Welcome to the CompTIA Network+ N10-006 study notes. This is the biggest study guide yet! So a fair warning if you have a weak PC.

As much as I wanted to throw in images and videos, it just made this article load too slow.

Some of the information in this guide came from some knowledge I had being in the industry and taking the exam many years ago. I'm also working in the network division at my place of work and have many talented network people to pull from. Most of the other parts came from random articles including Wikipedia and a few YouTube videos.

I did not order this guide by the N10-006 exam objectives exactly but it's close. I also compared the information and structure to other publicly available study notes out there so it's as uniform as possible.

Know going into this that you won't retain all industry knowledge at all times. I'll happily admit I don't have this entire page of notes memorized. What's more important is taking notes and knowing where to look when you need to recall something or fix an issue.

Treat these notes as a review. You should be shaking your head yes as you go through these notes. Learn and retain as much of the concepts as possible. There's no shortcut to being an IT pro. Put the work and and do great.

Let me know how you do. Good luck!

Table of Contents

  1. OSI Stack
  2. Binary and Hex
  3. Network Types
  4. IEEE Project Standard
  5. Ethernet IEEE 802.1 and 802.3
  6. IP
  7. DNS
  8. Routing
  9. Telecom and WAN
  10. Hardware
  11. Wireless
  12. Network Protocols and Services
  13. Network Management
  14. Maintenance Tools
  15. Command Line Utilities
  16. Network Security
  17. VPN
  18. Network Troubleshooting
  19. Quality of Service (QoS)
  20. VOIP
  21. Virtualization
  22. Windows Administration
  23. Review Those Ports

OSI Stack

7 layer Open Systems Interconnection model

  • System developed in the 80s that shows how technology could communicate with each other.
  • Different layers communicate above and below itself.
  • Starts at highest layer and passed to the next layer until the lowest layer is reached.
  • After the data is sent to another device, the data goes from the lowest layer to the highest depending on the data in the headers and footers.
  • Layer 8 is said to be the users. Not officially part of the official OSI 7 layer model.

Upper Layers

  • Application
  • Presentation
  • Session

Lower Level

  • Physical
  • Data
  • Network
  • Transport

Mnemonics to help remember the order:

  1. Please Do Not Throw Sausage Pizza Away
  2. All People Seem To Need Data Processing

OSI Breakdown

  1. Physical
    • Bits (1s and 0s)
    • Wiring standards
    • Physical topology (bus, ring, star, etc.)
    • Synchronizing bits (async vs sync)
    • Responsible for transmitting electrical signals
    • Bandwidth usage (broadband vs baseband)
    • Multiplexing strategy
    • Hubs, MAUs, Repeaters, and Transceivers operate at level 1
  2. Data Link
    • Also called link layer
    • Data link sends frames after adding frame header and footer
      • A frame is the final layer of data encapsulation before data is transmitted
      • The header indicates that a frame is beginning
      • The footer indicates that the frame is done
    • A receiver will ignore data until the frame begin sequence is received
    • Direct Node to node transmission (point to point)
    • After route is established this layer handles the process of actually passing the data
    • MAC Address is here, controls access to physical layer
      • Concerned with packaging data into frames
      • Send frames on network
      • Error detection
      • Unique id network devices
      • Flow control
      • View network as logical topology
    • 2 sublayers
      • MAC (Media Access Control) a 48 bit address assigned to a NIC
      • Acts as traffic cop deciding who can submit
      • MAC Addresses are physically burned into device
      • First 3 octets of a MAC address uniquely identify the organization (OUI)
      • LLC (logical Link control) Error fixing mechanisms
      • Interface between MAC Sub Layer and network layer using Service Access Points (SAPs)
    • Devices: Bridges, Switches, NIC, and WAPsframe check sequence (FCS)
    • TCP/IP stack: Network Interface, Network Control Layer
    • Protocols: Frame relay, LLC, MAC, IEEE 802.3
  3. Network
    • Many nodes connected to one medium
    • Medium makes decisions for how to pass data between TCP/IP
    • Sends packets
      • Packet header contains the IP address
      • IPv4 or IPv6
      • Even if a network only supports IPv4, you can still send IPv6 packets through a process called Tunneling
    • Router takes packets segmented by the transport layer and routes them
    • Routing is a function of network layer
      • Best path selection
      • Uses IP Addressing
      • Forwards data based on logical address, switching (packet , message, circuit), route discovery, connection services (flow control, packet reordering), bandwidth usage, multiplex strategy, IP Address
    • Devices: Routers and Layer 3 Switches (multilayer)
    • TCP/IP stack: Internet
    • Protocols: IP and IPX operate at the Network Layer, IGMP, AppleTalk
  4. Transport
    • Segments data into packets, approves or denies packets passing through
    • Forwards Ports
    • 5 classes of connection, Internet uses TP4
    • TCP and UDP become important on this layer as they have their own headers and “behavior”
      • TCP sends out segments and is used when precise, reliable communication is necessary
      • If any packets gets lost, the protocol resends it to the recipient
      • UDP sends out datagrams and is used when consistent, stable communication is necessary
      • Typically used for games and teleconferencing where continuously receiving packets is more important than receiving every packet
      • If a checksum shows a packet as incomplete, the packet is cast away
    • The dividing line between upper and lower OSI
    • Provides reliability, error checking, flow control (windowing and  buffering)
    • Gateways operate at Layers 4-7
    • TCP/IP stack: Transport
    • Protocols: TCP and SPX operate at the Transport Layer (connection oriented), UDP (connectionless)
  5. Session
    • Continuous data streams
    • Strong open channels, clean session termination
    • Session management
      • Setting up (checking user credentials)
      • Maintaining (data management)
      • Terminating connections
    • TCP/IP stack: Application
    • Protocols: RPC, SDP, TLS/SSL,  NetBIOS, SAP,  PPTP
      • NetBios/NetBEUI is a nonroutable protocol
  6. Presentation
    • Encoding and data compression
    • Code in webpages
    • Managing and translating the information into an understandable format
    • Data formatting (ASCII, EBCDIC)
    • Encryption and decryption happens at the presentation layer
    • Graphic files, sound, and video are also handled at the presentation layer
    • TCP/IP stack: Application
  7. Application
    • High-level communication and whether it can happen at all
    • Assesses available network and hardware resources as opposed to solely communication requests
    • This layer interacts with a theoretical 8th layer, the end user
    • Services (SMTP) and service advertisement (Active Directory, UDDI)
    • TCP/IP stack: Application
    • Protocols: HTTP, DHCP, SNMP, SMTP, FTP, DNS

PDU

  • PDU throughout the OSI Stack
    • Mnemonic Some People Fear Birthdays
  • Transport -> Segments, Packets
  • Network -> Packets, Datagrams
  • Data -> