windows network basics

8/8/2019 Windows Network Basics

http://slidepdf.com/reader/full/windows-network-basics 1/42

User(s) are complaining of delays when using the network. Whatwould you do? There are lots of concerns that cause network delays, TheAdministrator / Network Engineer must check the following simple tasksbefore he / she proceed.

Get the user(s) to demonstrate the problem.

Determine how many other users are affected. Ensure desktop hardware and configuration is OK. Trace all connections (they may be on another subnet). Commence some monitoring or diagnostics. Determine problem (if there is one). Check for the virus / spyware activity. If everything seems OK, then try to restart the router / switch, same

time try to restart the system.

Name some of the ways of combining TCP/IP traffic and SNA traffic

over the same link. DLSw (Data Link Switching)(aka RFC1434) RFC1490 (frame relay carrier) Serial Tunneling (STUN) BAN or BNN (Boundary Access Node, Boundary Network Node)

What sort of cabling is suitable for Fast Ethernet protocols? CAT5 CAT6 CAT7

What is a Class D IP address? Class D IP Address is used in Internet Protocol version 4 (IPv4), Class D IPaddress beginning with a binary 1110. Class D addresses are reserved formulticast applications only.

ClassLeadingbitts

Start IP End IPDefaultSNM

Class

D

1110224.0.0

.0

239.255.255.

255

NA

Bit-wise representationClass D224. 0. 0. 0 = 11100000.00000000.00000000.00000000239.255.255.255 = 11101111.11111111.11111111.11111111

1110XXXX.XXXXXXXX.XXXXXXXX.XXXXXXXX

What is Firewall?



A firewall is a secure and trusted machine that sits between a privatenetwork and a public network. The firewall machine is configured with a setof rules that determine which network traffic will be allowed to pass andwhich will be blocked or refused. In some large organizations, you may evenfind a firewall located inside their corporate network to segregate sensitive

areas of the organization from other employees. Many cases of computercrime occur from within an organization, not just from outside.

How do I monitor the activity of sockets? You can use Microsoft’s packet monitor software here for network activityevents, or Microsoft's NetMon. If you want to use some free 3rd partysoftware’s like; nirsofts Socket Sniffer small but yet powerful and free...

What are RAW sockets?A Raw Sockets or R-Sockets are a socket that allows access to packetheaders on incoming and outgoing packets. Raw sockets always receive the

packets with the packet header included.

What is the role of TCP protocol and IP protocol? The role of TCP is to the data form one machine to another machine innetwork and the role of IP is to identify the machine in the network.

What is UDP?User Datagram Protocol or UDP is part of the Internet Protocol suite, usingwhich, programs running on different computers on a network can send shortmessages known as Datagram’s to one another. UDP can be used in

networks where TCP is traditionally used, but unlike TCP, it does notguarantee reliability or the right sequencing of data. Datagram’s may gomissing without notice, or arrive in a different order from the one in whichthey were sent.

Name Layers in TCP/IP?Link LayerInternet Layer Transport LayerApplication Layer

how can I be sure that a UDP message is received?UDP stands for: User Datagram Protocol is connectionless and unreliable.It’s also called connectionless Protocol. The packets sent using UDP can gomissing without senders information, but It is very fast compared to othermethods, which is why it is used, there is no acknowledgement sent back tothe source to let it know everything arrived ok.

How to get IP header of a UDP message?

http://www.microsoft.com/downloads/details.aspx?FamilyID=f4db40af-1e08-4a21-a26b-ec2f4dc4190d&DisplayLang=en

http://www.microsoft.com/downloads/details.aspx?FamilyID=f4db40af-1e08-4a21-a26b-ec2f4dc4190d&DisplayLang=en



How many bytes in an IPX network address?An IPX address uses 80 bits, or 10 bytes, of data. The first four bytes showthe network address, and the last six bytes always represent the nodeaddress, which is the MAC address. An example is

00007C80.0000.8609.33E9. The first eight hex digits (00007C80) representthe network portion of the address.What is the difference between MUTEX and Semaphore? The Difference is, MUTEX will only let its owner an access, While Semaphorecan allow number of "UNKNOWN" Access.

What is priority inversion?Priority inversion is a situation where in lower priority tasks will run blockinghigher priority tasks waiting for resource.

What is DHCP?

Dynamic Host Configuration Protocol (DHCP) is a network protocol thatenables a server to automatically assign an IP address to a computer from adefined range of numbers configured for a given network.

Name some routing protocols

• RIP(ROUTING INFORMATION PROTOCOL)• IGRP( INTERIOR GATEWAY ROUTING PROTOCOL)• EIGRP(ENHANCED INTERIOR GATEWAY ROUTING PROTOCOL)• OSPF (OPEN SHORTEST PATH FIRST)• BGP( BORDER GATEWAY PROTOCOL)

Explain Kerberos Protocol? Kerberos is an authentication protocol that has become very popular .threeserver is involved in the Kerberos protocol.

• Authentication server (AS)• Ticket granting Server (TGS)• Real server

Difference between Discretionary Access Control (DAC) andMandatory Access Control (MAC)?

DAC is used by itself according to it is access and controlled whilemass it has to be compulsory give the access control.MAC is designed and enforced in the initial stages and cannot bechanged by entity; from a laymen angle: OS writing to BIOS is notallowed.DAC is designed in such a way that access shall be granted based onthe discretion; ex. database table access.



Explain how traceroute, ping, and tcpdump work and what they areused for?Traceroute, ping, and tcpdump test the connectivity of the destination inquestion by sending ICMP packets and checking the response (TTL) which isthe routers encountered in the path. They are used to check the connectivity

and the distance to the destination.

Describe what a VPN is and how it works?VPN Virtual Private Network, A service which provides secure networkconnectivity between two remote locations over a insecure network(internet/ISP).

How do you display a routing table? The function and syntax of the Windows ROUTE command is similar to theUNIX or Linux route command. Use the command to manually configure theroutes in the routing table.

C:\Documents and Settings\Administrator>route print===========================================================================Interface List0x1 ........................... MS TCP Loopback interface0x1000003 ...00 19 d1 67 d2 f3 ...... Intel(R) PRO/100 VE NetworkConnection (Microsoft's Packet Scheduler)=========================================================================================================================

=============================Active Routes:Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.69 1127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1

192.168.1.0 255.255.255.0 192.168.1.69 192.168.1.69 1192.168.1.69 255.255.255.255 127.0.0.1 127.0.0.1 1192.168.1.255 255.255.255.255 192.168.1.69 192.168.1.69 1

224.0.0.0 224.0.0.0 192.168.1.69 192.168.1.69 1255.255.255.255 255.255.255.255 192.168.1.69 192.168.1.69 1

Default Gateway: 192.168.1.1

===========================================================================Persistent Routes:

None What is a route flap?In computer networking and telecommunications, route flapping occurs whena router alternately advertises a destination network via one route then



another (or as unavailable, and then available again) in quick sequence. Aclosely related term is interface flapping where an interface on a router has ahardware failure that will cause the router to announce it alternately as "up"and "down".

What is a metric?Metrics is a property of a route in computer networking; consisting of anyvalue used by routing algorithms to determine whether one route shouldperform better than another (the route with the lowest metric is thepreferred route). The routing table stores only the best possible routes, whilelink-state or topological databases may store all other information as well.For example, Routing Information Protocol uses hopcount (number of hops)to determine the best possible route.

A Metric can include:

•

number of hops (hop count)• speed of the path• latency (delay)• path reliability• path bandwidth• load• MTU

In EIGRP, metrics is represented by an integer from 0 to 4294967295.In Microsoft Windows XP routing it ranges from 1 to 9999.

What is Active Directory?An active directory is a directory structure used on Microsoft Windows basedcomputers and servers to store information and data about networks anddomains. It is primarily used for online information and was originally createdin 1996 and first used with Windows 2000.

