You are on page 1of 33

MCSE Interview Questions Answers

powered by

• What is an IP address?

An IP address (or Internet Protocol address) is a unique address that certain electronic devices
use in order to identify and communicate with each other on a computer network using Internet
protocol. It is a logical address assigned to a device in the network. Current version of IP address
is Ipversion6. it is a 128 bit address. But it is not largely implemented. Current popular version in
Ipv4. it is a 32 bit address. For example 61.11.124.160. IP addresses are managed and created by
the Internet Assigned Numbers Authority (IANA). The IANA generally allocates super-blocks to
Regional Internet Registries, who in turn allocate smaller blocks to Internet Service Providers
(ISP) and enterprises.

• What is a subnet mask?

A mask used to determine what subnet an IP address belongs to. An IP address has two
components, the network address and the host address. For example, consider the IP address
150.215.017.009. Assuming this is part of a Class B network, the first two numbers (150.215)
represent the Class B network address, and the second two numbers (017.009) identify a
particular host on this network.

What is ARP?
Address Resolution Protocol (ARP) is a network protocol, which maps a network layer protocol
address to a data link layer hardware address. For example, ARP is used to resolve IP address to
the corresponding Ethernet address.

To which OSI layer does ARP belong?


ARP belongs to the OSI data link layer (Layer 2). ARP protocol is implemented by the network
protocol driver. ARP packets are encapsulated by Ethernet headers and transmitted.

Which RFC specify the requirements for ARP?


RFC 826 specifies the ARP packet format and other details.

What is the use of ARP?


A host in an Ethernet network can communicate with another host, only if it knows the Ethernet
address (MAC address) of that host. The higher level protocols like IP use a different kind of
addressing scheme (like IP address) from the lower level hardware addressing scheme like MAC
address. ARP is used to get the Ethernet address of a host from its IP address. ARP is extensively
used by all the hosts in an Ethernet network.
Why a IP address needs to be mapped to a MAC address, why can't the MAC address itself
is represented using the IP address?
The length of a MAC address is 6 bytes and the length of an IP address is 4 bytes. Obviously, the
MAC address cannot be represented using the IP address. So an IP address must be mapped to
the corresponding MAC address.

Can ARP be used in a network other than Ethernet?


ARP is a general protocol, which can be used in any type of broadcast network. The fields in the
ARP packet specifies the type of the MAC address and the type of the protocol address. ARP is
used with most IEEE 802.x LAN media. In particular, it is also used with FDDI, Token Ring,
and Fast Ethernet, in precisely the same way as it is with Ethernet.

How does ARP resolve an IP address to an Ethernet MAC address?


When ARP needs to resolve a given IP address to Ethernet address, it broadcasts an ARP request
packet. The ARP request packet contains the source MAC address and the source IP address and
the destination IP address. Each host in the local network receives this packet. The host with the
specified destination IP address, sends an ARP reply packet to the originating host with its IP
address.

What is an ARP cache?


ARP maintains the mapping between IP address and MAC address in a table in memory called
ARP cache. The entries in this table are dynamically added and removed.

When is an ARP request packet generated?


The following steps results in the generation of an ARP request packet:

The IP module sends a packet, destined for another host in the network, to the ARP module.

The ARP module looks up the ARP table (cache) to resolve the IP address.

If the supplied IP address is present in the ARP cache, it is resolved into its Ethernet address.

If the ARP module is not able to find an entry for this IP address in the ARP cache, then it sends
an ARP request packet to the Ethernet driver, to resolve the IP address to the Ethernet address.

After the IP address is resolved by the ARP module, the packet is sent to the Ethernet driver for
transmission.

What happens when a host receives an ARP request packet?


The ARP request is received and processed by all the hosts in the network, since it is a broadcast
packet. The following steps are carried out when a ARP request packet is received by a host:

If the IP address to be resolved is for this host, then the ARP module sends an ARP reply packet
with its Ethernet MAC address.
If the IP address to be resolved is for this host, then the ARP module updates its ARP cache with
the source Ethernet MAC address to source IP address mapping present in the ARP request
packet. If the entry is already present in the cache, it is overwritten. If it is not present, it is
added.

If the IP address to be resolved is not for this host, then the ARP module discards the ARP
request packet.

Will a host update its ARP cache upon receiving any ARP request?
A host will update its ARP cache, only if the ARP request is for its IP address. Otherwise, it will
discard the ARP request.

What is the disadvantage if a host updates its ARP cache upon receiving any ARP request?
The host will exhaust the ARP cache with a lot of unused ARP entries, if it updates the ARP
cache for any ARP request.

What happens when a host receives an ARP reply packet?


The ARP reply packet is received only by the host, which transmitted the ARP request packet.
The ARP module adds the Ethernet hardware address to IP address mapping present in the ARP
reply packet to the ARP cache.

Is there a separate packet format for ARP request and ARP reply?
No. Both the ARP request and ARP reply packets use the same format.

Which MAC address is an ARP request directed to?


All ARP request packets are transmitted with the Ethernet broadcast address, so that all hosts in
the network will receive the request.

To which MAC address is an ARP reply packet directed to?


ARP reply packet is directed to the host, which transmitted the ARP request packet.

If a host is not able to get the MAC address of a host, how it knows about its IP address?
A host will either use a static file like /etc/hosts or DNS protocol to get the IP address of another
host.

What will happen if an ARP reply is not received for an ARP request?
If an ARP reply is not received, then that IP address cannot be resolved to an Ethernet address.
Without a Ethernet address, the packets cannot be transmitted.

When is an entry added to the ARP cache?


A new entry is added to the ARP cache when an IP address is successfully mapped to a MAC
address. Usually, entries are added dynamically to the ARP cache. Static entries can also be
added.

What will happen if a new ARP request packet is received, but the MAC address to IP
address is already present in the ARP cache?
If a ARP request packet is received and the mapping already exists in the ARP cache, it will be
overwritten with the values present in the request.

When is an entry removed from an ARP cache?


An entry in an ARP cache is removed after a pre-determined timeout period (e.g. 20 minutes).

What is the format of an ARP packet?


The various fields of a ARP request/reply packet and their length are shown below:

+--------+
|Hardware| 2 bytes
|MAC |
|Address |
|Type |
+--------+
|Protocol| 2 bytes
|Address |
|Type |
+--------+
|Hardware| 1 byte
|MAC |
|Address |
|Size |
+--------+
|Protocol| 1 byte
|Address |
|Size |
+--------+
|Op | 2 bytes
+--------+
|Sender | 6 bytes (depends on the above size field)
|MAC |
|Address |
+--------+
|Sender | 4 bytes (depends on the above size field)
|IP |
|Address |
+--------+
|Target | 6 bytes (depends on the above size field)
|MAC |
|Address |
+--------+
|Target | 4 bytes (depends on the above size field)
|IP |
|Address |
+--------+

The fields are further explained below:

+---------+-------------------------------------------------------+
|Ethernet |For a ARP request, source MAC address is the MAC |
|Header |address of the host sending the ARP request, |
| |destination MAC address is the Ethernet broadcast |
| |address (FF:FF:FF:FF:FF:FF), frame type field is 0x806.|
| |For ARP reply, source MAC address is the MAC address of|
| |the host replying to the ARP request, destination MAC |
| |address is the MAC address of the host that sent the |
| |ARP request, and the frame type field is 0x806. |
+---------+-------------------------------------------------------+
|Hardware |Type of the hardware MAC address which is being mapped.|
|Address |For Ethernet the value of this field is 1. |
|Type | |
+---------+-------------------------------------------------------+
|Protocol |Type of the protocol address to which the MAC address |
|Address |is mapped. For IP address the value of this field is |
|Type |0x800. |
+---------+-------------------------------------------------------+
|Hardware |Size of the hardware MAC address. For Ethernet, the |
|Address |value of this field is 6. |
|Size | |
+---------+-------------------------------------------------------+
|Protocol |Size of the protocol address. For IP, the value of |
|Address |this field is 4. |
|Size | |
+---------+-------------------------------------------------------+
|Operation|Type of operation being performed. The value of this |
| |field can be 1 (ARP request), 2 (ARP reply) |
+---------+-------------------------------------------------------+
|Source |The hardware MAC address of the host sending the ARP |
|MAC |request or reply. This is same as the source MAC |
|address |address present in the Ethernet header. |
+---------+-------------------------------------------------------+
|Source |The IP address of the host sending the ARP request or |
|IP |reply. |
|address | |
+---------+-------------------------------------------------------+
|Target |The hardware MAC address of the host receiving the ARP |
|MAC |request or reply. This is same as the destination MAC |
|address |address present in the Ethernet header. |
+---------+-------------------------------------------------------+
|Target |The IP address of the host receiving the ARP request |
|IP |or reply. |
|address | |
+---------+-------------------------------------------------------+

What is the size of an ARP request and reply packet?


