网络部分常见考题

1 ：简要叙述七层（四层）网络协议划分？

2 ：简要介绍TCP三次握手的机制？
 答：分三步
  1. 本地设备发送序列号和最大传输块大小！
  2. Destination device responds by sending its sequence
     number and maximum segment size back to local device.
  3. Local device acknowledges receipt of the sequence number
     and segment size information.

3：解释SSL的握手机制（Secure Sockets Layer）?
   1. Browser checks the certificate to make sure that the
      site you are connecting to is the real site and not
      someone intercepting.
   2. Determine encryption types that the browser and web
      site server can both use to understand each other.
   3. Browser and Server send each other unique codes to
      use when scrambling (or encrypting) the information
      that will be sent.
   4. The browser and Server start talking using the
     encryption, the web browser shows the encrypting icon,
     and web pages are processed secured.

3：解释一下passive FTP和active FTP之间的区别？
   FTP is an unusual protocol in that it uses two ports, one
   for commands and the other for data. (This is one of the
   reasons it is superior to HTTP for transferring large files.)
  
   Active FTP was invented first. The client initiates a
   connection on the server’s command port. The server
   then initiates a connection with the client from its
   data port.
  
   In Passive FTP, the client initiates both connections
   with the server, which remains “passive”.
  
   Active FTP may cause problems if your client is behind
   a firewall. From the firewall’s point of view, the FTP
   server that is trying to initiate a connection with your
   client looks like an intruder and is usually blocked.
   This is why many users have difficulty using FTP to
   download files from behind a firewall.
  
   Passive FTP solves this problem, but creates other
   problems, notably where FTP server security is concerned.
   The server must listen on a large number of ports. This
   requires the firewall to let a lot of unqualified traffic
   through. Most firewall administrators do not like this.
  
   As a rule, you do not need to be concerned about passive
   and active FTP unless you administer an FTP server or a
   firewall. If you experience difficulty using your FTP
   client from behind a firewall, this is likely the reason.
   Perhaps you should discuss the matter with your firewall
   administrator.

4：socket和session之间有何异同？？
   答：
   1. An SSL session is a mechanism through which connections
   can be established by re-using previously negotiated handshakes.
   2. A socket is one endpoint of a two-way communication link
   between two programs running on the network. A socket is bound
   to a port number so that the TCP layer can identify the
   application that data is destined to be sent.

5：解释MTU
   答：
   Maximum Transmission Unit. The greatest amount of data or
   “packet” size that can be transferred in one physical frame
    on a network. This packet also contains the header and
    trailer information, which are like addresses for each
    packet that are required by the routers on the network.
    最大传输单元。在网络上可以传输的一个最大物理桢的数据或包
    长，该信息包含数据头和尾，比如一些在网络上传输所需要的一
    些地址等。

6：解释TCP窗口大小？？
   答：
   The window size is the maximum number of bytes of data
   that can be transmitted in one segment. Increasing the
   window size for a TCP-based file transfer would increase
   throughput until the slowest link in the path saturates.
   It would be preferable to have a window size appropriate
   to the size of the link. There would be less buffering,
   the ACKs would return more quickly and more of the bandwidth
   would be used. Ideally you are looking for a Window
   Size >= Bandwidth * RTT.

7：What are the different phases in VPN establishment?
   Successful VPN establishment consists of two levels of SA’s
   known as phases.
   Phase 1 authentication establishes session keys. Using the
   Xauth feature, the client waits for a “username/password”
   challenge after the IKE Phase 1 SA has been established.
   When the end user responds to the challenge, the response
   is forwarded to the IPsec peers for an additional level
   of authentication completing Phase 2.
   1. Phase 1 of a 2 phase VPN tunnel establishment process.
      Phase 1 negotiates the security parameter agreement.
   2. Phase 2 of 2 phase VPN tunnel establishment process.
      Phase 2 uses the agreed parameters from Phase 1 to bring
      the tunnel up.

8：How does DH (deffie helman) work?
  Diffie-Hellman key agreement was invented in 1976 during a
  collaboration between Whitfield Diffie and Martin Hellman
  and was the first practical method for establishing a shared
  secret over an unprotected communications channel. Based on
  Ralph Merkle’s public key cryptosystem. Public key cryptography
  is a form of cryptography which generally allows users to
  communicate securely without having prior access to a shared
  secret key, by using a pair of cryptographic keys, designated
  as public key and private key, which are related mathematically.

二：协议部分