Professional Documents
Culture Documents
Sample Oral Questions With Answers For CNSL Oral Preparation
Sample Oral Questions With Answers For CNSL Oral Preparation
Sample Oral Questions With Answers For CNSL Oral Preparation
Experiment 1 (a)
If a router receives an update on a route, and the new path is shorter, it will update its table
entry with the length and next-hop address of the shorter path. If the new path is longer, it
will wait through a "hold-down" period to see if later updates reflect the higher value as well.
It will only update the table entry if the new, longer path has been determined to be stable.
If a router crashes or a network connection is severed, the network discovers this because that
router stops sending updates to its neighbors, or stops sending and receiving updates along
the severed connection. If a given route in the routing table isn't updated across six successive
update cycles (that is, for 180 seconds) a RIP router will drop that route and let the rest of the
network know about the problem through its own periodic updates.
Step-2(Configuring PCs):
1. Assign IP Addresses to every PC in the network.
2. Select the PC, Go to the desktop and select IP Configuration and assign an IP address,
Default gateway, Subnet Mask
3. Assign the default gateway of PC0 as 192.168.10.1.
4. Assign the default gateway of PC1 as 192.168.20.1.
Step-3(Connecting PCs with Router):
1. Connect FastEthernet0 port of PC0 with FastEthernet0/0 port of Router1 using a
copper straight-through cable.
2. Connect FastEthernet0 port of PC1 with FastEthernet0/1 port of Router1 using a
copper straight-through cable.
RIP maintains a routing table, which lists all routers reachable within a network. Each router
uses this table to determine the most efficient way to route data. RIP incorporates distance-
vector routing, which calculates the best path based on the direction and distance between
routers. Each packet is forwarded to the appropriate routers until the packet reaches its
destination.
RIP also prevents endless routing loops by limiting the number of "hops" between the source
and destination. A hop is recorded each time a packet is forwarded from one router to
another. The maximum number of hops allowed by RIP is 15. If the hop count hits 16, RIP
determines the destination is not reachable and the transfer is terminated.
Q 6) Which router command allows you to view the entire contents of all access list?
Ans.
The show access-lists command will allow you to view the entire contents of all access lists,
but it will not show you the interfaces to which the access lists are applied.
Q 7) Which command would you use to apply an access list to a router interface?
Ans.
To apply an access list, the proper command is ip access-group 101 in.
Q 3) What is PAT?
Ans.
Port Address Translation (PAT) is an extension of Network Address Translation (NAT) that
permits multiple devices on a LAN to be mapped to a single public IP address to conserve IP
addresses.
PAT is similar to port forwarding except that an incoming packet with destination port
(external port) is translated to a packet different destination port (an internal port). The
Internet Service Provider (ISP) assigns a single IP address to the edge device. When a
computer logs on to the Internet, this device assigns the client a port number that is appended
to the internal IP address, giving the computer a unique IP address.
If another computer logs on the Internet, this device assigns it the same public IP address, but
a different port number. Although both computers are sharing the same public IP address, this
device knows which computer to send its packets, because the device uses the port numbers
to assign the packets the unique internal IP address of the computers.
Q 9) While configuring NAT on Router, Which command would you place on interface
connected to the Internet?
Ans.
As in access-lists, you must configure your interfaces before NAT will provide any
translations. On the inside networks you would use the command ipnat inside. On the outside
interface, you will use the command ipnat outside.
In NAT, Private IP addresses are translated In PAT, Private IP addresses are translated
2. into the public IP address. into the public IP address via Port numbers.
Que. Question CO BT
Q1.
CO2 Level 1
What is EIGRP?
Q2. What are the requirements for neighborship in EIGRP? CO2 Level 1
Q3. Give the formula by which EIGRP calculates metric? CO2 Level 1
Q4. Explain the various tables used in EIGRP?
CO2 Level 1
Q11. How two EIGRP router become neighbors with each other?
CO2 Level 2
A1. Enhanced Interior Gateway Routing Protocol is an advanced distance vector routing
protocol based on the principles of the Interior Gateway Routing Protocol (IGRP). It has a
unique characteristic that improves the operational ability and fast converging rate. It can
determine the shortest path distance vector, and it works on the principle of Interior Gateway
Routing Protocol, a classless routing protocol.
A2. Requirements –
A3.
A4. To perform the functions of EIGRP, it creates three tables which are:
Neighbor Table
Topology Table
Routing Table
Following represents the ideology and concepts behind the three major tables:
1. Neighbor Table
The neighbor table contains information about routers and neighborship relationships
with those whom have been established.
Command to list router information: ‘show ipeigrpneighbors’.
The Neighbor Table has Fields like H: Handle, Address, Interface, Hold Time,
Uptime, Smooth Round Trip Time, Retransmission Timeout, Queue Count, Sequence
Number.
2. Topology Table
The topology table holds information about all the paths to networks understood by
EIGRP routers.
Command to list router information- ‘show ipeigrp’ topology.
The topology table holds the following fields Passive, Feasible Distance, Advertised
distance, Feasible distance
3. Routing Table
The routing table stores the routes which are currently active in sending packets to the
network. It stores the optimal route for the destination from the sender.
Command to List Router Information: ’show ipv6 route’.
The routing table holds the following fields D, 90/ 5632. Via 11.0.0.2,
GigabitEthernet0/1.
Network <Subnet-ID>
A8. To perform the functions of EIGRP, it creates three tables which are:
Neighbor Table
Topology Table
Routing Table
A9. 224
A10. Yes
Router-B sends back a hello-msg and an update. The update have routing info about new
network
A neighbor will be remove from routing table if no hello-msg is relieved during three hello
messages.
