Table of contents
Multiple choice questions:
High frequency: 25 times Exterior Gateway Protocol BGP
1.BGP is the Border Gateway Protocol , which is an external rather than an internal gateway protocol (a protocol used between routers in different autonomous systems). "
2. A BGP speaker uses TCP (not UDP) to exchange routing information with BGP speakers of other autonomous systems·"
3. The number of nodes that the BGP protocol uses to exchange routing information is based on the number of autonomous systems.
The number of nodes that BGP uses to exchange routing information is not less than the number of autonomous systems. "
4. BGP uses routing vector protocol , while RIP uses distance vector protocol. "
5. The BGP spokesperson notifies neighboring systems through update rather than notification packets. When using packets to update routes, only one route can be added to a message.
6. The open group is used to establish a relationship with another adjacent BGP speaker. The two BGP speakers need to periodically (not irregularly) exchange keepalive packets to confirm the adjacent relationship between the two parties. "
7. The four packets used in the execution of the BGP routing protocol are open, update , keepalive, and notification packets .
IF 12 times IPS (Intrusion Prevention System)
I. Intrusion prevention system (IPS) integrates firewall technology and intrusion detection technology, works in In-Line mode , and has sniffing function.
2. IPS is mainly divided into host-based IPS (HIPS), network-based IPS (NIPS) and application IPS (AIPS).
3. HIPS is deployed in a protected host system and can monitor kernel system calls and block attacks .
4. NIPS is deployed at the network exit and is generally connected in series with the firewall and
Between routers (connected in series on protected links). False positives (not false negatives) of attacks by NIPS can cause legitimate communications to be blocked.
5. AIPS is typically deployed in front of a protected application server
High frequency 21 OSPF protocol
1. OSPF is a type of interior gateway protocol that uses the shortest path algorithm and uses a distributed link state protocol .
2. For large-scale networks, OSPF divides areas to improve the convergence speed of routing updates. Each area has a 32 -bit area identifier, and there are no more than 200 routers in the area.
3. The link state database of each router in an OSPF area contains the topology information of the area (not the entire network) and does not know the network topology of other areas.
4. Link status "measurements" mainly refer to cost, distance, delay, bandwidth, etc., without paths.
5. When the link status changes, use the flooding method to send this information to all (not adjacent) routers.
6. The link state database stores the topology structure diagram of the entire network , not a complete routing table, nor does it only store the data of the next-hop router.
7. To ensure that the link status database is consistent, OSPF refreshes the link status in the database at regular intervals (uncertain).
High frequency 20 times elastic grouping ring-RPR technology
1.RPR uses a double-ring structure like FDDI .
2. Each node in the RPR ring executes the SRP fair algorithm (not DPT, MPLS).
3. In a traditional FDDI ring, after a data frame is successfully sent to the destination node, the data frame is recovered from the ring by the source node . But in RPRJ8, this data frame is recovered from the ring by the destination node .
4. The RPR ring limits data frames to be transmitted only on the fiber segment between the source node and the destination node.
5. RPR adopts the self-healing ring design concept, which can isolate fault nodes and fiber segments within 50ms (not 30ms), providing SDH-level fast protection and recovery. "
6.RPR can assign different priorities to different business data and is a transmission technology used to efficiently transmit IP packets directly on optical fibers.
7. The maximum length of bare fiber between two RPR nodes can be up to 100 kilometers . "
8. Both the outer ring (clockwise) and the inner ring (counterclockwise) of RPR can transmit packets and control packets using statistical multiplexing (not frequency division multiplexing).
High frequency 21 times hub
1. Working at the physical layer , all nodes connected to a hub share/belong to (not independent) a collision domain
- Only one node can send data at a time, while other nodes are in the state of receiving data (multiple nodes can receive data frames at the same time). When a node connected to the hub sends data, the node will perform CSMA/ CD ( not CA) media access control method.
