1).What is an IP Address?

An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g.,
computer, printer) participating in a computer network that uses the Internet Protocol for
communication.[1] An IP address serves two principal functions: host or network interface
identification and location addressing. Its role has been characterized as follows: "A name
indicates what we seek. An address indicates where it is. A route indicates how to get there."[2]

The designers of the Internet Protocol defined an IP address as a 32-bit number[1] and this
system, known as Internet Protocol Version 4 (IPv4), is still in use today. However, due to the
enormous growth of the Internet and the predicted depletion of available addresses, a new
addressing system (IPv6), using 128 bits for the address, was developed in 1995,[3] standardized
as RFC 2460 in 1998,[4] and is now being deployed world-wide.

IP addresses are binary numbers, but they are usually stored in text files and displayed in human-
readable notations, such as 172.16.254.1 (for IPv4), and 2001:db8:0:1234:0:567:8:1 (for IPv6).

The Internet Assigned Numbers Authority (IANA) manages the IP address space allocations
globally and delegates five regional Internet registries (RIRs) to allocate IP address blocks to
local Internet registries (Internet service providers) and other entities.

2).What is SubNet mask?

A subnet allows the flow of network traffic between hosts to be segregated based on a network
configuration. By organizing hosts into logical groups, subnetting can improve network security
and performance.

Subnet Mask

Perhaps the most recognizable aspect of subnetting is the subnet mask. Like IP addresses, a
subnet mask contains four bytes (32 bits) and is often written using the same "dotted-decimal"
notation. For example, a very common subnet mask in its binary representation
11111111 11111111 11111111 00000000
is typically shown in the equivalent, more readable form
255.255.255.0

Applying a Subnet Mask

A subnet mask neither works like an IP address, nor does it exist independently from them.
Instead, subnet masks accompany an IP address and the two values work together. Applying the
subnet mask to an IP address splits the address into two parts, an "extended network address" and
a host address.

For a subnet mask to be valid, its leftmost bits must be set to '1'. For example,

00000000 00000000 00000000 00000000

is an invalid subnet mask because the leftmost bit is set to '0'.

Conversely, the rightmost bits in a valid subnet mask must be set to '0', not '1'. Therefore,

11111111 11111111 11111111 11111111

is invalid.

All valid subnet masks contain two parts: the left side with all mask bits set to '1' (the extended
network portion) and the right side with all bits set to '0' (the host portion), such as the first
example above.

3).What is ARP?

ARP stands for "Address Resolution Protocol" and is a protocol that used to identify the
hardware address of a network host. This type of protocol is used for local area networking
(LAN) and for creating pathways for network traffic when the location for the next router must
be identified. The method of using Address Resolution Protocol is integrated with numerous
different kinds of networks including Internet, Ethernet, Wide Area Networks (WAN), IP
(Internet Protocol) and Local Area Networks (LAN).

How ARP Works

Address Resolution Protocol (ARP) operates at Layer 2 in the OSI model which is the protocol
that determines and defines the layers of a network. The OSI model is based on the seven layers
that make up a network configuration. The Address Resolution Protocol is responsible for
converting an IP (Internet Protocol) address of a computer that is connected to the network to a
parallel network address.

Address Resolution Protocols reside in the OSI model and are part of the device drivers in
network operating systems. ARP works through a network adapter that contains a physical
address in the hardware which is known as a MAC (Media Access Control). The address that is
in the hardware is a unique address and unlike no other so it can be identified for message
delivery. When data is transmitted over the network, the MAC address of the recipient is
identified to complete the delivery process.

This is known as an IP-to MAC address mapping. The mapping originated from the ARP cache
that is contained in every computer on the network. Over time the ARP cache grows to be quite
large and should be cleared to maintain proper function of the Windows operating system

ARP is the Address Resolution Protocol.

The ARP protocol maps addresses between the Data Link Layer and the Network Layer of the
OSI Model.

The Data Link layer of TCP/IP networks utilizes MAC addresses; the Network Layer of TCP/IP
networks utilizes IP addresses.
4). What is ARP Cache Poisoning?