A12. It uses DUAL Diffusing-update algo for finding and calculating the best path for
EIGRP routes.
ASSIGNMENT 2(B)
A1. Open Shortest Path First is a routing protocol for Internet Protocol networks. It uses a
link state routing algorithm and falls into the group of interior gateway protocols, operating
within a single autonomous system.
Area ID
Authentication
Hello and Dead Intervals
Stub Flag
MTU Size
A6. 110
A9. infinite
A10.
the sum of the interface costs for all outgoing interfaces in the route.
A11.
A12. OSPF protocol has no limitations in hop count, unlike RIP protocol that has only
15 hops at most. So OSPF converges faster than RIP and has better load balancing.
A15.
A16. OSPF has eight neighbor states: Down, Attempt, Init, 2-way, Exstart, Exchange,
Loading, and Full.
A17. OSPF is a link-state protocol in which all routers in the routing domain exchange
information and thus know about the complete topology of the network. Because each router
knows the complete topology of the network, the use of the SPF algorithm creates an
extremely fast convergence. Other key characteristics of OSPF are as follows:
Provides routing information to the IP section of the TCP/IP protocol suite, the most
commonly used alternative to RIP.
Sends updates to tables only, instead of entire tables, to routers.
Is a more economical routing protocol than RIP over time because it involves less
network traffic.
OSPF is usually more efficient than RIP in exchanging routing information when a network
is stable; however, for this rule to hold true, it depends on network events. For example,
during an external convergence event, OSPF could flood more traffic than RIP. Consider that
RIP carries 25 routes per update; on the other hand, OSPF floods a single LSA per external
route that is affected by the convergence event. So, provided that you have a (relatively)
stable environment, OSPF involves less traffic, and over time, it is statistically more
economical than RIP. Using a single LSA per external route is inefficient, but OSPF was
never designed to be an EGP. Therefore, OSPF/BGP deployment when large numbers of
external routers are present.
DETAILED STEPS
Command or Action Purpose
Step 1 enable Enables privileged EXEC mode.
Example:
Enter your password if prompted.
Device> enable
Step 2 configure terminal Enters global configuration mode.
Example:
Device(config)# interface
Gigabitethernet 0/0
Step 4 ip ospf cost cost Explicitly specifies the cost of sending a
Example:
packet on an OSPF interface.
Device(config-if)#ipospf cost 65
Step 5 ip ospf retransmit-interval seconds Specifies the number of seconds between
Example:
link-state advertisement (LSA)
Device(config-if)#ipospf priority 1
Step 8 ip ospf hello-interval seconds Specifies the length of time between the
Example:
hello packets that the Cisco IOS software
sends on an OSPF interface.
Device(config-if)#ipospf hello-interval
1
Step 9 ip ospf dead-interval seconds Sets the number of seconds that a device
Example:
must wait before it declares a neighbor
OSPF router down because it has not
Device(config-if)#ipospf dead-interval received a hello packet.
1
Step 1 ip ospf authentication-key key Assigns a password to be used by
0 Example:
neighboring OSPF routers on a network
segment that is using the OSPF simple
Device(config-if)#ipospf password authentication.
authentication-key 1
Step 1 ip ospf message-digest-key key-id md Enables OSPF MD5 authentication. The
1 5 key values for the key-id and key arguments
Example: must match values specified for other
neighbors on a network segment.
Device(config-if)#ipospf message-
digest-key 1 md5 23456789
Step 1 ip ospf authentication [message- Specifies the authentication type for an
2 digest | null ] interface.
Example:
Device(config-if)#ipospf
authentication message-digest
Step 1 end Exits interface configuration mode and
3 Example:
returns to privileged EXEC mode.
Device(config-if)# end
A19. There are five types of OSPF areas: Backbone area (area 0), Standard area, Stub
area, Totally stubby area, and No so stubby area (NSSA)
A21. OSPF routers collect this information into a link-state database (LSDB) that is shared
and synchronized among the various routers. Using this database, the various routers are able
to calculate the shortest path to other routers using the SPF algorithm.
A23. 3 tables
A24. multicast
A25. inter-area OSPF is distance vector, it is vulnerable to routing loops. It avoids loops
by mandating a loop-free inter-area topology, in which traffic from one area can only
reach another area through area 0.
A27. No
A28. 110
A29. topology table The topology table keeps track of the entire network topology. It
stores all the information about all the routes that the router has received from its neighbors,
even duplicate routes. route table The routing table is the table that stores information about
the best routes to a particular destination.
A30.
The Router ID of each neighbouring router.
The current “state” of each neighbouring router.
The interface directly connected to each neighbour.
The IP address of the remote interface of each neighbour.
A31. Shortest Path First (SPF) algorithm
A32. Each OSPF router selects a router ID (RID) that has to be unique on your
network. OSPF stores the topology of the network in its LSDB (Link State Database) and
each router is identified with its unique router ID , if you have duplicate router IDs then you
will run into reachability issues.
Que. Question CO BT
Q1.
CO2 Level 1
What is a wireless LAN?
Q2. What is IEEE 802.11b, 802.11g, and 802.11a? CO2 Level 1
Q3. What are the advantages and disadvantages of WLAN? CO2 Level 1
Q4. What are the needed devices of WLAN? CO2 Level 1
Q5. What are the common applications of WLAN? CO2 Level 1
Q6. What id infrastructured WLAN and Adhoc wireless network? CO2 Level 1
Q7.