The size of an ARP request or reply packet is 28 bytes.

How to differentiate between a ARP request packet and a ARP reply packet, as the
Ethernet type field is same on both the packets?
An ARP request packet can be differentiated from an ARP reply packet using the 'operation' field
in the ARP packet. For a ARP request it is 1 and for an ARP reply it is 2.

Why is the hardware MAC address present in both the Ethernet header and the ARP
packet (request and reply)?
The Ethernet header is processed by the data link driver and removed from the packet. When the
ARP layer gets the packet, it needs to know the hardware and protocol addresses in order to
update the table. That is why the hardware MAC address is present in both the Ethernet header
and the ARP packet.

What is proxy ARP?


Proxy ARP is the process in which one system responds to the ARP request for another system.
For example, host A sends an ARP request to resolve the IP address of host B. Instead of Host B,
Host C responds to this ARP request.

What is the use of proxy ARP?


When routers receive ARP requests from one network for hosts on the network, they will
respond with a ARP reply packet with their MAC address. For example, let us say host A is in
one network, host B is in another network and router C connects these two networks. When host
A sends an ARP request to resolve the IP address of host B, the router C receives this packet.
The router C sends an ARP reply with its MAC address. So host A will send all the packets
destined for host B to the router C. Router C will then forward those packets to host B. Proxy
ARP is also used if a host in a network is not able to understand subnet addressing. For example,
if host A and host B are actually in two different subnets, but host A cannot understand subnet
addressing. So host A assumes that host B is present in the same network. In this case a router,
host C, can use proxy ARP to route packets between host A and host B.

What is gratuitous ARP?


When a host sends an ARP request to resolve its own IP address, it is called gratuitous ARP. In
the ARP request packet, the source IP address and destination IP address are filled with the same
source IP address itself. The destination MAC address is the Ethernet broadcast address
(FF:FF:FF:FF:FF:FF).

What is the use of gratuitous ARP?


Gratuitous ARP is used for the following:

In a properly configured network, there will not be an ARP reply for a gratuitous ARP request.
But if another host in the network is also configured with the same IP address as the source host,
then the source host will get an ARP reply. In this way, a host can determine whether another
host is also configured with its IP address.

When the network interface card in a system is changed, the MAC address to its IP address
mapping is changed. In this case, when the host is rebooted, it will send an ARP request packet
for its own IP address. As this is a broadcast packet, all the hosts in the network will receive and
process this packet. They will update their old mapping in the ARP cache with this new
mapping.

• What is the ANDing process?

When a source host attempts to communicate with a destination host, the source host uses its
subnet mask to determine whether the destination host is on the local network or a remote
network. This is known as the ANDing process.
The AND function has the following properties:
• Ifthe two compared values are both 1, the result is 1.
• Ifone of the values is 0 and the other is 1, the result is 0.
• Ifboth of the compared values are 0, the result is 0.
The source and destination IP addresses are compared to the source's subnet mask using the
ANDing process. An AND result is created for each of the addresses. If the result is the same,
the hosts are on the same network. If the result is different, the destination host is on a remote
network. All traffic destined for that remote host should be directed to the router indicated in the
source host's routing table. If no explicit route is defined in the routing table, the traffic is
directed to the source host's default gateway.
For example two hosts that want to communicate. Host A (with IP address 172.16.2.4) wants to
communicate with Host B (with IP address 172.16.3.5). If the subnet mask for Host A is
255.255.0.0, will the hosts communicate using local transmissions or will they send information
to the default gateway?
Using the ANDing process.
When converted to binary, the address 172.16.2.4 is as follows:
10101100 00010000 00000010 00000100
When converted to binary, the address 172.16.3.5 is as follows:
10101100 00010000 00000011 00000101
If the ANDing process is performed, the result for Host A using its subnet mask of 255.255.0.0 is
HOST A's IP Address 10101100 00010000 00000010 00000100
Host A's Subnet Mask 11111111 11111111 00000000 00000000
ANDING Result 10101100 00010000 00000000 00000000
The result for Host B is
HOST B's IP Address 10101100 00010000 00000011 00000101
Host A's Subnet Mask 11111111 11111111 00000000 00000000
ANDing Result 10101100 00010000 00000000 00000000
As you can see, the two results match. This indicates that, as far as Host A is concerned, the two
hosts are on the same physical network. Communication can occur directly between the two
hosts. In fact, the same holds true because host B would have the same subnet mask since the
hosts are on the same network.
Day 5, "The Art of Subnet Masking," further examines the art of subnet masking. It also
examines the use of nonstandard subnet masking to further segment a group of IP addresses into
smaller segments. This process, which ignores the default subnet masks used by address classes,
is commonly referred to as Classless Internet Domain Routing (CIDR).

• What is a default gateway? What happens if I don't have one?

n general, a gateway is a device on a network that acts as an entrance to another network. In


more technical terms, a gateway is a routing device that knows how to pass traffic between
different subnets and networks. A computer will know some routes (a route is the address of
each node a packet must go through on the Internet to reach a specific destination), but not the
routes to every address on the Internet. It won't even know all the routes on the nearest subnets.
A gateway will not have this information either, but will at least know the addresses of other
gateways it can hand the traffic off to. Your default gateway is on the same subnet as your
computer, and is the gateway your computer relies on when it doesn't know how to route traffic.

If you don’t have a gateway your network communication have no problem. But you cannot
communicate with other networks. That means your packet will not reach other networks.
• Can a workstation computer be configured to browse the Internet and yet NOT have a default gateway?

No. Never. A work station computer can brows the Internet only if it has a default gateway.

• What is a subnet?

A subnet is a portion of a network that is logically isolated from other parts of the network. Usually it’s divided by a
router.

• What is APIPA?

APIPA stands for Automatic Private IP Addressing. When you configure your computer to obtain IP Address
automatically and a DHCP server cannot be contacted, then the computer will automatically assign an IP address
from a specific range (169.254.0.1 to 169.254.255.254). Then this network will be isolated from all networks.
Because it has no a default gateway and any other configuration parameters.

• What is an RFC?

Short for Request for Comments, a series of notes about the Internet, started in 1969 (when the
Internet was the ARPANET). An Internet Document can be submitted to the IETF by anyone,
but the IETF decides if the document becomes an RFC. Eventually, if it gains enough interest, it
may evolve into an Internet standard.

Each RFC is designated by an RFC number. Once published, an RFC never changes.
Modifications to an original RFC are assigned a new RFC number.

• What is RFC 1918?

. Private networks are segments


RFC 1918, published in 1996, describe the reservation of Private IP address.
of IP address space reserved by IANA for use within an organization. These addresses can be
used by anyone without being officially assigned by a registry or an ISP. The three most popular
blocks among RFC1918 addresses are 192.168/16, 10/8 and 172.16/12. That is 10.0.0.0 –
10.255.25.255, 172.16.0.0 – 172.31.255.255 and 192.168.0.0. – 192.168.255.255 The addresses
in these blocks are called "private IP addresses" in the Internet vernacular.

• What are the limitations of IPv4 address classes?


The limitations of IPv4 address classes are:

1. A large number of IP addresses are wasted because of using IP address classes.

2. The routing tables will become large. A separate routing table entry is needed for each network
resulting in a large number of routing table entries.

• How a large number of IP addresses are wasted using IPv4 address classes?
If a network has slightly more number of hosts than a particular class, then it needs either two IP
addresses of that class or the next class of IP address. For example, let use say a network has 300
hosts, this network needs either a single class B IP address or two class C IP addresses. If class B
address is allocated to this network, as the number of hosts that can be defined in a class B
network is (2^16 - 2), a large number of host IP addresses are wasted. If two class C IP addresses
are allocated, as the number of networks that can be defined using a class C address is only
(2^21), the number of available class C networks will quickly exhaust. Because of the above two
reasons, a lot of IP addresses are wasted and also the available IP address space is rapidly
reduced.

