1-What is OSI Model

o OSI stands for Open System Interconnection is a reference model that describes how
information from a software application in one computer moves through a physical
medium to the software application in another computer.
o OSI consists of seven layers, and each layer performs a particular network function.

There are the seven OSI layers. Each layer has different functions. A list of seven layers are
given below:

1. Physical Layer
2. Data-Link Layer
3. Network Layer
4. Transport Layer
5. Session Layer
6. Presentation Layer
7. Application Layer

2- Explain TCP/IP model

o The TCP/IP model was developed prior to the OSI model.

TCP/IP stands for Transmission Control Protocol/Internet Protocol. This model consists of four layers

1. Application Layer: This layer is responsible for providing network services directly to
end-users or applications. It includes protocols like HTTP (Hypertext Transfer
Protocol), SMTP (Simple Mail Transfer Protocol), and FTP (File Transfer Protocol),
DNS(Domain Name System), TELNET(TELecommunications NETwork).
2. Transport Layer: It provides reliable delivery of messages from process to process.
It ensures that messages are transmitted in the order in which they are send and

1
 there is no duplication of data.
Protocols used are TCP(Transmission Control protocol) and UDP (User Datagram
Protocol).

3. Network/Internet Layer: It is responsible for moving the packets from source to

destination.
It determines the best path to move from source to the destination based on the
network conditions and other factors.
Protocol used are IP and IPv6.
4. Network Access Layer: A network layer is the combination of the Physical layer and
Data Link layer defined in the OSI reference model.
It defines how the data should be sent physically through the network.
This layer is mainly responsible for the transmission of the data between two devices
on the same network.

3- What is Access Point?

An access point (AP) in computer networks refers to a device that allows wireless devices to connect
to a wired network. It acts as a bridge between wireless clients, such as laptops, smartphones, and
tablets, and the wired local area network (LAN). Access points are a fundamental component of
wireless networks, enabling the creation of Wi-Fi networks in homes, businesses, public places, and
various other settings.

4- In which layer are the Routers?

A router is a device like a switch that routes data packets based on their IP addresses. A router is
mainly a Network Layer device. Routers normally connect LANs and WANs together and have a
dynamically updating routing table based on which they make decisions on routing the data packets.
Router divide broadcast domains of hosts connected through it.

5-What are the different types of delays?

Types of Delays in Packet switching:

1. Transmission Delay
2. Propagation Delay
3. Queuing Delay
4. Processing Delay

1. Transmission Delay : Time taken to put a packet onto link. In other words, it is simply time
required to put data bits on the wire/communication medium. It depends on length of
packet and bandwidth of network.

2
 2. Propagation delay : Time taken by the first bit to travel from sender to receiver end of the
link. In other words, it is simply the time required for bits to reach the destination from the
start point. Factors on which Propagation delay depends are Distance and propagation
speed.
3. Queuing Delay : Queuing delay is the time a job waits in a queue until it can be executed. It
depends on congestion. It is the time difference between when the packet arrived
Destination and when the packet data was processed or executed.
4. Processing Delay : Processing delay is the time it takes routers to process the packet header.
Processing of packets helps in detecting bit-level errors that occur during transmission of a
packet to the destination. In simple words, it is just the time taken to process packets.

6- Explain Firewalls
A firewall is a network security device, either hardware or software-based, which monitors all
incoming and outgoing traffic and based on a defined set of security rules it accepts, rejects or drops
that specific traffic.

Accept : allow the traffic

Reject : block the traffic but reply with an “unreachable error”
Drop : block the traffic with no reply

A firewall establishes a barrier between secured internal networks and outside untrusted network,
such as the Internet.

Here are some common types of firewalls used in computer networking:

1. Packet Filtering Firewall: This is the most basic type of firewall that filters incoming
and outgoing packets based on predefined rules. It examines packets' source and
destination addresses, ports, and protocols to determine whether to allow or block
them.
2. Stateful Firewall (Stateful Inspection): Stateful firewalls maintain a table of active
connections and their state. They can make more intelligent decisions about which
packets to allow based on the context of the connection. They are aware of the state
of established connections and can track whether a packet is part of an existing
connection or a new one.
3. Proxy Firewall/ Application firewall: Proxy firewalls act as intermediate between a
user's device and the target server. They make requests on behalf of the user, hiding
the user's IP address. ()

3
 7- Differentiate between IPv4 and IPv6
Ipv4 Ipv6

Address length IPv4 is a 32-bit address. IPv6 is a 128-bit address.

