development
in small organizations, pure web administration positions would cover the following:
 Administration, installation and maintenance of web servers
 Selection of appropriate web server platform and operating system - Which web
server should the company use – Apache or IIS? Should it be hosted on a UNIX,
Linux or Windows box? When should the company upgrade to a new version of the
web server software? The web administrator has to make these calls.
 Advice on the selection of web development tools - Gives assistance to the web
publishing group during the selection of web development tools (Dreamweaver,
FrontPage, GoLive, etc.).
 Ensure routine back-ups of the web servers occur.
4.what is the difference between server and web server.

Web server:
A web server basically provides a runtime environment for web applications.
It works well for static content, such as the HTML pages that are static ones.

Any web server consists of only web containers.
This type of server consumes comparatively lesser resources than the application server, for
example, Memory, CPU, etc.
It provides zero support for Multithreading.
Server
This type of server uses comparatively much more resources.
It provides support for Multithreading.
The Application Servers provide support for the RPC/RMI protocols along with the HTTP
protocols.
The overall capacity of an Application Server is comparatively much higher than that of a
Web Server.
5.what is internet information services?
Internet Information Services (IIS) is a flexible, general-purpose web server from Microsoft
that runs on Windows systems to serve requested HTML pages or files.
An IIS web server accepts requests from remote client computers and returns the appropriate
response. This basic functionality allows web servers to share and deliver information across
local area networks (LAN), such as corporate intranets, and wide area networks (WAN), such
as the Internet.
A web server can deliver information to users in several forms, such as static webpages coded
in HTML; through file exchanges as downloads and uploads; and text documents, image files
and more.
Web servers provide portals

Modern web servers can provide far more functionality for a business and its users. Web
servers are often used as portals for sophisticated, highly interactive, web-based applications
that tie enterprise middleware and back-end applications together to create enterprise-class
systems. For example, Amazon Web Services allows users to administer public
cloud resources through a web-based portal. Meanwhile, streaming media services, such as

Spotify for music and Netflix for movies, deliver real-time streaming content through web
servers.
6.what are log files?
Enterprise organizations are increasingly choosing to deploy new applications and migrate
existing ones to both private and public cloud computing environments. Cloud computing,
especially in the public cloud, provides significant benefits that include cost savings through
economies of scale, streamlined processes and simplified management with fewer
administrative tasks.
As organizations depend on the cloud for more of their critical applications and services,
there is a growing need to maintain network transparency and visibility, also called
observability. Observability in the context of cloud computing depends on two factors: the
presence of data outputs that accurately reflect activities and behaviors on the network, and
the ability to aggregate and analyze that data.
Log files are the primary data source for network observability. A log file is a computer-
generated data file that contains information about usage patterns, activities, and operations
within an operating system, application, server or another device. IT organizations can
implement security event monitoring (SEM), security information management (SIM),
security information and event management (SIEM), or another analytics tool to aggregate
and analyze log files from throughout a cloud computing environment.
7.how do I open IIS in windows?
Enabling IIS and required IIS components on Windows 10

ArcGIS Web Adaptor requires that IIS and specific IIS components be enabled on Windows
10. The setup will not proceed if IIS is not detected and specific IIS components are not
enabled.
If you've already enabled IIS but are missing the required IIS components, the installation
displays a message indicating that certain IIS components are missing. You have the option
to allow the installation to automatically enable the required IIS components. However,
depending on your organization's security policies, it may be necessary to manually enable
the required IIS components as described below.
To enable IIS and the required IIS components on Windows 10, do the following:
1. Open Control Panel and click Programs and Features > Turn Windows features on or
off.
2. Enable Internet Information Services.
3. Expand the Internet Information Services feature and verify that the web server
components listed in the next section are enabled.
4. Click OK.

8.Explain server life cycle?
Server life cycle is the series of states through which a WebLogic Server instance can
transition. These states cause specific changes to the operational state of a server instance and
help to identify the accurate status of the running server. Use the server life cycle commands
to track the progress of a booting server at a granular level which avoids server conflicts by
determining the issues during boot and improves the scalability of WebLogic servers by
facilitating better control in the life cycle management.
Getting and Using Server State
Server state signifies the specific condition of a server in the life cycle management. System
administrators use the server state information to plan the administration tasks related to the
application services. You can get the server state using Administration Console or command
prompt scripts.
WebLogic Server displays and stores information about the current state of a server instance,
and state transitions that have occurred since the server instance started up. This information
is useful to administrators who:
 Monitor the availability of server instances and the applications they host
 Perform day-to-day operations tasks, including startup and shutdown procedures
 Diagnose problems with application services
 Plan corrective actions, such as migration of services, when a server instance fails or
crashes
9.what port does window FTP uses?