• What are the possible solutions to the limitations of IP addressing?


The possible solutions to the limitation of IPv4 addressing are:

1. IP version 6 (IPv6) or IP next generation (IPng). This is the latest version of IP. This solves a
lot of problems in IPv4. This document doesn't discuss about IPv6.

2. Classless Inter Domain Routing (CIDR).

• What is CIDR?
Classless Inter Domain Routing (CIDR) is a method for assigning IP addresses without using the
standard IP address classes like Class A, Class B or Class C. In CIDR, depending on the number
of hosts present in a network, IP addresses are assigned.

• Which RFCs discuss about CIDR?


RFCs 1517, 1518, and 1519 discusses about CIDR.

• What is the difference between classful IP addressing and classless IP addressing?


The difference between classful IP addressing and classless IP addressing is in selecting the
number of bits used for the network ID portion of an IP address. In classful IP addressing, the
network ID portion can take only the predefined number of bits 8, 16, or 24. In classless
addressing, any number of bits can be assigned to the network ID.

• How is a network ID assigned in a CIDR IP address?


In CIDR IP addressing, the first 'n' bits of an IP address are assigned to identify the network and
the remaining bits are used to identify the host, where the value of 'n' may be between 1 to 31.
The value of 'n' depends on the number of hosts in the network.

• How is an IP address represented in CIDR notation?


In CIDR notation, an IP address is represented as A.B.C.D /n, where "/n" is called the IP prefix
or network prefix. The IP prefix identifies the number of significant bits used to identify a
network. For example, 192.9.205.22 /18 means, the first 18 bits are used to represent the network
and the remaining 14 bits are used to identify hosts.

• What are the advantages of CIDR?


The advantages of CIDR over the classful IP addressing are:

1. CIDR can be used to effectively manage the available IP address space.

2. CIDR can reduce the number of routing table entries.


• How CIDR can be used to effectively manage the IP address space?
Using CIDR IP addressing, any number of contiguous bits can be assigned to identify networks,
depending on the number of hosts it needs to support. This will greatly reduce the number of
wasted IP addresses. For example, let us say a network has 900 hosts. If classful IP addressing is
used, this network needs 4 class C IP addresses or one class B IP address. If a class B IP address
is used, as the maximum number of hosts in a class B network is 65534, a very large number
(65534 - 900) of host IP addresses will be wasted. As the number of class C IP networks is
limited (2097152), it is not preferable to assign 4 class C IP addresses to this network. On the
other hand, if CIDR is used, then this network can be assigned an IP address with a network
prefix of 22 (i.e. /22). This means, 10 bits are available for hosts, resulting in 1024 available host
IP addresses, satisfying the exact requirements of the network. So CIDR the IP address space can
be effectively used.

• How CIDR reduces the number of entries in a routing table?


Using classful IP addressing, a separate entry is needed in the routing table of a router for each
network. This results in a routing table with a large number of entries due to the existence of a
large number of networks. As each router has its own limitation, this large routing table will lead
to reduced performance and eventual breakdown of the router. If CIDR addressing is used, a
single entry can be used to represent a group of networks. This will reduce the number of entries
in the router. This is known as route aggregation. The routes for the individual networks will be
present in another router down the path. Each entry in the router will have a network prefix
associated with it. The network prefix is used to identify the correct network from the given IP
address.

• Will CIDR completely eliminate IP address crunch problem?


No. Even using CIDR, all the available IP addresses will get used at some point in time. The
final solution to this problem is to use the next version of IP (IPv6).

1. What is Ethernet?
Ethernet is a Local Area Network (LAN) cabling and signaling specification for baseband
networks. Ethernet uses a bus or star topology for connecting different nodes in a
network.
2. To which OSI layer does Ethernet belong?
Ethernet belongs to both the Physical Layer (Layer 1) and the Data Link layer (Layer 2)
in the OSI architecture.
3. What are the standard data rates for Ethernet?
The standard data rates for Ethernet are 10 Mbps, 100 Mbps, and 1 Gbps
4. What are the IEEE standards that cover Ethernet?
The following IEEE standards define Ethernet:

5. +--------+----------------------------------------------------+
6. |IEEE | Description |
7. |Standard| |
8. +--------+----------------------------------------------------+
9. |802.2 |Logical Link Control (LLC) Specification. Specifies|
10. | |the general interface between the network layer |
11. | |(IP, IPX, etc) and the data link layer (Ethernet, |
12. | |Token Ring, etc). |
13. +--------+----------------------------------------------------+
14. |802.3 |CSMA/CD Network (Ethernet) Specification. Specifies|
15. | |the frame format, cabling and signaling standards. |
16. +--------+----------------------------------------------------+

17. How two systems in an Ethernet network communicate?


In a Ethernet network, a system broadcasts the data using a Ethernet frame. The
destination system is specified in the Ethernet frame using its Ethernet address. All the
systems in the network listen for an Ethernet frame with their Ethernet address in it.
When a system receives an Ethernet frame with its address in it, it processes the frame
and sends it to the higher layers (like IP) for further processing.
18. What is a "collision"?
At any one instance, in an Ethernet network, only one device can transmit. If two devices
transmit at the same instance, then the signals from both devices will collide and a
"collision" will occur. When a "collision" occurs, the signals will get distorted and the
frame will be lost. Collisions are very common in a Ethernet network.
19. How is "collision" handled in Ethernet networks?
Ethernet uses the Carrier Sense Multiple Access with Collision Detection (CSMA/CD)
media access control mechanism to detect and recover from a collision.
20. What is CSMA/CD?
CSMA/CD is a media access control mechanism used in Ethernet to recover from frame
collision. The following steps are followed to recover from a collision.

Step 1: Before an Ethernet device sends a frame on the Ethernet cable, it listens to
find if another device is already transmitting a frame (Carrier Sense).
Step 2: Once the device finds that other devices are not transmitting any frame, it
starts transmitting the frame. If two devices detect that the Ethernet cable is free at
the same time, then both will start transmitting the frames (Multiple Access). This
will result in collision.
Step 3: The Ethernet devices while transmitting the frames, also listen for the
collision. (Collision Detect).
Step 4: If they detect a collision, both the devices stop sending the frame (back
off).
Step 5: They retry the transmission after a logarithmic time-out period. This
process is repeated till the frame is transmitted successfully, for a maximum of 16
times. The frame is discarded after the 16th retry.

21. What is "late collision"?


An Ethernet device will detect a collision, while it is transmitting, only if the collision
reaches it before it completes transmitting the entire frame. If the collision reaches the
transmitter, after it completed sending the entire frame, then the transmitter will not
detect the collision, it will assume the collision occurred because of some other frame.
This is called "late collision". Late collision will occur, if the length of the Ethernet
network segment is greater than the standard allowed length.
22. How "late collision" is avoided in Ethernet?
Late collision can be avoided, if the maximum length of the Ethernet network segment is
restricted, such that if a collision occurs, it will reach the transmitter before the
transmitter completed transmitting the entire frame. In a typical 10 Mbps network, the
minimum length of an Ethernet frame is 576 bits (72 bytes) and the maximum length of a
single Ethernet network segment is 2.5 kms.
23. What is an Ethernet address?
Each device in an Ethernet network is uniquely identified by a 48 bit (6 bytes) address
called Ethernet address. Ethernet address is also known as Media Access Control (MAC)
address. Ethernet addresses are represented as six pairs of hexadecimal digits separated
by a colon. Ethernet address are buried in the network adapter by the manufacturer. A
Ethernet address of a device cannot be changed. Example: 00:60:08:11:B1:AB,
00:00:c0:5e:83:0e
24. What is a broadcast address?
The Ethernet address in which all the bits are 1 is known as a broadcast address. It is
represented as FF:FF:FF:FF:FF:FF. A frame with this address is received and processed
by all the nodes in the network.
25. What are the different Ethernet frame formats?
The different Ethernet frame formats are listed below: Ethernet II and IEEE 802.3
26. Why there are different Ethernet frame formats?
Xerox developed the first version of Ethernet, Ethernet I. The second version of Ethernet,
Ethernet II, was developed by DEC, Intel and Xerox. After this the Ethernet was
standardized by IEEE and the new format is known as 802.3 format. To provide
backward compatibility with Ethernet II, 802.2 SNAP format was developed.
27. What is the format of an Ethernet II frame?