Why use DHCP IP reservation or Static IP CO2 Level 1
Q8.
What is DHCP? CO5 Level 3
Q9. Explain the steps in WLAN configuration in packet tracer CO2 Level 2
Q10. What port does DHCP use? CO2 Level 3
Q11. Why is DHCP used? CO2 Level 1
Q12. Can you use a static IP on a DHCP network? CO2 Level 1
Q13. Which is faster DHCP or static? CO2 Level 1
Q14. What are the benefits of static IP? CO2 Level 1
Q15. What is the difference between DHCP and static? CO2 Level 1
1.
Wireless LAN stands for “Wireless Local Area Network.” A WLAN, or wireless
LAN, is a network that links and communicates wirelessly to computers.A wireless
local-area network (WLAN) is a group of colocated computers or other devices that
form a network based on radio transmissions rather than wired connections. Unlike a
conventional wired LAN, devices communicate via Ethernet cables and devices
linked via Wi-Fi on a WLAN. While a WLAN can look different from a conventional
LAN, it does operate the same way.
2.
802.11a was one of the first standards issued under the 802.11 umbrella in 1999.
Rather than using the 2.4 GHz band, it opted into using the 5 GHz frequency band. Generally,
higher frequencies are coupled with faster speeds but shorter range. To achieve better speeds,
it was the first to implement OFDM (Orthogonal Frequency Division Multiplexing)
technology - a digital modulation method used to encode data on multiple frequencies- into
its coding scheme, allowing it to have a theoretical maximum speed of 54 Mbps, which was a
drastic improvement from the original WiFi standard.
In addition, since 802.11a operated under the 5 GHz band, it made the products more
expensive. Therefore, it was mostly used in business networks.
While 802.11a was being developed, so was the 802.11b standard; it was also published in
1999.
To fulfill a growing demand for faster internet under the 2.4 GHz band, 802.11g joined the
802.11 family in 2003.
The developers took the best qualities of 802.11a and 802.11b to create the 802.11g standard.
It supports a networking bandwidth up to 54 Mbps and operates under the 2.4 GHz band.
At the time backward compatibility was a must because many people still had access points
and computers that used the previous standards. 802.11g is backward compatible with
802.11b products. However, WiFi products are only capable of tapping into the standard
under which they operate. An 802.11b computer connected to an 802.11g AP can only go as
fast as what the b standard allows. On the flip side, a g device connected to a b AP will only
go as fast as what the AP offers.
3.
4. l
5.
(1) Between buildings: Building network connections between buildings, replacing
dedicated lines, is simple and cheap.
(2) Catering and retail: The catering service industry can use wireless local area
network products to directly input...
(3) Medical treatment: Use portable computers with wireless local area network
products to obtain real-time information.
6.
Most Wi-Fi networks function in infrastructure mode. Devices on the network all
communicate through a single access point, which is generally the wireless router. For
example, let’s say you have two laptops sitting next to each other, each connected to
the same wireless network. Even when sitting right next to each other, they’re not
communicating directly. Instead, they’re communicating indirectly through the
wireless access point. They send packets to the access point — probably a wireless
router — and it sends the packets back to the other laptop. Infrastructure mode
requires a central access point that all devices connect to.
Ad-hoc mode is also known as “peer-to-peer” mode. Ad-hoc networks don’t require a
centralized access point. Instead, devices on the wireless network connect directly to
each other. If you set up the two laptops in ad-hoc wireless mode, they’d connect
directly to each other without the need for a centralized access point.
7.
The main advantage of using DHCP reservations is that the assignment of a "static" IP
address is managed centrally. This can be helpful for example if you are often
rebuilding a particular computer or constantly changing the OS or if setting a "static"
IP address is cumbersome (DirectTV DVR for example).
Using DHCP reservations is also handy if you ever need to migrate to a new subnet.
In most cases then you just need to change the subnet on the router\DHCP server and
all the clients will automatically be updated to the new subnet.
Lastly, using DHCP reservations is nice because you have a central place that you can
go and lookup the IP address of a machine, provided the router\DHCP server allows
you to note a name in addition to the IP address and MAC Address.
8.
12. Yes
13. static
14.
1. Speed
Since Static IP addresses are with less contradictions, the devices assigned with a Static
IP address tends to perform faster. Only if you are a broadband user, the speed difference
is extremely noticeable. Not for the DSL connections. This is especially beneficial if you
are constantly uploading and downloading files.
2. Security
3. Accessibility
Remote access is made possible in Static IP address using programs like Virtual Private
Network (VPN). Meaning that, devices can be accessed from any part of the world. As
long as the device is connected to the internet, all the information are made accessible.
4. Hosting
Currently all type of hosting from web server, email server and other types of servers are
accepted by Static IP address. Therefore, if you have a Static IP address all your
customers and clients can easily access your website. And also, when using Static IP
address the devices can easily locate and find all the servers worldwide.
5. Stability
All the Static IP address are known to be stable since they are restricted from changes.
Unlike in a Dynamic IP address, it does nor undergo frequent lapses. Whenever there is a
reboot, the computers will be able to reconnect quickly to the internet using the same IP
address.
6. Accuracy
A Static IP address is highly accurate when it comes to geolocation data. All the
geolocational services will be able to find the accurate business location. With these
accurate information, it can be assured that the businesses are always in the frontline. This
is beneficial for businesses in many ways.
7. Shared Resources
15.