3. Connect a hub in series to the network link to monitor the data packets in this path. "
4. The hub does not complete data forwarding based on MAC address/network card address/IP address (based on MAC address is a bridge or switch, etc.), but the source node uses a pair of sending lines to broadcast the data through the bus inside the hub · "
5. The hub uses twisted pair cable to connect to the workstation.
6. A device that can use Sniffer to capture all communication traffic of different ports belonging to the same VLAN on one port of a network device is a hub.
Network attacks
1. SYN Flooding attack : Using an invalid IP address and utilizing the three-way handshake process of the TCP connection, the victim host is in a request to open the session until the connection times out. During this period, the victim host will continue to accept such session requests.
request, and eventually stops responding due to exhaustion of resources.
2. DDos attack : Using multiple compromised systems to send a large number of requests to attack other targets, the victim device will deny service because it cannot handle it.
3. SQL injection attack: It exploits system vulnerabilities and is difficult to block by network-based intrusion prevention systems and host-based intrusion prevention systems. Firewalls (network-based protection systems) cannot block this attack.
4. Land attack: Send a data packet to a certain device, and set the source IP address and destination address of the data packet to the address of the attack target.
5. Protocol spoofing attack: An attack that steals privileges by forging the IP address of a host. There are the following types: (1) IP spoofing attack. (2) ARP spoofing attack. (3) DNS spoofing attack. (4) Source routing spoofing attack.
6. DNS spoofing attack : The attacker uses some kind of deception to cause the user to obtain a wrong IP address when querying the server for domain name resolution, which can lead the user to the wrong Internet site.
7. IP spoofing attack : A technique that forges the IP address of a host to gain privileges and then carry out attacks.
8. Cookie tampering attack : illegal access to the target site can be achieved by tampering with cookies, which cannot be blocked by network-based intrusion prevention systems.
9. Smurf attack: The attacker pretends to be the IP address of the victim host and sends a directed broadcast packet of echo request to a large network. Many hosts in this network respond, and the victim host will receive an older echo reply message. Network-based intrusion prevention systems can block Smurf attacks.
10. Network-based protection systems cannot block Cookie tampering, DNS spoofing, and SQL injection.
11. Cross-site scripting attacks and SQL injection attacks are difficult to block for network-based intrusion prevention systems and host-based intrusion prevention systems .
router technology
I. The packet forwarding capability of the router is related to the number of ports, port speed, packet length and packet type. (no port type)
2. High-performance routers generally adopt a switchable structure, while traditional core routers adopt a co-backplane structure.
3. Packet loss rate is one of the performance indicators that measures the performance of a router when it is overloaded. (routing table capacity is not)
4. Throughput refers to the packet forwarding capability of the router, including port throughput and overall machine throughput. Backplane capabilities determine router throughput. (It is not the throughput that determines the backplane capabilities of the router)
5. Traditional routers generally adopt a shared backplane structure, while high-performance routers generally adopt a switched structure.
6. Burst processing capability is measured by the maximum sending rate at which data packets can be sent at the minimum frame interval without causing loss, not just by the minimum frame interval value.
7. Voice and video services have higher requirements on delay and jitter .
8. The service quality of the router is mainly reflected in the queue management mechanism, port hardware queue management and supported Qos protocol types. (Not packet forwarding efficiency)
9. The router determines the packet forwarding path through the routing table.
10. The router’s queue management mechanism refers to the router’s queue scheduling algorithm and congestion management mechanism.
Broadband metropolitan area network technology
1. The technologies required for broadband metropolitan area network to ensure service quality QoS requirements include: resource reservation (RSVP) , differentiated services (DiffServ) and multi-protocol label switching (MPLS) . Network service quality is reflected in delay, jitter, throughput and packet loss rate.
2. Broadband metropolitan area network is based on TCP/IP routing protocol. It can provide users with bandwidth guarantee and realize traffic engineering.
