Monday, September 8, 2008

Good Networking Q and A.

* Q: What should happen upon receipt of a RST packet containing data?
* A: The host should accept it. It was suggested that a RST could contain ASCII text explaining the error, but no standard was ever established.
* Credit: Kris Katterjohn

* Q: What is the longest acceptable delay for an ACK?
* A: 0.5 seconds.
* Credit: Kris Katterjohn

* Q: An ICMP error message must include what data from the original erring datagram?
* A: The IP header and at least 8 bytes of payload.
* Credit: Kris Katterjohn

* Q: What is the major difference between Windows tracert and Van Jacobson-style UNIX traceroute?
* A: Windows tracert uses ICMP where Van Jacobson-style traceroute uses UDP.
* Credit: Chris Royle

* Q: Name three modern OS's that still use the mbuf structure, described in detail in TCP/IP Illustrated.
* A: FreeBSD, OpenBSD, NetBSD
* Credit: Sam Elstob

* Q: What is cheapernet?
* A: Coaxial cable with a diameter no longer suited to hit burglers with. The original ethernet cables were 1/2" in diameter and quite rigid.
* Credit: Jörn Engel

* Q: How many colours are in an 8-wire Cat5 cable?
* A: Four. The other four wires are colour/white striped.
* Credit: Jörn Engel

* Q: What are the four colours in Cat5 cables?
* A: Orange, Blue, Brown, Green
* Credit: Jörn Engel

* Q: How does a Windows machine react if ports above 1080 are blocked by a router?
* A: A regular user can surf for roughly 2min after booting, then has to reboot.
* Credit: Jörn Engel

* Q: What happens if a network card's transmit interrupts are blocked in Linux?
* A: Usually nothing. But on packet loss, retransmits can get delayed indefinitely.
* Credit: Jörn Engel

* Q: Who wrote the original Ping program?
* A: Mike Muuss
* Credit: Kris Katterjohn

* Q: What's the base UDP port number used in the original Traceroute program?
* A: 33434 (32768 + 666)
* Credit: Kris Katterjohn

* Q: What's the minimum value allowed for the Header Length field in a valid IPv4 header?
* A: 5 (5 * 4 = 20)
* Credit: Kris Katterjohn

* Q: Which RFC introduced the TCP Timestamps option?
* A: RFC 1323
* Credit: Kris Katterjohn

* Q: While computing the checksum of a TCP packet, what happens to the checksum?
* A: It's replaced (or filled) with zeros.
* Credit: Kris Katterjohn

* Q: What is the Ethernet type for the Banyan Vines protocol?
* A: 0BAD
* Credit: Marcel Kaszap

* Q: Name at least two colors of packet-dropping mechanism that are NOT an acronym or an abbreviation.
* A: BLUE, GREEN, PURPLE, WHITE (RED and BLACK are acronyms).
* Credit: Jonathan Day

* Q: What was PC-IP?
* A: The first implementation of TCP/IP on an IBM PC.
* Credit: Bhyrava Prasad

* Q: What semi-famous hacker tool uses port 31337?
* A: Back Orifice, from Cult of the Dead Cow.
* Credit: Ken D'Ambrosio

* Q: What two ICMP types should never be blocked?
* A: ICMP type 3, Destination Unreachable, especially code 4, "fragmentation needed but don't fragment bit set" (necessary for path MTU discovery) and ICMP type 11, time exceeded (so you can use traceroute from inside the network and get replies).
* Credit: Arjan van de Ven

* Q: What is the typical MTU for an RFC 1149 transmission?
* A: From RFC 1149, Carrier Pigeon Internet Protocol: "The MTU is variable, and paradoxically, generally increases with increased carrier age. A typicall MTU is 256 milligrams"
* Credit: Joe Nygard

* Q: What data link layer algorithm is described by an "algorhyme" in the original paper? Extra credit for reciting the first two lines.
* A: The spanning tree algorithm by Dr. Radia Perlman
* A: The first two lines are: I think that I shall never see / A graph more lovely than a tree.
* Credit: Christina Zeeh

* Q: What is the minimum length of an Ethernet packet, and why is there a minimum length?
* A: 64 bytes. It must be this long so that a collision can be detected.
* Credit: Ted T'so

* Q: What is the 'Stretch ACK violation' documented in RFC 2525?
* A: When using delayed ACKs, the receiver sends an ACK less frequently than every other sender's MSS causing potential performance degradation.
* Credit: Rob Braun