TCP/IP connections work in a manner similar to a telephone call where someone has
to initiate the connection by dialing the phone. At the other end of the connection, someone
has to be listening for calls and then pick up the line when a call comes in. In TCP/IP
communications, the IP Address is analogous to a telephone number and the port number
would be analogous to a particular extension once the call has been answered. The “Client” in
a TCP/IP connection is the computer or device that “dials the phone” and the “Server” is the
computer that is “listening” for calls to come in. In other words, the Client needs to know the
IP Address of whatever Server it wants to connect to and it also needs to know the port
number that it wants to send and receive data through after a connection has been established.
The Server only has to listen for connections and either accept them or reject them when they
are initiated by a client.
Once a connection through a TCP/IP port has been established between a TCP/IP client and a
TCP/IP server, data can be sent in either direction exactly the same way that data is sent
through any other type of port on a PC (serial, parallel, etc.). The only difference is that the
data is sent across your network. The connection between a Client and a Server remains open
until either the client or the server terminates the connection (i.e. hangs up the phone). One
extremely nice benefit of the TCP/IP protocol is that the low level drivers that implement the
sending and receiving of data perform error checking on all data so you are guaranteed that
there will be no errors in any data that you send or receive.
Sockets allow communication between two different processes on the same or different
machines. To be more precise, it's a way to talk to other computers using standard Unix file
descriptors. In Unix, every I/O action is done by writing or reading a file descriptor. A file
descriptor is just an integer associated with an open file and it can be a network connection,
a text file, a terminal, or something else.
To a programmer, a socket looks and behaves much like a low-level file descriptor. This is
because commands such as read() and write() work with sockets in the same way they do
with files and pipes.
Advantages:
a. Flexible and powerful.
b. Cause low network traffic if efficiently used.
c. Only updated information can be sent.
Socket Port
The word “Socket” is the combination of The word “Port” is the number used by
port and IP address. particular software.
It is used to identify both a machine and The same port number can be used in different
a service within the machine. computer running on same software.
There are two types of Sockets: the datagram socket and the stream socket.
Yes, multiple client sockets can be bound to the same local IP/port pair at the same time, if
they are connected to different server IP/Port pairs so the tuples of local+remote pairs are
unique.
The combination of an IPv4 addressand a port number is known as the socket number. A pair
of sockets, one socket at the client side and other socket at the server side, define the
TCP/UDP connection end points. A socket number can uniquely identify a network resource
in the whole internet.
For most socket interfaces, the maximum number of sockets allowed per each connection
between an application and the TCP/IP sockets interface is 65535.
11. What list of calls are used to establish a TCP and/or UDP socket connections. What
information is need?
The Select function is used to select between TCP and UDP sockets. This function gives
instructions to the kernel to wait for any of the multiple events to occur and awakens the
process only after one or more events occur or a specified time passes.
Example – kernel will return only when one of these conditions occurs
Any Descriptor from {1, 2, 3} is ready for reading
Any Descriptor from {4, 5, 6} is ready for writing
Time 5sec has passed
The entire process can be broken down into the following steps :
Server:
1.
Create TCP i.e Listening socket
2.
Create a UDP socket
3.
Bind both sockets to the server address.
4.
Initialize a descriptor set for select and calculate a maximum of 2 descriptors for
which we will wait
5. Call select and get the ready descriptor(TCP or UDP)
6. Handle new connection if the ready descriptor is of TCP OR receive datagram if the
ready descriptor is of UDP
UDP Client:
1. Create a UDP socket.
2. Send a message to the server.
3. Wait until a response from the server is received.
4. Close socket descriptor and exit.
TCP Client:
1. Create a TCP socket.
2. Call connect to establish a connection with the server.
3. When the connection is accepted write a message to a server.
4. Read the response of the Server.
5. Close socket descriptor and exit.
On the TCP level the tuple (source ip, source port, destination ip, destination port) must be
unique for each simultaneous connection. That means a single client cannot open more than
65535 simultaneous connections to a single server. But a server can (theoretically)
serve 65535 simultaneous connections per client.
The simple way to handle multiple clients would be to spawn new thread for every new client
connected to the server. This method is strongly not recommended because of various
disadvantages, namely:
Threads are difficult to code, debug and sometimes they have unpredictable results.
Overhead switching of context
Not scalable for large number of clients
Deadlocks can occur
Select()
A better way to handle multiple clients is by using select() linux command.
Select command allows to monitor multiple file descriptors, waiting until one of the
file descriptors become active.
For example, if there is some data to be read on one of the sockets select will provide
that information.
Select works like an interrupt handler, which gets activated as soon as any file
descriptor sends any data.
No, you can't connect directly to a tcp server with a udp client. The protocols must match.
16. How UDP client and UDP server communicates over socket?
In UDP, the client does not form a connection with the server like in TCP and instead just
sends a datagram. Similarly, the server need not accept a connection and just waits for
The entire process can be broken down into the following steps :
UDP Server :
1. Create a UDP socket.
2. Bind the socket to the server address.
3. Wait until the datagram packet arrives from the client.
4. Process the datagram packet and send a reply to the client.
5. Go back to Step 3.
UDP Client :
1. Create a UDP socket.
2. Send a message to the server.
3. Wait until response from the server is received.
4. Process reply and go back to step 2, if necessary.
5. Close socket descriptor and exit.
Server
The server program would follow the following steps:
1. Create a UDP socket.
2. Bind the socket with the proper IP (Internet Protocol) adress and the port number.
3. Wait for the datagram packet from the client.
4. Process the datagram and send the reply.
5. Finish.
The CONNECT command enables an application to associate a socket with the socket name
of a peer. The socket then is considered to be a connected UDP socket. You can call the
CONNECT command multiple times with different peer names to change the socket
association.