3. NAT technology can be used to solve the problem of insufficient IP address resources.
4. Using traditional telecommunications networks for network management is called " in-band ", while using IP networks and protocols for network management is called " out-of-band ". Out-of-band management is adopted for devices at the aggregation layer and above, while in-band management is adopted for devices below the aggregation layer.
5. Broadband metropolitan area network out-of-band network management refers to establishing a network management system using the network management protocol SNMP .
6.Network services include Internet access services, content provision services, video and multimedia services, data dedicated line services, voice services, etc.
7. Designing a broadband metropolitan area network will involve "three platforms and one outlet", namely network platform, business platform, management platform and urban broadband outlet
8. Basic functions of the core switching layer :
(1) The core switching layer connects multiple aggregation layers , provides high-speed packet forwarding for the aggregation layer network, and provides a high-speed, safe and QoS-guaranteed data transmission environment for the entire city.
(2) The core switching layer realizes interconnection with the backbone network and provides the city's broadband IP outlet.
(3) The core switching layer provides the routing access required by broadband metropolitan area network users to access the Internet.
9. The basic functions of the aggregation layer are: aggregating user traffic at the access layer , aggregating, forwarding and exchanging data packet transmission;
(1) Based on user traffic at the access layer, perform local routing, filtering, traffic balancing, Qos priority management, security control, IP address conversion, traffic routing, etc.
(2) According to the processing results, the user traffic is forwarded to the core switching layer or routed locally.
High frequency 26 times access technology
1. The relay distance of the optical fiber transmission system can reach more than 100km .
2. CabIe Modom (cable modem) uses the frequency division multiplexing (FDM) method to divide the channel into an uplink channel and a downlink channel to connect the user's computer to the cable TV coaxial cable. The transmission rate of cab1eModem can reach 10 ~ 36Mbps
3. ASDL uses a pair of copper twisted pairs and has asymmetric technical characteristics.
4. Broadband access technologies mainly include: digital subscriber line xDSL technology, fiber optic coaxial cable hybrid network HFC technology, fiber optic access technology, wireless access technology and LAN access technology. (without SDH)
5. Wireless access technologies mainly include: WLAN, WiMAX, WiFi, WMAN and Ad hoc, etc.
6.APON, DWDM, and EPON are optical fiber access technologies .
7 The three networks in " triple network integration " refer to computer networks, telecommunications networks and radio and television networks.
8. The HFC access method adopts a shared transmission method. The more users there are on the HFC network,
9. A wireless network established in accordance with the IEEE 802.16 standard uses full-duplex and broadband communication between base stations .
10. It is 802.11a and 802.11g that increase the transmission speed to 54Mbps, and 802.11b increases the transmission speed to 11Mbps
11. The long-distance wireless broadband access network adopts the 802.16 standard . The IEEE 802.15 standard specializes in WPAN (Wireless Personal Area Network) standardization work and is a standard suitable for short -range wireless communications.
Bluetooth
1. The working frequency band is in the ISM frequency band of 2.402GHz~2.480GHz
2. Synchronous channel rate is 64kbps.
3. The frequency hopping rate is 1600 times/second, and the number of frequency points is 79 frequency points/MHz.
4. The asymmetric asynchronous channel rate is 723.2kbps/57.6kbps, and the symmetric asynchronous channel rate is 433,9kbps (full duplex).
5. When the transmit power is 0dBm (1mW), it covers 1~10 meters, and when it is 20dBm (100mW), it covers 100 meters.
6.The channel spacing is 1MHz.
7.The nominal data rate is 1Mbps.
8. The voice coding method is CVSD or logarithmic PCM.
Required exam 34 times Wiring
1. Twisted pairs can avoid electromagnetic interference.
2. Recessed sockets are used to connect twisted pairs. (Not connected to the floor distribution frame)
3. Multi-media sockets are used to connect copper cables and optical fibers (write other mistakes) to meet users' needs for "fiber to the desktop".