Fields IPv4 is a numeric address that consists of 4 IPv6 is an alphanumeric address

fields which are separated by dot (.). that consists of 8 fields, which are
separated by colon.

Classes IPv4 has 5 different classes of IP address IPv6 does not contain classes of IP
that includes Class A, Class B, Class C, Class addresses.
D, and Class E.

Number of IP IPv4 has a limited number of IP addresses. IPv6 has a large number of IP
address addresses.

Security features In IPv4, security depends on the In IPv6, IPSEC is developed for
application. This IP address is not security purposes.
developed in keeping the security feature
in mind.

Address In IPv4, the IP address is represented in In IPv6, the representation of the IP

representation decimal. address in hexadecimal.

Encryption and It does not provide encryption and It provides encryption and
Authentication authentication. authentication.

Number of octets It consists of 4 octets. It consists of 8 octets.

8- Difference between Private and Public IP

addresses
Private IP address of a system is the IP address which is used to communicate within the same
network. Using private IP data or information can be sent or received within the same network.

Public IP address of a system is the IP address which is used to communicate outside the network.
Public IP address is basically assigned by the ISP (Internet Service Provider).

Difference between Private and Public IP address:

4
 PRIVATE IP ADDRESS PUBLIC IP ADDRESS

Scope is local. Scope is global.

It is used to communicate within the It is used to communicate outside the

network. network.

It works only in LAN. It is used to get internet service.

It is used to load network operating system. It is controlled by ISP.

It is available in free of cost. It is not free of cost.

Private IP can be known by entering Public IP can be known by searching

“ipconfig” on command prompt. “what is my ip” on google.

Example: 192.168.1.10 Example: 17.5.7.8

Example: Email Servers: Email servers

Example: Office Networks: Corporate offices send and receive emails across the
and workplaces use private IP addresses to internet. Each email server has a public IP
connect computers, printers, servers, and other address that other servers use to route
devices to a local network. emails to the correct destination.

Home Networks: In a typical home network, E-commerce Platforms: Online stores use
devices such as computers, smartphones, smart public IP addresses to serve their websites
TVs, and IoT devices are assigned private IP and process transactions securely over the
addresses. These devices communicate with internet.
each other over the local network

5
 9-Explain in detail 3 way Handshaking
Handshake refers to the process to establish connection between the client and server. Handshake is
simply defined as the process to establish a communication link. To transmit a packet, TCP needs a
three way handshake before it starts sending data.

SYN means synchronize Sequence Number and ACK means acknowledgment

Step 1: SYN
SYN is a segment sent by the client to the server. It acts as a connection request between the
client and server. It informs the server that the client wants to establish a connection.

Step 2: SYN-ACK
It is an SYN + ACK segment sent by the server. The ACK segment informs the client that the
server has received the connection request and it is ready to build the connection. The SYN
segment informs the sequence number with which the server is ready to start with the
segments.

Step 3: ACK
The ACK segment is sent by the client as the response of the received ACK and SYN from the server. It
results in the establishment of a reliable data connection.

6
 10-What is Cryptography and what are the
Encryption Methods?
Cryptography is an important aspect when we deal with network security. 'Crypto' means secret or
hidden. Cryptography is the science of secret writing with the intention of keeping the data secret.

1. Symmetric key cryptography - It involves usage of one secret key along with
encryption and decryption algorithms which help in securing the contents of the
message. The strength of symmetric key cryptography depends upon the number of
key bits. It is relatively faster than asymmetric key cryptography. There arises a key
distribution problem as the key has to be transferred from the sender to the receiver
through a secure channel.

2. Assymetric key cryptography - It is also known as public-key cryptography because it

involves usage of a public key along with the secret key. It solves the problem of key
distribution as both parties use different keys for encryption/decryption. It is not
feasible to use for decrypting bulk messages as it is very slow compared to

7
 symmetric key cryptography.

3. Hashing - It involves taking the plain-text and converting it to a hash value of fixed size
by a hash function. This process ensures the integrity of the message as the hash value
on both, sender\'s and receiver\'s side should match if the message is unaltered.

11- Explain DNS (Domain Name System.)

o It is an application layer protocol for message exchange between clients and servers.
o DNS is a hostname to IP address translation service.
o DNS is required for the functioning of the internet.

