Susan
Ferdon,
EDTECH
552
SP11
Module 5, Assignment 4-1
4.1 Multiple Choice Questions:
1. Which transport layer protocol provides connection-oriented, reliable transport?
A. TFTP
B. UDP
C. Ethernet
D. TCP
E. Secure Shell
2. Which of the following are application layer protocols? Choose all that apply.
A. Ethernet
B. CDP
C. FTP
D. TFTP
E. Telnet
F. ARP
G. ICMP
H. ATM
3. Match the protocol with its port number:
A. FTP
20 (default data), 21 (control)
B. Telnet
23
C. TFTP (Trivial File Transfer)
69
D. DNS (domain Name Server)
53
E. SNMP (Simple Network Management Protocol)
161
F. SMTP (Simple Mail Transfer Protocol)
25
G. NTP (Network Time Protocol)
123
H. POP3 (Post Office Protocol)
110
I. http
80
4. Which protocols use TCP? Choose all that apply.
A. DNS
B. SNMP (UPD)
C. SMTP
D. FTP
E. TFTP (UPD)
F. POP3
5. Which port numbers are used by well-known protocols that use connectionless
transport?
A. 25
B. 53 (UDP and TCP)
C. 20
D. 69
Susan
Ferdon,
EDTECH
552
SP11
E. 161
F. 110
6. Which are elements of PAR? Choose all that apply.
A. Devices that collide must wait to retransmit.
B. The source device starts a timer for each segment and will retransmit
that segment if an
acknowledgment is not received before the timer expires.
C. Devices will broadcast for the hardware address of the receiver.
D. Source devices keep a record of all segments sent and expect an
acknowledgment for each one.
E. The receiving device will drop frames that it cannot buffer.
F. The receiving device will acknowledge receipt of a segment by sending
an acknowledgment indicating the next segment it expects.
7. Which layer of the TCP/IP model is responsible for interhost data movement, using
either connection-oriented or connectionless protocols?
A. Network
B. Internet
C. Transport
D. Network interface
E. Application
8. You notice an excessive number of pings on your network. What type of attack might
someone be doing on your network?
A. Reconnaissance attack
B. Denial of service attack
C. Access attack
D. Social engineering attack
9. What type of device is used to listen to all traffic on your network and automatically
configure your firewall or router to block an attack when it is matched against a
signature?
A. MARS
B. NAC
C. IPS
D. Anomaly Guard
10. Which of the following is a way to protect the confidentiality of your data?
A. Make a hash of each packet that can be verified when the packet is received.
B. Encrypt the payload of each packet.
C. Use rate limiting to prevent an excessive number of packets.
D. Install the latest patches to protect against worms and viruses.
Susan
Ferdon,
EDTECH
552
SP11
4.2 Identifying Collision and Broadcast Domains
**Please post your circled pictures on the bulletin board with explanation. **
Q 4.2.1
Number of Collision Domains: 16 (solid line)
Number of Broadcast Domains: 5 (dashed line)
Explanation:
From Networking Basics CCNA1 Companion Guide, page 328
Highest
Layer at
Device
Which it
Operates
Repeater 1
Hub
1
Bridge
2
Switch
2
Router
3
Separates LAN into Multiple
Collision Domains on Each
Interface
No
No
Yes
Yes
Yes
Separates LAN into
Multiple Broadcast
Domains on Each
Interface
No
No
No
No
Yes
This means that each connection to a router is a separate broadcast domain
(there are five). There are no repeaters, hubs or bridges. Each connection from
a switch is a collision domain (there are 16).
Susan
Ferdon,
EDTECH
552
SP11
**Please post your circled pictures on the bulletin board with explanation. **
Q 4.2.2:
Number of Collision Domains: 7 (solid line)
Number of Broadcast Domains: 3 (dashed line)
Explanation:
See table, above, from Networking Basics CCNA1 Companion Guide, page 328
Each connection to a router creates a separate broadcast domain - there are
three. Routers also create collision domains – there are three. Bridges and
switches separate collision domains – there are two connections to the bridge
(one of which is the collision domain created by the router) and four connections
to the switch. Hubs do not separate collision domains. That means that the
connections to the hubs are within collision domains created by the routers.