Can you connect Active Directory to other 3rd-party DirectoryServices? Name a few options. Yes you can connect other vendors.

Examples: E-directory from Novell

where is the AD database held? What other files are related to AD?AD Database is saved in %systemroot%/ntds.You can see other files also inthis folder. These are the main files controlling the AD structure ntds.dit edb.log res1.log



res2.log Edb.chk

What is the SYSVOL folder?All active directory data base security related information store in SYSVOL

folder and its only created on NTFS partition.

Name the AD NCs and replication issues for each NC*Schema NC, *Configuration NC, * Domain NCSchema NC This NC is replicated to every other domain controller in theforest. It contains information about the Active Directory schema, which inturn defines the different object classes and attributes within ActiveDirectory.Configuration NC Also replicated to every other DC in the forest, this NCcontains forest-wide configuration information pertaining to the physicallayout of Active Directory, as well as information about display specifies and

forest-wide Active Directory quotas.Domain NC This NC is replicated to every other DC within a single ActiveDirectory domain. This is the NC that contains the most commonly-accessedActive Directory data: the actual users, groups, computers, and other objectsthat reside within a particular Active Directory domain.

What are application partitions? When do I use themApplication Directory Partition is a partition space in Active Directory whichan application can use to store that application specific data. This partition isthen replicated only to some specific domain controllers. The application directory partition can contain any type of data except

security principles (users, computers, groups).

How do you create a new application partition The DnsCmd command is used to create a new application directorypartition. Ex. to create a partition named NewPartition on the domaincontroller DC1.contoso.com, log on to the domain controller and typefollowing command.DnsCmd DC1/createdirectorypartition NewPartition.contoso.com

How do you view replication properties for AD partitions and DCs?By using replication monitor --- go to start > run > type Replmon

How do you view all the GCs in the forest?C:\>repadmin /showrepsdomain_controllerOR You can use Replmon.exe for the same purpose.ORAD Sites and Services and nslookup gc._msdcs.%USERDNSDOMAIN%



Why not make all DCs in a large forest as GCs?With too many DCs are configured to become the GC servers, it will causethe replication overhead between the DCs across the forest.

What are the Support Tools? Why do I need them?Support Tools are the tools that are used for performing the complicatedtasks easily. These can also be the third party tools. Some of the Supporttools include DebugViewer, DependencyViewer, RegistryMonitor, etc.

What is LDP? What is REPLMON? What is ADSIEDIT? What isNETDOM? What is REPADMIN?Answer is Here

What are sites? What are they used for?One or more well-connected (highly reliable and fast) TCP/IP subnets. A site

allows administrators to configure Active Directory access and replicationtopology to take advantage of the physical network.

What's the difference between a site link's schedule and interval?Schedule enables you to list weekdays or hours when the site link isavailable for replication to happen in the give interval. Interval is the reoccurrence of the inter site replication in given minutes. It ranges from 15 -10,080 mins. The default interval is 180 mins.

What is the KCC? The Knowledge Consistency Checker (KCC) is a built-in process that runs on

each domain controller and regenerates the replication topology for alldirectory partitions that are contained on that domain controller. The KCCruns at specified intervals of every 15 minutes by default and designatesreplication routes between domain controllers that are most favorableconnections that are available at the time.

What is the ISTG? Who has that role by default?Intersite Topology Generator (ISTG), which is responsible for the connectionsamong the sites. By default Windows 2003 Forest level functionality has thisrole.

What can you do to promote a server to DC if you're in a remotelocation with slow WAN link? You will create a copy of the system statefrom an existing DC and copy it to the new remote server. Run "Dcpromo/adv". You will be prompted for the location of the system state files

What is an IP address?An Internet Protocol (IP) address is a numerical label that is assigned todevices participating in a computer network that uses the Internet Protocol

http://wiki.answers.com/Q/What_is_ldp_replmon

http://wiki.answers.com/Q/What_is_ldp_replmon



for communication between its nodes

what is a subnet mask?A subnetwork, or subnet, is a logically visible, distinctly addressed part of asingle Internet Protocol network.[1][2] The process of subnetting is the

division of a computer network into groups of computers that have acommon, designated IP address routing prefix

What is ARP?A subnetwork, or subnet, is a logically visible, distinctly addressed part of asingle Internet Protocol network.[1][2] The process of subnetting is thedivision of a computer network into groups of computers that have acommon, designated IP address routing prefix

What is ARP Cache Poisoning?ARP cache poisoning, also known as ARP spoofing, is the process of falsifying

the source Media Access Control (MAC) addresses of packets being sent onan Ethernet network. It is a MAC layer attack that can only be carried outwhen an attacker is connected to the same local network as the targetmachines, limiting its effectiveness only to networks connected withswitches, hubs, and bridges; not routers.

What is the ANDing process?In order to determine whether a destination host is local or remote, acomputer will perform a simple mathematical computation referred to as anAND operation. While the sending host does this operation internally,understanding what takes place is the key to understanding how an IP-based

system knows whether to send packets directly to a host or to a router.

What is a default gateway? What happens if I don't have one?A Default gateway is a node (a router/adsl router/internet modem) on a TCP/IP Network that serves as an access point to another network.a defaultgeteway is used by a host when the ip's packet destination address belongsto someplace outside the local subnet.

What is a subnet?A subnet (short for "subnetwork") is an identifiably separate part of anorganization's network. Typically, a subnet may represent all the machines

at one geographic location, in one building, or on the same local areanetwork (LAN). Having an organization's network divided into subnets allowsit to be connected to the Internet with a single shared network address.Without subnets, an organization could get multiple connections to theInternet, one for each of its physically separate subnetworks, but this wouldrequire an unnecessary use of the limited number of network numbers theInternet has to assign. It would also require that Internet routing tables ongateways outside the organization would need to know about and have to



manage routing that could and should be handled within an organization.

What is APIPA?Short for Automatic Private IP Addressing, a feature of later Windowsoperating systems. With APIPA, DHCP clients can automatically self-configure

an IP address and subnet mask when a DHCP server isn't available. When aDHCP client boots up, it first looks for a DHCP server in order to obtain an IPaddress and subnet mask. If the client is unable to find the information, ituses APIPA to automatically configure itself with an IP address from a rangethat has been reserved especially for Microsoft. The IP address range is169.254.0.1 through 169.254.255.254. The client also configures itself with adefault class B subnet mask of 255.255.0.0. A client uses the self-configuredIP address until a DHCP server becomes available.

The APIPA service also checks regularly for the presence of a DHCP server(every five minutes, according to Microsoft). If it detects a DHCP server on

the network, APIPA stops, and the DHCP server replaces the APIPAnetworking addresses with dynamically assigned addresses.

APIPA is meant for non routed small business environments, usually less than25 clients.

What is an RFC?A Request for Comments (RFC) document defines a protocol or policy usedon the Internet. An RFC can be submitted by anyone. Eventually, if it gainsenough interest, it may evolve into an Internet Standard (see FAQ XXX).Each RFC is designated by an RFC number. Once published, an RFC never

changes. Modifications to an original RFC are assigned a new RFC number.

What is CIDR?Classless Inter-Domain Routing (CIDR) is a methodology of allocating IPaddresses and routing Internet Protocol packets.

You have the following Network ID: 192.115.103.64/27. What is the IP rangefor your network?It ranges from 192.115.103.64 - 192.115.103.96But the usable address are from 192.115.103.64 -192.115.103.94192.115.103.95 - it is the broadcast address

192.115.103.96 - will be the ip address of next rangewe can use 30 hostess in this network

You have the following Network ID: 131.112.0.0. You need at least500 hosts per network. How many networks can you create? Whatsubnet mask will you use?Subnetmask is 255.255.252.0, we can create 4 subnet and atleast we canconnect 500host per network



What is DHCPINFORM?DHCPInform is a DHCP message used by DHCP clients to obtain DHCPoptions. While PPP remote access clients do not use DHCP to obtain IPaddresses for the remote access connection, Windows 2000 and Windows 98

remote access clients use the DHCPInform message to obtain DNS server IPaddresses, WINS server IP addresses, and a DNS domain name. TheDHCPInform message is sent after the IPCP negotiation is concluded. TheDHCPInform message received by the remote access server is thenforwarded to a DHCP server. The remote access server forwards DHCPInformmessages only if it has been configured with the DHCP Relay Agent.