28. +-----------+----------+----------+-----------+----------+
29. |Destination|Source MAC|Frame type|Data | CRC |
30. |MAC Address|Address |(IP, ARP) |(46 to | Checksum |
31. |(6 bytes) |(6 bytes) |(2 bytes) |1500 bytes)| (4 bytes)|
32. +-----------+----------+----------+-----------+----------+

33. What is the format of an 802.3 frame?


The various components of an 802.3 frame are shown below:

34. +----------+---------+-----------+----------+
35. |802.3 MAC |802.2 LLC|Data | CRC |
36. |Header |Header |(43 to | Checksum |
37. |(14 bytes)|(3 bytes)|1497 bytes)| (4 bytes)|
38. +----------+---------+-----------+----------+

The first two components, MAC Header and LLC Header are further expanded below:
802.3 MAC Header:

+-----------+----------+---------+
|Destination|Source MAC|Length of|
|MAC Address|Address |the frame|
|(6 bytes) |(6 bytes) |(2 bytes)|
+-----------+----------+---------+

802.2 LLC Header:


+-----------+--------+--------+
|Destination|Source |Control |
|SAP |SAP |Byte |
|(1 byte) |(1 byte)|(1 byte)|
+-----------+--------+--------+

39. What is the format of an 802.2 SNAP frame?

40. +----------+---------+----------+-----------+----------+
41. |802.3 MAC |802.2 LLC|802.2 SNAP|Data | CRC |
42. |Header |Header |Header |(38 to | Checksum |
43. |(14 bytes)|(3 bytes)|(5 bytes) |1492 bytes)| (4 bytes)|
44. +----------+---------+----------+-----------+----------+

The 802.2 SNAP header is further expanded below. 802.2 SNAP Header:

+---------------------+---------+
|OUI (Organizationally|Type |
|Unique Id) |(2 bytes)|
|(3 bytes) | |
+---------------------+---------+

45. How is the length of an Ethernet II frame calculated?


The length of an Ethernet II frame is not present in the frame itself. It depends on the
Ethernet network interface used. When the interface sends a frame to the network device
driver, it supplies the length of the received frame.
46. What is the minimum and maximum size of an Ethernet frame?
The minimum size of an Ethernet frame is 64 bytes. The breakup of this size between the
fields is: Destination Address (6 bytes) + Source Address (6 bytes) + Frame Type (2
bytes) + Data (46 bytes) + CRC Checksum (4 bytes). The minimum number of bytes
passed as data in a frame must be 46 bytes. If the size of the data to be passed is less than
this, then padding bytes are added. The maximum size of an Ethernet frame is 1518
bytes. The breakup of this size between the fields is: Destination Address (6 bytes) +
Source Address (6 bytes) + Frame Type (2 bytes) + Data (1500 bytes) + CRC Checksum
(4 bytes). The maximum number of bytes of data that can be passed in a single frame is
1500 bytes.
47. What is a SAP?
SAP, Service Access Point, is the logical point at which services are provided by an OSI
layer. Typically, the protocols in the network layer (like IP) bind at specific SAP in the
Logical Link Control Layer( LLC) for accessing the services provided by it.
48. Why Sub Network Access Protocol (SNAP) header is required?
The 802.2 LLC header replaces the 'protocol type' of the Ethernet II format with two SAP
fields, Source SAP and Destination SAP. The value of the SAP field in the 802.2 header
is equivalent to the 'protocol type' field in the Ethernet II header. The value of the SAP
field will be between 1 and 255, since it is an 8 bit field. On the other hand, the 'protocol
type' value for the standard protocols like IP, ARP, etc is grater than 1500. Obviosuly,
these values cannot be represented in the SAP fields. So to provide compatibility with
Ethernet II, SNAP header was added to the 802.2 LLC header. In a SNAP frame, both the
SAP values will be 0xAA and the first 5 bytes of the data will give the protocol ID. Out
of the 5 bytes of data, the last 2 bytes are same as the protocol type field of the Ethernet II
frame. The first 3 bytes are called as 'Organizationally Unique Identifer' (OUI) and are
allocated as a vendor identifier. Typically, OUI will be zero.
49. What are the values for SSAP, DSAP, control and org fields in a 802.2 SNAP
frame?

50. +-------+-----+
51. |Field |Value|
52. +-------+-----+
53. |SSAP |0xAA |
54. |DSAP |0xAA |
55. |Control|3 |
56. |OUI |0 |
57. +-------+-----+

58. How to differentiate between an 802.3 frame and an Ethernet II frame?


The value of 'length' field in an 802.3 frame must be less than 1500 and in a Ethernet II
frame the value of 'type' field must be more than 1500. Since the 802.3 frame 'length'
field and the Ethernet II frame 'type' field are at the same offset from the header,
depending on the value present, the frame can be differentiated.
59. What is promiscuous mode?
Normally, a Ethernet network interface will pass a frame to the above network layers
only if it is addressed to that interface. If the network interface is put in the promiscuous
mode, the Ethernet network interface will send all the frames (frames addressed to any
host in the network), regardless of their destination address to the above network layers.
This mode is used by network analyzers to capture all the frames.
60. What is MTU?
Maximum Transmission Unit (MTU) is the maximum number of bytes that can be
transmitted in a single transmission unit. Every communication medium has a MTU. For
Ethernet, the MTU of a frame is 1500.

• What is IP?
Internet Protocol (IP) is an unreliable, best effort delivery, connection-less protocol used for
transmitting and receiving data between hosts in a TCP/IP network.

• To which OSI layer does IP belong?


IP belongs to the Network Layer (layer 3) in the OSI model.

• Which RFC discusses IP?


RFC 791 discusses about the IP protocol version 4.

• Which version of IP is discussed in this document?


IP version 4 (IPv4) is discussed in this document.

• What do you mean by IP is an unreliable protocol?


IP is a unreliable protocol because it does not guarantee the delivery of a datagram to its
destination. The reliability must be provided by the upper layer protocols like TCP. IP does not
support flow control, retransmission, acknowledgement and error recovery.

• What do you mean by IP is a best-effort protocol?


IP is a best-effort protocol, because it will make every effort to always transmit a datagram and
also datagrams will not be just discarded. However, the delivery of the datagram to the
destination is not guaranteed.

• What do you mean by IP is a connection-less protocol?


IP is a connection-less protocol because it does not maintain state information about the
connection to a destination host. Each datagram is handled independent of other datagrams and
also each datagram may reach the destination through different network routes.

• What is the role of IP in the TCP/IP protocol suite?


IP is used for

1. Transmitting data from higher-level protocols like TCP, UDP in IP datagrams, from one
host to another host in the network.
2. Identifying individual hosts in a network using an IP address.
3. Routing datagrams through gateways and
4. Fragmenting and reassembling datagrams based on the MTU of the underlying network.

• What is an IP Datagram?
An IP datagram is a basic unit of information used by the IP layer to exchange data between two
hosts. A IP datagram consists of an IP header and data.

• How higher-level data is carried by IP to a destination host?


The data from higher-level protocols like TCP, UDP is encapsulated in an IP datagram and
transmitted to the destination host. IP will not modify the higher-level data.

• What is the minimum and maximum size of an IP datagram?


The minimum size of an IP datagram is 576 bytes and the maximum size is 65535 bytes.

• What is the minimum and maximum size of an IP datagram header?


The minimum size of an IP datagram header is 20 bytes. The maximum IP datagram header size
is 60 bytes.

• Is there a limitation on the minimum size of a IP datagram a network can handle?


Yes. All IP networks must be able to handle datagrams of at least 576 bytes in length.

• What are the fields in an IP datagram header?