Requirement
Every host is identified by the IP address but remembering numbers is very difficult for the
people and also the IP addresses are not static therefore a mapping is required to change the
domain name to IP address. So, DNS is used to convert the domain name of the websites to
their numerical IP address.

8
 Domain :
There are various kinds of DOMAIN :

1. Generic domain : .com(commercial), .edu(educational), .mil(military), .org(non profit

organization), .net(similar to commercial) all these are generic domain.
2. Country domain .in (india), .us, .uk
3. Inverse domain if we want to know what is the domain name of the website. Ip to
domain name mapping. So DNS can provide both the mapping for example to find the
ip addresses of geeksforgeeks.org then we have to type :
“nslookup www.geeksforgeeks.org”

12- What happens when you type URL in your

browser?
1. URL is typed in the browser.
2. If the requested object is in the browser cache and is fresh, move on to Step 8.
3. DNS lookup to find the IP address of the server. Suppose we typed www.amazon.in,
then this URL is converted into corresponding IP address of the host using
DNS(Domain Name System).
4. Browser initiates a TCP connection with the server.
5. Browser sends an HTTP request to the server.
6. Server handles the incoming request
7. Browsers displays the html content
8. Client interaction with server

13- What is FTP? How is FTP different from

Secure FTP?
FTP stands for File Transfer Protocol. It is a protocol which is used to transfer the file from
one host to another host. But there may be some problems like different file name and
different file directory while sending and receiving the file in different hosts or systems. And
in FTP, a secure channel is not provided to transfer the files between the hosts or systems. It
is used in port no-21.

SFTP stands for Secure File Transfer Protocol. It is a protocol which provides the secure
channel, to transfer the file from one host to another host or systems. SFTP establishes the
control connection under SSH protocol and It is used in port no-22.

There are some difference between them which are given below:

9
S.NO FTP SFTP

SFTP stands for Secure File Transfer

1. FTP stands for File Transfer Protocol.
Protocol.

In FTP, secure channel is not provided In SFTP, secure channel is provided to

2.
to transfer the files between the hosts. transfer the files between the hosts.

FTP (File transfer protocol) usually runs SFTP (Secure File Transfer Protocol)
4.
on port no-21. runs on port no-22.

FTP establishes the connection under SFTP establishes the control

5.
TCP protocol. connection under SSH protocol.

FTP do not encrypt the data before SFTP, data is encrypted before
6.
sending. sending.

14- What is SMTP

o SMTP stands for Simple Mail Transfer Protocol.
o SMTP is a set of communication guidelines that allow software to transmit an
electronic mail over the internet is called Simple Mail Transfer Protocol.
o It is a program used for sending messages to other computer users based on e-mail
addresses.
o It provides a mail exchange between users on the same or different computers, and it
also supports:

10
 o It can send a single message to one or more recipients.
o Sending message can include text, voice, video or graphics.
o It can also send the messages on networks outside the internet.
o The main purpose of SMTP is used to set up communication rules between servers.
The servers have a way of identifying themselves and announcing what kind of
communication they are trying to perform. They also have a way of handling the errors
such as incorrect email address. For example, if the recipient address is wrong, then
receiving server reply with an error message of some kind.

15- Explain the Working of HTTP and HTTPs

Both of these are protocols using which the information of a particular website is exchanged
between Web Server and Web Browser. But what’s difference between these two? Well,
extra s is present in https and that makes it secure! What a difference :) A very short and
concise difference between http and https is that https is much more secure compared
to http.

Let us dig a little more.

HyperText Transfer Protocol (HTTP is a protocol using which hypertext is transferred over
the Web. Due to its simplicity, http has been the most widely used protocol for data transfer
over the Web but the data (i.e. hypertext) exchanged using http isn’t as secure as we would
like it to be. In fact, hyper-text exchanged using http goes as plain text i.e. anyone between
the browser and server can read it relatively easy if one intercepts this exchange of data.
But why do we need this security over the Web? Think of ‘Online shopping’ at Amazon or
Flipkart. You might have noticed that as soon as we click on the Check-out on these online
shopping portals, the address bar gets changed to use https. This is done so that the
subsequent data transfer (i.e. financial transaction etc.) is made secure. And that’s
why https was introduced so that a secure session is a setup first between Server and
Browser. In fact, cryptographic protocols such as SSL and/or TLS
turn http into https i.e. https = http + cryptographic protocols

Also, another syntactic difference between http and https is that http uses default port 80
while https uses default port 443. But it should be noted that this security in https is achieved at the
cost of processing time because Web Server and Web Browser needs to exchange encryption keys
using Certificates before actual data can be transferred.