With UDP, you have to bind() the socket in the client because UDP is connectionless, so
there is no other way for the stack to know which program to deliver datagrams to for a
particular port.
TCP is used in case of non-time critical applications. UDP is used for games or applications
that require fast transmission of data. UDP's stateless nature is also useful for servers that
answer small queries from huge numbers of clients.
A web administrator maintains web server services (such as Apache or IIS) that allow
for internal or external access to web sites. Tasks include managing multiple sites,
administering security, and configuring necessary components and software.
Responsibilities may also include software change management. They mainly deal
with the following : Although tasks can overlap with other areas of web development
in small organizations, pure web administration positions would cover the following:
Administration, installation and maintenance of web servers
Selection of appropriate web server platform and operating system - Which web
server should the company use – Apache or IIS? Should it be hosted on a UNIX,
Linux or Windows box? When should the company upgrade to a new version of the
web server software? The web administrator has to make these calls.
Advice on the selection of web development tools - Gives assistance to the web
publishing group during the selection of web development tools (Dreamweaver,
FrontPage, GoLive, etc.).
Ensure routine back-ups of the web servers occur.
Server
This type of server uses comparatively much more resources.
It provides support for Multithreading.
The Application Servers provide support for the RPC/RMI protocols along with the HTTP
protocols.
The overall capacity of an Application Server is comparatively much higher than that of a
Web Server.
Internet Information Services (IIS) is a flexible, general-purpose web server from Microsoft
that runs on Windows systems to serve requested HTML pages or files.
An IIS web server accepts requests from remote client computers and returns the appropriate
response. This basic functionality allows web servers to share and deliver information across
local area networks (LAN), such as corporate intranets, and wide area networks (WAN), such
as the Internet.
A web server can deliver information to users in several forms, such as static webpages coded
in HTML; through file exchanges as downloads and uploads; and text documents, image files
and more.
Enterprise organizations are increasingly choosing to deploy new applications and migrate
existing ones to both private and public cloud computing environments. Cloud computing,
especially in the public cloud, provides significant benefits that include cost savings through
economies of scale, streamlined processes and simplified management with fewer
administrative tasks.
As organizations depend on the cloud for more of their critical applications and services,
there is a growing need to maintain network transparency and visibility, also called
observability. Observability in the context of cloud computing depends on two factors: the
presence of data outputs that accurately reflect activities and behaviors on the network, and
the ability to aggregate and analyze that data.
Log files are the primary data source for network observability. A log file is a computer-
generated data file that contains information about usage patterns, activities, and operations
within an operating system, application, server or another device. IT organizations can
implement security event monitoring (SEM), security information management (SIM),
security information and event management (SIEM), or another analytics tool to aggregate
and analyze log files from throughout a cloud computing environment.
If you've already enabled IIS but are missing the required IIS components, the installation
displays a message indicating that certain IIS components are missing. You have the option
to allow the installation to automatically enable the required IIS components. However,
depending on your organization's security policies, it may be necessary to manually enable
the required IIS components as described below.
To enable IIS and the required IIS components on Windows 10, do the following:
1. Open Control Panel and click Programs and Features > Turn Windows features on or
off.
2. Enable Internet Information Services.
3. Expand the Internet Information Services feature and verify that the web server
components listed in the next section are enabled.
4. Click OK.
Server life cycle is the series of states through which a WebLogic Server instance can
transition. These states cause specific changes to the operational state of a server instance and
help to identify the accurate status of the running server. Use the server life cycle commands
to track the progress of a booting server at a granular level which avoids server conflicts by
determining the issues during boot and improves the scalability of WebLogic servers by
facilitating better control in the life cycle management.
Server state signifies the specific condition of a server in the life cycle management. System
administrators use the server state information to plan the administration tasks related to the
application services. You can get the server state using Administration Console or command
prompt scripts.
WebLogic Server displays and stores information about the current state of a server instance,
and state transitions that have occurred since the server instance started up. This information
is useful to administrators who:
Monitor the availability of server instances and the applications they host
Plan corrective actions, such as migration of services, when a server instance fails or
crashes
FTP
Command Description of Command
! This command toggles back and forth between the operating system and ftp. Once back
operating system, typing exit takes you back to the FTP command line.
cd Changes directory.
glob Sets globbing on or off. When turned off, the file name in the put and get commands i
literally, and wildcards will not be looked at.
hash Sets hash mark printing on or off. When turned on, for each 1024 bytes of data received,
mark (#) is displayed.
help Accesses the Help screen and displays information about the command if the command i
after help.
lcd Displays local directory if typed alone or if path typed after lcd will change the local directo
literal Sends a literal command to the connected computer with an expected one-line response.
FTP employs a client-server architecture whereby the client machine has an FTP
client installed and establishes a connection to an FTP server running on a remote machine.
After the connection has been established and the user is successfully authenticated, the data
transfer phase can begin.
Worth noting: Although FTP does support user authentication, all data is sent in clear text,
including usernames and passwords. For secure transmission that protects the username and
password, and encrypts the content, FTP is often secured with SSL/TLS (FTPS) or replaced
with SSH File Transfer Protocol (SFTP).
Ans:-Symmetric Cryptography
In this type, the encryption and decryption process uses the same key. It is also called as
secret key cryptography. The main features of symmetric cryptography are as follows −
Drawback
The major drawback of symmetric cryptography is that if the key is leaked to the intruder, the
message can be easily changed and this is considered as a risk factor.