Susan
Ferdon,
EDTECH
552
SP11
Module 5, Assignment 4-2
4.3 Building a Switch-based Network
Objective
 Create a simple network with four PCs using
a switch
 Configure workstation IP address information
 Test connectivity using the ping command
 Observe how switches learn MAC addresses
Step 3 Configure TCP/IP settings for the four PCs
Set the IP address information for each PC according to the information in the
table.
b. Note that the default gateway IP address is not required, since these computers
are directly connected. The default gateway is only required on local area
networks that are connected to a router.
a.
Computer
IP Address
Subnet mask
Default Gateway
Fred
192.168.1.1
255.255.255.0
Not Required
Barney
192.168.1.2
255.255.255.0
Not Required
Wilma
192.168.1.3
255.255.255.0
Not Required
Betty
192.168.1.4
255.255.255.0
Not Required
Step 8 Observe how a switch learn MAC addresses
Q 4.3.1: Please briefly describe data flows of the ping event and compare them with the
content on the textbook (p. 177-180).
Ping traveled from Barney to the switch. When the ping arrived, the switch learned
Barney’s MAC address. The switch did not have Fred in the MAC Table, so the switch
flooded the other ports (Betty, Wilma, Fred). Wilma and Betty were not the intended
recipient so they were marked “X” in packet tracer and the frame was discarded. Fred
was the correct recipient so a return ping went back to Barney, via the switch. With Fred
as the source, the switch was able to learn Fred’s MAC address. The return ping, from
Fred, arrived at device Barney successfully.
Compare this ping event to the content of the textbook (p. 177-180):
Susan
Ferdon,
EDTECH
552
SP11
 Both events began with an empty MAC Table.
 As mentioned on page 177, if a frame enters the switch and the source MAC
address is not in the MAC address table, the switch creates an entry. This is what
happened when Barney’s ping arrived at the switch – the switch added Barney to
the MAC Table.
 In the book, there is no address in the MAC Table, so the switch floods the ports.
The same happened in our example.
 In the example on page 178, the next MAC address is added after frame 2. The
same thing happens when Fred pings back – Fred’s MAC address is added to the
Table when it pinged back Barney.
 The book discussed Spanning Tree Protocol (STP). There is no evidence of STP
in the packet tracer simulation. All end-devices are operating as expected –
powered on and responding - and there are no loop-backs.
My screen capture video of this process may be viewed at:
http://www.youtube.com/watch?v=m92vQiUD2wM
Step 9 Please save your packet tracer file and submit it with this week’s lab
activities
Lab 4.4 Collision and Broadcast Domains
The purpose of this lab is to observe how several small domains reduce the negative
effects of a large collision domain.
Objective
 Use Packet Tracer to observe the function differences between switch and hub
Step1
 Download NA01-0815.pkt
(http://edtech2.boisestate.edu/hungj/edtech552/spring2011/lab/lab4/2011/NA01-0815.zip)
 Unzip and open it in the packet tracer.
Step 2 Switch to the simulation mode
Step 3 Enable switch MAC address table
Step 4 Enable PDU list window and ARP & ICMP events
Step 5 Send the following simple PDU events
 Ping Fred –> Wilma
 Ping Wilma -> Barney
 Ping Fred -> Barney
 Ping Wilma -> Barney
 Ping Betty -> Wilma
Susan
Ferdon,
EDTECH
552
SP11
Question 4.4.1: Briefly describe how the hub processes the frames.
The hub sends all received frames out every port, every time. For example, when Fred
pinged Wilma, the frame went into the hub and then back out all three ports – Fred,
Barney and the switch. Because the hub isn’t “smart” it sends frames places that it
doesn’t need to go – end-user devices then discard frames not meant for them.
Question 4.4.2: Briefly describe how the switch processes the frames.
If the MAC address is in the MAC Table, the switch will send the frame only to that
device. If the MAC address in not in the MAC Table, the switch will flood all ports except
the one the frame was received on. Devices that are not the destination for the frame will
discard the frame (“X” appears in packet tracer). The device that is the destination MAC
address will send back an acknowledgement and, since it is the source for this
transmission, the switch will learn that MAC address, adding it to the MAC Table for the
switch.