* Q: Name at least three official DNS resource record types.
* A: Any three of A, CNAME, HINFO, MX, NS, PTR, SOA, TXT, WKS, RT, NULL, AXFR, MAILB, MAILA, KX, KEY, SIG, NXT, PX, NSAP, NSAP-PTR, RP, AFSDB, RT, GPOS, DNAME, AAAA, SRV, LOC, EID, NIMLOC, ATMA, NAPTR, CERT, SINK, OPT, APL, TKEY, TSIG, IXFR, Deprecated: MB, MD, MF, Experimental: MINFO, MR, MG, X25
* Credit: Ulrich Durholz, Rob Braun

* Q: What is the maximum amount of data in a UDP packet over IPv6?
* A: 65487 bytes (65535 - 40 IPv6 header - 8 UDP header).
* Credit: Rob Braun

* Q: What is the minimum IPv6 datagram size that a host must be able to receive?
* A: 1280 bytes.
* Credit: Rob Braun

* Q: What is the IANA reserved Ethernet MAC address range for IP Multicast?
* A: 01:00:5e.
* Credit: Rob Braun, Michael Dupuis

* Q: Name one of the Ethernet patent (#4,063,220) holders.
* A: Robert Metcalfe, David Boggs, Charles Thacker, or Butler Lampson. (Metcalfe and Lampson are generally credited for the invention.)
* Credit: Rob Braun

* Q: What is the MAC address prefix for DECnet addresses?
* A: AA:00:04:00
* Credit: Rob Braun

* Q: Who wrote the original traceroute program?
* A: Van Jacobson
* Credit: Warren Postma

* Q: What feature of IP is central to most traceroute implementations?
* A: The TTL (Time To Live) field. Most traceroutes send packets with artificially small TTLs and use the ICMP Time Exceeded responses from intermediate hosts to trace the route to a host.
* Credit: Warren Postma

* Q: Why was traceroute originally implemented using UDP packets rather than ICMP echo requests?
* A: In 1988, many TCP/IP stacks didn't return ICMP Time Exceeded responses to ICMP packets, but would for UDP packets.
* Credit: Warren Postma

* Q: What is RED, Random Early Detection?
* A: A route queuing protocol used for congestion avoidance. Once it detects "incipient congestion," the router randomly discards packets based on average queue size.
* Credit: Ivar Alm

* Q: What application uses TCP port 666?
* A: Doom.
* Credit: Jim Wilson

* Q: What is "ships in the night" routing?
* A: When you run two or more routing protocols on the same router.
* Credit: Jim Wilson

* Q: What does CRC stand for?
* A: Cyclic Redundancy Check.
* Credit: Jim Wilson

* Q: What IP network is reserved for internal testing?
* A: Anything with a netid (first octet) of 127.
* Credit: Jim Wilson

* Q: What are class D networks used for?
* A: Multicasting.
* Credit: Jim Wilson

* Q: What is bootp an abbreviation for?
* A: Bootstrap protocol.
* Credit: Jim Wilson

* Q: What is a runt packet?
* A: A packet that is shorter than the minimum packet length as defined by the protocol it is using.
* Credit: Jim Wilson

* Q: As of RFC 1394, how many values can the TOS field in an IPv4 header have?
* A: 5 (4 bit wide field, only one may be set at a time, 0 is valid).
* Credit: Jim Wilson

* Q: What is the H.323 protocol used for?
* A: Video or teleconferencing ("Packet-based multimedia communications systems").
* Credit: Jim Wilson

* Q: What OSI model layer does IP most closely resemble?
* A: The network layer, layer 3.
* Credit: Jim Wilson

* Q: Why do IP packets have a TTL (Time To Live) field?
* A: To prevent a packet being retransmitted forever in the case of a routing loop.
* Credit: Jim Wilson

* Q: What experimental protocol might be able to fulfill RFC 1122's requirement of "SHOULD: able to leap tall buildings at a single bound?"
* A: CPIP, Carrier Pigeon Internet Protocol.
* Credit: Helge Haftig

* Q: What are the Dave Clark Five?
* A: RFCs 813 through 817.
* Credit: Telsa Gwynne

* Q: What was the first remotely operated non-computer appliance to be connected to the Internet?
* A: A toaster (controlled using SNMP).
* Credit: Richard Lightman

* Q: What is CPIP?
* A: Carrier Pigeon Internet Protocol (see RFC 1149).
* Credit: SL Baur

* Q: What common multicast group uses the address 224.0.1.1?
* A: NTP (Network Time Protocol).
* Credit: Nivedita Singhvi

* Q: What is the only field that is different between a regular ARP packet and a gratuitous ARP packet?
* A: The target IP.
* Credit: Nivedita Singhvi

* Q: What error is returned if a UDP datagram is received and has a checksum error?
* A: None. It is silently discarded.
* Credit: Nivedita Singhvi