The various fields in an IP datagram header and their size in bits are shown below:

+-------------+
| Version | 4 bits
+-------------+
| IP Header | 4 bits
| Length |
+-------------+
| Type of | 8 bits
| Service |
+-------------+
| Size of the | 16 bits
| Datagram |
+-------------+
| Datagram ID | 16 bits
+-------------+
| Control | 3 bits
| Flags |
+-------------+
| Fragment | 13 bits
| Offset |
+-------------+
| Time to | 8 bits
| Live |
+-------------+
| Protocol | 8 bits
+-------------+
| Header | 16 bits
| Checksum |
+-------------+
| Source IP | 32 bits
| Address |
+-------------+
| Destination | 32 bits
| IP Address |
+-------------+
| Options | Variable Length
+-------------+

The various fields are explained below:

+-----------+-----------------------------------------------------+
| Version | IP protocol version. For IPv4, this value is 4. |
+-----------+-----------------------------------------------------+
| IP Header | Length of the IP header in multiples of |
| Length | 32-bit words. |
+-----------+-----------------------------------------------------+
| Type of | Quality of Service(QOS) requested for this datagram.|
| Service | |
| (TOS) | |
+-----------+-----------------------------------------------------+
| Datagram | Length of the entire datagram in bytes, including |
| Size | the header and the payload. |
+-----------+-----------------------------------------------------+
| Datagram | Current datagram identifier. |
| ID | |
+-----------+-----------------------------------------------------+
| Control | Bit 0: Reserved |
| Flags | Bit 1: 0 - Allow fragment, 1 - Don't fragment. |
| | Bit 2: 0 - Last fragment, 1 - More fragments. |
+-----------+-----------------------------------------------------+
| Fragment | Specifies the offset in the original IP datagram, |
| Offset | where this fragment begins. This is a multiple of |
| | 32 bit words. |
+-----------+-----------------------------------------------------+
| Time to | The time upto which this datagram can live in the |
| Live | network. |
| (TTL) | |
+-----------+-----------------------------------------------------+
| Protocol | Indicates to which upper-layer protocol layer this |
| | datagram should be delivered. e.g. TCP, UDP |
+-----------+-----------------------------------------------------+
| Header | IP header checksum. |
| Checksum | |
+-----------+-----------------------------------------------------+
| Source IP | IP address of the source host sending this IP |
| Address | datagram. |
+-----------+-----------------------------------------------------+
| Target IP | IP address of the destination host to which this |
| Address | IP datagram must be delivered. |
+-----------+-----------------------------------------------------+
| Options | Used for timestamps, security, source routing, etc. |
+-----------+-----------------------------------------------------+

• What is the byte order used for transmitting datagram headers in the TCP/IP protocol
suite?
All the datagram headers in the TCP/IP protocol suite are transmitted in the "big endian" byte
order. i.e. The most significant byte is transmitted first. This is also called as "network byte
order".

• Why there are two length fields (IP header length, IP datagram length) in the IP header?
The size of the IP header is not fixed. Depending on the IP options present, the size of the IP
header will vary. A separate field for the IP header length is added, so that the destination system
can separate the IP datagram header from the payload.

• How is the value for datagram identifier calculated?


The IP datagram identifier is just a sequence number assigned by the transmitting host. The
algorithm for assigning value to this field is not specified by the IP protocol.

• What is the use of datagram identifier field?


The IP datagram identifier field is used to uniquely identify and assemble the different fragments
of an IP datagram.

• Is the datagram identifier field unique for each IP datagram?


Yes. The IP datagram identifier field is different for each IP datagram transmitted. The fragments
of an IP datagram will have the same identifier value.

• What is the use of Type Of Service field in the IP header?


The Type Of Service (TOS) field is used TCP to describe the desired quality of service for an IP
datagram by upper layer protocols like TCP. This field can be used to specify the nature and
priority of a IP datagram (like Network Control, Immediate, Critical, etc) and the criteria for
selecting a path for forwarding a datagram by a gateway.

• What are the different types of criteria can be specified using the TOS field?
The different types of criteria that can be specified by the TOS field in an IP datagram are:

1. Minimize delay,
2. Maximize throughput
3. Maximize reliability
4. Minimize cost and
5. Normal service.

• Which RFC discusses the Type Of Service (TOS) field?


RFC 1349 discusses the Type Of Service (TOS) field.

• What is the use of the Time To Live (TTL) field in the IP header?
The TTL field is used to limit the lifetime of a IP datagram and to prevent indefinite looping of
IP datagrams.

• How is the TTL field used to prevent indefinite looping of IP datagrams?


The TTL field contains a counter value set by the source host. Each gateway that processes this
datagram, decreases the TTL value by one. When the TTL value reaches zero, the datagram is
discarded.

• What is the typical value for the TTL field?


The typical value for a TTL field is 32 or 64.

• When is a datagram considered undeliverable?


If a datagram cannot be delivered to the destination host due to some reason, it is considered an
undeliverable datagram.

• How a datagram becomes an undeliverable datagram?


A datagram may become undeliverable, if

1. The destination host is down.


2. The route for the destination host is not found.
3. A network in the route to the destination host is down.
4. The Time To Live (TTL) value of the datagram becomes zero.

• What happens to an undeliverable datagram?


An undeliverable datagram is discarded and an ICMP error message is sent to the source host.

• Is it possible for an IP datagram to be duplicated?


Yes. A host may receive the same copy of an IP datagram twice. It is upto the higher layer
protocols to discard the duplicate copy of the datagram.
• Which part of the IP datagram is used for calculating the checksum?
The checksum field in the IP header covers only the IP header. The payload data is not used for
calculating this checksum.

• What is an IP address?
IP address is an network layer protocol address for a host in a TCP/IP network.

• What is the use of an IP address?


IP address is used to uniquely identify each host in a network. IP address is needed in order to
communicate with other hosts in the network using the TCP/IP suite of protocols.

• Which version of IP is covered by this document?


This document covers IP version 4.

• Which RFC specifies the IP address standard?


RFC 1166 specifies the IP Version 4 address format.

• How a host determines its IP address?


A host determines its IP address during the boot-up process either from a configuration file
stored in the local hard disk of the system or using a network protocol like RARP, DHCP,
BOOTP from the servers in the network.

• Is there any relation between the MAC address and IP address of a host?
No. There is no relation between the MAC address and the IP address of a host.

• Can a single network interface have more than one IP address associated with it?
Yes. It is possible to associate more than one IP address to a single network interface. This is
discussed in detail in RFC 1122.

• What is the difference between a host name and an IP address?


A host name is used to identify a host by human beings and higher level user applications. But IP
protocol uses only IP addresses to identify a host in the network. A host-name is provided just as
a convenience for users of the network and higher level applications.

• How a host name is resolved to the corresponding IP address?


A host name is resolved to the corresponding IP address either from a configuration file stored in
the local machine or using a network protocol like DNS or WINS from a server in the network.

• What is the size of an IP address?


The size of an IP address is 32 bits (4 bytes).

• How an IP address is represented?


The following notation is used to represent an IP address. This notation is called the dotted
decimal format: M.N.O.P, where M, N, O and P represent the first, second, third and fourth bytes
of an IP address respectively. The size of each byte is 8 bits and the value of each byte can be
from 0 to 255. For example, 192.9.205.21 is an IP address.

• What are the components of an IP address?


A IP address consists of the following components: Network ID and Host ID. For example, in
the IP address 192.9.205.21, the network ID is 192.9.205 and the host ID is 21.

• What is a network ID?


A network ID uniquely identifies a network. All the hosts in a single network will have the same
network ID. For example, in the IP address 192.9.205.21, the network ID is 192.9.205. A router
analyses only the network ID portion of an IP address for datagram forwarding.

• What is a host ID?


A host ID uniquely identifies a host in a network. Two hosts in two different networks can have
the same host ID. For example, in the IP address 192.9.205.21, the host ID is 21.

• What is a unicast IP address?


A unicast IP address is an IP address uniquely identifying a host in a network. The datagram with
a unicast IP address is received and processed by only a single host. For example, the IP address
192.9.205.21 is a unicast IP address.

• What is a multicast IP address?


A multicast address is an IP address identifying a particular group of hosts in network. This
group of hosts is called a multicast group. For example, the IP address 225.2.100.1 is a multicast
IP address.

• What is a broadcast IP address?


The datagram with a broadcast IP address is received and processed by all the hosts in the local
network. For example, the IP addresses 255.255.255.255, 192.9.205.255, 180.10.255.255,
10.255.255.255 are broadcast IP addresses.

• How IP addresses are classified?


IP addresses are classified based on the number of bytes allocated to the Network ID and the
Host ID in an IP address.

• What is the use of classifying IP addresses?


IP addresses are classified so that networks and hosts can be easily managed.