Asymmetric key:-
It is also called as public key cryptography. It works in the reverse way of symmetric
cryptography. This implies that it requires two keys: one for encryption and other for
decryption. The public key is used for encrypting and the private key is used for decrypting.
When encrypting with low encryption exponents (e.g., e = 3) and small values of the
m (i.e., m<n1/e), the result of me is strictly less than the modulus n. In this case,
ciphertexts can be decrypted easily by taking the eth root of the ciphertext over the
integers.
If the same clear-text message is sent to e or more recipients in an encrypted way, and
the receivers share the same exponent e, but different p, q, and therefore n, then it is
easy to decrypt the original clear-text message via the Chinese remainder theorem.
Johan Håstad noticed that this attack is possible even if the clear texts are not equal,
but the attacker knows a linear relation between them.
Because RSA encryption is a deterministic encryption algorithm (i.e., has no random
component) an attacker can successfully launch a chosen plaintext attack against the
cryptosystem, by encrypting likely plaintexts under the public key and test whether
they are equal to the ciphertext. A cryptosystem is called semantically secure if an
attacker cannot distinguish two encryptions from each other, even if the attacker
knows (or has chosen) the corresponding plaintexts. RSA without padding is not
semantically secure.
RSA has the property that the product of two ciphertexts is equal to the encryption of
the product of the respective plaintexts. That is, m1em2e ≡ (m1m2)e (mod n). Because of
this multiplicative property, a chosen-ciphertext attack is possible. E.g., an attacker
who wants to know the decryption of a ciphertext c ≡ me (mod n) may ask the holder
of the private key d to decrypt an unsuspicious-looking ciphertext c′ ≡ cre (mod n) for
some value r chosen by the attacker. Because of the multiplicative property, c′ is the
encryption of mr (mod n). Hence, if the attacker is successful with the attack, they
will learn mr (mod n), from which they can derive the message m by multiplying mr
with the modular inverse of r modulo n.
Given the private exponent d, one can efficiently factor the modulus n = pq. And
given factorization of the modulus n = pq, one can obtain any private key (d′, n)
generated against a public key (e′, n).
Ans:-The reason prime numbers are fundamental to RSA encryption is because when you
multiply two together, the result is a number that can only be broken down into those
primes (and itself an 1). In our example, the only whole numbers you can multiply to get
187 are 11 and 17, or 187 and 1.
Q6:-What is cryptography?
Ans:-Encryption is the method by which information is converted into secret code that hides
the information's true meaning.
Decryption is the process of converting meaningless message (Ciphertext) into its original
form (Plaintext).
Data is said to be encrypted when a person or device lacking the cipher is unable to read it.
They, or it, would need the cipher to decrypt the information.
Algorithms transform plaintext into ciphertext, and ciphertext into plaintext. These respective
processes are called encryption and decryption.
Ans:-In cryptography, a key is a string of characters used within an encryption algorithm for
altering data so that it appears random. Like a physical key, it locks (encrypts) data so that
only someone with the right key can unlock (decrypt) it.
Ans:-Symmetric encryption is a means of protecting data using a secret key to encrypt (lock)
and decrypt (unlock) it. The sender and recipient share the key or password to gain access to
the information. The key can be a word; a phrase; or a nonsensical or random string of letters,
numbers, and symbols.
Disadvantages:
Ans:-There are two sides in an encrypted communication: the sender, who encrypts the data,
and the recipient, who decrypts it. As the name implies, asymmetric encryption is different on
each side; the sender and the recipient use two different keys. Asymmetric encryption, also
known as public key encryption, uses a public key-private key pairing: data encrypted with
the private key can only be decrypted with the public key, and vice versa.
Ans:-The name RSA was coined by taking the initials of the surnames of its developers. It is
an encryption algorithm that works on a block cipher. It is an asymmetric encryption
algorithm. It involves Euler Totient Function & Fermat's theorem to encrypt the text.
Ans:- RSA idea is also used for signing and verifying a message it is called RSA
digital signature scheme.
Digital signature scheme changes the role of the private and public keys
Private and public keys of only the sender are used not the receiver
Sender uses her own private key to sign the document and the receiver uses the
sender’s public key to verify it.
The signing and verifying sets use the same function, but with different parameters.
The verifier compares the message and the output of the function for congruence. If
the result is two true the message is accepted.
Sender A wants to send a message M to the receiver B along with the digital signature S
calculated over the message M
Step1: The sender A uses the message digest algorithm to calculate the message digest MD1
over the original message M
Step 2: The sender A now encrypts the message digest with her private key. The output of
this process is called the digital signature.
Step 3: Now the sender A sends the original message M along with digital signature DS to
receiver B
Step 5: The receiver B now uses the sender’s A’s public key to decrypt the digital signature.
Note that A had used his private key to decrypt the message digest MD1 to form the digital
signature. Therefore only A’s public key can be used to decrypt it. The output of this process
is the original message digest which was calculated by A (MD1) in step 1.
a. B accepts the original message (M) as the correct, unaltered message from A
b. B is also assured that the message came from A and not from someone else attached,
posing as A
Thus, the principle of digital signature is quite strong, secure and reliable.
1. RSA idea is also used for signing and verifying a message it is called RSA digital
signature scheme.
2. Digital signature scheme changes the role of the private and public keys
3. Private and public keys of only the sender are used not the receiver
4. Sender uses her own private key to sign the document and the receiver uses the
sender’s public key to verify it.