* Q: What is the minimum IP datagram size that a host must be able to receive?
* A: 576 bytes.
* Credit: Nivedita Singhvi

* Q: When is the transmitted UDP checksum 0?
* A: When the sender did not compute it.
* Credit: Nivedita Singhvi

* Q: Which is the only field used twice in the UDP checksum calculation?
* A: UDP length.
* Credit: Nivedita Singhvi

* Q: Why is a pad byte of 0 occasionally appended for the UDP checksum calculation?
* A: Because the checksum algorithm requires an even number of bytes.
* Credit: Nivedita Singhvi

* Q: What are the 5 fields of a UDP pseudoheader?
* A: Source IP, destination IP, zero, protocol, UDP length.
* Credit: Nivedita Singhvi

* Q: Which parts of the packet does the UDP checksum cover?
* A: UDP pseudoheader, UDP header, UDP data.
* Credit: Nivedita Singhvi

* Q: Which parts of the packet does the IP checksum cover?
* A: The IP header.
* Credit: Nivedita Singhvi

* Q: What is the maximum amount of data in a UDP packet over IPv4?
* A: 65507 bytes (65535 - 20 IP header - 8 UDP header).
* Credit: Nivedita Singhvi

* Q: Who was the first individual member of the Internet Society?
* A: Jon Postel, narrowly beating Steve Wolff.
* Credit: Matthew Wilcox

* Q: Why hasn't RFC 1149 been ratified?
* Hint: RFC 1149 specifies an unusual encapsulation of IP.
* A: The Avian Transmission Protocol has only been implemented once so far : http://www.blug.linux.no/rfc1149/
* Credit: Matthew Wilcox

* Q: How many identical acks need to be received for fast retransmit to occur?
* A: 4 (3 duplicate + original).
* Credit: Nivedita Singhvi

* Q: Under what circumstances is the TCP checksum incorrect, on a well-formed, in-flight packet?
* A: When the packet is using the IP source routing option (the destination IP changes along the route, which is used to calculate the TCP checksum).
* Credit: Credit: Rusty Russell

* Q: How many bytes total are in a standard sized ICMP echo request packet?
* A: 84 bytes (56 data, 8 ICMP header, 20 IP header).
* Credit: Credit: Linda J. Laubenheimer

* Q: What does "IETF" stand for?
* A: Internet Engineering Task Force.
* Credit: Credit: Linda J. Laubenheimer

* Q: What does SLIP stand for?
* A: Serial Line Internet Protocol.
* Credit: Credit: Ben Sittler

* Q: What is the TCP retransmission ambiguity problem?
* A: An ACK arrives after a retransmit - was it sent in response to the initial transmit or the retransmit?
* Credit: Craig Latta

* Q: Name one way to solve the TCP retransmission ambiguity problem.
* A: Use the Eifel detection algorithm.
* A: Enable timestamps (which is what Eifel does).
* Credit: Craig Latta

* Q: When is an IGMP report timer cancelled?
* A: When the host receives an IGMP report for the same group (with a matching destination IP).
* A: When more than one host is a member of the same group on the same network.
* Credit: Craig Latta

* Q: How many bits are in an "A" type DNS resource record?
* A: 112, plus the owner name.
* Credit: Craig Latta

* Q: What is archived at www.kohala.com?
* A: Richard Stevens' website.
* Credit: Telsa Gwynne

* Q: What does the tcp_close_wait_interval configuration option really do in Solaris?
* A: Sets the duration of the TIME_WAIT state.
* Credit: Laurel Fan

* Q: What is the range of class B IP addresses?
* A: 128.0.0.0 through 191.255.255.255.
* Credit: Annie White

* Q: What is the significance in networking of the amateur radio callsign KA9Q?
* A: It's the callsign of Phil Karn, who worked on SLIP, congestion control and TCP over amateur radio.
* Credit: Alan Cox

* Q: Sally Floyd was heavily involved in the design of which TCP enhancement?
* A: ECN, see RFC 3042.
* Credit: Alan Cox

* Q: Who said: "The IETF already has more than enough RFCs that codify the obvious, make stupidity illegal, support truth, justice, and the IETF way, and generally demonstrate the author is a brilliant and valuable Contributor to The Standards Process"?
* A: Vernon Schryver, on the mailing list for the tcp-impl IETF working group.
* Credit: Alan Cox

* Q: What is the minimum MTU that allows any IP datagram to pass?
* A: 68 bytes.
* Credit: Alan Cox