• What are the different classes of IP addresses?


IP addresses are classified into the following classes:

1. Class A
2. Class B
3. Class C
4. Class D
5. Class E
• How to determine the class of an IP address?
The class of an IP address can be determined from the first four bits of the first byte of the IP
address.

• How many bytes does each Class of IP address use to represent network and host IDs?
The number of bytes used by each network Class to represent the network and host are shown
below:

+----------+----------------+----------------+
|IP Address| Bytes used for | Bytes used for |
|Class | Network ID | Host ID |
+----------+----------------+----------------+
| Class A | 1 | 3 |
| Class B | 2 | 2 |
| Class C | 3 | 1 |
| Class D | - | - |
| Class E | - | - |
+----------+----------------+----------------+

• What is the format of the various IP address classes?


The format of the different IP address classes is shown below:

+----------+-------------------------------------+
|IP Address| IP Address format |
|Class | |
+----------+-------------------------------------+
| Class A | 0NNNNNNN.HHHHHHHH.HHHHHHHH.HHHHHHHH |
| Class B | 10NNNNNN.NNNNNNNN.HHHHHHHH.HHHHHHHH |
| Class C | 110NNNNN.NNNNNNNN.NNNNNNNN.HHHHHHHH |
| Class D | 1110MMMM.MMMMMMMM.MMMMMMMM.MMMMMMMM |
| Class E | 1111RRRR.RRRRRRRR.RRRRRRRR.RRRRRRRR |
+----------+-------------------------------------+

In the above table,


N denotes the network ID bits,
H denotes the host ID bits,
M denotes the multicast address bits and
R denotes reserved bits.

• How many number of networks and hosts can be represented using the IP address
classes?
The maximum number of networks and hosts that can be represented using the various IP
address classes is shown below in the table:

+----------+----------------+---------------------+
|IP Address| Maximum number | Maximum number of |
|Class | of networks | hosts per network |
+----------+----------------+---------------------+
| Class A | 126 (2^7 - 2) | 16777214 (2^24 - 2) |
| Class B | 16384 (2^14) | 65534 (2^16 - 2) |
| Class C | 2097152 (2^21) | 254 (2^8 - 2) |
| Class D | - | - |
| Class E | - | - |
+----------+----------------+---------------------+

In the above table,

1. The numbers are calculated using the number of bits used to represent the network ID
and host ID.
2. The maximum number of networks for Class A IP address is reduced by 2 to account for
the reserved network IP address 0.xxx.xxx.xxx and 127.xxx.xxx.xxx
3. The maximum number of hosts for all the classes is reduced by 2 to account for the
reserved host IP address in which all the host ID address bits are either one or zero.

• What is the possible range of IP addresses for the different classes?

+----------+-----------------------------------+
|IP Address| Possible range of IP address |
|Class | |
+----------+-----------------------------------+
| Class A | 0.0.0.0 through 127.255.255.255 |
| Class B | 128.0.0.0 through 191.255.255.255 |
| Class C | 192.0.0.0 through 223.255.255.255 |
| Class D | 224.0.0.0 through 239.255.255.255 |
| Class E | 240.0.0.0 through 247.255.255.255 |
+----------+-----------------------------------+

• What kind of networks use a Class A or Class B or Class C IP address typically?


Class A IP address is used for a network with large number of hosts. Class C IP address is used
for a network with less number of hosts. Class B IP address is used for a network with medium
number of hosts.

• What is the use of Class D IP addresses?


The Class D IP addresses are used for multicasting.

• What is the use of Class E IP addresses?


The Class E IP addresses are reserved for experimental purpose.

• How to decide which class of IP address to use for a particular network?


The class of IP address to use for a particular network depends on the maximum number of hosts
in the network. For example, if the maximum number of hosts in a network will be less than 254
hosts, then a Class C IP address can be used for the network. If the maximum number of hosts in
a network will be greater than 254 hosts but less than 65534, then a Class B network can be used.

• Does the maximum number of hosts in a network, restrict the class of IP address that can
be used for the network?
No. Any possible class of IP address can be used to represent a network. For example, if a
network has 200 hosts, it can use either a class A or class B or class C IP address.
• What are the various special IP addresses?
The various special IP address are shown below in the table:

+----------------+-------------------------------------------------+
|IP Address | Description |
+----------------+-------------------------------------------------+
|0.0.0.0 | Local host. |
+----------------+-------------------------------------------------+
|127.xxx.xxx.xxx | Local loopback address. The value of the last |
| | 3 bytes are ignored. The datagram with this IP |
| | address is never transmitted over the network. |
+----------------+-------------------------------------------------+
|xxx.0.0.0 | Local host IP address. The x represents the |
|xxx.xxx.0.0 | network ID bits. |
|xxx.xxx.xxx.0 | |
+----------------+-------------------------------------------------+
|0.xxx.xxx.xxx | IP address of a host in the local network. The |
|0.0.xxx.xxx | x represents the host ID bits. |
|0.0.0.xxx | |
+----------------+-------------------------------------------------+
|255.255.255.255 | Limited Broadcast address. Datagram with this |
| | address will be received and processed by all |
| | the hosts in the local network. This datagram |
| | is not forwarded to other networks by routers. |
+----------------+-------------------------------------------------+
|xxx.255.255.255 | Directed broadcast address. The datagram with |
|xxx.xxx.255.255 | this IP address is received by all the hosts in |
|xxx.xxx.xxx.255 | the specified network. The x represents the |
| | network ID bits. |
+----------------+-------------------------------------------------+

• What is meant by IP fragmentation?


The breaking up of a single IP datagram into two or more IP datagrams of smaller size is called
IP fragmentation.

• Why is an IP datagram fragmented?


Every transmission medium has a limit on the maximum size of a frame (MTU) it can transmit.
As IP datagrams are encapsulated in frames, the size of IP datagram is also restricted. If the size
of An IP datagram is greater than this limit, then it must be fragmented.

• Which RFCs discuss IP fragmentation?


RFC 791 & RFC 815 discusses about IP datagrams, fragmentation and reassembly.

• Is it possible to select an IP datagram size to always avoid fragmentation?


It is not possible to select a particular IP datagram size to always avoid fragmentation, as the
MTU for different transmission It is possible, though, for a given path to choose a size that will
not lead to fragmentation. This is called Path MTU Discovery and is discussed in the RFC 1191.
The TCP transport protocol tries to avoid fragmentation using the Maximum Segment Size
(MSS) option.
• Where an IP datagram may get fragmented?
An IP datagram may get fragmented either at the sending host or at one of the intermediate
routers.

• Where are the IP datagram fragments reassembled?


The IP fragments are reassembled only at the destination host.

• How to prevent an IP datagram from being fragmented?


A IP datagram can be prevented from fragmentation, by setting the "don't fragment" flag in the
IP header.

• What happens when a datagram must be fragmented to traverse a network, but the
"don't fragment" flag in the datagram is set?
The datagram whose "don't fragment" flag is set is discarded, if it must be fragmented to traverse
a network. Also, a ICMP error message is sent back to the sender of the datagram.

• Will all the fragments of a datagram reach the destination using the same path?
The different fragments of the same IP datagram can travel in either in the same path or in
different paths to the destination.

• Will all the fragments of a datagram arrive at the destination system in the correct order?
The different fragments of a single IP datagram can arrive in any order to the destination system.

• What happens to the original IP datagram when one or more fragments are lost?
When one or more fragments of an IP datagram are lost, then the entire IP datagram is discarded
after a timeout period.

• What is the minimum size of an IP fragment?


The minimum size of an IP fragment is the minimum size of an IP header plus eight data bytes.
Most firewall-type devices will drop an initial IP fragment (offset 0) that does not contain
enough data to hold the transport headers. In other words, the IP fragment normally need 20
octets of data in addition to the IP header in order to get through a firewall if offset is 0.

• What are the limitations on the size of a fragment?


The size of an IP datagram fragment is limited by

1. The amount of remaining data in the original IP datagram


2. The MTU of the network and
3. Must be a multiple of 8, except for the final fragment.

• How is an IP datagram fragment differentiated from a non-fragmented IP datagram?


