1 : OSI layers name, functions, protocal use in those layers

We’ll describe OSI layers “top down” from the application layer that directly serves the end
user, down to the physical layer.
7. Application Layer
The application layer is used by end-user software such as web browsers and email clients. It
provides protocols that allow software to send and receive information and present meaningful
data to users. A few examples of application layer protocols are the Hypertext Transfer Protocol
(HTTP), File Transfer Protocol (FTP), Post Office Protocol (POP), Simple Mail Transfer Protocol
(SMTP), and Domain Name System (DNS).
6. Presentation Layer
The presentation layer prepares data for the application layer. It defines how two devices
should encode, encrypt, and compress data so it is received correctly on the other end. The
presentation layer takes any data transmitted by the application layer and prepares it for
transmission over the session layer
5. Session Layer
The session layer creates communication channels, called sessions, between devices. It is
responsible for opening sessions, ensuring they remain open and functional while data is being
transferred, and closing them when communication ends. The session layer can also set
checkpoints during a data transfer—if the session is interrupted, devices can resume data
transfer from the last checkpoint.
4. Transport Layer
The transport layer takes data transferred in the session layer and breaks it into “segments” on
the transmitting end. It is responsible for reassembling the segments on the receiving end,
turning it back into data that can be used by the session layer. The transport layer carries out
flow control, sending data at a rate that matches the connection speed of the receiving device,
and error control, checking if data was received incorrectly and if not, requesting it again.
3. Network Layer
The network layer has two main functions. One is breaking up segments into network packets,
and reassembling the packets on the receiving end. The other is routing packets by discovering
the best path across a physical network. The network layer uses network addresses (typically
Internet Protocol addresses) to route packets to a destination node.
2. Data Link Layer
The data link layer establishes and terminates a connection between two physically-connected
nodes on a network. It breaks up packets into frames and sends them from source to
destination. This layer is composed of two parts—Logical Link Control (LLC), which identifies
network protocols, performs error checking and synchronizes frames, and Media Access
Control (MAC) which uses MAC addresses to connect devices and define permissions to
transmit and receive data.
1. Physical Layer
The physical layer is responsible for the physical cable or wireless connection between network
nodes. It defines the connector, the electrical cable or wireless technology connecting the
devices, and is responsible for transmission of the raw data, which is simply a series of 0s and
1s, while taking care of bit rate control

2 : ARP, RARP
Ans:-

Whereas RARP stands for

ARP stands for Address Reverse Address Resolution
1. Resolution Protocol. Protocol.

Whereas through RARP, (48-

Through ARP, (32-bit) IP bit) MAC address of 48 bits
address mapped into (48-bit) mapped into (32-bit) IP
2. MAC address. address.

In ARP, broadcast MAC While in RARP, broadcast IP

3. address is used. address is used.

While in RARP, RARP table

In ARP, ARP table is managed is managed or maintained by
4. or maintained by local host. RARP server.

While in RARP, IP address is

In Address Resolution
fetched.
Protocol, Receiver’s MAC
s
5. address is fetched.

While in RARP, RARP table

uses RARP reply for
In ARP, ARP table uses ARP configuration of IP addresses
6. reply for its updation. .
 Hosts and routers uses ARP
for knowing the MAC address
of other hosts and routers in While RARP is used by small
7. the networks. users having less facilities.

3. Define IP headers nad explain with diagram

Ans:-
An IP header is a prefix to an IP packet that contains information about the IP version,
length of the packet, source and destination IP addresses, etc. It consists of the
following fields:

Here is a description of each field:

• Version – the version of the IP protocol. For IPv4, this field has a value of 4.
• Header length – the length of the header in 32-bit words. The minumum value is
20 bytes, and the maximum value is 60 bytes.
• Priority and Type of Service – specifies how the datagram should be handled.
The first 3 bits are the priority bits.
• Total length – the length of the entire packet (header + data). The minimum
length is 20 bytes, and the maximum is 65,535 bytes.
• Identification – used to differentiate fragmented packets from different
datagrams.
• Flags – used to control or identify fragments.
• Fragmented offset – used for fragmentation and reassembly if the packet is too
large to put in a frame.
• Time to live – limits a datagram’s lifetime. If the packet doesn’t get to its
destination before the TTL expires, it is discarded.
• Protocol – defines the protocol used in the data portion of the IP datagram. For
example, TCP is represented by the number 6 and UDP by 17.
• Header checksum – used for error-checking of the header. If a packet arrives at
a router and the router calculates a different checksum than the one specified in
this field, the packet will be discarded.
• Source IP address – the IP address of the host that sent the packet.
• Destination IP address – the IP address of the host that should receive the
packet.
• Options – used for network testing, debugging, security, and more. This field is
usually empty.
4 : What is Subnet?
Ans:-
A subnetwork or subnet is a logical subdivision of an IP network. The practice of dividing a
network into two or more networks is called subnetting.
Computers that belong to the same subnet are addressed with an identical most-significant bit-
group in their IP addresses. This results in the logical division of an IP address into two fields:
the network number or routing prefix and the rest field or host identifier. The rest field is an
identifier for a specific host or network interface.
The routing prefix may be expressed in Classless Inter-Domain Routing (CIDR) notation written
as the first address of a network, followed by a slash character (/), and ending with the bit-
length of the prefix. For example, 198.51.100.0/24 is the prefix of the Internet Protocol version
4 network starting at the given address, having 24 bits allocated for the network prefix, and the
remaining 8 bits reserved for host addressing. Addresses in the range 198.51.100.0 to
198.51.100.255 belong to this network. The IPv6 address specification 2001:db8::/32 is a large
address block with 296 addresses, having a 32-bit routing prefix.

5 : What is nat? And types of nat

Ans:-
To access the Internet, one public IP address is needed, but we can use a private IP address in
our private network. The idea of NAT is to allow multiple devices to access the Internet through
a single public address. To achieve this, the translation of a private IP address to a public IP
address is required. Network Address Translation (NAT) is a process in which one or more local
IP address is translated into one or more Global IP address and vice versa in order to provide
Internet access to the local hosts. Also, it does the translation of port numbers i.e. masks the
port number of the host with another port number, in the packet that will be routed to the
destination. It then makes the corresponding entries of IP address and port number in the NAT
table. NAT generally operates on a router or firewall.
There are 3 ways to configure NAT:
Static NAT – In this, a single unregistered (Private) IP address is mapped with a legally
registered (Public) IP address i.e one-to-one mapping between local and global addresses. This
is generally used for Web hosting. These are not used in organizations as there are many
devices that will need Internet access and to provide Internet access, a public IP address is
needed.
Dynamic NAT – In this type of NAT, an unregistered IP address is translated into a registered
(Public) IP address from a pool of public IP addresses. If the IP address of the pool is not free,
then the packet will be dropped as only a fixed number of private IP addresses can be
translated to public addresses.

Port Address Translation (PAT) – This is also known as NAT overload. In this, many local
(private) IP addresses can be translated to a single registered IP address. Port numbers are used
to distinguish the traffic i.e., which traffic belongs to which IP address. This is most frequently
used as it is cost-effective as thousands of users can be connected to the Internet by using only
one real global (public) IP address.
6 : What is VPN and how it's works?
Ans:-
VPN stands for "Virtual Private Network" and describes the opportunity to establish a
protected network connection when using public networks. VPNs encrypt your internet traffic
and disguise your online identity. This makes it more difficult for third parties to track your
activities online and steal data. The encryption takes place in real time.
How does a VPN work?
A VPN hides your IP address by letting the network redirect it through a specially configured
remote server run by a VPN host. This means that if you surf online with a VPN, the VPN server
becomes the source of your data. This means your Internet Service Provider (ISP) and other
third parties cannot see which websites you visit or what data you send and receive online. A
VPN works like a filter that turns all your data into "gibberish". Even if someone were to get
their hands on your data, it would be useless

7 : What is tunneling and what is encapsulation in tunneling ?

Ans:-

in networking, tunnels are a method for transporting data across a network using protocols that
are not supported by that network. Tunneling works by encapsulating packets: wrapping packets
inside of other packets. (Packets are small pieces of data that can be re-assembled at their
destination into a larger file.)

Encapsulation in tunneling

Data traveling over a network is divided into packets. A typical packet has two parts: the
header, which indicates the packet's destination and which protocol it uses, and the
payload, which is the packet's actual contents.

