CCNA Interview Questions and Answers -12


1. Explain TCP Three Way Handshake process?

For Reliable connection the Transmitting device first establishes a connection-oriented (reliable) session with its peer system, which is called three way handshake. Data is then transferred. When the Data transfer is finished, connection is terminated and virtual circuit is teared down.

1.In the First Part of Three way Handshake, Source sends a TCP SYN Segment with the initial sequence number X indicating the desire to open the connection.

2.In Second Part, When Destination receives TCP SYN, It acknowledges this with Ack (X+1) as well as its own SYN Y (It informs Source what sequence number it will start its data with and will use in further messages). This response is called SYN/ACK.

3.In Third Part, Source Sends an ACK (ACK = Y+1) Segment to the destination indicating that the connection is set up. Data transfer can then begin. During this 3 way Handshake, Devices are negotiating parameters like Window Size etc.

2. What does Window Size indicate?

It is 16-bit Window field which indicates the number of bytes a sender will send before receiving an acknowledgment from the receiver.

3. What is the purpose of RST bit?

When the connection Is not allowed by destination connection is reset.

4. What are TCP Flags?

TCP Flags are used to influence the Flow of Data across a TCP Connection.

1.PUSH (PSH) – It Pushes the Buffered data to the receivers application. If data is to be send on immediate Basis we will push it.

2.Reset (RST) – It Resets the connection.

3.Finish (FIN) – It finishes the session. It means No More Data from the Sender.

4.Urgent (URG) – It is use to set the priority to tell the receiver that this data is important for you.

5.Acknowledgement (ACK) – All packets after SYN packet sent by Client should have this Flag Set. ACK=10 means Host has received 0 through 9 and is expecting Byte 10 Next.

6.Synchronize (SYN) – It Initiates a Connection. It Synchronizes the sequence number.

5. What is the difference between PUSH and URG flag?

The PSH flag in the TCP header informs the receiving host that the data should be pushed up to the receiving application immediately. The URG flag is used to inform a receiving station that certain data within a segment is urgent and should be prioritized.

6. What is the importance of Sequence Number and Acknowledgement Number?

Sequence Number is a 32-bit field which indicates the amount of data that is sent during a TCP session. By Sequence Number sender can be assured that the receiver received the data because the receiver uses this sequence number as the acknowledgment number in the next segment it sends to acknowledge the received data. When the TCP session starts, the initial sequence number can be any number in the range 0–4,294,967,295. Acknowledgment number is used to acknowledge the received data and is equal to the received sequence number plus 1.

7. Which is the importance of identification field in the IP packet?

This is used to identify each fragmented packet so that destination device can rearrange the whole communication in order.

8. Which device can reassemble the packet?

This is done only by the ultimate destination of the IP message.

9. What is IP datagram?

IP datagram can be used to describe a portion of IP data. Each IP datagram has set of fields arranged in order. IP datagram has following fields Version, Header length, Type of service, Total length, checksum, flag, protocol, Time to live, Identification, Source IP Address and Destination Ip Address, Padding, Options and Payload.

10. What is MTU (Maximum Transmission Unit)?

The maximum transmission unit (MTU) of an interface tells Cisco IOS the largest IP packet that can be forwarded out on that interface.

11. What is Fragmentation?

Fragmentation is a process of breaking the IP packets into smaller pieces (fragments).
Fragmentation is required when the datagram is larger than the MTU. Each fragment than becomes a datagram in itself and transmitted independently from source. These datagrams are reassembled by the destination.

12. How the packet is reassembled?

1.When a host receives an IP fragment, it stores this fragment in a reassembly buffer based on its fragment offset field.
2.Once all the fragments of the original IP datagram are received, the datagram is processed.
3.On receiving the first fragment, a reassembly timer is started.
4.If this reassembly timer expires before all the fragments are received than datagram is discarded.

13.What is the importance of DF, MF flag?

Don’t fragment bit

If DF bit is set, fragmentation is not allowed.

when a router needs to forward a packet larger than the outgoing interface’s MTU, the router either fragments the packet or discards it. If the IP header’s Do Not Fragment (DF) bit is set, means fragmentation is not allowed and the router discards the packet. If the DF bit is not set, means
Fragmentation is allowed and the router can perform Layer 3 fragmentation on the packet.

