1 :简要叙述七层(四层)网络协议划分?
2 :简要介绍TCP三次握手的机制?
答:分三步
1. 本地设备发送序列号和最大传输块大小!
2. Destination device responds by sending its sequence
number and maximum segment size back to local device.
3. Local device acknowledges receipt of the sequence number
and segment size information.
3:解释SSL的握手机制(Secure Sockets Layer)?
1. Browser checks the certificate to make sure that the
site you are connecting to is the real site and not
someone intercepting.
2. Determine encryption types that the browser and web
site server can both use to understand each other.
3. Browser and Server send each other unique codes to
use when scrambling (or encrypting) the information
that will be sent.
4. The browser and Server start talking using the
encryption, the web browser shows the encrypting icon,
and web pages are processed secured.
3:解释一下passive FTP和active FTP之间的区别?
FTP is an unusual protocol in that it uses two ports, one
for commands and the other for data. (This is one of the
reasons it is superior to HTTP for transferring large files.)
Active FTP was invented first. The client initiates a
connection on the server’s command port. The server
then initiates a connection with the client from its
data port.
In Passive FTP, the client initiates both connections
with the server, which remains “passive”.
Active FTP may cause problems if your client is behind
a firewall. From the firewall’s point of view, the FTP
server that is trying to initiate a connection with your
client looks like an intruder and is usually blocked.
This is why many users have difficulty using FTP to
download files from behind a firewall.
Passive FTP solves this problem, but creates other
problems, notably where FTP server security is concerned.
The server must listen on a large number of ports. This
requires the firewall to let a lot of unqualified traffic
through. Most firewall administrators do not like this.
As a rule, you do not need to be concerned about passive
and active FTP unless you administer an FTP server or a
firewall. If you experience difficulty using your FTP
client from behind a firewall, this is likely the reason.
Perhaps you should discuss the matter with your firewall
administrator.
4:socket和session之间有何异同??
答:
1. An SSL session is a mechanism through which connections
can be established by re-using previously negotiated handshakes.
2. A socket is one endpoint of a two-way communication link
between two programs running on the network. A socket is bound
to a port number so that the TCP layer can identify the
application that data is destined to be sent.
5:解释MTU
答:
Maximum Transmission Unit. The greatest amount of data or
“packet” size that can be transferred in one physical frame
on a network. This packet also contains the header and
trailer information, which are like addresses for each
packet that are required by the routers on the network.
最大传输单元。在网络上可以传输的一个最大物理桢的数据或包
长,该信息包含数据头和尾,比如一些在网络上传输所需要的一
些地址等。
6:解释TCP窗口大小??
答:
The window size is the maximum number of bytes of data
that can be transmitted in one segment. Increasing the
window size for a TCP-based file transfer would increase
throughput until the slowest link in the path saturates.
It would be preferable to have a window size appropriate
to the size of the link. There would be less buffering,
the ACKs would return more quickly and more of the bandwidth
would be used. Ideally you are looking for a Window
Size >= Bandwidth * RTT.
7:What are the different phases in VPN establishment?
Successful VPN establishment consists of two levels of SA’s
known as phases.
Phase 1 authentication establishes session keys. Using the
Xauth feature, the client waits for a “username/password”
challenge after the IKE Phase 1 SA has been established.
When the end user responds to the challenge, the response
is forwarded to the IPsec peers for an additional level
of authentication completing Phase 2.
1. Phase 1 of a 2 phase VPN tunnel establishment process.
Phase 1 negotiates the security parameter agreement.
2. Phase 2 of 2 phase VPN tunnel establishment process.
Phase 2 uses the agreed parameters from Phase 1 to bring
the tunnel up.
8:How does DH (deffie helman) work?
Diffie-Hellman key agreement was invented in 1976 during a
collaboration between Whitfield Diffie and Martin Hellman
and was the first practical method for establishing a shared
secret over an unprotected communications channel. Based on
Ralph Merkle’s public key cryptosystem. Public key cryptography
is a form of cryptography which generally allows users to
communicate securely without having prior access to a shared
secret key, by using a pair of cryptographic keys, designated
as public key and private key, which are related mathematically.
二:协议部分