What is an Object server?With an object server, the Client/Server application is written as a set of communicating objects. Client object communicate with server objects usingan Object Request Broker (ORB). The client invokes a method on a remote

object. The ORB locates an instance of that object server class, invokes therequested method and returns the results to the client object. Server objectsmust provide support for concurrency and sharing. The ORB brings it alltogether.

What is a Transaction server?With a transaction server, the client invokes remote procedures that resideon the server with an SQL database engine. These remote procedures on theserver execute a group of SQL statements. The network exchange consists of a single request/reply message. The SQL statements either all succeed or failas a unit.

What is a Database Server?With a database server, the client passes SQL requests as messages to thedatabase server. The results of each SQL command are returned over thenetwork. The server uses its own processing power to find the request datainstead of passing all the records back to the client and then getting it findits own data. The result is a much more efficient use of distributedprocessing power. It is also known as SQL engine.

What are the most typical functional units of the Client/Serverapplications?

User interfaceBusiness Logic andShared data.

What are all the Extended services provided by the OS?

Ubiquitous communicationsNetwork OS extension



Binary large objects (BLOBs)Global directories and Network yellow pagesAuthentication and Authorization servicesSystem managementNetwork time

Database and transaction servicesInternet servicesObject- oriented services

What are Triggers and Rules? Triggers are special user defined actions usually in the form of storedprocedures, that are automatically invoked by the server based on datarelated events. It can perform complex actions and can use the full power of procedural languages.A rule is a special type of trigger that is used to perform simple checks ondata.

What is meant by Transparency? Transparency really means hiding the network and its servers from the usersand even the application programmers.

What are TP-Lite and TP-Heavy Monitors? TP-Lite is simply the integration of TP Monitor functions in the databaseengines. TP-Heavy are TP Monitors which supports the Client/Serverarchitecture and allow PC to initiate some very complex multiservertransaction from the desktop.

What are the two types of OLTP? TP lite, based on stored procedures. TP heavy, based on the TP monitors.

What is a Web server? This new model of Client/Server consists of thin, protable, "universal" clientsthat talk to superfat servers. In the simplet form, a web server returnsdocuments when clients ask for them by name. The clients and servercommunicate using an RPC-like protocol called HTTP.

What are Super servers? These are fully-loaded machines which includes multiprocessors, high-speed

disk arrays for intervive I/O and fault tolerant features.

What is a TP Monitor? There is no commonly accepted definition for a TP monitor. According to JeriEdwards' a TP Monitor is "an OS for transaction processing".

TP Monitor does mainly two things extremely well. They are Processmanagement and Transaction management?



They were originally introduced to run classes of applications that couldservice hundreds and sometimes thousands of clients. TP Monitors providean OS - on top of existing OS - that connects in real time these thousands of humans with a pool of shared server processes.

What is meant by Asymmetrical protocols? There is a many-to-one relationship between clients and server. Clientsalways initiate the dialog by requesting a service. Servers are passivelyawaiting for requests from clients.

What are the types of Transparencies? The types of transparencies the NOS middleware is expected to provide are:-Location transparencyNamespace transparencyLogon transparencyReplication transparency

Local/Remote access transparencyDistributed time transparencyFailure transparency andAdministration transparency.

What is the difference between trigger and rule? The triggers are called implicitly by database generated events, while storedprocedures are called explicitly by client applications.

What are called Transactions? The grouped SQL statements are called Transactions (or) A transaction is a

collection of actions embossed with ACID properties.

What are the building blocks of Client/Server? The client, the server and Middleware.

Explain the building blocks of Client/Server? The client side building block runs the client side of the application. The server side building block runs the server side of the application.

The middleware building block runs on both the client and serversides of an application. It is broken into three categories:-

Transports stackNetwork OSService-specific middleware.

What are all the Base services provided by the OS? Task preemption Task priority



SemaphoresInterprocess communications (IPC)Local/Remote Interprocess communication ThreadsIntertask protection

MultiuserHigh performance file systemEfficient memory management andDynamically linked Run-time extensions.

What are the characteristics of Client/Server?ServiceShared resourcesAsymmetrical protocols Transparency of locationMix-and-match

Message based exchangesEncapsulation of servicesScalabilityIntegrityClient/Server computing is the ultimate "Open platform". It gives thefreedom to mix-and-match components of almost any level. Clients andservers are loosely coupled systems that interact through a message-passingmechanism.

What is Remote Procedure Call (RPC)?RPC hides the intricacies of the network by using the ordinary procedure call

mechanism familiar to every programmer. A client process calls a functionon a remote server and suspends itself until it gets back the results.Parameters are passed like in any ordinary procedure. The RPC, like anordinary procedure, is synchronous. The process that issues the call waitsuntil it gets the results.Under the covers, the RPC run-time software collects values for theparameters, forms a message, and sends it to the remote server. The serverreceives the request, unpack the parameters, calls the procedures, andsends the reply back to the client. It is a telephone-like metaphor.

What are the main components of Transaction-based Systems?

Resource Manager Transaction Manager andApplication Program

What are the three types of SQL database server architecture?Process-per-client Architecture. (Example: Oracle 6, Informix )Multithreaded Architecture. (Example: Sybase, SQL server)Hybrid Architecture



What are the Classification of clients?Non-GUI clients - Two types are:-Non-GUI clients that do not need multi-tasking(Example: Automatic Teller Machines (ATM), Cell phone)Non-GUI clients that need multi-tasking

(Example: ROBOTs)

GUI clientsOOUI clients

What are called Non-GUI clients, GUI Clients and OOUI Clients?Non-GUI Client: These are applications, generate server requests with aminimal amount of human interaction.GUI Clients: These are applicatoins, where occassional requests to the serverresult from a human interacting with a GUI(Example: Windows 3.x, NT 3.5)

OOUI clients : These are applications, which are highly-iconic, object-orienteduser interface that provides seamless access to information in very visualformats.(Example: MAC OS, Windows 95, NT 4.0)

What is Message Oriented Middleware (MOM)?MOM allows general purpose messages to be exchanged in a Client/Serversystem using message queues. Applications communicate over networks bysimply putting messages in the queues and getting messages from queues.It typically provides a very simple high level APIs to its services.MOM's messaging and queuing allow clients and servers to communicate

across a network without being linked by a private, dedicated, logicalconnection. The clients and server can run at different times. It is a post-office like metaphor.

What is meant by Middleware?Middleware is distributed software needed to support interaction betweenclients and servers. In short, it is the software that is in the middle of theClient/Server systems and it acts as a bridge between the clients andservers. It starts with the API set on the client side that is used to invoke aservice and it covers the transmission of the request over the network andthe resulting response.

It neither includes the software that provides the actual service - that is inthe servers domain nor the user interface or the application login - that's inclients domain.

What are the functions of the typical server program?It waits for client-initiated requests. Executes many requests at the sametime. Takes care of VIP clients first. Initiates and runs background taskactivity. Keeps running. Grown bigger and faster.



What is meant by Symmentric Multiprocessing (SMP)?It treats all processors as equal. Any processor can do the work of any otherprocessor. Applications are divided into threads that can run concurrently onany available processor. Any processor in the pool can run the OS kernel andexecute user-written threads.

What is General Middleware?It includes the communication stacks, distributed directories, authenticationservices, network time, RPC, Queuing services along with the network OSextensions such as the distributed file and print services.