An encapsulated packet is essentially a packet inside another packet. In an encapsulated

packet, the header and payload of the first packet goes inside the payload section of the
surrounding packet. The original packet itself becomes the payload.

8 : What are the different type protocols used by VPN?

Ans:-

Types of Virtual Private Network (VPN) Protocols:

1. Internet Protocol Security (IPSec):

Internet Protocol Security, known as IPSec, is used to secure Internet
communication across an IP network. IPSec secures Internet Protocol
communication by verifying the session and encrypts each data packet during the
connection.

IPSec runs in 2 modes:

• (i) Transport mode

• (ii) Tunneling mode

The work of transport mode is to encrypt the message in the data packet and the
tunneling mode encrypts the whole data packet. IPSec can also be used with other
security protocols to improve the security system.

2. Layer 2 Tunneling Protocol (L2TP):

L2TP or Layer 2 Tunneling Protocol is a tunneling protocol that is often combined
with another VPN security protocol like IPSec to establish a highly secure VPN
 connection. L2TP generates a tunnel between two L2TP connection points and
IPSec protocol encrypts the data and maintains secure communication between
the tunnel.

3. Point–to–Point Tunneling Protocol (PPTP):

PPTP or Point-to-Point Tunneling Protocol generates a tunnel and confines the
data packet. Point-to-Point Protocol (PPP) is used to encrypt the data between
the connection. PPTP is one of the most widely used VPN protocol and has been
in use since the early release of Windows. PPTP is also used on Mac and Linux
apart from Windows.

4. SSL and TLS:

SSL (Secure Sockets Layer) and TLS (Transport Layer Security) generate a VPN
connection where the web browser acts as the client and user access is
prohibited to specific applications instead of entire network. Online shopping
websites commonly uses SSL and TLS protocol. It is easy to switch to SSL by web
browsers and with almost no action required from the user as web browsers
come integrated with SSL and TLS. SSL connections have “https” in the initial of
the URL instead of “http”.

5. OpenVPN:
OpenVPN is an open source VPN that is commonly used for creating Point-to-
Point and Site-to-Site connections. It uses a traditional security protocol based on
SSL and TLS protocol.
6. Secure Shell (SSH):
Secure Shell or SSH generates the VPN tunnel through which the data transfer
occurs and also ensures that the tunnel is encrypted. SSH connections are
generated by a SSH client and data is transferred from a local port on to the
remote server through the encrypted tunnel.
9 : What is the difference between proxy and VPN?

Ans:-

S.NOVPN Proxy
VPN ensures encryption,
authentication and integrity Proxy does not ensure or
1. protection. provide any security.

Protocols used in VPN are Protocols used in Proxy are

PTTP (Point to point FTP (File transfer protocol),
tunneling protocol), L2TP SMTP (Simple mail transfer
(Layer 2 tunneling protocol) protocol) HTTP (Hyper Text
2. etc. Transfer Protocol) etc.

3. VPN works on firewall. Proxy works on browsers.

VPN stands for Virtual

Private Network. It simulate
a private network over It does not simulate a private
4. public network. network over public network.

Proxy uses the anonymous

network ID instead of actual IP
VPN does not hide the IP address of client (means it
5. address of client. hides the IP address of client).

VPN creates tunnel But proxy does not create

6. between end users. tunnel between end users.

VPN offers high amount of

7. security.
10 : What is SSL and how it's work?

Ans:-

Secure Sockets Layer (SSL) is a protocol for securing communication on the Internet. It
provides a way for enterprises to encrypt data before sending it to users, preventing third
parties from reading it while it’s in transit.

How SSL Works:-

SSL works through the use of public key cryptography. Public key cryptography uses
two keys – a private key and a public key – to transmit secure data between two
systems. These keys are essential to respectively decoding and encoding secure data.

Step-by-step, here’s how SSL works:

1. A user connects to an SSL-enabled service such as a website.

2. The user’s application requests the server’s public key in exchange for its own
public key. This public key exchange provides ways for both parties to encrypt
messages that only the other party can read.
3. When the user sends a message to the server, the application uses the server’s
public key to encrypt the message.
4. The server receives the user’s message and decrypts it using its private key.
Messages sent back to the browser are encrypted in a similar way using a public
key generated by the user’s application.

11 :What is IP Address and Types of IP address ?