Differences between HTTP and HTTPS

• In HTTP, URL begins with “http://” whereas URL starts with “https://”
• HTTP uses port number 80 for communication and HTTPS uses 443
• HTTP is considered to be unsecure and HTTPS is secure

11
 • HTTP Works at Application Layer and HTTPS works at Transport Layer
• In HTTP, Encryption is absent and Encryption is present in HTTPS
• HTTP does not require any certificates and HTTPS needs SSL Certificates

16- What are ports? What are the Port numbers of

some common protocols?
A port is basically a physical docking point which is basically used to connect the external devices to
the computer or we can say that A port act as an interface between computer and the external
devices, e.g., we can connect hard drives, printers to the computer with the help of ports.

Features of Computer ports:

• We can connect external devices to the computer with the help of ports and cables.
• These are basically slots on mother board where we connect external devices or we
can plugged in external devices through cables.
• Mouse, keyboards, printers, speakers are some of the example of external devices
that connected to the computer through ports.
1. FTP: Port number for FTP is 20 for data and 21 for control.
2. SMTP: Port number is 25.
3. DNS: Port number of is 53.

17- How to prevent SYN DDoS attack?

In the DDoS attack, the attacker tries to make a particular service unavailable by directing
continuous and huge traffic from multiple end systems. Due to this enormous traffic, the
network resources get utilised in serving requests of those false end systems such that, a
legitimate user is unable to access the resources for himself/herself.

How to prevent SYN DDoS attack?

Preventing DDoS attack is harder than DoS attacks because the traffic comes from multiple
sources and it becomes difficult to actually separate malicious hosts from the non-malicious
hosts. Some of the mitigation techniques that can be used are:

1. Blackhole routing - In blackhole routing, the network traffic is directed to a 'black

hole'. In this, both the malicious traffic and non-malicious traffic gets lost in the black
hole. This countermeasure is useful when the server is experiencing DDoS attack and
all the traffic is diverted for the upkeep of the network.
2. Rate limiting Rate limiting involves controlling the rate of traffic that is sent or
received by a network interface. It is efficient in reducing the pace of web scrapers as
well as brute-force login efforts. But, just rate limiting is unlikely to prevent compound
DDoS attacks.

12
 3. Blacklisting / whitelisting - Blacklisting is the mechanism of blocking the IP addresses,
URLs, domains names etc. mentioned in the list and allowing traffic from all other
sources. On the other hand, whitelisting refers to a mechanism of allowing all the IP
addresses, URLs, domain names etc. mentioned in the list and denying all other
sources the access to the resources of the network.

18- Difference between TCP and UDP Protocol

TCP UDP

Full form It stands for Transmission Control It stands for User Datagram
Protocol. Protocol.

Type of It is a connection-oriented protocol, It is a connectionless protocol,

connection which means that the connection needs which means that it sends the data
to be established before the data is without checking whether the
transmitted over the network. system is ready to receive or not.

Reliable TCP is a reliable protocol as it provides UDP is an unreliable protocol as it

assurance for the delivery of data does not take the guarantee for the
packets. delivery of packets.

Speed TCP is slower than UDP as it performs UDP is faster than TCP as it does not
error checking, flow control, and provides guarantee the delivery of data
assurance for the delivery of packets.

Acknowledgment TCP uses the three-way-handshake UDP does not wait for any
concept. In this concept, if the sender acknowledgment; it just sends the
receives the ACK, then the sender will data.
send the data. TCP also has the ability to
resend the lost data.

Flow control It follows the flow control mechanism in This protocol follows no such
mechanism which too many packets cannot be sent mechanism.
to the receiver at the same time.

Error checking TCP performs error checking by using a It does not perform any error
checksum. When the data is corrected, checking, and also does not resend
then the data is retransmitted to the the lost data packets.
receiver.

Applications This protocol is mainly used where a This protocol is used where fast
secure and reliable communication communication is required and does
process is required, like military services, not care about the reliability like VoIP,
web browsing, and e-mail. game streaming, video and music str

13