More fragments bit

If MF Bit is set to 1 means more fragments are coming. If it is set to 0 means This is the Last Fragment.

All fragments that belong to an IP datagram will have more fragments bit set except for the final fragment. The final fragment does not have the more fragment bit set indicating that this is the last fragment. This is how the End hosts comes to know that it has collected all the fragments of the IP datagram.

14. What is the purpose of fragment offset?

It is used to define the Size of each Fragmented Packet.

15. What is the importance of TTL value?

It defines how long a packet can travel in the network. It is the number of hops that the IP datagram will go through before being discarded. At every hop TTL value is decremented by 1. When this field becomes zero, the data gram is discarded. This behavior helps prevent routing loops. The typical value for a TTL field is 32 or 64.

16. What does the protocol field determines in the IP packet?

The Protocol field is an 8-bit field that identifies the next level protocol. It Indicates to which upperlayer protocol this datagram should be delivered.
Example – TCP, UDP.

17. What is the Internet Control Message Protocol?

ICMP is basically a management protocol and messaging service provider for IP. It can provide Hosts with information about network problems.

18. ICMP works at which layer?

It works at Network Layer.

19. Which two fields in the ICMP header is used to identify the intent of ICMP message?

Type and Code.

20. What are various ICMP messages?

1. Destination Unreachable.
2.Buffer Full.
3.Hops/Time Exceeded.

21. How Traceroute works?

1. Firstly, Traceroute creates a UDP packet from the source to destination with a TTL value of 1.

2. Packet reaches the first router where the router decrements the value of TTL by 1, making packet’s TTL value 0 because of which the packet gets dropped.

3. As the packet gets dropped, it sends an ICMP message [Hop/Time exceeded] back to the source.

4. This is how Traceroute comes to know the first router’s address and the time taken for the round-trip.

5. It sends two more packets in the same way to get average round-trip time. First round-trip takes longer than the other two due to the delay in ARP finding the physical address, the address stays in the ARP cache during the second and the third time and hence the process speeds up.

6. These steps Takes place again and again until the destination has been reached. The only change that happens is that the TTL is incremented by 1 when the UDP packet is to be sent to next router/host.

7. Once the destination is reached, Time exceeded ICMP message is NOT sent back this time because the destination has already been reached.

8. But, the UDP packet used by Traceroute specifies the destination port number that is not usually used for UDP. So, when the destination verifies the headers of the UDP packet, the packet gets dropped because of improper port being used and an ICMP message [Destination Unreachable] is sent back to the source.

9. When Traceroute encounters this message, it understands that the destination is reached. Also, The destination is reached 3 times to get the average round-trip time.

22. Why there are three columns in traceroute results?

Three probes (change with -q flag) are sent at each ttl setting and a line ***is printed showing the ttl, address of the gateway and round trip time of each probe( so three * ).

23. Which ICMP message confirms the traceroute is completed?

Destination Unreachable Message

24. What is ARP?

Address Resolution Protocol (ARP) is a network protocol, which is used to map a network layer protocol address (IP Address) to a data link layer hardware address (MAC Address). ARP basically resolves IP address to the corresponding MAC address.

25. ARP works at which layer and Why?

ARP works at data link layer (Layer 2). ARP is implemented by the network protocol driver and its packets are encapsulated by Ethernet headers and transmitted.

26. Explain the use of ARP?

If a host in an Ethernet network wants to communicate with another host, it can communicate only if it knows the MAC address of other host. ARP is used to get the Mac address of a host from its IP address.

27. What is an ARP Table (cache)?

ARP maintains a table that contains the mappings between IP address and MAC address. This Table is called ARP Table.

28. What is the Source & Destination IP address in ARP Request and ARP Reply packet?

ARP Request
Source – Mac Address of Host which transmitted the ARP Request packet. (Senders MAC address)
Destination – FF:FF:FF:FF:FF:FF Broadcast

ARP Reply
Source – Mac address of Host replying for ARP Request.
Destination – Mac Address of Host which generated the ARP Request packet.

29. What is the Size of an ARP Request and ARP Reply packet?

The size of an ARP request or ARP reply packet is 28 bytes.

30. How can we differentiate between a ARP Request packet and a ARP Reply packet?

We can differentiate ARP request packet from an ARP reply packet using the ‘operation’ field in the ARP packet. For ARP Request it is 1 and for ARP Reply it is 2.