It uses both port number 20,21.
10.what commands used for FTP?

FTP commands for Windows command prompt
FTP
Command Description of Command
! This command toggles back and forth between the operating system and ftp. Once back
operating system, typing exit takes you back to the FTP command line.
? Accesses the Help screen.
append Append text to a local file.
ascii Switch to ASCII transfer mode.
bell Turns bell mode on or off.
binary Switches to binary transfer mode.
bye Exits from FTP.
cd Changes directory.
close Exits from FTP.
delete Deletes a file.
debug Sets debugging on or off.
dir Lists files, if con

dir -C = lists the files in wide
dir -1 = Lists the files in bare format in alphabetic
dir -r = Lists directory in reverse alphabetic
dir -R = Lists all files in current directory and sub dire

FTP
Command Description of Command
dir -S = Lists files in bare format in alphabetic order.
disconnect Exits from FTP.
get Get file from the remote computer.
glob Sets globbing on or off. When turned off, the file name in the put and get commands i
literally, and wildcards will not be looked at.
hash Sets hash mark printing on or off. When turned on, for each 1024 bytes of data received,
mark (#) is displayed.
help Accesses the Help screen and displays information about the command if the command i
after help.
lcd Displays local directory if typed alone or if path typed after lcd will change the local directo
literal Sends a literal command to the connected computer with an expected one-line response.
ls Lists files of the remotely connected computer.
mdelete Multiple delete.
mdir Lists contents of multiple remote directories.
mget Get multiple files.
mkdir Make directory.

11.Explain steps to configure FTP and Web server in packets tracker.
The File Transfer Protocol (FTP) is a standard network protocol used for the transfer
of computer files between a client and server on a computer network.
FTP employs a client-server architecture whereby the client machine has an FTP
client installed and establishes a connection to an FTP server running on a remote machine.
After the connection has been established and the user is successfully authenticated, the data
transfer phase can begin.
Worth noting: Although FTP does support user authentication, all data is sent in clear text,
including usernames and passwords. For secure transmission that protects the username and
password, and encrypts the content, FTP is often secured with SSL/TLS (FTPS) or replaced
with SSH File Transfer Protocol (SFTP).

Assignment No.5 FAQ
Q1:-Explain RSA Algorithm?

Ans:-
Q2:-Explain Symmetric and asymmetric key cryptography?
Ans:-Symmetric Cryptography
In this type, the encryption and decryption process uses the same key. It is also called as
secret key cryptography. The main features of symmetric cryptography are as follows −
 It is simpler and faster.

 The two parties exchange the key in a secure way.
Drawback
The major drawback of symmetric cryptography is that if the key is leaked to the intruder, the
message can be easily changed and this is considered as a risk factor.
Asymmetric key:-
It is also called as public key cryptography. It works in the reverse way of symmetric
cryptography. This implies that it requires two keys: one for encryption and other for
decryption. The public key is used for encrypting and the private key is used for decrypting.

Drawback
 Due to its key length, it contributes lower encryption speed.