4. The building complex subsystem can be any combination of multiple wiring methods ("generally connected with twisted pairs" is wrong). For building complex subsystems, in-pipe wiring (underground pipe wiring) is the most ideal way, and direct buried wiring is the most unfavorable way.
5 . STP is more costly and complex than UTP, but has strong anti-interference ability and low radiation.
6. When used as a horizontal cabling system cable, the UTP cable length should usually be within 90 meters.
7. The management subsystem is set up in the floor wiring room and provides a means to connect with other subsystems.
8. For high-speed terminals, fiber optics can be used directly to the desktop.
9. An adapter is a digital-to-analog conversion or data rate conversion device used to connect different signals.
10. Among the laying methods used in the wiring subsystem of the building complex, the most beneficial method for cable protection is underground pipe wiring (wiring within the pipe), the better is tunnel wiring , and the most unfavorable is direct buried wiring .
11.ISO/IEC 18011 is not a standard for integrated cabling systems.
12. Integrated cabling changes cable routing by changing, adding, exchanging, and extending cables in the management subsystem.
13. Trunk cable laying often adopts two methods: point-to-point combination and branch combination.
| ITU standards |
Transmission efficiency |
| OC-3 |
155.52Mbps |
| OC-12 |
622.08Mbps |
| Availability |
Downtime (years) |
| 99.9% |
<=8.8 hours |
| 99.99% |
<=53 minutes |
| 99.999% |
<=5 minutes |
ICMP 13: timestamp request
ICMP is 11: timeout (TCL is reduced to 0, ICMP is also timeout)
ICMP 5: Redirect
ICMP is 3: The target is unreachable
RSA algorithm: 2N
RC4 algorithm: N*(N-1)
Calculate switch bandwidth:
Total switch bandwidth = number of ports X port rate X 2
| Compare |
From big (fast) to small (slow) |
||
| space usage |
full backup |
differential backup |
incremental backup |
| Backup speed |
incremental backup |
differential backup |
full backup |
| recovery speed |
full backup |
differential backup |
incremental backup |
Update routing table: updated = min (sent + 1, original)
IP table
Type one
The restricted broadcast address is 255.255.255.255 (fixed)
For example: IP: 125.175.20.7
Subnet mask: 255.224.0.0
Request: Address category: Class A
Look at the first number of the IP address
Class A 1-127 Class B 128-191 Class C 192-223
Network address: 125.160.0.0
Convert IP and subnet mask into binary form respectively
If the subnet mask is preceded by consecutive 1s or followed by consecutive 0s, how many consecutive 0s are in front of it indicates how many network bits there are, and what follows is the host bit (network bit + host bit = 32)
The network bit of the ip binary remains unchanged, the host bit becomes 0, and is converted to decimal to obtain the network address.
Direct broadcast address: 125.191.255.255
The network bit of the ip binary remains unchanged, the host bit changes to 1, and is converted to decimal, which is the direct broadcast address.
Host number: 0.15.20.7
The network bit of the ip binary becomes 0, the host bit remains unchanged, and is converted to decimal to obtain the host number.
First (available) address: 125.160.0.1
Network address plus 1
Last available IP address: 125.191.255.254
Decrease the direct broadcast address by 1
Type two:
Host number: 0.23.23.59
The last available IP address in the subnet: 60.159.255.254
Request: direct broadcast address: 60.159.255.255
Add 1 to the last available IP address
IP address: 62.151.23.59
Write the direct broadcast address and host number in binary respectively.