* Q: What is a syncookie and who invented it?
* A: Syn cookies help avert synflood attacks by forcing all of the TCP state into the client, invented by Dan Bernstein.
* Credit: Alan Cox

* Q: Van Jacobson claimed that the TCP receive packet processing fast-path could be done in how many instructions?
* A: 30. (33 on Sparc, due to "compiler brain damage.")
* Credit: Alan Cox

* Q: What would happen if you implemented the TCP URG pointer according to the standard?
* Hint: RFC 1122 cleared up the confusion generated by RFC 793.
* A: You would lose the last byte of urgent data because the other host implements BSD-style urgent pointers, which point to the byte following the last byte of urgent data.
* Credit: Alan Cox

* Q: What is an LFN (spelled L-F-N, pronounced "elephant")?
* A: Long Fat Network, defined in RFC 1072.
* Credit: Alan Cox

* Q: Where was John Nagle working when he invented the "Nagle algorithm?"
* A: Ford Motor Company.
* Credit: Alan Cox

* Q: Who invented Tinygram Avoidance?
* A: John Nagle. (Tinygram Avoidance is also known as the "Nagle algorithm.")
* Credit: Alan Cox

* Q: What is the sub-group FHE within the IETF?
* A: Facial hairius extremis, spotted at IETF conferences and noted in RFC 2323, "IETF Identification and Security Guidelines."
* Credit: Alan Cox

* Q: Under what circumstances should you return error number 418: "I'm a teapot"?
* A: Any attempt to brew coffee with a teapot according to RFC 2324, "Hyper Text Coffee Pot Control Protocol."
* Credit: Alan Cox

* Q: Who found additional problems beyond those in RFC 1337, "TIME-WAIT Assassination Hazards in TCP" which have yet (as of Feb 2002) to be fixed?
* Hint: He died after publishing the initial draft.
* A: Ian Heavens
* Credit: Alan Cox

* Q: Private networks came from RFC 1597. Which later RFC claims this is a bad idea?
* A: RFC 1627, "Network 10 Considered Harmful."
* Credit: Alan Cox

* Q: What makes it very difficult for any network stack to claim "strict compliance" to RFC 1122?
* A: Its requirement of "SHOULD: able to leap tall buildings at a single bound."
* Credit: Telsa Gwynne

* Q: Who said "If you know what you are doing, three layers is enough; if you don't even seventeen levels won't help?"
* A: Mike Padlipsky (or MAP).
* Credit: Larry McVoy

* Q: Which OSI networking model layers do TCP and IP correspond to?
* A: They don't. (Any answer with any kind of equivocation should be accepted.)
* Credit: Danny Quist

* Q: Who invented NAT (Network Address Translation)?
* A: Paul Francis (but he credits Van Jacobson for the concept).
* Credit: Dimitar (Mitko) Haralanov

* Q: How many hosts should be on a network with a 255.255.255.192 subnet mask?
* A: 62 (64 - (broadcast address and network address))
* Credit: Ryan Snyder

* Q: How many bytes are in an IPv4 header without options?
* A: 20.
* Credit: Val Henson

* Q: Name one of the men described as "The Father of the Internet."
* A: Any of: Vinton Cerf (TCP/IP co-designer), Robert Kahn (TCP/IP co-designer), John Postel (started IANA), Al Gore (made encouraging noises)
* Credit: Val Henson

* Q: What does TCP/IP stand for?
* A: Transmission Control Protocol/Internet Protocol.
* Credit: Val Henson

* Q: How many layers are in the OSI networking model?
* A: 7.
* Credit: Val Henson

* Q: Name a network address designated for private network use.
* A: 10.0.0.0, 192.168.0.0, or 172.16.0.0
* Credit: Val Henson

* Q: Name two TCP header options.
* A: Any 2 of maximum segment size (MSS), window scale factor, timestamp, noop, SACK, and end of options list.
* Credit: Val Henson

* Q: What is the MSL as defined in RFC 793?
* A: 2 minutes (but is usually implemented as 30 seconds).
* Credit: Val Henson

* Q: Name two ways to exit the TIME_WAIT state.
* A: 2MSL timeout, TIME_WAIT assassination (receive a RST), or receive a SYN with greater sequence number. Note: TIME_WAIT assassination is not permitted by RFC 1337.
* Credit: Val Henson

* Q: What is the TCP state that can only be reached through a simultaneous close?
* A: CLOSING
* Credit: Val Henson

* Q: What year was the first IETF meeting held?
* A: 1986.
* Credit: Val Henson

* Q: Name all 7 layers of the OSI network model.
* A: Physical, Data Link, Network, Transport, Session, Presentation, and Application.
* Credit: Val Henson