A complete IP datagram is differentiated from an IP fragment using the offset field and the
"more fragments" flags. For a non-fragmented IP datagram, the fragment offset will be zero and
the "more fragments" flag will be set to zero.
• How are the fragments of a single IP datagram identified?
The "identification" field in the IP header is used to identify the fragments of a single IP
datagram. The value of this field is set by the originating system. It is unique for that source-
destination pair and protocol for the duration in which the datagram will be active.

• How is the last fragment of an IP datagram identified?


The last fragment of an IP datagram is identified using the "more fragments" flag. The "more
fragment" flag is set to zero for the last fragment.

• How is the length of a complete IP datagram calculated from the received IP fragments?
Using the fragment offset field and the length of the last fragment, the length of a complete IP
datagram is calculated.

• How is an IP datagram fragmented?


In the following example, an IP datagram is fragmented into two. This same algorithm can be
used to fragment the datagram into 'n' fragments.

1. The IP layer creates two new IP datagrams, whose length satisfies the requirements of the
network in which the original datagram is going to be sent.
2. The IP header from the original IP datagram is copied to the two new datagrams.
3. The data in the original IP datagram is divided into two on an 8 byte boundary. The
number of 8 byte blocks in the first portion is called Number of Fragment Blocks (NFB).
4. The first portion of the data is placed in the first new IP datagram.
5. The length field in the first new IP datagram is set to the length of the first datagram.
6. The fragment offset field in the first IP datagram is set to the value of that field in the
original datagram.
7. The "more fragments" field in the first IP datagram is set to one.
8. The second portion of the data is placed in the second new IP datagram.
9. The length field in the second new IP datagram is set to the length of the second
datagram.
10. The "more fragments" field in the second IP datagram is set to the same value as the
original IP datagram.
11. The fragment offset field in the second IP datagram is set to the value of that field in the
original datagram plus NFB.

• How a destination system reassembles the fragments of an IP datagram?

1. When a host receives an IP fragment, it stores the fragment in a reassembly buffer based
on its fragment offset field.
2. Once all the fragments of the original IP datagram are received, the datagram is
processed.
3. Upon receiving the first fragment, a reassembly timer is started.
4. If the reassembly timer expires before all the fragments are received, the datagram is
discarded.
• What fields are changed in an IP header due to fragmentation?
The following IP header fields are changed due to IP fragmentation:

1. Total Length
2. Header Length
3. More Fragments Flag
4. Fragment Offset
5. Header Checksum
6. Options

• What happens to the IP options field when an IP datagram is fragmented?


Depending on the option, either it is copied to all the fragments or to only the first fragment.

• Which IP options are copied to all the fragments of an IP datagram?


If the most significant bit in the option type is set (i.e. value one), then that option is copied to all
the fragments. If it is not set (i.e. value zero), it is copied only to the first fragment.

• What is RARP?
Reverse Address Resolution Protocol (RARP) is a network protocol used to resolve a data link
layer address to the corresponding network layer address. For example, RARP is used to resolve
a Ethernet MAC address to an IP address.

• To which OSI layer does RARP belong?


RARP belongs to the OSI data link layer (layer 2).

• Which RFC specifies the requirements for RARP?


RFC 903 specifies the RARP packet format and other details.

• Why is RARP needed?


Normally, the IP address of a system is stored in a configuration file in the local disk. When the
system is started, it determines its IP address from this file. In the case of a diskless workstation,
its IP address cannot be stored in the system itself. In this case, RARP can be used to get the IP
address from a RARP server.

• What is a RARP server?


All the mappings between the hardware MAC addresses and the IP addresses of the hosts are
stored in a configuration file in a host in the network. This host is called the RARP server. This
host responds to all the RARP requests.

• Where is the mapping between the MAC address and IP addresses stored in a RARP
server?
The mapping between MAC addresses and IP addresses is usually stored in a configuration file
in the local hard disk in the RARP server.
• Can RARP be used in a network other than Ethernet?
Yes. RARP is a general protocol, which can be used to map any type of hardware MAC address
to any type of network layer protocol address.

• How does RARP resolve an Ethernet MAC address to an IP address?


When a diskless system is booted up, it broadcasts a RARP request packet with its MAC address.
This packet is received by all the hosts in the network. When the RARP server receives this
packet, it looks up this MAC address in the configuration file and determines the corresponding
IP address. It then sends this IP address in the RARP reply packet. The diskless system receives
this packet and gets its IP address.

• When is a RARP request packet generated?


A RARP request packet is usually generated during the booting sequence of a host. A host must
determines its IP address during the booting sequence. The IP address is needed to communicate
with other hosts in the network.

• What happens when a RARP server receives a RARP request packet?


When a RARP server receives a RARP request packet it performs the following steps:

1. The MAC address in the request packet is looked up in the configuration file and mapped
to the corresponding IP address.
2. If the mapping is not found, the packet is discarded.
3. If the mapping is found, a RARP reply packet is generated with the MAC and IP address.
This packet is sent to the host, which originated the RARP request.

• What happens when a host receives a RARP reply packet?


When a host receives a RARP reply packet, it gets its IP address from the packet and completes
the booting process. This IP address is used for communicating with other hosts, till it is
rebooted.

• What is the length of a RARP request and reply packet?


The length of a RARP request or a RARP reply packet is 28 bytes.

• What is the RARP packet format?


The various fields of a RARP request/reply packet and their length are shown below:

+--------+
|Hardware| 2 bytes
|MAC |
|Address |
|Type |
+--------+
|Protocol| 2 bytes
|Address |
|Type |
+--------+
|Hardware| 1 byte
|MAC |
|Address |
|Size |
+--------+
|Protocol| 1 byte
|Address |
|Size |
+--------+
|Op | 2 bytes
+--------+
|Sender | 6 bytes (depends on the above size field)
|MAC |
|Address |
+--------+
|Sender | 4 bytes (depends on the above size field)
|IP |
|Address |
+--------+
|Target | 6 bytes (depends on the above size field)
|MAC |
|Address |
+--------+
|Target | 4 bytes (depends on the above size field)
|IP |
|Address |
+--------+

The fields are further explained below:

+---------+-------------------------------------------------------+
|Ethernet |For a RARP request, source MAC address is the MAC |
|Header |address of the host sending the RARP request, |
| |destination MAC address is the Ethernet broadcast |
| |address (FF:FF:FF:FF:FF:FF), frame type field is 0x8035|
| |For RARP reply, source MAC address is the MAC address |
| |of the RARP server replying to the RARP request, |
| |destination MAC address is the MAC address of the host |
| |that sent the RARP request, and the frame type field is|
| |0x8035. |
+---------+-------------------------------------------------------+
|Hardware |Type of the hardware MAC address present in the packet.|
|Address |For Ethernet the value of this field is 1. |
|Type | |
+---------+-------------------------------------------------------+
|Protocol |Type of the protocol address requested for the MAC |
|Address |address. For IP address the value of this field is |
|Type |0x800. |
+---------+-------------------------------------------------------+
|Hardware |Size of the hardware MAC address. For Ethernet, the |
|Address |value of this field is 6. |
|Size | |
+---------+-------------------------------------------------------+
|Protocol |Size of the protocol address. For IP, the value of |
|Address |this field is 4. |
|Size | |
+---------+-------------------------------------------------------+
|Operation|Type of operation being performed. The value of this |
| |field can be 3 (RARP request) or 4 (RARP reply). |
+---------+-------------------------------------------------------+
|Source |In a RARP request packet, this is the hardware MAC |
|MAC |address of the source host. In a RARP reply packet, |
|address |this is the hardware MAC address of the RARP server |
| |sending the RARP reply. |
+---------+-------------------------------------------------------+
|Source |In a RARP request packet, this is undefined. In a |
|IP |RARP reply packet, this is the IP address of the RARP |
|address |server sending the RARP reply. |
+---------+-------------------------------------------------------+
|Target |In a RARP request packet, this is the hardware MAC |
|MAC |address of the source host. In a RARP reply packet, |
|address |this is the hardware MAC address of the host, that sent|
| |the RARP request packet. |
+---------+-------------------------------------------------------+
|Target |In a RARP request packet, this is undefined. In a RARP |
|IP |reply packet, this is the IP address of the host |
|address |that sent the RARP request packet. |
+---------+-------------------------------------------------------+

• Does RARP use the same packet format as ARP?


Yes. RARP uses the same packet format as ARP.

• How is a RARP packet differentiated from an ARP packet?