ARP stands for Address Resolution Protocol.

Every computer in a LAN has 2 identifiers: IP and MAC address. IP is either entered by the user
or dynamically allocated by a server. But the MAC address is unique for any Ethernet card. For
example, if you have 2 ethernet cards, one for wired and the other for WiFi, you have 2 MAC
addresses on your machine. The MAC address is a hardware code for your ethernet card.

The communications between computers is done on the IP level. Means that if you want to send
a file to a computer, you need to know the other computer IP.

Now, ARP is the protocol that matches every IP with a certain MAC address in ARP table that is
saved on your switch in your LAN.

ARP cache poisoning is changing this ARP table on the switch.

For Normal case, when a machine tries to connect to another machine. The first machine goes to
the ARP table with the other machine IP, the ARP table provide the MAC address for the other
machine and the communication starts.

But if someone plays with the table, the first machine goes with the IP and the ARP table will
provide a faulty MAC address to a 3rd machine who wants to intrude through your
communication.

This Kind of attach is known as "Man in the Middle".

 5). What is the ANDing process?

 In order to determine whether a destination host is local or remote, a computer will
perform a simple mathematical computation referred to as an AND operation. While the
sending host does this operation internally, understanding what takes place is the key to
understanding how an IP-based system knows whether to send packets directly to a host
or to a router.

 6) What is a default gateway? What happens if I don't have one?

A gateway is a node (a router) on a TCP/IP Network that serves as an access point to another
network.
A default gateway is the node on the computer network that is chosen when the IP address does
not match any other routes in the routing table.

In homes, the gateway is usually the ISP-provided device that connects the user to the Internet,
 such as a DSL or cable modem.

In enterprises, however, the gateway is the node that routes the traffic from a workstation to
another network segment. The default gateway is commonly used to be the node connecting
the internal networks and the outside network (Internet). In such a situation, the gateway node
could act as a proxy server and a firewall. The gateway is also associated with both a router,
which uses headers and forwarding tables to determine where packets are sent, and a switch,
which provides the actual path for the packet in and out of the gateway.

 7) What is a subnet?
 A subnet specifies a range of IP addresses. The special attribute of a subnet is that all the
computers within the subnet (a "sub-network") can talk directly to each other, and don't
need a router to communicate.
 When it's time to send a packet, your computer delivers a packet a) directly to the
destination computer or b) sends it to the router for ultimate delivery.
 But how does your computer know whether the packet's destination is within its subnet?
The answer is that your computer uses the subnet mask to determine the members of the
subnet. If your computer's address and the destination computer's IP addresses are in the
same subnet address range, then they can send packets directly to each other. If they're
not in the same range, then they must send their data through a router for delivery.

8).What is APIPA?

A feature of Microsoft Windows, APIPA is a DHCP failover mechanism. With APIPA, DHCP
clients can obtain IP addresses when DHCP servers are nonfunctional. APIPA exists in all
popular versions of Windows except Windows NT.

When a DHCP server fails, APIPA allocates addresses in the private range 169.254.0.1 to
169.254.255.254. Clients verify their address is unique on the LAN using ARP. When the DHCP
server is again able to service requests, clients update their addresses automatically.

In APIPA, all devices use the default network mask 255.255.0.0 and all reside on the same
subnet.

APIPA is enabled on all DHCP clients in Windows unless the computer's Registry is modified to
disable it. APIPA can be enabled on individual network adapters.

Also Known As: Automatic Private IP Addressing; AutoNet

Examples:
Because APIPA uses IP addresses in the private Class B space, APIPA is a feature
generally only useful on home or other small intranet LANs.

9).What is an RFC? Name a few if possible (not necessarily the numbers, just the ideas behind
them?
A Request For Comments (RFC) document defines a protocol or policy used on the Internet. An
RFC can be submitted by anyone. Eventually, if it gains enough interest, it may evolve into an
Internet Standard Each RFC is designated by an RFC number. Once published, an RFC never
changes. Modifications to an original RFC are assigned a neW rfc.