 Key management is crucial.
Q3:-What are RSA weakness?
Ans:-Attacks against plain RSA
There are a number of attacks against plain RSA as described below.
 When encrypting with low encryption exponents (e.g., e = 3) and small values of the
m (i.e., m<n1/e), the result of me is strictly less than the modulus n. In this case,
ciphertexts can be decrypted easily by taking the eth root of the ciphertext over the
integers.
 If the same clear-text message is sent to e or more recipients in an encrypted way, and
the receivers share the same exponent e, but different p, q, and therefore n, then it is
easy to decrypt the original clear-text message via the Chinese remainder theorem.
Johan Håstad noticed that this attack is possible even if the clear texts are not equal,
but the attacker knows a linear relation between them.
 Because RSA encryption is a deterministic encryption algorithm (i.e., has no random
component) an attacker can successfully launch a chosen plaintext attack against the
cryptosystem, by encrypting likely plaintexts under the public key and test whether
they are equal to the ciphertext. A cryptosystem is called semantically secure if an
attacker cannot distinguish two encryptions from each other, even if the attacker
knows (or has chosen) the corresponding plaintexts. RSA without padding is not
semantically secure.
 RSA has the property that the product of two ciphertexts is equal to the encryption of
the product of the respective plaintexts. That is, m1em2e ≡ (m1m2)e (mod n). Because of
this multiplicative property, a chosen-ciphertext attack is possible. E.g., an attacker
who wants to know the decryption of a ciphertext c ≡ me (mod n) may ask the holder
of the private key d to decrypt an unsuspicious-looking ciphertext c′ ≡ cre (mod n) for
some value r chosen by the attacker. Because of the multiplicative property, c′ is the
encryption of mr (mod n). Hence, if the attacker is successful with the attack, they
will learn mr (mod n), from which they can derive the message m by multiplying mr
with the modular inverse of r modulo n.
 Given the private exponent d, one can efficiently factor the modulus n = pq. And
given factorization of the modulus n = pq, one can obtain any private key (d′, n)
generated against a public key (e′, n).
Q4:- Why do we use prime number in RSA Algorithm?
Ans:-The reason prime numbers are fundamental to RSA encryption is because when you
multiply two together, the result is a number that can only be broken down into those
primes (and itself an 1). In our example, the only whole numbers you can multiply to get
187 are 11 and 17, or 187 and 1.
Q5:- Why is RSA slow?

Ans:-RSA is considerably slow due to the calculation with large numbers. In particular
the decryption where d is used in the exponent is slow. There are ways to speed it up by
remembering p and q, but it is still slow in comparison to symmetric encryption
algorithms.
Q6:-What is cryptography?
Ans:-Cryptography is a method of protecting information and communications through the

use of codes, so that only those for whom the information is intended can read and process it.
In computer science, cryptography refers to secure information and communication

techniques derived from mathematical concepts and a set of rule-based calculations called
algorithms, to transform messages in ways that are hard to decipher. These deterministic
algorithms are used for cryptographic key generation, digital signing, verification to protect
data privacy, web browsing on the internet and confidential communications such as credit
card transactions and email.
Q7:-What exactly are encryption and decryption?
Ans:-Encryption is the method by which information is converted into secret code that hides
the information's true meaning.
Decryption is the process of converting meaningless message (Ciphertext) into its original
form (Plaintext).
Q8:- What is ciphertext?
Ans:-Ciphertext is what encryption algorithms, or ciphers, transform an original message

into.
Data is said to be encrypted when a person or device lacking the cipher is unable to read it.
They, or it, would need the cipher to decrypt the information.
Algorithms transform plaintext into ciphertext, and ciphertext into plaintext. These respective
processes are called encryption and decryption.
Q9:- What is a key?
Ans:-In cryptography, a key is a string of characters used within an encryption algorithm for
altering data so that it appears random. Like a physical key, it locks (encrypts) data so that
only someone with the right key can unlock (decrypt) it.
Q10:- What is symmetric encryption?
Ans:-Symmetric encryption is a means of protecting data using a secret key to encrypt (lock)
and decrypt (unlock) it. The sender and recipient share the key or password to gain access to
the information. The key can be a word; a phrase; or a nonsensical or random string of letters,
numbers, and symbols.
Q11:-What are the pros and cons of public key cryptography?

Ans:-Advantages:
 Security is easy as only the private key must be kept secret.

 Maintenance of the keys becomes easy being the keys (public key/private key) remain
constant through out the communication depending on the connection.
 As the number of keys to be kept secret become less.
Disadvantages:
 This is not suitable for encryption of large messages as the encryption/decryption

throughput is inversely related to the key length.
Q12:-what is asymmetric encryption?
Ans:-There are two sides in an encrypted communication: the sender, who encrypts the data,
and the recipient, who decrypts it. As the name implies, asymmetric encryption is different on
each side; the sender and the recipient use two different keys. Asymmetric encryption, also
known as public key encryption, uses a public key-private key pairing: data encrypted with
the private key can only be decrypted with the public key, and vice versa.
Q13:-Is RSA uses block cipher techniques?
Ans:-The name RSA was coined by taking the initials of the surnames of its developers. It is
an encryption algorithm that works on a block cipher. It is an asymmetric encryption
algorithm. It involves Euler Totient Function & Fermat's theorem to encrypt the text.

Assignment No.6 FAQ
Q1:- What is the digital signature concept?