Ans:- An Internet Protocol address (IP address) is a numerical label such as 192.0.2.1 that is
connected to a computer network that uses the Internet Protocol for communication. An IP
address serves two main functions: network interface identification and location addressing.

Internet Protocol version 4 (IPv4) defines an IP address as a 32-bit number. However,

because of the growth of the Internet and the depletion of available IPv4 addresses, a
new version of IP (IPv6), using 128 bits for the IP address, was standardized in 1998. IPv6
deployment has been ongoing since the mid-2000s
IP Address Types:

There are 4 types of IP Addresses- Public, Private, Fixed, and Dynamic. Among them,
public and private addresses are derived from their local network location, which should
be used within the network while public IP is used offline.

Public IP address–

A public IP address is an Internet Protocol address, encrypted by various servers/devices.

That’s when you connect these devices with your internet connection. This is the same IP
address we show on our homepage. So why the second page? Well, not all people
speak the IP language. We want to make it as easy as possible for everyone to get the
information they need. Some even call this their external IP address. A public Internet
Protocol address is an Internet Protocol address accessed over the Internet.

Private IP address–

Everything that connects to your Internet network has a private IP address. This includes
computers, smartphones, and tablets but also any Bluetooth-enabled devices such as
speakers, printers, or smart TVs. With the growing internet of things, the number of
private IP addresses you have at home is likely to increase. Your router needs a way to
identify these things separately, and most things need a way to get to know each other.
Therefore, your router generates private IP addresses that are unique identifiers for each
device that separates the network.

Static IP Address–

A static IP address is an invalid IP address. Conversely, a dynamic IP address will be

provided by the Dynamic Host Configuration Protocol (DHCP) server, which can change.
The Static IP address does not change but can be changed as part of normal network
management.

Static IP addresses are incompatible, given once, remain the same over the years. This
type of IP also helps you get more information about the device.

Dynamic IP address–
It means constant change. A dynamic IP address changes from time to time and is not
always the same. If you have a live cable or DSL service, you may have a strong IP
address. Internet Service Providers (provide customers with dynamic IP addresses
because they are too expensive. Instead of one permanent IP address, your IP address is
taken out of the address pool and assigned to you. After a few days, weeks, or
sometimes even months, that number is returned to the lake and given a new number.
Most ISPs will not provide a static IP address to customers who live there and when they
do, they are usually more expensive. Dynamic IP addresses are annoying, but with the
right software, you can navigate easily and for free

12. 3 Way hand-shaking ACK, SYN-ACK, SYN

ANS:-

• Step 1 (SYN): In the first step, the client wants to establish a connection with a server, so it
sends a segment with SYN(Synchronize Sequence Number) which informs the server that the
client is likely to start communication and with what sequence number it starts segments with

• Step 2 (SYN + ACK): Server responds to the client request with SYN-ACK signal bits
set. Acknowledgement(ACK) signifies the response of the segment it received and SYN signifies
with what sequence number it is likely to start the segments with

• Step 3 (ACK): In the final part client acknowledges the response of the server and they both
establish a reliable connection with which they will start the actual data transfer
13. ROUTER VS SWITCH

Switch Router

It connects multiple It connects multiple

networked devices in the switches & their
network. corresponding networks.

It works on the data link It works on the network

layer of the OSI model. layer of the OSI model.

It is used within a LAN. It can be used in LAN or

MAN.

A switch cannot perform A router can perform

NAT or Network Address Network Address
Translation. Translation.

The switch takes more time A router can take a routing

while making complicated decision much faster than a
routing decisions. switch.

It provides only port It provides security

security. measures to protect the
network from security
threats.

It comes in the category of It is known as an Intelligent

semi-Intelligent devices. network device.

It works in either half or It works in the full-duplex

full-duplex transmission transmission mode.
mode. However, we can change it
manually to work on half-
duplex mode.

It sends information from It sends information from

one device to another in one network to another
the form of Frames (for L2 network in the form of data
switch) and the form of packets.
packets (for L3 switch).
 Switches can only work Routers can work with both
with the wired network. wired & wireless networks.

Switches are available with A router contains two ports

different ports, such as 8, by default, such as Fast
16, 24, 48, and 64. Ethernet Port. But we can
also add the serial ports
explicitly.