* Q: Why are many network services assigned odd ports?
* A: The precursor to TCP and UDP was NCP, which was simplex and required 2 ports for one connection. When duplex protocols arrived, the even port numbers were abandoned.
* Credit: Val Henson

* Q: Which two of these three protocols are the most similar: IPv4, IPv6, or CLNP?
* A: IPv4 and CLNP. (CLNP stands for ConnectionLess Network Protocol, and is basically IPv4 with larger addresses.)
* Credit: Val Henson

* Q: In TCP, simultaneous open is a transition between which two TCP states?
* A: From SYN_SENT to SYN_RCVD.
* Credit: Val Henson

* Q: What is the ICMP type field for an Echo Request?
* A: 8.
* Credit: Val Henson

* Q: What is the ICMP type field for an Echo Reply?
* A: 0.
* Credit: Val Henson

* Q: What is the maximum number of IP addresses recordable by the IP Record Route option?
* A: 9.
* Credit: Val Henson

* Q: If one end of a TCP connection crashes, and the other end doesn't attempt to send any data, is the resultant TCP connection half-open or half-closed from the point of view of the host that's still up?
* A: Half-open.
* Credit: Val Henson

* Q: In a Christmas tree packet, which TCP flag bits are turned on?
* A: SYN, URG, PSH, and FIN (all of them).
* Credit: Val Henson

* Q: TCP was defined in which RFC?
* A: RFC 793, "Transmission Control Protocol."
* Credit: Val Henson

* Q: What is silly window syndrome?
* A: In TCP, when the receiving end continually advertises a tiny window, resulting in data being sent in very small packets.
* Credit: Val Henson

* Q: If the remote host of a TCP connection does not advertise an MSS, what is the assumed MSS?
* A: 536 bytes over IPv4, 1220 over IPv6, although most implementations default to 512 and 1024 respectively.
* Credit: Val Henson

* Q: How is the initial path MTU of a TCP connection calculated?
* A: min (outgoing interface MTU, remote advertised MSS)
* Credit: Val Henson

* Q: Why was the "AAAA" DNS resource record type created?
* A: For IPv6 addresses.
* Credit: Val Henson

* Q: What is the maximum amount of data allowed in an IPv4 packet?
* A: 65515 bytes (65535 - 20, max total length minus 20 bytes of header)
* Credit: Val Henson

* Q: What was the default send and receive buffer size in 4.3BSD?
* A: 2048 bytes.
* Credit: Val Henson

* Q: In TCP, when is the sender limited by the congestion window?
* A: When using the slow start algorithm, after packet loss has occurred.
* Credit: Val Henson

* Q: In most implementations of TCP, what byte does the urgent pointer point to?
* A: The byte following the last byte of urgent data.
* Credit: Val Henson

* Q: What service runs on port 6667?
* A: Internet Relay Chat (IRC)
* Credit: Val Henson

* Q: Name three methods or algorithms related to congestion control in TCP.
* A: Congestion window, Vegas, Reno, NewReno, SACK, DSACK, FACK, Eifel algorithm, ECN, RTO
* Credit: Val Henson

* Q: The ECN field uses which bits in the byte that contains the IPv4 TOS field?
* A: Bits 6 and 7.
* Credit: Val Henson

* Q: What's wrong with the standard way of estimating RTO (Retransmission TimeOut)?
* A: It places too much weight on the variance of round trip times.
* Credit: Val Henson

* Q: What is the minimum data payload in a ping of death?
* A: 65508 bytes (65536 - 20 IP header - 8 ICMP header)
* Credit: Val Henson

* Q: What's the MTU of HiPPI (High Performance Parallel Interface)?
* A: 65280 bytes
* Credit: Val Henson

* Q: How large is an entire AAL/5 encapsulated ATM cell?
* A: 53 bytes (48 data + 5 header)
* Credit: Val Henson

* Q: Distance vector and link state are two types of what kind of protocol?
* A: Routing protocols
* Credit: Val Henson

* Q: The IPv4 fields formerly known as TOS (Type Of Service) and precedence are now called what?
* A: The DS (Differentiated Services) and ECN (Explicit Congestion Notification) fields.
* Credit: Val Henson

* Q: Why do most traceroute implementations NOT use the IP Record Route option to find intermediate hosts?
* A: The IP Record Route option can only record 9 intermediate hosts, which is too few for many routes in the modern Internet.
* Credit: Val Henson

* Q: Which spelling is correct, Van Jacobson or Van Jacobsen?
* A: Van Jacobson.
* Credit: Val Henson

* Q: Who invented the spanning tree algorithm?
* A: Dr. Radia Perlman
* Credit: Val Henson