What are Service-specific middleware?It is needed to accomplish a particular Client/Server type of services whichincludes:-Database specific middlewareOLTP specific middleware

Groupware specific middlewareObject specific middlewareInternet specific middleware andSystem management specific middleware.

What is meant by Asymmetric Multiprocessing (AMP)?It imposses hierarchy and a division of labour among processors. Only onedesignated processor, the master, controls (in a tightly coupledarrangement) slave processors dedicated to specific functions.

What is OLTP?

In the transaction server, the client component usually includes GUI and theserver components usually consists of SQL transactions against a database. These applications are called OLTP (Online Transaction Processing) OLTPApplications typically,Receive a fixed set of inputs from remote clients. Perform multiple pre-compiled SQL comments against a local database. Commit the work andReturn a fixed set of results.

What is meant by 3-Tier architecture?In 3-tier Client/Server systems, the application logic (or process) lives in themiddle tier and it is separated from the data and the user interface. In

theory, the 3-tier Client/Server systems are more scalable, robust andflexible.Example: TP monitor, Web.

What is meant by 2-Tier architecture?In 2-tier Client/Server systems, the application logic is either burried insidethe user interface on the client or within the database on the server.Example: File servers and Database servers with stored procedures.



What is Load balancing?If the number of incoming clients requests exceeds the number of processesin a server class, the TP Monitor may dynamically start new ones and this iscalled Load balancing.

What are called Fat clients and Fat servers?If the bulk of the application runs on the Client side, then it is Fat clients. It isused for decision support and personal software.If the bulk of the application runs on the Server side, then it is Fat servers. Ittries to minimize network interchanges by creating more abstract levels of services.

What is meant by Horizontal scaling and Vertical scaling?Horizontal scaling means adding or removing client workstations with only aslight performance impact. Vertical scaling means migrating to a larger andfaster server machine or multiservers.

What is Groupware server?Groupware addresses the management of semi-structured information suchas text, image, mail, bulletin boards and the flow of work. TheseClient/Server systems have people in direct contact with other people.

What are the two broad classes of middleware?General MiddlewareService-specific middleware

What are the types of Servers?

File serversDatabase servers Transaction servers Groupware servers Object servers Webservers.

What is a File server?File servers are useful for sharing files across a network. With a file server,the client passes requests for file records over network to file server.

What are the five major technologies that can be used to createClient/Server applications?Database Servers

TP MonitorsGroupwareDistributed ObjectsIntranets.

What is Client/Server?Clients and Servers are separate logical entities that work together over a



network to accomplish a task. Many systems with very different architecturesthat are connected together are also called Client/Server.

List out the benefits obtained by using the Client/Server oriented TPMonitors?

Client/Server applications development framework.Firewalls of protection.High availability.Load balancing.MOM integration.Scalability of functions.Reduced system cost.

What are the services provided by the Operating System?Extended services - These are add-on modular software components that arelayered on top of base service.

What is ACID property?ACID is a term coined by Andrew Reuter in 1983, which stands for Atomicity,Consistence, Isolation and Durability.

What are stored procedures?A stored procedure i s named collection of SQL statements and procedurallogic that is compiled, verified and stored in a server database. It is typicallytreated like any other database object. Stored procedures accept inputparameters so that a single procedure can be used over the network bymultiple clients using different input data. A single remote message triggers

the execution of a collection of stored SQL statements. The results is areduction of network traffic and better performance.

What is wide-mouth frog?Wide-mouth frog is the simplest known key distribution center (KDC)authentication protocol.

What is passive topology?When the computers on the network simply listen and receive the signal,they are referred to as passive because they don’t amplify the signal in anyway.

Example for passive topology - linear bus.

What is region?When hierarchical routing is used, the routers are divided into what we callregions, with each router knowing all the details about how to route packetsto destinations within its own region, but knowing nothing about the internalstructure of other regions.



What is virtual channel?Virtual channel is normally a connection from one source to one destination,although multicast connections are also permitted. The other name forvirtual channel is virtual circuit.

Difference between the communication and transmission? Transmission is a physical movement of information and concern issues likebit polarity, synchronization, clock etc.Communication means the meaning full exchange of information betweentwo communication media.

What is the difference between TFTP and FTP application layerprotocols? The Trivial File Transfer Protocol (TFTP) allows a local host to obtain files froma remote host but does not provide reliability or security. It uses thefundamental packet delivery services offered by UDP.

The File Transfer Protocol (FTP) is the standard mechanism provided by TCP /IP for copying a file from one host to another. It uses the services offered by TCP and so is reliable and secure. It establishes two connections (virtualcircuits) between the hosts, one for data transfer and another for controlinformation.

What are the advantages and disadvantages of the three types of routing tables? The three types of routing tables are fixed, dynamic, and fixed central. Thefixed table must be manually modified every time there is a change. Adynamic table changes its information based on network traffic, reducing the

amount of manual maintenance. A fixed central table lets a manager modifyonly one table, which is then read by other devices. The fixed central tablereduces the need to update each machine's table, as with the fixed table.Usually a dynamic table causes the fewest problems for a networkadministrator, although the table's contents can change without theadministrator being aware of the change.

What is Beaconing? The process that allows a network to self-repair networks problems. Thestations on the network notify the other stations on the ring when they arenot receiving the transmissions. Beaconing is used in Token ring and FDDI

networks.

What does the Mount protocol do ? The Mount protocol returns a file handle and the name of the file system inwhich a requested file resides. The message is sent to the client from theserver after reception of a client's request.



What are Digrams and Trigrams? The most common two letter combinations are called as digrams. e.g. th, in,er, re and an. The most common three letter combinations are called astrigrams. e.g. the, ing, and, and ion.

What is the HELLO protocol used for? The HELLO protocol uses time instead of distance to determine optimalrouting. It is an alternative to the Routing Information Protocol.

What is the minimum and maximum length of the header in the TCPsegment and IP datagram? The header should have a minimum length of 20 bytes and can have amaximum length of 60 bytes.

What do you meant by "triple X" in Networks? The function of PAD (Packet Assembler Disassembler) is described in a

document known as X.3. The standard protocol has been defined betweenthe terminal and the PAD, called X.28; another standard protocol existsbetween the PAD and the network, called X.29. Together, these threerecommendations are often called "triple X".

What is attenuation? The degeneration of a signal over distance on a network cable is calledattenuation.

What is Protocol Data Unit? The data unit in the LLC level is called the protocol data unit (PDU). The PDU

contains of four fields a destination service access point (DSAP), a sourceservice access point (SSAP), a control field and an information field. DSAP,SSAP are addresses used by the LLC to identify the protocol stacks on thereceiving and sending machines that are generating and using the data. Thecontrol field specifies whether the PDU frame is a information frame (I -frame) or a supervisory frame (S - frame) or a unnumbered frame (U -frame).

What are the data units at different layers of the TCP / IP protocolsuite? The data unit created at the application layer is called a message, at the

transport layer the data unit created is called either a segment or an userdatagram, at the network layer the data unit created is called the datagram,at the data link layer the datagram is encapsulated in to a frame and finallytransmitted as signals along the transmission media.

What is difference between ARP and RARP? The address resolution protocol (ARP) is used to associate the 32 bit IPaddress with the 48 bit physical address, used by a host or a router to find



the physical address of another host on its network by sending a ARP querypacket that includes the IP address of the receiver. The reverse address resolution protocol (RARP) allows a host to discover itsInternet address when it knows only its physical address.

What is MAC address? The address for a device as it is identified at the Media Access Control (MAC)layer in the network architecture. MAC address is usually stored in ROM onthe network adapter card and is unique.

What is terminal emulation, in which layer it comes? Telnet is also called as terminal emulation. It belongs to application layer.