Ans:- Digital Signature is a process that guarantees that the contents of a message have not
been altered in transit. When you, the server, digitally sign a document, you add a one-way
hash (encryption) of the message content using your public and private key pair. Your client
can still read it, but the process creates a "signature" that only the server's public key can
decrypt. The client, using the server's public key, can then validate the sender as well as the
integrity of message contents. Whether it's an email, an online order or a watermarked
photograph on eBay, if the transmission arrives but the digital signature does not match the
public key in the digital certificate, then the client knows that the message has been altered.
Q2:-Explain RSA digital signature method?
 Ans:- RSA idea is also used for signing and verifying a message it is called RSA
digital signature scheme.
 Digital signature scheme changes the role of the private and public keys
 Private and public keys of only the sender are used not the receiver
 Sender uses her own private key to sign the document and the receiver uses the
sender’s public key to verify it.
 The signing and verifying sets use the same function, but with different parameters.
The verifier compares the message and the output of the function for congruence. If
the result is two true the message is accepted.
Key generation in RSA

Key generation in RSA digital signature scheme is exactly the same as key generation in
RSA cryptosystem.
Working of RSA digital signature scheme:
Sender A wants to send a message M to the receiver B along with the digital signature S
calculated over the message M
Step1: The sender A uses the message digest algorithm to calculate the message digest MD1
over the original message M
Step 2: The sender A now encrypts the message digest with her private key. The output of
this process is called the digital signature.
Step 3: Now the sender A sends the original message M along with digital signature DS to
receiver B

Step 4: After the receiver B receives the original message M and the sender A’s digital
signature, B uses the same message digest algorithm which was used by A and calculate its
own message digest MD2 as shown below.
Step 5: The receiver B now uses the sender’s A’s public key to decrypt the digital signature.
Note that A had used his private key to decrypt the message digest MD1 to form the digital
signature. Therefore only A’s public key can be used to decrypt it. The output of this process
is the original message digest which was calculated by A (MD1) in step 1.
Step 6: B now compare the following two message digests.
1. MD2, which it had calculated in step 4

2. MD1, which is retrieved from A’s digital signature in step 5
If MD1 = MD2 the following facts are established:
a. B accepts the original message (M) as the correct, unaltered message from A
b. B is also assured that the message came from A and not from someone else attached,
posing as A
Thus, the principle of digital signature is quite strong, secure and reliable.
Q3:- Can RSA be used for digital signature?
Ans:- Yes, we can use RSA for Digital signature.
Uses of RSA Digital Signature:
1. RSA idea is also used for signing and verifying a message it is called RSA digital
signature scheme.
2. Digital signature scheme changes the role of the private and public keys
3. Private and public keys of only the sender are used not the receiver
4. Sender uses her own private key to sign the document and the receiver uses the
sender’s public key to verify it.
5. Digitial signature ensures integrity, authentication and non-repudiation. Whereas,
confidentiality can be achieved with the help of encryption.
6. Digital signature is a Digital id, send as an attachment to a web page / e ‐ mail /
message and it is used for verifying the attachments send using web. A digital
signature is a mathematical technique used to validate the authenticity and integrity of
a message, software or digital document.
Q4:- How do I create an RSA signature?

Ans:-
RSA Key Generation:
 Choose two large prime numbers p and q

 Calculate n=p*q
 Select public key e such that it is not a factor of (p-1)*(q-1)
 Select private key d such that the following equation is true (d*e)mod(p-1)(q-1)=1 or
d is inverse of E in modulo (p-1)*(q-1)
RSA Digital Signature Scheme: In RSA, d is private; e and n are public.
 Alice creates her digital signature using S=M^d mod n where M is the message
 Alice sends Message M and Signature S to Bob
 Bob computes M1=S^e mod n
 If M1=M then Bob accepts the data sent by Alice.
Q5:- Explain how hashing is used in RSA digital signature?
Ans:-Hashing is one of the core elements of a digital signature system. The process of
hashing involves transforming data of any size into a fixed-size output. This is done by a
special kind of algorithms known as hash functions. The output generated by a hash function
is known as a hash value or message digest.

Assignment 7 FAQ’s
Q1 Explain DES algorithm ?
Ans: The DES (Data Encryption Standard) algorithm is a symmetric-key block cipher created
in the early 1970s by an IBM team and adopted by the National Institute of Standards and
Technology (NIST). The algorithm takes the plain text in 64-bit blocks and converts them
into ciphertext using 48-bit keys.
Since it’s a symmetric-key algorithm, it employs the same key in both encrypting and
decrypting the data. If it were an asymmetrical algorithm, it would use different keys for
encryption and decryption.
The algorithm process breaks down into the following steps:
The process begins with the 64-bit plain text block getting handed over to an initial
permutation (IP) function.
The initial permutation (IP) is then performed on the plain text.
Next, the initial permutation (IP) creates two halves of the permuted block, referred to as Left
Plain Text (LPT) and Right Plain Text (RPT).
Each LPT and RPT goes through 16 rounds of the encryption process.
Finally, the LPT and RPT are rejoined, and a Final Permutation (FP) is performed on the
newly combined block.
The result of this process produces the desired 64-bit ciphertext.
The encryption process step (step 4, above) is further broken down into five stages:
Key transformation
Expansion permutation
S-Box permutation
P-Box permutation
XOR and swap
For decryption, we use the same algorithm, and we reverse the order of the 16 round keys.
Q2. What is diffie Hellman key Exchange ?
Ans: Diffie–Hellman key exchange is a method of securely exchanging cryptographic keys

over a public channel and was one of the first public-key protocols as conceived by Ralph
Merkle and named after Whitfield Diffie and Martin Hellman. DH is one of the earliest
practical examples of public key exchange implemented within the field of cryptography.
Published in 1976 by Diffie and Hellman, this is the earliest publicly known work that
proposed the idea of a private key and a corresponding public key.
Q3. Which structure is used in DES?

Ans: Feistel structure
Q4. What is the round key size in DES?

Ans: 48 bits
Q5. How many keys does DES use?
Ans: 1
Q6. How many rounds are there in DES?

Ans: 16
Q7. What is the strength of a DES algorithm?

Ans: The strength of DES is as follows −
Use of 56 bit keys

56 bit key can be frequently used in encryption. There are 256 possible keys. A brute force
attack on such number of keys is impossible.
A machine implementing one DES encryption per microsecond would take more than
thousands of years to divide the cipher.
The assumption of one encryption per microsecond is excessively moderate. Diffie and
Hellman postulated that the technology existed to develop a parallel machine with one
million encryption equipment, each of which can implement one encryption per microsecond.
It is necessary that there is more to key-search attack than easily running through all possible
keys. If the message is only plaintext in English, thus the result pops out simply, although the
task of identifying English would have to be automated.
If the text message has been compressed before encryption, then identification is more
complex.
The nature of algorithm
Cryptanalyst can implement cryptanalysis by exploiting the features of DES (Data
Encryption Standard) algorithm.
It can be exploring the weakness of eight substitution tables or S-boxes that are utilized in
each iteration.
Much of the work has been completed and the number of regularities and unexpected
behaviours of the S-boxes have been found but no one has succeeded in discovering out the
weaknesses in the S-box.
This contention is tantalizing, and over the years a multiple regularities and unexpected
behaviour of the S-boxes have been found.
Q8. What is the role of S box in DES?

Ans: An S-box is a substitution box and it is the only non-linear component in the cipher. Its
main purpose is to obscure the relationship between the key, the plaintext, and the ciphertext
Q9. What are the advantages and disadvantages of DES?

Ans: Advantage of DES
There are various advantage of DES which is as follows −
DES has been around a long time (since 1977), even no actual weaknesses have been
discovered and the most effective attack is still brute force.
DES is an official United States Government standard. The Government is needed to re-
certify, DES every five years and ask it be restored if essential.
DES is also an ANSI and ISO standard. Because DES was designed to run on 1977 hardware,
it is rapid in hardware and associatively quick in software.
It supports functionality to save a file in an encrypted format which can only be accessed by
supporting the correct password.
It can change the system to create the directories password protected.
It can review a short history of DES and represent the basic structures.
It can define the building block component of DES.
It can define the round keys generation process and to interpret data encryption standard.
It can provide that private information is not accessed by other users.
Some users can use the similar system and still can work individually.
Disadvantage of DES
There are various disadvantage of DES which is as follows −
The 56 bit key size is the largest defect of DES and the chips to implement one million of
DES encrypt or decrypt operations a second are applicable (in 1993).
Hardware implementations of DES are very quick.
DES was not designed for application and therefore it runs relatively slowly.
In a new technology, it is improving a several possibility to divide the encrypted code,

therefore AES is preferred than DES.
Q10. What is the first step in DES?

Ans: Key generations
Q11. Which circular shift is there in DES encryption algorithm?

Ans: Left circular Shift

Q12: What is permutation and substitution in DES?
Ans: In cryptography, a substitution cipher is a method of encrypting in which units of
plaintext are replaced with the ciphertext, in a defined manner, with the help of a key; the
"units" may be single letters (the most common), pairs of letters, triplets of letters, mixtures
of the above, and so forth. The receiver deciphers the text by performing the inverse
substitution process to extract the original message.
Substitution ciphers can be compared with transposition ciphers. In a transposition cipher, the
units of the plaintext are rearranged in a different and usually quite complex order, but the
units themselves are left unchanged. By contrast, in a substitution cipher, the units of the
plaintext are retained in the same sequence in the ciphertext, but the units themselves are
altered.
There are a number of different types of substitution cipher. If the cipher operates on single
letters, it is termed a simple substitution cipher; a cipher that operates on larger groups of
letters is termed polygraphic. A monoalphabetic cipher uses fixed substitution over the entire
message, whereas a polyalphabetic cipher uses a number of substitutions at different
positions in the message, where a unit from the plaintext is mapped to one of several
possibilities in the ciphertext and vice versa.
Q13: What are the steps in Diffie Hellman key exchange algorithm?
Ans: The steps needed for the Diffie-Hellman key exchange are as follows:
Step 1: You choose a prime number q and select a primitive root of q as α. To be a primitive
root, it must satisfy the following criteria:
Step 2: You assume the private key for our sender as Xa where Xa < q. The public key can be
calculated as Ya = αxa mod q. So, the key pair for your sender becomes {Xa, Ya}.
Assume the private key for the receiver to be Xb where Xb < q. The public key for the
receiver is calculated as Yb = αxb mod q. For the receiver, the key pair becomes {Xb, Yb}.
Step 3: To generate the final secret key, you use three parameters. For the sender, you need
the private key (Xa), the receiver’s public key (Yb), and the original q. The formula to
calculate the key is K = (Yb)Xa mod q.
For the receiver, you need the private key (Ya), sender’s public key (Xb), and the original q.
The formula to calculate the secret key is K = (Ya)Xb mod q.
If both the values of K generated are equal, the Diffie-Hellman key exchange algorithm is
complete.
Now, apply the above algorithm to real-world values to understand how the process works.

Q:14 How does Diffie-Hellman calculate public key?
Ans: The steps needed for the Diffie-Hellman key exchange are as follows:
Step 1: You choose a prime number q and select a primitive root of q as α. To be a primitive
root, it must satisfy the following criteria:
Step 2: You assume the private key for our sender as Xa where Xa < q. The public key can be
calculated as Ya = αxa mod q. So, the key pair for your sender becomes {Xa, Ya}.
Assume the private key for the receiver to be Xb where Xb < q. The public key for the
receiver is calculated as Yb = αxb mod q. For the receiver, the key pair becomes {Xb, Yb}.
Step 3: To generate the final secret key, you use three parameters. For the sender, you need
the private key (Xa), the receiver’s public key (Yb), and the original q. The formula to
calculate the key is K = (Yb)Xa mod q.
For the receiver, you need the private key (Ya), sender’s public key (Xb), and the original q.
The formula to calculate the secret key is K = (Ya)Xb mod q.
If both the values of K generated are equal, the Diffie-Hellman key exchange algorithm is
complete.
Now, apply the above algorithm to real-world values to understand how the process works.
Q15: How secure is Diffie-Hellman?

Ans: The protocol is considered secure against eavesdroppers if G and g are chosen properly.
In particular, the order of the group G must be large, particularly if the same group is used for
large amounts of traffic. The eavesdropper has to solve the Diffie–Hellman problem to obtain
gab. This is currently considered difficult for groups whose order is large enough. An
efficient algorithm to solve the discrete logarithm problem would make it easy to compute a
or b and solve the Diffie–Hellman problem, making this and many other public key
cryptosystems insecure. Fields of small characteristic may be less secure
Q16: Is Diffie-Hellman symmetric or asymmetric?
Ans: Asymmetric
Q17: Is Diffie-Hellman more secure than RSA?

Ans: The security of both DH and RSA depends on how it is implemented. It isn’t easy to
come to a conclusion which one is more superior to the other

Assignment No 8:FAQs
1. Can We use Snort to protet a network from denial-of-service attacks?
Before answering many of these questions it's important to define terms and reveal
assumptions. A denial-of-service (DoS) attack consumes one or more computing resources
(bandwidth, memory, CPU cycles, hard drive space or other information system
components). Sometimes DoS attacks are initiated by a single party, while others are so-
called distributed DoS or DDoS attacks.
DDoS attacks enlist more than one aggressor to assault a victim. The first popular DoS
attacks were clever resource consumption attacks against memory (e.g., the SYN floods of
the mid-1990s), but since the late 1990s DDoS attacks that consume bandwidth have been
prevalent. Less popular, but still damaging, are application-centric DoS attacks, whereby
regular activity (like retrieving a Web page) is repeated to the point that the victim's operation
is impaired.
What can Snort do about DDoS attacks? Snort's Vulnerability Research Team publishes a set
of rules named ddos.rules. This file contains a small set of signatures for detecting activity
caused by older DoS tools like Tribe Flood Network, Shaft, Trinoo and Stacheldraht.
Emerging Threats publishes bleeding-dos.rules, which contains a greater variety of rules.
However, the question remains: What good are rules like these?
When users or potential users ask if Snort protects against DoS attacks, they usually want to
know if Snort can deflect or mitigate bandwidth consumption attacks. The answer to this
question is probably no. When deployed as an offline, passive device, there is little or nothing
Snort can do to stop or reduce a bandwidth-consuming SYN flood, for example. Snort can
potentially report seeing many SYN segments, but it won't improve the situation. The rules
packaged in ddos.rules and bleeding-dos.rules are designed to either detect DoS agent
command-and-control or possibly identify certain types of attacks that subvert but do not
breach a target.

When deployed as an inline, active device, Snort acts as a so-called intrusion prevention
system and can, in some cases, stop DoS attacks. For example, an intruder may use a
malicious packet to cause a vulnerable Cisco router to reboot or freeze. An inline Snort
deployment could identify and filter the malicious packet, thereby "protecting" the router. If
the intruder switched to a SYN flood or other bandwidth consumption attack against the
router, however, Snort would most likely not be able to counter the attack -- at least not on its
own.
2. Can Snort decode encrypted traffic?
Let's assume that encrypted traffic means Secure Sockets Layer (SSL) or Transport Layer
Security (TLS) as used by HTTPS, or Secure Shell protocol 2 as used by OpenSSH.
The short answer is no, Snort cannot decode encrypted traffic. An intruder who attacks a Web
server in the clear on port 80 TCP might be detected by Snort. The same intruder who attacks
the same Web server in an encrypted channel on port 443 TCP will not be detected by Snort.
An intruder who displays the contents of a password file via a Telnet session on port 23 TCP
might be detected by Snort. The same intruder who displays the same password file via a
SSH session on port 22 TCP will not be detected by Snort.
Now, in some circumstances it's possible to decode HTTPS sessions. This is not done
natively by vanilla Snort -- it must be handled by an external program.
Generally speaking, a stand-alone Snort instance can inspect traffic in an encrypted channel if
the traffic is subjected to a man-in-the-middle (MITM) attack. In other words, traffic is
encrypted while traveling from the client to the MITM. Once the traffic reaches the MITM, it
is unencrypted while Snort inspects it. Then, traffic is re-encrypted before traveling from the
MITM to the server. (The reverse happens as well.) Such a setup must be intentionally
designed and implemented by the network and security architects and accepted by
management and users.
3. Can Snort detect layer 2 attacks?
Generally speaking, Snort is a layer 3 and above detection system. This means Snort inspects
and acts upon IP packet details, like source and destination IP addresses, time to live (TTL),