5. Digitial signature ensures integrity, authentication and non-repudiation. Whereas,
confidentiality can be achieved with the help of encryption.
6. Digital signature is a Digital id, send as an attachment to a web page / e ‐ mail /
message and it is used for verifying the attachments send using web. A digital
signature is a mathematical technique used to validate the authenticity and integrity of
a message, software or digital document.
Alice creates her digital signature using S=M^d mod n where M is the message
Alice sends Message M and Signature S to Bob
Bob computes M1=S^e mod n
If M1=M then Bob accepts the data sent by Alice.
Ans:-Hashing is one of the core elements of a digital signature system. The process of
hashing involves transforming data of any size into a fixed-size output. This is done by a
special kind of algorithms known as hash functions. The output generated by a hash function
is known as a hash value or message digest.
Ans: The DES (Data Encryption Standard) algorithm is a symmetric-key block cipher created
in the early 1970s by an IBM team and adopted by the National Institute of Standards and
Technology (NIST). The algorithm takes the plain text in 64-bit blocks and converts them
into ciphertext using 48-bit keys.
Since it’s a symmetric-key algorithm, it employs the same key in both encrypting and
decrypting the data. If it were an asymmetrical algorithm, it would use different keys for
encryption and decryption.
The algorithm process breaks down into the following steps:
The process begins with the 64-bit plain text block getting handed over to an initial
permutation (IP) function.
The initial permutation (IP) is then performed on the plain text.
Next, the initial permutation (IP) creates two halves of the permuted block, referred to as Left
Plain Text (LPT) and Right Plain Text (RPT).
Each LPT and RPT goes through 16 rounds of the encryption process.
Finally, the LPT and RPT are rejoined, and a Final Permutation (FP) is performed on the
newly combined block.
The result of this process produces the desired 64-bit ciphertext.
The encryption process step (step 4, above) is further broken down into five stages:
Key transformation
Expansion permutation
S-Box permutation
P-Box permutation
XOR and swap
For decryption, we use the same algorithm, and we reverse the order of the 16 round keys.
Much of the work has been completed and the number of regularities and unexpected
behaviours of the S-boxes have been found but no one has succeeded in discovering out the
weaknesses in the S-box.
This contention is tantalizing, and over the years a multiple regularities and unexpected
behaviour of the S-boxes have been found.
DES has been around a long time (since 1977), even no actual weaknesses have been
discovered and the most effective attack is still brute force.
DES is an official United States Government standard. The Government is needed to re-
certify, DES every five years and ask it be restored if essential.
DES is also an ANSI and ISO standard. Because DES was designed to run on 1977 hardware,
it is rapid in hardware and associatively quick in software.
It supports functionality to save a file in an encrypted format which can only be accessed by
supporting the correct password.
It can review a short history of DES and represent the basic structures.
It can define the round keys generation process and to interpret data encryption standard.
Some users can use the similar system and still can work individually.
Disadvantage of DES
There are various disadvantage of DES which is as follows −
The 56 bit key size is the largest defect of DES and the chips to implement one million of
DES encrypt or decrypt operations a second are applicable (in 1993).
DES was not designed for application and therefore it runs relatively slowly.
Substitution ciphers can be compared with transposition ciphers. In a transposition cipher, the
units of the plaintext are rearranged in a different and usually quite complex order, but the
units themselves are left unchanged. By contrast, in a substitution cipher, the units of the
plaintext are retained in the same sequence in the ciphertext, but the units themselves are
altered.
There are a number of different types of substitution cipher. If the cipher operates on single
letters, it is termed a simple substitution cipher; a cipher that operates on larger groups of
letters is termed polygraphic. A monoalphabetic cipher uses fixed substitution over the entire
message, whereas a polyalphabetic cipher uses a number of substitutions at different
positions in the message, where a unit from the plaintext is mapped to one of several
possibilities in the ciphertext and vice versa.
Q13: What are the steps in Diffie Hellman key exchange algorithm?
Ans: The steps needed for the Diffie-Hellman key exchange are as follows:
Step 1: You choose a prime number q and select a primitive root of q as α. To be a primitive
root, it must satisfy the following criteria:
Step 2: You assume the private key for our sender as Xa where Xa < q. The public key can be
calculated as Ya = αxa mod q. So, the key pair for your sender becomes {Xa, Ya}.
Assume the private key for the receiver to be Xb where Xb < q. The public key for the
receiver is calculated as Yb = αxb mod q. For the receiver, the key pair becomes {Xb, Yb}.
Step 3: To generate the final secret key, you use three parameters. For the sender, you need
the private key (Xa), the receiver’s public key (Yb), and the original q. The formula to
calculate the key is K = (Yb)Xa mod q.
For the receiver, you need the private key (Ya), sender’s public key (Xb), and the original q.
The formula to calculate the secret key is K = (Ya)Xb mod q.
If both the values of K generated are equal, the Diffie-Hellman key exchange algorithm is
complete.
Now, apply the above algorithm to real-world values to understand how the process works.
Step 1: You choose a prime number q and select a primitive root of q as α. To be a primitive
root, it must satisfy the following criteria:
Step 2: You assume the private key for our sender as Xa where Xa < q. The public key can be
calculated as Ya = αxa mod q. So, the key pair for your sender becomes {Xa, Ya}.
Assume the private key for the receiver to be Xb where Xb < q. The public key for the
receiver is calculated as Yb = αxb mod q. For the receiver, the key pair becomes {Xb, Yb}.