direct broadcast address
00111100 10011111 11111111 11111111
host number
00000000 00010111 00010111 00111011
then ip
00111100 10010111 00010111 00111011
Just change it to decimal
Subnet mask: 255.224.0.0
IP consists of 11-bit direct broadcast address and 21-bit host number, then the network bit is 11 bits, the host bit is 21 bits, and the subnet mask is 11 1s and 21 0s
DHCP message
Test point one:
Source IP address→Destination address (Request)
(0.0.0.0) DHCP discover (255.255.255.255)
↓
Destination address ← Source IP address (Reply)
(255.255.255.255) DHCP offer (server address)
↓
Source IP address→Destination address (Request)
(0.0.0.0) DHCP request (255.255.255.255)
↓
Destination address ← Source IP address (Reply)
(255.255.255.255) DHCP ack (server address)
Test point 2: DHCP executes ipconfig/all to obtain parameter information
Ethemet adapter local connection:
Connection-specific DNS Suffix:
Description~~~~~ (D network card description)
Physical Address /Client hardware address~~~~ (PA physical address MAC/hardware address)
Dhcp Enable~~~~~ (Whether DE allows DHCP dynamic allocation)
IP Address~~~~~ (ip address)
Subnet musk~~~~~ (subnet mask)
Default Gateway~~~~~ (default gateway)
DHCP Server~~~~~ (dhcp service address)
DNS Server~~~~~ (dns service address)
Lease Obtained~~~~~ (LO lease time starts)
Lease Expires~~~~~ (LE lease time ends)
Test point three: Renew/execute ipconfig renew
1. Source IP address → destination address (Request)
Client address DHCP request Server address
2. Destination address ← source ip address (Reply)
Client address DHCP ack server address
Test point 4: Execute ipconfig relaese and ipconfig renew in sequence
1, source ip address → destination address
Client address DHCP release server address
2. Source IP address → destination address
(0.0.0.0) DHCP discover (255.255.255.255)
3. Destination address ← source ip address
(255.255.255.255) DHCP offer (server address)
4. Source IP address → destination address
(0.0.0.0) DHCP request (255.255.255.255)
5, destination address ← source ip address
(255.255.255.255) DHCP ack (server address)
Professional English:
Client client message Type information type
Server service ip-address client
Address address DHCP Server server
Destianation destination Client self-assigned address current client address
Source source
Release
Hardware address length=6 bytes
Campus Network
1.ip route router in campus network
ip route 0.0.0.0 0.0.0.0 next hop router address
Router outside campus network
ip route campus network ip address campus network subnet mask next hop router address
2,crc
crc 32 (give 16 and fill in 16)
3. bandwidth bandwidth (kps)
1Gps=1000MBps=1000000Kps
4,ip address
ip address The ip address of this router The subnet mask of this router
5,pos framing
pos framing sdh/sonet
6,pos flag
pos flag s1s0 0(sonet) \ s1s0 2(sdh)
7,lease
Days Hours Minutes For example: five minutes and thirty seconds 0 5 30
8,network area
network campus network IP address campus network anti-subnet mask (the anti-subnet mask is the subnet mask from 0 to 1 and 1 to 0) area 0
area 0 range campus network ip address campus network subnet mask
9,route ospf
route ospf process number (usually 63)
Configuration of router "DHCP" server:
Configure the name of the IP address pool—enter the DHCP pool configuration mode—configure the subnet address and subnet mask of the IP address pool, the default gateway, the domain name and the IP address of the domain name server, the lease time of the IP address, and cancel the address conflict record log and other parameters .
Configure IP statements that are not used for dynamic allocation: ip dhcp excluded-address low address high address
Configure the ip address pool name: ip dhcp pool address pool name
Configure the default gateway: default-router default gateway
Configure DNS: dns-server address DNS address or domain-name domain name
vlan
switch-6500>enable
Line 5/2 130 first to open
5/8 122 The second one opens
3/8 on dot1q
3/8 vlan 130,222 (and use, to use -)
Sinffer capture packet
Test Point 1 DNS Domain Name Interpreter
For example, domain name: www.carnet.edu.cn (usually after name)
Website: www.edu.cn
C: Host→Server
(S→D)
R: server → host
(D→S)
Test point 2: Three-way handshake in TCP connection process
C client S server
Seq=x →
← seq=y,ack=x+1
Seq=x+1,ack=y+1 →
N handshakes, then after N consecutive TCPs, the next one is the handshake completion mark.