The frame type in the Ethernet header is used to differentiate a RARP packet from an ARP
packet. The value of the opcode field in the RARP header can also be used.

• Is the format of a RARP request packet the same as that of a RARP reply packet?
Yes. The packet format of a RARP request packet is same as that of a RARP reply packet.

• How is a RARP request differentiated from a RARP reply packet?


The 'operation' field in the RARP packet is used to differentiate between a RARP request and a
RARP reply packet.

• What are the values for the source and destination IP address fields in a RARP request
packet?
In an RARP request packet, the source and destination IP address values are undefined.

• What are the values for the source and destination IP address values in a RARP reply
packet?
In a RARP reply packet, the source IP address is the IP address of the RARP server responding
to the RARP request and the destination IP address is the IP address of the host that sent the
RARP request.

• Do all the hosts in a network process a RARP packet?


Since a RARP request packet is a broadcast packet, it is received by all the hosts in the network.
But only a RARP server processes a RARP request packet, all the other hosts discard the packet.
The RARP reply packet is not broadcast, it is sent directly to the host, which sent the RARP
request.

• What will happen if more than one RARP server in a network responds to a RARP
request?
If more than one RARP server respond to a RARP request, then only the first RARP reply
received is used. All other replies are discarded.

• What will happen if a RARP reply is not received for a RARP request?
If a RARP reply is not received within a reasonable amount of time, the host, which sent the
RARP request, will not be able to complete its booting sequence. Usually the host will again
retry sending the RARP request after a timeout period.

• Are there any alternative protocols to RARP?


The BOOTP and DHCP protocols can be used instead of RARP to get the IP address from the
MAC address.

• What is an IP sub-network?
A single IP class A, B, or C network is further divided into a group of hosts to form an IP sub-
network.

• What is the use of sub-networks?


Sub-networks are created for manageability, performance, and security of hosts and networks
and to reduce network congestion.

• Which RFC specifies IP subnetwork addressing?


RFC 950 specifies IP subnetwork addressing protocol.

• How sub-networks are formed?


The host ID portion of an IP address is further divided into a sub-network ID part and a host ID
part. The sub-network ID is used to uniquely identify the different sub-networks within a
network.

• What is a subnet mask?


Subnet mask is a 4 byte (32 bit) number used to identify the sub-network ID and the host ID
from an IP address. All the hosts in a sub-network will have the same subnet mask. E.g.
255.255.255.0, 255.255.127.0, 255.255.0.0

• How a host determines its subnet mask?


A host determines its subnet mask during the boot-up sequence either from a configuration file
stored in the local hard disk or from a server in the network using a network protocol like
BOOTP, ICMP.

• How is a subnet mask formed?


For all the bits in the IP address which are used to represent the network ID, and the sub-network
ID, the corresponding bits in the subnet mask will be one. For all the bits in the IP address which
are used to represent the host ID, the corresponding bit in the subnet mask will be zero. For
example, if the first two bytes of the IP address are used to represent the network (class B
address) and the third byte is used to represent the sub-network, and the last byte is used to
represent the host, then the subnet mask will be 255.255.255.0

• Why a host needs to know about its subnet mask?


When a host "A" needs to communicate with another host "B", it must know whether host "B" is
in the same network or in a different network. If the host "B" is in the same network then host
"A" can send the datagram directly to host "B". But if the host B is in a different network, then
host "A" must send the datagram to a proper router. By determining the network class of the IP
address of host "B", host "A" can determine whether host "B" is in the same network or in a
different network. By using the subnet mask host "A" can find out whether host "B" is in the
same subnet or in a different subnet.

• How to determine to the network ID, sub-network ID and the host ID, given the IP
address and the subnet mask?
The network class (A or B or C) of a given IP address can be easily determined by looking at the
value of the first 4 bits of the first byte. From the network class, the number of bytes used to
represent the network can be determined and hence the network ID can be determined. By
performing a "AND" logical operation of the IP address and the subnet mask, the sub-network
ID can be determined. In the value resulting from the "AND" operation, by removing the bytes
used for the network ID, the remaining bits for which the corresponding bit in the subnet mask is
one, represents the sub-network ID.

• Is it possible to form a subnet mask by using bits in non-contiguous positions in the IP


address?
Yes. It is possible to use non-contiguous bits in the host portion of an IP address to form the
subnet field according to the standard. Only contiguous fields are usually used to form a subnet
field.

• Is it possible to determine whether the network is subnetted by using the IP address of a


host alone?
No. It is not possible to determine whether a network is subnetted just by using the IP address
alone. The subnet mask is needed to determine this.

• Is it necessary for hosts in a network "M" to know about the subnetworks in another
network "N" to communicate with hosts in that network?
No. Subnetworks in one network are transparent to hosts in another network.

Example 1:
For example, let us say the IP address is 100.24.124.27 and the subnet mask is 255.255.0.0. As
the most significant bit in the first byte of the IP address is zero, this is a Class A IP address.
Therefore, the first byte represents the network ID. In this case, the network ID is 100. The result
of a logical AND operation between the IP address and the subnet mask is 100.24.0.0. In this
value, the first byte represents the network ID. For all the remaining one bit in the subnet mask,
the corresponding bit in the IP address, represents the sub-network ID. In this case it is 24. The
remaining bits in the IP address represent the host ID. In this case it is 124.27.

Example 2:
IP Address: 187.199.127.5
Sub-net mask: 255.255.255.0

Network Class: B
Network ID: 187.199
Result of logical AND operation: 187.199.127
Sub-network ID: 127
Host ID: 5

Example 3:
IP Address: 187.199.127.5
Sub-net mask: 255.255.240.0

Network Class: B
Network ID: 187.199
Result of logical AND operation: 187.199.112.0
Sub-network ID: 112
Host ID: 15.5

Example 4:
IP Address: 187.199.127.5
Sub-net mask: 255.255.128.0

Network Class: B
Network ID: 187.199
Result of logical AND operation: 187.199.0.0
Sub-network ID: 0
Host ID: 127.5

• What are the possible values for a sub-net mask?


All the possible values for a sub-net mask are shown below:

255.128.0.0
255.192.0.0
255.224.0.0
255.240.0.0
255.248.0.0
255.252.0.0
255.254.0.0
255.255.0.0
255.255.128.0
255.255.192.0
255.255.224.0
255.255.240.0
255.255.248.0
255.255.252.0
255.255.254.0
255.255.255.0
255.255.255.128
255.255.255.192
255.255.255.224
255.255.255.240
255.255.255.248
255.255.255.252

• What are the two types of subnetting?


The two types of subnetting are:

1. Static length
2. Variable length

• What is 'Static Length' subnetting?


If all the subnetworks in a single network use the same subnet mask, it is called as 'Static Length'
subnetting.

• What is 'Variable Length' subnetting?


If the different subnetworks in a single network use different subnet masks, it is called as
'Variable Length' subnetting.

• What is the disadvantage in using 'Static Length' subnetting?


In the case of a 'Static Length' subnetwork, irrespective of the number of hosts in the
subnetwork, a single subnet mask is used for all the subnetworks. Because of this, a large
number of IP addresses will be wasted. For example, let us say, we have a class C IP network
address 192.9.205.0 subnetted using a subnet mask 255.255.255.192. The total number of
possible subnetworks is 4 and the total number of possible hosts per subnetwork is 32. Even if a
subnetwork has just 4 hosts, it will be allocated the above subnetwork IP address, in this case 28
host IP addresses will be wasted.

• What is the advantage in using 'Static Length' subnetting?


It is easy to configure a network using 'Static Length' subnetting. In addition, native IP routing
understands only static subnetting.

• What is the advantage is using 'Variable Length' subnetting?


In the case of 'Variable Length' subnetwork, IP addresses are allocated depending on the number
of hosts present in the subnetwork. So available host IP addresses are efficiently used and are not
wasted.

• What is the disadvantage in using 'Variable Length' subnetting?


All the routers in a 'Variable Length' subnetted network must understand this type of subnetting.

• What are the special subnetwork IP addresses?


The subnet addresses in which all the bits are zero or one are special subnet IP addresses. The
subnet address in which all the bits are zero, represents the local subnetwork in which the
datagram originated. The subnet address in which all the bits are one represents a subnet
broadcast address. In the broadcast address, all the other bits including the network and host ID
must be one.

You might also like