Step 3: To generate the final secret key, you use three parameters. For the sender, you need
the private key (Xa), the receiver’s public key (Yb), and the original q. The formula to
calculate the key is K = (Yb)Xa mod q.
For the receiver, you need the private key (Ya), sender’s public key (Xb), and the original q.
The formula to calculate the secret key is K = (Ya)Xb mod q.
If both the values of K generated are equal, the Diffie-Hellman key exchange algorithm is
complete.
Now, apply the above algorithm to real-world values to understand how the process works.
Ans: Asymmetric
Before answering many of these questions it's important to define terms and reveal
assumptions. A denial-of-service (DoS) attack consumes one or more computing resources
(bandwidth, memory, CPU cycles, hard drive space or other information system
components). Sometimes DoS attacks are initiated by a single party, while others are so-
called distributed DoS or DDoS attacks.
DDoS attacks enlist more than one aggressor to assault a victim. The first popular DoS
attacks were clever resource consumption attacks against memory (e.g., the SYN floods of
the mid-1990s), but since the late 1990s DDoS attacks that consume bandwidth have been
prevalent. Less popular, but still damaging, are application-centric DoS attacks, whereby
regular activity (like retrieving a Web page) is repeated to the point that the victim's operation
is impaired.
What can Snort do about DDoS attacks? Snort's Vulnerability Research Team publishes a set
of rules named ddos.rules. This file contains a small set of signatures for detecting activity
caused by older DoS tools like Tribe Flood Network, Shaft, Trinoo and Stacheldraht.
Emerging Threats publishes bleeding-dos.rules, which contains a greater variety of rules.
However, the question remains: What good are rules like these?
When users or potential users ask if Snort protects against DoS attacks, they usually want to
know if Snort can deflect or mitigate bandwidth consumption attacks. The answer to this
question is probably no. When deployed as an offline, passive device, there is little or nothing
Snort can do to stop or reduce a bandwidth-consuming SYN flood, for example. Snort can
potentially report seeing many SYN segments, but it won't improve the situation. The rules
packaged in ddos.rules and bleeding-dos.rules are designed to either detect DoS agent
command-and-control or possibly identify certain types of attacks that subvert but do not
breach a target.
Let's assume that encrypted traffic means Secure Sockets Layer (SSL) or Transport Layer
Security (TLS) as used by HTTPS, or Secure Shell protocol 2 as used by OpenSSH.
The short answer is no, Snort cannot decode encrypted traffic. An intruder who attacks a Web
server in the clear on port 80 TCP might be detected by Snort. The same intruder who attacks
the same Web server in an encrypted channel on port 443 TCP will not be detected by Snort.
An intruder who displays the contents of a password file via a Telnet session on port 23 TCP
might be detected by Snort. The same intruder who displays the same password file via a
SSH session on port 22 TCP will not be detected by Snort.
Now, in some circumstances it's possible to decode HTTPS sessions. This is not done
natively by vanilla Snort -- it must be handled by an external program.
Generally speaking, a stand-alone Snort instance can inspect traffic in an encrypted channel if
the traffic is subjected to a man-in-the-middle (MITM) attack. In other words, traffic is
encrypted while traveling from the client to the MITM. Once the traffic reaches the MITM, it
is unencrypted while Snort inspects it. Then, traffic is re-encrypted before traveling from the
MITM to the server. (The reverse happens as well.) Such a setup must be intentionally
designed and implemented by the network and security architects and accepted by
management and users.
Generally speaking, Snort is a layer 3 and above detection system. This means Snort inspects
and acts upon IP packet details, like source and destination IP addresses, time to live (TTL),
Snort does contain an "arpspoof" preprocessor, but the code has always been marked
"experimental." I don't know of anyone who uses it in production. Most users who want to
detect layer 2 network events use layer 2-specific tools like Arpwatch.
4. Can Snort log flows or sessions?Snort can accomplish a goal best left to specialized tools.
Let's assume the question indicates a desire to log details of TCP sessions. Snort's Stream4
preprocessor does include a "keepstats" option that records session statistics for TCP flows.
An earlier version of Sguil relied on this data. Unfortunately, this capability is limited to TCP
traffic. All other protocols are ignored.Note that Stream4 is being deprecated in favor of
Stream5. Stream5 does not offer a "keepstats" function, although Stream5 does track UDP
"sessions" for Snort's own detection purposes.To log flows or sessions, use a stand-alone tool
like Argus. If you're already using Sguil, take a look at the Security Analyst Network
Connection Profiler (SANCP), which logs session details for many protocols. A third option
is to collect NetFlow or another flow format from a hardware probe, or less often, a software
probe.
5. Can Snort rebuild content from traffic?In order to perform its detection functions, Snort
rebuilds several types of content. For example, it's impossible to match the password
"hackerpassword" sent over Telnet without letting Snort rebuild the traffic. However, Snort is
not designed to watch traffic and rebuild everything it sees. A review of the
README.Stream5 document shipped with Snort 2.8.0 shows that the new preprocessor
offers a "show_rebuilt_packets" option that will "Print/display packet after rebuilt (for
debugging)." This option is off by default, but even if enabled it's not the sort of capability I
recommend activating in Snort.
People who wish to rebuild content typically want to parse Libpcap trace files to rebuild TCP
sessions. One of the best tools for this job is Tcpflow. Tcpflow can be run against a dead
trace or a live interface. If given no parameters, Tcpflow will rebuild all TCP sessions it sees,
putting the content from client to server in one file and the content from server to client in
another file. Tcpflow repeats this process for every single TCP session it finds