What are the types of Transmission media?Signals are usually transmitted over some transmission media that arebroadly classified in to two categories:-

Guided Media: These are those that provide a conduit from one device toanother that include twisted-pair, coaxial cable and fiber-optic cable. A signaltraveling along any of these media is directed and is contained by thephysical limits of the medium. Twisted-pair and coaxial cable use metallicthat accept and transport signals in the form of electrical current. Opticalfiber is a glass or plastic cable that accepts and transports signals in theform of light.

Unguided Media: This is the wireless media that transport electromagneticwaves without using a physical conductor. Signals are broadcast either

through air. This is done through radio communication, satellitecommunication and cellular telephony.

What are major types of networks and explain?Server-based networkPeer-to-peer network

Peer-to-peer network, computers can act as both servers sharing resourcesand as clients using the resources.Server-based networks provide centralized control of network resources andrely on server computers to provide security and network administration.

What is SAP?Series of interface points that allow other computers to communicate withthe other layers of network protocol stack.

What is multicast routing?Sending a message to a group is called multicasting, and its routingalgorithm is called multicast routing.



What is the difference between routable and non- routableprotocols?Routable protocols can work with a router and can be used to build largenetworks. Non-Routable protocols are designed to work on small, localnetworks and cannot be used with a router.

What is REX?Request to Exit (REX) - A signal that informs the controller that someone hasrequested to exit from a secure area.

What are the different types of networking / internetworkingdevices?Repeater:Also called a regenerator, it is an electronic device that operates only atphysical layer. It receives the signal in the network before it becomes weak,regenerates the original bit pattern and puts the refreshed copy back in to

the link.Bridges: These operate both in the physical and data link layers of LANs of same type. They divide a larger network in to smaller segments. They contain logic thatallow them to keep the traffic for each segment separate and thus arerepeaters that relay a frame only the side of the segment containing theintended recipient and control congestion.Routers: They relay packets among multiple interconnected networks (i.e. LANs of different type). They operate in the physical, data link and network layers. They contain software that enable them to determine which of the several

possible paths is the best for a particular transmission. Gateways: They relaypackets among networks that have different protocols (e.g. between a LANand a WAN). They accept a packet formatted for one protocol and convert itto a packet formatted for another protocol before forwarding it. They operatein all seven layers of the OSI model.

What is redirector?Redirector is software that intercepts file or prints I/O requests and translatesthem into network requests. This comes under presentation layer.

What is packet filter?

Packet filter is a standard router equipped with some extra functionality. Theextra functionality allows every incoming or outgoing packet to be inspected.Packets meeting some criterion are forwarded normally. Those that fail thetest are dropped.

What is logical link control?One of two sublayers of the data link layer of OSI reference model, asdefined by the IEEE 802 standard. This sublayer is responsible for



maintaining the link between computers when they are sending data acrossthe physical network connection.

What is traffic shaping?One of the main causes of congestion is that traffic is often busy. If hosts

could be made to transmit at a uniform rate, congestion would be lesscommon. Another open loop method to help manage congestion is forcingthe packet to be transmitted at a more predictable rate. This is called trafficshaping.

What is NETBIOS and NETBEUI?NETBIOS is a programming interface that allows I/O requests to be sent toand received from a remote computer and it hides the networking hardwarefrom applications.NETBEUI is NetBIOS extended user interface. A transport protocol designedby microsoft and IBM for the use on small subnets.

Why should you care about the OSI Reference Model?It provides a framework for discussing network operations and design.

What is Proxy ARP?is using a router to answer ARP requests. This will be done when theoriginating host believes that a destination is local, when in fact is liesbeyond router.

What is EGP (Exterior Gateway Protocol)?It is the protocol the routers in neighboring autonomous systems use to

identify the set of networks that can be reached within or via eachautonomous system.

What is IGP (Interior Gateway Protocol)?It is any routing protocol used within an autonomous system.

What is OSPF?It is an Internet routing protocol that scales well, can route traffic alongmultiple paths, and uses knowledge of an Internet's topology to makeaccurate routing decisions.

What is Kerberos?It is an authentication service developed at the Massachusetts Institute of Technology. Kerberos uses encryption to prevent intruders from discoveringpasswords and gaining unauthorized access to files.

What is SLIP (Serial Line Interface Protocol)?It is a very simple protocol used for transmission of IP datagrams across aserial line.



What is Mail Gateway?It is a system that performs a protocol translation between differentelectronic mail delivery protocols.

What is RIP (Routing Information Protocol)?

It is a simple protocol used to exchange information between the routers.

What is NVT (Network Virtual Terminal)?It is a set of rules defining a very simple virtual terminal interaction. The NVTis used in the start of a Telnet session.

What is source route?It is a sequence of IP addresses identifying the route a datagram must follow.A source route may optionally be included in an IP datagram header.

What is BGP (Border Gateway Protocol)?

It is a protocol used to advertise the set of networks that can be reachedwith in an autonomous system. BGP enables this information to be sharedwith the autonomous system. This is newer than EGP (Exterior GatewayProtocol).

What is Gateway-to-Gateway protocol?It is a protocol formerly used to exchange routing information betweenInternet core routers.

What is Project 802?It is a project started by IEEE to set standards that enable

intercommunication between equipment from a variety of manufacturers. Itis a way for specifying functions of the physical layer, the data link layer andto some extent the network layer to allow for interconnectivity of major LANprotocols.It consists of the following:802.1 is an internetworking standard for compatibility of different LANs andMANs across protocols.802.2 Logical link control (LLC) is the upper sublayer of the data link layerwhich is non-architecture-specific, that is remains the same for all IEEE-defined LANs. Media access control (MAC) is the lower sublayer of the datalink layer that contains some distinct modules each carrying proprietary

information specific to the LAN product being used. The modules areEthernet LAN (802.3), Token ring LAN (802.4), Token bus LAN (802.5).802.6 is distributed queue dual bus (DQDB) designed to be used in MANs.

What is silly window syndrome?It is a problem that can ruin TCP performance. This problem occurs whendata are passed to the sending TCP entity in large blocks, but an interactiveapplication on the receiving side reads 1 byte at a time.



What is a Multi-homed Host?It is a host that has a multiple network interfaces and that requires multipleIP addresses is called as a Multi-homed Host.

What is autonomous system?

It is a collection of routers under the control of a single administrativeauthority and that uses a common Interior Gateway Protocol.

What is the difference between interior and exterior neighborgateways?Interior gateways connect LANs of one organization, whereas exteriorgateways connect the organization to the outside world.

What is MAU?In token Ring, hub is called Multistation Access Unit (MAU).

Explain 5-4-3 rule?In a Ethernet network, between any two points on the network, there can beno more than five network segments or four repeaters, and of those fivesegments only three of segments can be populated.

What is difference between baseband and broadband transmission?In a baseband transmission, the entire bandwidth of the cable is consumedby a single signal. In broadband transmission, signals are sent on multiplefrequencies, allowing multiple signals to be sent simultaneously.

What is ICMP?

ICMP is Internet Control Message Protocol, a network layer protocol of the TCP/IP suite used by hosts and gateways to send notification of datagramproblems back to the sender. It uses the echo test / reply to test whether adestination is reachable and responding. It also handles both control anderror messages.

What is Brouter?Hybrid devices that combine the features of both bridges and routers

What is frame relay, in which layer it comes?Frame relay is a packet switching technology. It will operate in the data link

layer.

What is External Data Representation?External Data Representation is a method of encoding data within an RPCmessage, used to ensure that the data is not system-dependent.



What is Bandwidth?Every line has an upper limit and a lower limit on the frequency of signals itcan carry. This limited range is called the bandwidth.

What protocol is used by DNS name servers?

DNS uses UDP for communication between servers. It is a better choice than TCP because of the improved speed a connectionless protocol offers. Of course, transmission reliability suffers with UDP.

What is the range of addresses in the classes of internet addresses?

