1.

What is MTU?

2.

How does TCP handshake work?

3.

How does SSL handshake work?

4.

What are the different phases in VPN establishment?

5.

How does DH (deffie helman) work?

6.

What is TCP window sizing?

7.

What is the difference between passive FTP and active FTP?

8.

What is the difference between socket and session?

9.

How does network management station work?

The Answers:
1. How does TCP handshake work? Transmission Control Protocol/Internet Protocol. There are 3 steps.
1. Local device sends sequence number and maximum segment size.
2. Destination device responds by sending its sequence number and maximum segment size back to local device.
3. Local device acknowledges receipt of the sequence number and segment size information.
2. How does SSL handshake work? Secure Sockets Layer. There are 4 steps.
1. Browser checks the certificate to make sure that the site you are connecting to is the real site and not someone
intercepting.
2. Determine encryption types that the browser and web site server can both use to understand each other.
3. Browser and Server send each other unique codes to use when scrambling (or encrypting) the information that will
be sent.
4. The browser and Server start talking using the encryption, the web browser shows the encrypting icon, and web
pages are processed secured.
3. What is the difference between passive FTP and active FTP?
FTP is an unusual protocol in that it uses two ports, one for commands and the other for data. (This is one of the
reasons it is superior to HTTP for transferring large files.) Active FTP was invented first. The client initiates a
connection on the servers command port. The server then initiates a connection with the client from its data port. In
Passive FTP, the client initiates both connections with the server, which remains passive.
Active FTP may cause problems if your client is behind a firewall. From the firewalls point of view, the FTP server that
is trying to initiate a connection with your client looks like an intruder and is usually blocked. This is why many users
have difficulty using FTP to download files from behind a firewall.
Passive FTP solves this problem, but creates other problems, notably where FTP server security is concerned. The
server must listen on a large number of ports. This requires the firewall to let a lot of unqualified traffic through. Most
firewall administrators do not like this.
As a rule, you do not need to be concerned about passive and active FTP unless you administer an FTP server or a
firewall. If you experience difficulty using your FTP client from behind a firewall, this is likely the reason. Perhaps you
should discuss the matter with your firewall administrator.
4. What is the difference between socket and session?
1. An SSL session is a mechanism through which connections can be established by re-using previously negotiated
handshakes.

2. A socket is one endpoint of a two-way communication link between two programs running on the network. A socket
is bound to a port number so that the TCP layer can identify the application that data is destined to be sent.
5. How does network management station work? Network management stations execute management applications
which monitor and control network elements. Network elements are devices such as hosts, gateways, terminal
servers, and the like, which have management agents responsible for performing the network management functions
requested by the network management stations. The Simple Network Management Protocol (SNMP is used to
communicate management information between the network management stations and the agents in the network
elements. There are a few network management features that may be used to provide network monitoring for this
advisory.
1. Device Availability Monitoring
2. SNMP MIB object monitoring
3. Cisco Service Assurance Agent (Cisco SAA)
4. RMON Alarm and Events
5. Event-MIB
6. CiscoWorks RME Network Show Commands and CLI scripting
6. What are the different phases in VPN establishment? Successful VPN establishment consists of two levels of SAs
known as phases. Phase 1 authentication establishes session keys. Using the Xauth feature, the client waits for a
username/password challenge after the IKE Phase 1 SA has been established. When the end user responds to the
challenge, the response is forwarded to the IPsec peers for an additional level of authentication completing Phase 2.
1. Phase 1 of a 2 phase VPN tunnel establishment process. Phase 1 negotiates the security parameter agreement.
2. Phase 2 of 2 phase VPN tunnel establishment process. Phase 2 uses the agreed parameters from Phase 1 to
bring the tunnel up.
7. How does DH (deffie helman) work? Diffie-Hellman key agreement was invented in 1976 during a collaboration
between Whitfield Diffie and Martin Hellman and was the first practical method for establishing a shared secret over
an unprotected communications channel. Based on Ralph Merkles public key cryptosystem. Public key cryptography
is a form of cryptography which generally allows users to communicate securely without having prior access to a
shared secret key, by using a pair of cryptographic keys, designated as public key and private key, which are related
mathematically.
8. What is TCP window sizing? The window size is the maximum number of bytes of data that can be transmitted in
one segment. Increasing the window size for a TCP-based file transfer would increase throughput until the slowest
link in the path saturates. It would be preferable to have a window size appropriate to the size of the link. There would
be less buffering, the ACKs would return more quickly and more of the bandwidth would be used. Ideally you are
looking for a Window Size >= Bandwidth * RTT.
9. What is MTU? Maximum Transmission Unit. The greatest amount of data or packet size that can be transferred in
one physical frame on a network. This packet also contains the header and trailer information, which are like
addresses for each packet that are required by the routers on the network.