IP ID and so on. This excludes MAC addresses, Ethertype, VLAN IDs and other details
found before the start of the layer 3 header.
Snort does contain an "arpspoof" preprocessor, but the code has always been marked
"experimental." I don't know of anyone who uses it in production. Most users who want to
detect layer 2 network events use layer 2-specific tools like Arpwatch.
4. Can Snort log flows or sessions?Snort can accomplish a goal best left to specialized tools.
Let's assume the question indicates a desire to log details of TCP sessions. Snort's Stream4
preprocessor does include a "keepstats" option that records session statistics for TCP flows.
An earlier version of Sguil relied on this data. Unfortunately, this capability is limited to TCP
traffic. All other protocols are ignored.Note that Stream4 is being deprecated in favor of
Stream5. Stream5 does not offer a "keepstats" function, although Stream5 does track UDP
"sessions" for Snort's own detection purposes.To log flows or sessions, use a stand-alone tool
like Argus. If you're already using Sguil, take a look at the Security Analyst Network
Connection Profiler (SANCP), which logs session details for many protocols. A third option
is to collect NetFlow or another flow format from a hardware probe, or less often, a software
probe.
5. Can Snort rebuild content from traffic?In order to perform its detection functions, Snort
rebuilds several types of content. For example, it's impossible to match the password
"hackerpassword" sent over Telnet without letting Snort rebuild the traffic. However, Snort is
not designed to watch traffic and rebuild everything it sees. A review of the
README.Stream5 document shipped with Snort 2.8.0 shows that the new preprocessor
offers a "show_rebuilt_packets" option that will "Print/display packet after rebuilt (for
debugging)." This option is off by default, but even if enabled it's not the sort of capability I
recommend activating in Snort.
People who wish to rebuild content typically want to parse Libpcap trace files to rebuild TCP
sessions. One of the best tools for this job is Tcpflow. Tcpflow can be run against a dead
trace or a live interface. If given no parameters, Tcpflow will rebuild all TCP sessions it sees,
putting the content from client to server in one file and the content from server to client in
another file. Tcpflow repeats this process for every single TCP session it finds


Sample Oral Questions With Answers For CNSL Oral Preparation

Uploaded by

Copyright:

Available Formats

You might also like

Sample Oral Questions With Answers For CNSL Oral Preparation

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Sample Oral Questions With Answers For CNSL Oral Preparation

Uploaded by

Copyright:

Available Formats

FAQs with Answers

Computer Network and Security Laboratory

Q 1) Explain how RIP works.

Q 2) What are features of RIP?

TE IT CNSL Sample Oral FAQs with Answers

Q 3) What is RIP protocol used in networking?

Q 4) What is the default routing update period for RIP?

Q 5) What are the main problems with RIP routing protocol?

TE IT CNSL Sample Oral FAQs with Answers

Q 6) Discuss few router configuration commands in packet tracer.

Step no ip domain-lookup Disables the router from translating unfamiliar

Q 7) How we can set LAN interface in packet tracer?

TE IT CNSL Sample Oral FAQs with Answers

Q 8) What is the main reason for using RIP?

TE IT CNSL Sample Oral FAQs with Answers

TE IT CNSL Sample Oral FAQs with Answers

Q 2) What is the difference between standard and extended ACL?

b) Standard ACL are used to block particular host or sub

c)Standard ACL is implemented as possible closer to

d) Standard ACL is created from 1 - 99 & extended range 1300

e) In Standard ACL, two communication will be blocked, where

f) In Standard ACL, all services will be blocked. Where as

TE IT CNSL Sample Oral FAQs with Answers

Q 4) Explain the command in packet tracer to configure standard ACL.

Q 5) Which command will create an extended named access-list?

TE IT CNSL Sample Oral FAQs with Answers

Q 8) What is wildcard mask?

Q 9) Which type of ACL should be placed closest to the source of traffic?

TE IT CNSL Sample Oral FAQs with Answers

Q 2) What is static NAT?

TE IT CNSL Sample Oral FAQs with Answers

Q 5) What is Source NAT?

Q 6) Does NAT occur before or after routing ?

TE IT CNSL Sample Oral FAQs with Answers

Q 8) Explain the terms

TE IT CNSL Sample Oral FAQs with Answers

Q 10) What is difference between NAT and PAT?

NAT stands for Network Address

3. NAT can be considered PAT’s superset. PAT is a dynamic NAT.

PAT also uses IPv4 address but with port

TE IT CNSL Sample Oral FAQs with Answers

Q 11) Where is ipnat inside and ipnat outside used?

TE IT CNSL Sample Oral FAQs with Answers

Q5. Explain the different types of packets in EIGRP?

Q6. What is the administrative distance of EIGRP?

Q7. Which commands are used for implementing EIGRP on

Q8. What are the EIGRP Tables?

Q9. What is the maximum Hop-count for EIGRP?

Q10. Is it is necessary to have the same AS on routers

Q12. Which algorithm EIGRP use for finding best path?

TE IT CNSL Sample Oral FAQs with Answers

2. The devices must have the same authentication configuration

3. The devices must have the same k-values

TE IT CNSL Sample Oral FAQs with Answers

A7. Router EIGRP <AS>

A11. The neighbor process among two EIGRP router is as following:

Router-A will send out a hello message to router-B

Router-A acknowledges the update