Class A 0.0.0.0 - 127.255.255.255Class B 128.0.0.0 - 191.255.255.255Class C 192.0.0.0 - 223.255.255.255Class D 224.0.0.0 - 239.255.255.255Class E 240.0.0.0 - 247.255.255.255

What are the important topologies for networks?BUS topology:In this each computer is directly connected to primary network cable in asingle line.Advantages:Inexpensive, easy to install, simple to understand, easy to extend.STAR topology:In this all computers are connected using a central hub.Advantages:Can be inexpensive, easy to install and reconfigure and easy to trouble shoot

physical problems.RING topology:In this all computers are connected in loop.Advantages:All computers have equal access to network media, installation can besimple, and signal does not degrade as much as in other topologies becauseeach computer regenerates it.

Difference between bit rate and baud rate?Bit rate is the number of bits transmitted during one second whereas baudrate refers to the number of signal units per second that are required to

represent those bits.baud rate = bit rate / Nwhere N is no-of-bits represented by each signal shift.

What is anonymous FTP and why would you use it?Anonymous FTP enables users to connect to a host without using a validlogin and password. Usually, anonymous FTP uses a login called anonymousor guest, with the password usually requesting the user's ID for tracking



purposes only. Anonymous FTP is used to enable a large number of users toaccess files on the host without having to go to the trouble of setting uplogins for them all. Anonymous FTP systems usually have strict controls overthe areas an anonymous user can access.

What is the difference between an unspecified passive open and afully specified passive open?An unspecified passive open has the server waiting for a connection requestfrom a client. A fully specified passive open has the server waiting for aconnection from a specific client.

What is virtual path?Along any transmission path from a given source to a given destination, agroup of virtual circuits can be grouped together into what is called path.

Explain the function of Transmission Control Block?

A TCB is a complex data structure that contains a considerable amount of information about each connection.

What is a DNS resource record?A resource record is an entry in a name server's database. There are severaltypes of resource records used, including name-to-address resolutioninformation. Resource records are maintained as ASCII files.

What is a pseudo TTY?A pseudo TTY or false terminal enables external machines to connectthrough Telnet or rlogin. Without a pseudo TTY, no connection can take

place.

What is the Network Time Protocol?A protocol that assures accurate local timekeeping with reference to radioand atomic clocks located on the Internet. This protocol is capable of synchronizing distributed clocks within milliseconds over long time periods. Itis defined in STD 12, RFC 1119.

What is mesh network?A network in which there are multiple network links between computers toprovide multiple paths for data to travel.

What is RAID?A method for providing fault tolerance by using multiple hard disk drives

What is a Management Information Base (MIB)?A Management Information Base is part of every SNMP-managed device.Each SNMP agent has the MIB database that contains information about the



device's status, its performance, connections, and configuration. The MIB isqueried by SNMP.

What is cladding?A layer of a glass surrounding the center fiber of glass inside a fiber-optic

cable

What is subnet?A generic term for section of a large networks usually separated by a bridgeor router.

A gateway operates at the upper levels of the OSI model and translatesinformation between two completely different network architectures or dataformats.

What is point-to-point protocol?

A communications protocol used to connect computers to remote networkingservices including Internet service providers.

What are 10Base2, 10Base5 and 10BaseT Ethernet LANs?10Base2�An Ethernet term meaning a maximum transfer rate of 10Megabits per second that uses baseband signaling, with a contiguous cablesegment length of 100 meters and a maximum of 2 segments10Base5�An Ethernet term meaning a maximum transfer rate of 10Megabits per second that uses baseband signaling, with 5 continuoussegments not exceeding 100 meters per segment.10BaseT�An Ethernet term meaning a maximum transfer rate of 10

Megabits per second that uses baseband signaling and twisted pair cabling.

What are the possible ways of data exchange?(i) Simplex(ii) Half-duplex(iii) Full-duplex.

What are the two types of transmission technology available?(i) Broadcast(ii) point-to-point.

How do I convert a numeric IP address like 192.18.97.39 into ahostname like java.sun.com?String hostname = InetAddress.getByName("192.18.97.39").getHostName();

What is DNS?Domain Name System (DNS) is an Internet Engineering Task Force (IETF)standard name service that allows your computer to register and resolvedomain names.



The DNS makes it possible to assign domain names to organizationsindependent of the routing of the numerical IP address. In other words, DNSis a system that translates domain names into IP addresses. This isnecessary because computers only make use of IP addresses yet we use onlyhuman readable names since the names are easier to remember than IP

addresses.

What are the seven layers of OSI (Open System Interconnection)Model?Layer Name7 Application6 Presentation5 Session4 Transport3 Network2 Data Link

1 Physical

The easiest way to remember the layers of the OSI model is to use the handymnemonic" All People Seem To Need Data Processing":Layer Name Mnemonic7 Application All6 Presentation People5 Session Seem4 Transport To3 Network Need

2 Data Link Data1 Physical Processing

What is Client/Server Networking? The term client/server refers to a model utilizing networked client and servercomputers and application software. Web, FTP, email, DNS and many otherdatabase applications are client-server systems.

What is Peer-to-Peer Networking?Peer to peer networks share responsibility for processing data among all of the connected devices. Peer-to-peer networking (also known simply as peer

networking) differs from client-server networking in several respects.

What Is a Network Name?A network name is a string that computing devices use to identify a specificcomputer network. Network names are typically different from names of individual computers or the addresses computers use to identify each other.



What Is URL?URLs (Uniform Resource Locators) identify by name Web servers andindividual Web pages stored on those servers, anywhere on the Internet.

What Is URI?

A URI (Uniform Resource Identifier) names both local and remote Internetresources similar to URLs.

What Is TCP? TCP (Transmission Control Protocol) is the main transport protocol utilized inIP networks. The TCP protocol exists on the Transport Layer of the OSI Model. The TCPprotocol is a connection-oriented protocol which provides end-to-endreliability.By connection-oriented, we mean that before two network nodes cancommunicate using TCP, they must first complete a handshaking protocol to

create a connection.When we say that TCP provides end-to-end reliability, we mean that TCPincludes mechanisms for error detection and error correction between thesource and the destination. These properties of TCP are in contrast to UDP, which is connectionless andunreliable. Higher layer protocols which utilize TCP include HTTP, SMTP,NNTP, FTP, telnet, SSH, and LDAP.

Diagram of the TCP Header

TCP Header Format

-----------------

0 1 2 30 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Source Port | Destination Port |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Sequence Number |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

+| Acknowledgment Number |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Data | |U|A|P|R|S|F| || Offset| Reserved |R|C|S|S|Y|I| Window || | |G|K|H|T|N|N| |



+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Checksum | Urgent Pointer |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Options | Padding |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| data |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

What Is UDP?User Datagram Protocol or UDP is part of the Internet Protocol suite, usingwhich, programs running on different computers on a network can send shortmessages known as Datagrams to one another. UDP can be used in networks

where TCP is traditionally used, but unlike TCP, it does not guaranteereliability or the right sequencing of data. Datagrams may go missingwithout notice, or arrive in a different order from the one in which they weresent.

What Is Dynamic DNS?Dynamic DNS is a technology that allows you to update the IP address of adomain in real time. In order to fully understand how Dynamic DNS works, itis important to first understand domain names and name servers.Essentially, all website domain names are held on computer servers knownas name servers. These servers are used, with the help of a Domain Name

System (DNS) server, to change the domain name into something moreeasily recognizable by a computer, an Internet Protocol (IP) Address.

Who/What is Internet Engineering Task Force (IETF)? The Internet Engineering Task Force (IETF) develops and promotes Internetstandards, cooperating closely with the W3C and ISO/IEC standard bodiesand dealing in particular with standards of the TCP/IP and Internet protocolsuite. It is an open standards organization, with no formal membership ormembership requirements. All participants and managers are volunteers,though their work is usually funded by their employers or sponsors; forinstance, the current chairperson is funded by VeriSign and the U.S.

government's National Security Agency.