It uses the CAM (Content It uses the routing table to

Addressable Memory) get the best route for the
table for the source and destination IP.
destination MAC address.

14. DHCP and its significant IP allocation

Dynamic Host Configuration Protocol (DHCP) is a network management protocol used to

automate the process of configuring devices on IP networks, thus allowing them to use network
services such as DNS, NTP, and any communication protocol based on UDP or TCP. A DHCP
server dynamically assigns an IP address and other network configuration parameters to each
device on a network so they can communicate with other IP networks. DHCP is an
enhancement of an older protocol called BOOTP. DHCP is an important part of the DDI
solution (DNS-DHCP-IPAM).
15. what is a firewall? Explain its types
A Firewall is a security solution for the computers or devices that are connected
to a network, they can be either in form of hardware as well as in form of
software. It monitors and controls the incoming and outgoing traffic (the amount
of data moving across a computer network at any given time ).
The major purpose of the network firewall is to protect an inner network by
separating it from the outer network. Inner Network can be simply called a
network created inside an organization and a network that is not in the range of
inner network can be considered as Outer Network.
Types of Network Firewall :
1. Packet Filters –
It is a technique used to control network access by monitoring outgoing and
incoming packets and allowing them to pass or halt based on the source
and destination Internet Protocol (IP) addresses, protocols, and ports. This
firewall is also known as a static firewall.

2. Stateful Inspection Firewalls –

It is also a type of packet filtering which is used to control how data packets
move through a firewall. It is also called dynamic packet filtering. These
firewalls can inspect that if the packet belongs to a particular session or
not. It only permits communication if and only if, the session is perfectly
established between two endpoints else it will block the communication.

3. Application Layer Firewalls –

These firewalls can examine application layer (of OSI model) information
like an HTTP request. If finds some suspicious application that can be
responsible for harming our network or that is not safe for our network
then it gets blocked right away.

4. Next-generation Firewalls –
These firewalls are called intelligent firewalls. These firewalls can perform
all the tasks that are performed by the other types of firewalls that we
 learned previously but on top of that, it includes additional features like
application awareness and control, integrated intrusion prevention, and
cloud-delivered threat intelligence.

5. Circuit-level gateways –
A circuit-level gateway is a firewall that provides User Datagram Protocol
(UDP) and Transmission Control Protocol (TCP) connection security and
works between an Open Systems Interconnection (OSI) network model’s
transport and application layers such as the session layer.

6. Software Firewall –
The software firewall is a type of computer software that runs on our
computers. It protects our system from any external attacks such as
unauthorized access, malicious attacks, etc. by notifying us about the
danger that can occur if we open a particular mail or if we try to open a
website that is not secure.

7. Hardware Firewall –
A hardware firewall is a physical appliance that is deployed to enforce a
network boundary. All network links crossing this boundary pass-through
this firewall, which enables it to perform an inspection of both inbound and
outbound network traffic and enforce access controls and other security
policies.

8. Cloud Firewall –
These are software-based, cloud-deployed network devices. This cloud-
based firewall protects a private network from any unwanted access. Unlike
traditional firewalls, a cloud firewall filters data at the cloud level.