Question 4.4.3: What is the difference between Question 4.4.1 and Question 4.4.2 in
collision?
There are more collisions in the domain that includes a hub. Since every frame goes to
every device, there is more traffic on the hub and frames go everywhere – more chance
of collisions. Frames that go to the switch are forwarded only to the recipient, unless the
MAC address has not been encountered. This LAN has three collision domains: 1) Fred,
Barney, the hub, and the cable to Fa2/1, 2) Wilma and the cable to switch port Fa0/1,
and 3) Betty and the cable to switch port Fa1/1. Collision domains for the switch have
fewer end-user devices so fewer opportunities for collisions to occur. The collision
domain that includes the hub has more devices, more forwarding of frames, and more
potential collisions.
4.5 Network Security
Q 4.5.1: Please describe your strategies to prevent security threats below:
To help prevent security threats, I would put precautions into place that would protect the
network from external attacks and, when possible, from internal attacks.
Part 1: LAN Design Considerations
In designing the LAN, segmenting the network would not only make it run more efficiently,
by reducing collisions/errors and maximizing bandwidth, but will also allow sensitive data
to be well protected. With firewalls blocking access to sensitive data (i.e. financial data,
private company information) only those with permissions would have easy access to
that information via password protected VLANs. Setting up VLANS would allow
departments, and others with similar needs, to be grouped together and security settings
put into place to match group needs.
Susan
Ferdon,
EDTECH
552
SP11
Part 2: IPS
Installation of an Intrusion Protection System (IPS) will allow network traffic to be
analyzed and compared to known attack signatures and perceived threats will be
reported and acted upon. Should an attack occur, quick action will lessen the impact,
and having devices react immediately is more efficient than waiting for a network
engineer or administrator to take action.
Part 3: Anti-x software
Software is available that guards against specific attacks. Anti-virus software will guard
against malware, worms, and other types of attacks on hardware, software, and
processing ability. Routine system scans and scanning of devices (external drives,
cameras, etc.) that are attached are good safeguards. Making sure that all anti-x
software is up-to-date means that the most current threats can be guarded against. PopUp blockers are another good tool for avoiding dangerous situations.
 Scanner – Use firewalls. Look for TCP control flags that are set in abnormal
ways – that can signal an attack in progress.
 Spyware – Anti-virus software, install updates and patches, read EULA – End
User License Agreements. Most people just click to close those annoying
windows, but by clicking, you may be agreeing to having spyware installed on
your computer. Products like AdAware will scan and remove spyware from your
computer.
 Worm – Anti-virus software, scan attachments/downloads.
 Keystroke logger – There are software programs (Spycop and SnoopFree
Software) designed to detect keystroke loggers. There are also hardware
keystroke loggers and software can’t detect those. Users should make sure they
lock computers when they are away and should not surf the Internet using a
computer that has administrative rights as there is too much potential for lost info.
It is also recommended that you avoid using public hotspots.
 Phishing – Educating users is the best defense against phishing. Network users
should be aware that they should never give out sensitive information (passwords,
personally identifiable info like SS#), and should be wary of any requests they get
for personal information. Anti-spyware typically includes anti-phishing.
 Malware – As above, including block pop-ups. Automatic software updates will
reduce the risk of malware. Use strong passwords and be cautious of free offers,
unexpected windows, or warnings. Be especially cautious of e-mail attachments
or clicking links in e-mails or IM posts.
Part 4: Internal Threats
Dangers to the network can enter through laptop computers, USB drives and other
devices that operate both inside and outside the network. Setting up connections so that
all devices must undergo a complete scan before connecting to the network is one way
to ensure that malicious content doesn’t make it onto the network. Setting up the
intranet so that only anti-virus protected computers may connect will improve security.
The most difficult type of threat to guard against is one that is willingly perpetrated by an
Susan
Ferdon,
EDTECH
552
SP11
employee. With permissions, employees can gain access to sensitive information and
take it or damage it as they bypass security measures that are in place.