What are LAN and WAN?A local area network (LAN) is a group of computers and associated devicesthat share a common communications line or wireless link. Typically,connected devices share the resources of a single processor or server withina small geographic area (for example, within an office building). Usually, theserver has applications and data storage that are shared in common by



multiple computer users. A local area network may serve as few as two orthree users (for example, in a home network) or as many as thousands of users.

Wide Area Network (WAN) is a computer network that covers a broadarea (i.e., any network whose communications links cross metropolitan,regional, or national boundaries). This is in contrast with personal areanetworks (PANs), local area networks (LANs), campus area networks (CANs),or metropolitan area networks (MANs) which are usually limited to a room,building, campus or specific metropolitan area (e.g., a city) respectively. Thelargest and most well-known example of a WAN is the Internet. WANs areused to connect LANs and other types of networks together, so that usersand computers in one location can communicate with users and computersin other locations. Many WANs are built for one particular organization andare private. Others, built by Internet service providers, provide connections

from an organization's LAN to the Internet. WANs are often built using leasedlines. At each end of the leased line, a router connects to the LAN on oneside and a hub within the WAN on the other. Leased lines can be veryexpensive. Instead of using leased lines, WANs can also be built using lesscostly circuit switching or packet switching methods. Network protocolsincluding TCP/IP deliver transport and addressing functions. Protocolsincluding Packet over SONET/SDH, MPLS, ATM and Frame relay are oftenused by service providers to deliver the links that are used in WANs. X.25was an important early WAN protocol, and is often considered to be the"grandfather" of Frame Relay as many of the underlying protocols andfunctions of X.25 are still in use today (with upgrades) by Frame Relay.

What is Intrusion Detection System? or IDSIDS means Intrusion detection system, is software and/or hardwaredesigned to detect unwanted attempts at accessing, manipulating, and/ordisabling of computer systems, mainly through a network, such as theInternet. These attempts may take the form of attacks, as examples, bycrackers, malware and/or disgruntled employees. IDS cannot directly detectattacks within properly encrypted traffic. An intrusion detection system isused to detect several types of malicious behaviors that can compromise thesecurity and trust of a computer system. This includes network attacksagainst vulnerable services, data driven attacks on applications, host based

attacks such as privilege escalation, unauthorized logins and access tosensitive files, and malware ("viruses, trojan horses, and worms).IDS can be composed of several components: Sensors which generatesecurity events, a Console to monitor events and alerts and control thesensors, and a central Engine that records events logged by the sensors in adatabase and use a system of rules to generate alerts from security eventsreceived. There are several ways to categorize IDS depending on the typeand location of the sensors and the methodology used by the engine to

http://www.technohub.in/faqs.html#trojan

http://www.technohub.in/faqs.html#trojan



generate alerts. In many simple IDS implementations all three componentsare combined in a single device or appliance.

What Is Malware?Malware, short for malicious software, is software designed to infiltrate a

computer without the owner's informed consent. The expression is a generalterm used by computer professionals to mean a variety of forms of hostile,intrusive, or annoying software or program code.[1] The term "computervirus" is sometimes used as a catch-all phrase to include all types of malware, including true viruses.

Software is considered malware based on the perceived intent of the creatorrather than any particular features. Malware includes computer viruses,worms, Trojan horses, most rootkits, spyware, dishonest adware, crimewareand other malicious and unwanted software. In law, malware is sometimesknown as a computer contaminant, for instance in the legal codes of several

U. S. states, including California and West Virginia.

What are Computer Viruses?Computer viruses are programs written by "mean" people. These virusprograms are placed into a commonly used program so that program will runthe attached virus program as it boots, therefore, it is said that the virus"infects" the executable file or program. Executable files include Macintosh"system files" [such as system extensions, INITs and control panels] andapplication programs [such as word processing programs and spreadsheetprograms.] Viruses work the same ways in Windows or DOS machines byinfecting zip or exe files.

A virus is inactive until you execute an infected program or application ORstart your computer from a disk that has infected system files. Once a virusis active, it loads into your computer's memory and may save itself to yourhard drive or copies itself to applications or system files on disks you use.Some viruses are programmed specifically to damage the data on yourcomputer by corrupting programs, deleting files, or even erasing your entirehard drive. Many viruses do nothing more than display a message or makesounds / verbal comments at a certain time or a programming event afterreplicating themselves to be picked up by other users one way or another.Other viruses make your computer's system behave erratically or crashfrequently. Sadly many people who have problems or frequent crashes using

their computers do not realize that they have a virus and live with theinconveniences.

What is Trojan horse (Computing)?A Trojan horse, or Trojan for short, is a term used to describe malware thatappears, to the user, to perform a desirable function but, in fact, facilitatesunauthorized access to the user's computer system. The term comes fromthe Trojan horse story in Greek mythology. Trojan horses are not self-



replicating which distinguishes them from viruses and worms. Additionally,they require interaction with a hacker to fulfill their purpose. The hackerneed not be the individual responsible for distributing the Trojan horse. It ispossible for hackers to scan computers on a network using a port scanner inthe hope of finding one with a Trojan horse installed.

What are Computer Worms?A computer worm is a self-replicating computer program. It uses a networkto send copies of itself to other nodes (computers on the network) and it maydo so without any user intervention. Unlike a virus, it does not need to attachitself to an existing program. Worms almost always cause at least someharm to the network, if only by consuming bandwidth, whereas virusesalmost always corrupt or devour files on a targeted computer.

What Is Network layer? The network layer attempts to deliver packetsfrom a node on one network segment to another node that may be on

another network segment. All network layer protocols use a header thatincludes both a source and destination address. Network layer addressesconsist of two parts: A network segment prefix which identifies the networksegment and a node suffix, which identifies the node on the segment.

An IP version 4 address is a total of 32 bits. The division of bits between thenetwork segment prefix and the node varies. The network segment prefix isdivided into 2 parts: The network number which is unique in the world and asubnet number with is assigned at the campus level.

An IP version 6 address is a total of 128 bits. The division between network

segment prefix and node suffix will vary. The node suffix will be at least 48bits to allow using an Ethernet address as the node suffix.

An IPX address is a total of 80 bits. 32 bits is used for the network numberand 48 bits is used for the node number. In most cases the node number isthe Ethernet address. Since we do not participate in a global IPX network, thenetwork number is assigned at the campus level. The convention for IPXnetwork numbers on the Madison campus is that the IPX network number isan IP address on the same network segment.

An Appletalk address is a total of 24 bits. 16 bits are used for the network

number and 8 bits for the node number. The node number is chosenautomatically at random from the node numbers that are not in use at thetime the node starts up, so the node number may vary across startups.

The network layer does not guarantee delivery of packets. Packets may bedropped due to transmission errors, network congestion, an unknownaddress, or other reasons.



What is IP Address Spoofing?IP address spoofing means generating IP packets/ data with fake IPaddresses.

What Is Client/Server Architecture

A Client/Server Architecture also known as Network architecture, where EachSystem / Computer / Process on the network are known as either a client or aServer?Servers are more powerful than the client systems they manage disk drives(file servers), printers (print servers), or network traffic (network servers).Clients are known as PCs or Workstations on which users run applications.Clients rely on servers for resources, such as files, devices, and evenprocessing power.Another type of network architecture is known as a peer-to-peer architecturebecause each node has equivalent responsibilities. Both client/server andpeer-to-peer architectures are widely used, and each has unique advantages

and disadvantages. Client-server architectures are sometimes called two-tierarchitectures.

What are Networking Devices?

• Gateway: device sitting at a network node for interfacing with anothernetwork that uses different protocols. Works on OSI layers 4 to 7.