Working of Firewalls :
Firewalls can control and monitor the amount of incoming or outgoing traffic of
our network. The data that comes to our network is in the forms of packets(a
small unit of data), it is tough to identify whether the packet is safe for our
network or not, this gives a great chance to the hackers and intruders to bombard
our networks with various viruses, malware, spam, etc.
16. Explain IDS/IPS and its types
Intrusion detection is the process of monitoring the events occurring in your
network and analyzing them for signs of possible incidents, violations, or
imminent threats to your security policies. Intrusion prevention is the process of
performing intrusion detection and then stopping the detected incidents. These
security measures are available as intrusion detection systems (IDS) and intrusion
prevention systems (IPS), which become part of your network to detect and stop
potential incidents.
Types of IDS:-
1. Network Intrusion Detection System (NIDS):
Network intrusion detection systems (NIDS) are set up at a planned point
within the network to examine traffic from all devices on the network. It
performs an observation of passing traffic on the entire subnet and
matches the traffic that is passed on the subnets to the collection of known
attacks. Once an attack is identified or abnormal behavior is observed, the
alert can be sent to the administrator. An example of a NIDS is installing it
on the subnet where firewalls are located in order to see if someone is
trying to crack the firewall.
2. Host Intrusion Detection System (HIDS):
Host intrusion detection systems (HIDS) run on independent hosts or
devices on the network. A HIDS monitors the incoming and outgoing
packets from the device only and will alert the administrator if suspicious or
malicious activity is detected. It takes a snapshot of existing system files
and compares it with the previous snapshot. If the analytical system files
were edited or deleted, an alert is sent to the administrator to investigate.
An example of HIDS usage can be seen on mission-critical machines, which
are not expected to change their layout.
3. Protocol-based Intrusion Detection System (PIDS):
Protocol-based intrusion detection system (PIDS) comprises a system or
 agent that would consistently resides at the front end of a server,
controlling and interpreting the protocol between a user/device and the
server. It is trying to secure the web server by regularly monitoring the
HTTPS protocol stream and accept the related HTTP protocol. As HTTPS is
un-encrypted and before instantly entering its web presentation layer then
this system would need to reside in this interface, between to use the
HTTPS.
4. Application Protocol-based Intrusion Detection System (APIDS):
Application Protocol-based Intrusion Detection System (APIDS) is a system
or agent that generally resides within a group of servers. It identifies the
intrusions by monitoring and interpreting the communication on
application-specific protocols. For example, this would monitor the SQL
protocol explicit to the middleware as it transacts with the database in the
web server.
5. Hybrid Intrusion Detection System :
Hybrid intrusion detection system is made by the combination of two or
more approaches of the intrusion detection system. In the hybrid intrusion
detection system, host agent or system data is combined with network
information to develop a complete view of the network system. Hybrid
intrusion detection system is more effective in comparison to the other
intrusion detection system. Prelude is an example of Hybrid IDS.
Types of IPS:-
1. Network-based intrusion prevention system (NIPS):
It monitors the entire network for suspicious traffic by analyzing protocol
activity.

2. Wireless intrusion prevention system (WIPS):

It monitors a wireless network for suspicious traffic by analyzing wireless
networking protocols.

3. Network behavior analysis (NBA):

It examines network traffic to identify threats that generate unusual traffic
 flows, such as distributed denial of service attacks, specific forms of
malware and policy violations.

4. Host-based intrusion prevention system (HIPS):

It is an inbuilt software package which operates a single host for doubtful
activity by scanning events that occur within that host.

17. What is DNS Spoofing and how it works?

DNS poisoning, also known as DNS cache poisoning or DNS spoofing, is a highly
deceptive cyber attack in which hackers redirect web traffic toward fake web
servers and phishing websites. These fake sites typically look like the user’s
intended destination, making it easy for hackers to trick visitors into sharing
sensitive information.

Every device and server has a unique internet protocol (IP) address, which is a series of
numbers used as identifiers in communications. Every website has a domain name (e.g.
www.keyfactor.com) that sits on top of that to make it easy for internet users to visit the
websites they want. The domain name system (aka DNS) then maps the domain name
that users enter to the appropriate IP address to properly route their traffic, all of which
gets handled through DNS servers.

DNS poisoning takes advantage of weaknesses in this process to redirect traffic to an

illegitimate IP address. Specifically, hackers gain access to a DNS server so that they
can adjust its directory to point the domain name users enter to a different, incorrect IP
address.
Once someone gains access to a DNS server and begins redirecting traffic, they are
engaging in DNS spoofing. DNS cache poisoning takes this one step further. When
DNS cache poisoning happens, a user’s device places the illegitimate IP address in its
cache (aka memory). This means that the device will automatically direct the user to the
illegitimate IP address — even after the issue is resolved.

The biggest weakness that allows this type of attack to occur is the fact that the entire
system for routing web traffic was built more for scale than for security. The current
process is built on what’s called the User Datagram Protocol (UDP), a process that
does not require senders or recipients to verify they are ready to communicate or verify
who they are. This vulnerability allows hackers to fake identity information (which
requires no additional verification) and step into the process to start redirecting DNS
servers.

While this is absolutely an enormous vulnerability, it is not as simple as it sounds. To

pull this off effectively, a hacker must respond to a request within a few milliseconds
before the legitimate source kicks in and include in their response detailed information
like the port the DNS resolver is using and the request ID number.