Cheatsheet

= ARP vs MAC Table =

= Fragmentation =


 * Before fragmentation:


 * After fragmentation:

= Header Fields = Version HLEN DSCP ECN Total Length Identification Flags(DF,MF) Fragment Offset TTL Protocol Header Checksum Source IP Destination IP Options
 * IP Header

Source port Destination port Sequence number Ack number Data offset Flags Window Size Checksum Urgent pointer Options
 * TCP Header

Hardware type Protocol type Hardware address length Protocol address length Operation Source MAC Source IP Dest MAC Dest IP
 * ARP Header

Source port Destination port Length Checksum
 * UDP Header

Code Checksum Rest of Header
 * ICMP Header

= TCP Topics Hierarchy =

- Slow Start - Exponential Increase - Congestion Avoidance - Additive Increase - Congestion Detection - Multiplicative Decrease
 * Congestion Control

- If RTO occured, TCP Reacts Strongly - Reduces cwnd back to 1 Segment, starts the slow start phase again
 * Tahoe

- If 3 Duplicate ACKs are received, TCP has a Weaker Reaction - Starts the Congestion Avoidance phase - This is called fast transmission and fast recovery
 * Reno

= VPN Messages =

Cookie,Proposal List Cookie,Accepted Proposal DH Key,Nonce DH Key,Nonce ID,ID Hash ID,ID Hash
 * Phase 1 - Main Mode

ID,Proposal List,DH Key,Nonce ID,Accepted Proposal,DH Key,Nonce,ID Hash ID Hash Ph1 Hash,Message ID,Proposal List,Nonce, DH Key,Proxy-ID Ph1 Hash,Message ID,Accepted Proposal,Nonce,DH Key,Proxy-ID Ph1 Hash,Message ID,Nonce
 * Phase 1 - Aggressive Mode
 * Phase 2 - Quick Mode

=VPN Monitor vs DPD vs IKE Heartbeat =

=SRX Architecture= Screens Static NAT | Dest NAT Route ==> Forwarding Lookup Zones Policy Reverse Static NAT | Source NAT Service ALG Session
 * First Path:

Screens TCP NAT Service ALG
 * Fast Path:

= ScreenOS = Sanity Check Screening Session lookup Route Lookup Policy lookup Session creation ARP lookup
 * ScreenOS Flow order

Policy Based Routing Source Interface Based Routing Source Routing Destination Routing Mapped IP Virtual IP  Policy Based NAT (NAT-Src & NAT-Dst) Interface Based NAT
 * Route preference order
 * NAT Preference order

=SYN Flood Protection= Threshold = Proxy connections above this limit If Syn-cookie is enabled, no sessions established between client & firewall or firewall & server directly Alarm Threshold = Alarm/Alert (to log) Queue Size = The number of proxied connections held in queue After this the firewall starts rejecting new connection requests Timeout Value is maximum time before a half-completed connection is dropped from the queue The range is 0–50s; default is 20s

=HTTP Error Codes=

= SSL Handshake =
 * SSL has 4 protocols:
 * 1. Handshake Protocol: Negotiate Cipher Suite & exchange information for building cryptographic secrets. It has 4 Phases:
 * a) Phase 1: Establishes secret capabilities
 * b) Phase 2: Server authentication and Key exchange
 * c) Phase 3: Client authentication and Key exchange
 * d) Phase 4: Finalizing handshake
 * 2. ChangeCipherSpec Protocol
 * 3. Alert Protocol
 * 4. Record Protocol


 * Brief Steps:


 * 1) Client & Server exchange 2 random keys
 * 2) Both exchange 1 PreMaster Secret
 * 3) Master Key is created from PM Secret by running SHA1 & MD5 several times
 * 4) Master Key is used to create variable length key material depending on the cipher used
 * 5) Six different secrets are extracted from key material

= NetScaler =

Least Connection   = Service with fewest active connections Round Robin        = Rotates a list of services Least Response time(LRTM) = Fewest active connections & lowest average response time Least Bandwidth     = Service serving least amount of traffic measured in mbps Least Packets       = Service that received fewest packets Source IP Hash      = Destination IP Hash =
 * LB Methods:

SOURCE IP = COOKIE Insert = Connections having same HTTP Cookie inserted by Set-Cookie directive from server belong to same persistence session. SSL Session   = Connections having same SSL session ID RULE           = All connection matching a user defined rule URL Passive   = requests having same server ID(Hexadecimal of Server IP & Port) of service to which request is to be fwded Dest IP       = SRC IP DST IP = CALL ID       = Same Caller ID in SIP Header
 * Persistence Methods:

= OSPF = Down Attempt Init 2-Way ExStart Exchange Loading Full
 * States

Type 1 - Router LSAs Type 2 - Network LSAs Type 3 - Network Summary LSA Type 4 - ASBR summary LSA Type 5 - AS external LSA Type 7 - NSSA External LSA Type 1 - Hello Type 2 - Database Description (DBD) Type 3 - Link-State request (LSR) Type 4 - LSU Type 5 - LSAck
 * LSA Type
 * Packet Types

= BGP =


 * Route Selection Criteria

Idle Active        Attempting to connect Connect       TCP session established OpenSent      Open message sent OpenConfirm   Response received Established   Adjacency established
 * BGP States

Open Update Keepalive      Sent every 60 seconds Notification   Always indicate something is wrong
 * BGP Messages