Computer Networking

Ethernet is the traditional technology for connecting devices in a wired local area network (LAN) or wide area network (WAN). It defines the physical cables, the electronic signals, and the protocols used at the Physical and Data Link layers of the OSI model.

Key characteristics of modern Ethernet include:

• Cabling: It most commonly uses twisted-pair cables (like Cat5e, Cat6) with an RJ45 connector.
• Addressing: It uses MAC addresses for device identification at Layer 2.
• Speed: Ethernet standards have evolved significantly, from the original 10 Mbps to Fast Ethernet (100 Mbps), Gigabit Ethernet (1 Gbps), and now 10 Gbps and beyond.
• Topology: Modern Ethernet networks exclusively use a star topology with switches as the central connecting devices.

A checksum is a small-sized block of data derived from a larger block of digital data for the purpose of detecting errors that may have been introduced during its transmission or storage.

The sender calculates a checksum value based on the content of the data packet and includes this value in the packet's header (e.g., in the TCP, UDP, and IP headers).

When the receiver gets the packet, it performs the exact same calculation on the received data. It then compares its calculated checksum with the checksum value included in the header.

• If the two values match, the data is assumed to be error-free.
• If they do not match, the receiver knows the data has been corrupted in transit and discards the packet. (TCP would then trigger a retransmission).

A port scan is a technique used to probe a server or host for open ports. This is a common reconnaissance technique used by attackers to identify active services and potential vulnerabilities on a target system.

The attacker sends connection requests to a range of ports on the target machine. Based on the responses, they can determine:

• Open Ports: A service is listening on this port and it responded. This indicates a potential entry point.
• Closed Ports: The port is accessible, but no service is running on it.
• Filtered Ports: The request was blocked by a firewall, so the attacker cannot tell if the port is open or closed.

While administrators use port scanning for network security audits, it is often a precursor to a cyber-attack.

This is a classic, comprehensive question that tests knowledge across the entire network stack. Here is a simplified step-by-step summary:

1. Browser Check Cache: The browser first checks its own cache, then the OS cache, to see if it already has the IP address for google.com.
2. DNS Lookup: If not found in cache, the browser initiates a DNS query to find the IP address. This involves querying recursive DNS servers, which in turn may query root, TLD, and authoritative name servers as described previously.
3. TCP Handshake: Once the browser has the IP address, it establishes a TCP connection with the Google server on port 443 (for HTTPS). This involves the three-way handshake (SYN, SYN-ACK, ACK).
4. TLS Handshake: Over the established TCP connection, a TLS handshake occurs to set up a secure, encrypted channel. This involves exchanging certificates and cryptographic keys.
5. HTTP Request: The browser sends an encrypted HTTP GET request to the server, asking for the content of the Google homepage. The request includes headers with information like the browser type, cookies, etc.
6. Server Processing: The Google server receives the request, processes it (which may involve load balancing and querying backend services), and formulates an HTTP response.
7. HTTP Response: The server sends back an HTTP response. The response includes a status code (e.g., 200 OK) and the content of the page (HTML, CSS, JavaScript).
8. Rendering: The browser receives the response, and its rendering engine starts parsing the HTML to build the Document Object Model (DOM). It then parses CSS and JavaScript, makes further requests for other resources like images and scripts, and finally renders the complete, interactive webpage for the user to see.

These are two major classes of Interior Gateway Protocols (IGPs). Their primary difference is in how they gather and share routing information.

Software-Defined Networking (SDN) is a network architecture approach that separates the network's control plane from its data plane.

• The Data Plane (or Forwarding Plane) is the part of the router or switch that physically forwards the traffic (packets).
• The Control Plane is the part that contains the logic and makes decisions about where traffic should be sent.

In traditional networking, these two planes are tightly integrated within each device. In SDN, the control plane is centralized into a software-based SDN Controller. The controller communicates with the forwarding devices using APIs (like OpenFlow) to tell them how to handle traffic.

Benefits:

• Centralized Management: The entire network can be managed and configured from a single point.
• Programmability: Network behavior can be programmed and automated, allowing for rapid changes and deployment of new services.
• Agility & Flexibility: It allows for dynamic, on-demand resource allocation and traffic engineering.

Both are virtual firewalls used to control traffic, but they operate at different levels and in different ways.

MTU (Maximum Transmission Unit) is the size of the largest data packet that a network-connected device can transmit. The standard MTU for Ethernet is 1500 bytes.

Fragmentation is the process of breaking up a single IP packet into smaller units (fragments) if it is larger than the MTU of a link it needs to traverse.

For example, if a router receives a 1500-byte packet but needs to send it over a link with an MTU of 1400 bytes (e.g., a VPN tunnel that adds its own headers), the router must fragment the packet into two or more smaller packets. The fragments are then reassembled at the final destination host.

Fragmentation is generally undesirable because:

• It increases CPU overhead on routers and the destination host.
• It can be blocked by firewalls for security reasons.
• If any single fragment is lost, the entire original packet must be retransmitted.

BGP (Border Gateway Protocol) is the standardized Exterior Gateway Protocol (EGP) designed to exchange routing and reachability information among different Autonomous Systems (AS) on the Internet.

An AS is a large network or group of networks under a single administrative control (e.g., an ISP, a large tech company). BGP is the protocol that essentially holds the entire Internet together by managing how traffic is routed between these massive networks.

Unlike IGPs like OSPF that focus on finding the fastest path, BGP makes routing decisions based on paths, network policies, and a set of configured rules and attributes. It is highly scalable and robust.

This is a common issue that requires a systematic, layered approach to diagnose.

1. Isolate the Scope:
   • Is it just this user or multiple users?
   • Is it slow for all websites or just one specific site?
   • When did the problem start?
2. Check the User's Machine:
   • Run a speed test (e.g., speedtest.net) to get a baseline measurement.
   • Check the Task Manager or Activity Monitor for processes consuming high CPU, memory, or network resources.
   • Check for malware with an antivirus scan.
3. Test Local Network Connectivity:
   • Run ping <default_gateway> to check latency to the local router. High latency points to a local network issue.
   • Run ping 8.8.8.8 (Google's DNS) to check latency to the internet. If this is slow but the gateway ping is fast, the problem is likely with the internet connection itself.
   • Run traceroute 8.8.8.8 to identify where the latency is increasing along the path.
4. Investigate Network Infrastructure:
   • Check the physical connection (cable, Wi-Fi signal strength).
   • Check the switch port for errors or high utilization.
   • Check the firewall and router for high CPU utilization or bandwidth saturation on the WAN interface.
5. Contact the ISP: If all internal factors check out and latency to external sites is high, the issue is likely with the Internet Service Provider. Provide them with the data you've collected (ping times, traceroute results).