• Router: a specialized network device that determines the nextnetwork point to which to forward a data packet toward its destination.Unlike a gateway, it cannot interface different protocols. Works on OSIlayer 3.

• Bridge: a device that connects multiple network segments along thedata link layer. Works on OSI layer 2.

• Switch: a device that allocates traffic from one network segment tocertain lines (intended destination(s)) which connect the segment toanother network segment. So unlike a hub a switch splits the networktraffic and sends it to different destinations rather than to all systemson the network. Works on OSI layer 2.

• Hub: connects multiple Ethernet segments together making them actas a single segment. When using a hub, every attached device sharesthe same broadcast domain and the same collision domain. Therefore,only one computer connected to the hub is able to transmit at a time.

Depending on the network topology, the hub provides a basic level 1OSI model connection among the network objects (workstations,servers, etc). It provides bandwidth which is shared among all theobjects, compared to switches, which provide a dedicated connectionbetween individual nodes. Works on OSI layer 1.

• Repeater: device to amplify or regenerate digital signals receivedwhile setting them from one part of a network into another. Works onOSI layer 1.



Some hybrid network devices:

• Multilayer Switch: a switch which, in addition to switching on OSIlayer 2, provides functionality at higher protocol layers.

• Protocol Converter: a hardware device that converts between two

different types of transmissions, such as asynchronous andsynchronous transmissions.• Bridge Router (Brouter): Combine router and bridge functionality

and are therefore working on OSI layers 2 and 3.• Digital media receiver: Connects a computer network to a home

theatre

Hardware or software components that typically sit on the

connection point of different networks, e.g. between an internal

network and an external network:

• Proxy: computer network service which allows clients to make indirectnetwork connections to other network services

• Firewall: a piece of hardware or software put on the network toprevent some communications forbidden by the network policy.

• Network Address Translator: network service provide as hardwareor software that converts internal to external network addresses andvice versa

Other hardware for establishing networks or dial-up connections:

•

Multiplexer: device that combines several electrical signals into asingle signal• Network Card: a piece of computer hardware to allow the attached

computer to communicate by network• Modem: device that modulates an analog "carrier" signal (such as

sound), to encode digital information, and that also demodulates sucha carrier signal to decode the transmitted information, as a computercommunicating with another computer over the telephone network

• ISDN terminal adapter (TA): a specialized gateway for ISDN• Line Driver: a device to increase transmission distance by amplifying

the signal. Base-band networks only.

What is FSB? In personal computers, the front-side bus (FSB) is the busthat carries data between the CPU and the Northbridge

What are Vcore and Vi/o?Vcore is the Voltage for the CPU core; Vio is the Voltage for theChipset, RAM and AGP slot



On what type of socket can you install a Pentium 4 CPU? Socket 478(mPGA478B) is a Pin Grid Array (PGA) socket for microprocessors based onIntel NetBurst architecture. This socket was introduced in August 2001 asreplacement for short-lived socket 423. The socket 478 supports desktopand mobile Pentium 4 and Celeron processors from 1.4 GHz to 3.46 GHz

with effective front-side bus frequencies 400 MHz - 1066 MHz (100 MHz -266 MHz QDR). This socket was phased out in favor of socket 775 (LGA775).

What is SMP?In computing, symmetric multiprocessing or SMP involves a multiprocessorcomputer-architecture where two or more identical processors can connectto a single shared main memory. Most common multiprocessor systemstoday use SMP architecture. In case of multi-core processors, the SMParchitecture applies to the cores, treating them as separate processors

Which Intel and AMD processors support SMP?

How do LGA sockets differ from PGA and SEC?

What is the difference between Pentium 4 and Pentium Core 2Duo? Explain the new technology.

How does IRQ priority works?

What technology enables you to upgrade your computer's BIOS bysimply using a software?

What happens if you dissemble the battery located on the Mother-Board?

How do L1, L2, and L3 work?

How should we install RAM on a Dual-Channel Motherboard?

What is the advantage of serial over parallel bus?

Is USB using serial or parallel bus? What about Firewire?



How much power is supplied to each USB port?

When should you change your bus-powered USB hub to a self-powered USB hub?

What is a UPS?

What is the difference between standby and online UPS?

What is LBA (in Hard-Disks)?

How many Hard Disks can you install on an E-IDE controller?

Can you configure two hard disks to use the Master setting on thesame PC?

What is the difference between Narrow-SCSI and Wide-SCSI?

What is SAS?

What are the three main reasons for using RAID?

Is RAID 0 considered to be a redundant Solution? Why?

How many disks can be used for RAID 1?

How RAID 5 works?

What is the smallest number of disks required for RAID5?

What other types of RAID do you know?



What are the six steps for laser printing?

What is the difference between PCI-EX x1 and PCI-EX x16?

Microsoft-based Operating Systems

What is the difference between a workgroup and a domain?

What are the major advantages of working in a domain model?

What types of operating system installation methods do you know?

What is an answer file?

How would you create an answer file for Windows XP? How wouldyou create one for Windows Vista?

How do you perform an unattended installation on Windows XP?

What is Sysprep?

How do you use Sysprep?

What is the major difference between Newsid and Sysprep?

What is the function of the pagefile.sys file?

What is the function of the hiberfil.sys file?

What is the Registry?



How can you edit the Registry? Name at least 3 ways of doing that.

What should you do if you receive a message stating: "Thefollowing file is missing or corrupt:'WINDOWS'SYSTEM32'CONFIG'SYSTEM"?

How would you repair an unsuccessful driver update?

When should you use each of the fallowing tools: System Restore,LKGC and Recovery Console?

How do you set different print priority for different users?

How can you reset user's passwords if you don't know his currentpassword?

What's the difference between changing a user's password andresetting it?

You want to grant a user the right to perform backups – should youadd him to the administrators group?

What is MMC?

What is gpedit.msc?

How would you use the MMC to manage other servers on yournetwork?

You set a local policy for your Stand-alone XP Professional – wouldthe local policy effects the administrators group?

What new in the Windows Vista Local Policy?



What is the difference between User Privileges and UserPermissions?

What is Safe Mode?

Which logs can be found in Event Viewer?

What is msconfig? On which OS can it be found?

Can you upgrade XP Home Edition to Server 2003?

Which permission will you grant a user for a folder he need to beable to create and delete files in, if you do not want him to be ableto change permissions for the folder?

What is the difference between clearing the "allow" permission andchecking the "deny"?

Networking

What is a NIC?

What is a MAC Address?

When would you use a crosslink cable?

What are the main advantages and disadvantages of Fiber-Optic-based networks?

What is the difference between a Hub and a Switch?

On which OSI layer can a router be found?



What is CSMA/CD?

What is multicast?

What is Broadcast?

What is the difference between TCP and UDP?

Describe some of the settings that are added by TCP and by UDP tothe packet's header.

What are TCP Ports? Name a few.

What is a TCP Session?

What three elements make up a socket?

What will happen if you leave the default gateway informationempty while manually configuring TCP/IP?

What will happen if you execute the following command: "arp –d *"?

What is ICMP?

When would you use the ping command with the "-t" switch?

What command-line tool would help you discover for which portnumbers your computer is listening?

What is APIPA? How would you recognize it?

What is a Cyclic Redundancy Check?



What would you type in at a command prompt to view the IPsettings for the computer that you are sitting at?

What command would you type in at a command prompt to viewthe IP address of the remote computer?

What is the W Value for class B?

What is the Net ID of an IP Address of 18.9.25.3 with Subnet Mask of 255.0.0.0?

What is CIDR?

What is 255.255.255.255 used for?

What is the maximum number of hosts for a Class B Network?

What is the (default) class type of 195.152.12.1?

What is the subnet mask for 10.0.10.1/17?

What is the result when changing from a subnet mask of 255.255.224.0 to a subnet mask of 255.255.240.0?

How can you access a shared folder from a remote computer?Name at least 3 methods.