Test Point 3 FTP Command
Test Point 4 URL Command
Observe the Destination port and Source port
The port is 21 (FTP-ctrl), then the URL is ftp://domain name
The port is 80 (Http), then the URL is http://domain name
The port is 443 (Https), then the URL is https://domain name
Test point 5: Host execution command
ftp appears, the command is ftp domain name
Time-to-live and Echo appear, the command is tracert domain name
Echo(ping) and Echo reply appear, the command is ping domain name
Test point six host IP/DNS server IP is
Find the number of lines starting with DNS in the summary
The Source Address of the line starting with DNS C is the host IP
The Source Address in the line starting with DNS R is the server IP
In DNS, C requests, R replies
What is the protocol for test point 7?
Protocol=1 (ICMP)
Protocol=6 (TCP)
Protocol=17 (UDP)
What is the test point eight TYpe?
Type=0 (Echo-reply)
Type=8 (Echo)
Type=11 (Time Exceeded)
Test Point 9: The length of the network number
Test Point 10: What server is the host and what port does it provide?
TP-----21
DNS---53
DHCP---67
HTTP-----80
HTTPS-------443
Test point 11 Sniffer capture analysis
To play back captured packets, use Sniffer's built-in: packet generator
Display all captured data white, using Sniffer built-in: DNS domain name resolution
Test point 12: Execute Tract command (TTL, ICMP)
After completing the DNS resolution
IP address → domain name
Test point thirteen Destination
Destination address: IP address domain name corresponding to the host
What are the functions of test point 14?
routing
Test point 15: What is the function of the host computer?
The host function is DNS, and the default port for providing services is 53
Gateway configured in test point 16
Usually the first address on the next line
The window opened by test point 17
If you use Sniffer to count the distribution of various applications in network traffic, the window that should be opened is
Protocol Distribution
Test point 18: What is the port of the visited website?
Source port 8080
Test site Nineteen Rainbow (ping) to find the MAC address
Dst: in the first bracket after
Application questions
12 points fill in the blanks
The three addresses are special, everything else is the same
Solution: Write its binary form, remove the different digits, and then convert the others to decimal. The 32-bit subnet mask minus the different digits is the correct subnet mask number.
6 points calculation questions
solution:
68 is empty: 55 2ⁿ-2≥55 32-n 32-6=26, then it is 26 69 is empty: 25 2ⁿ-2≥25 32-n 32-5=27, then it is 27 70 is empty: 25 2ⁿ-2≥25 32 -n 32-5=27 is 27
71 Sky: 2ⁿ=64 128 ......128+63=191 (min+1 max-1) 129......190
72 sky: 2ⁿ=32 192......192+31=223 (min+1 max-1) 193......222
73 empty: 2ⁿ=32 224........224+31=255 (min+1 max-1) 225.....254
Fixed fill-in-the-blank questions:
Monitor...all traffic device named TAP
Malicious packets, the system alerts and blocks the attack device called IPS (Intrusion Prevention System)
Deployment port, see the third picture
The detection transmission command is tracert
If the firewall FW in the picture is Cisco PIX525:
And some internal networks need to access the external network. The two configuration commands that need to be used are nat and global.
If the FTP server on the internal network is allowed to provide services to the external network, the configuration command that needs to be used is fixup protocol ftp
If you need to configure a public IP address for a server on the intranet, the configuration command used is static.
Finally, the maximum number of routers can be connected: find the aggregated host position, then 2 host positions - 2 networks, and then subtract 3 to get it.
For example, if the host bit is 4, then 2 raised to the fourth power is 16, 16-2 network bits, then -3, which is 11, so there are at most 11 routers.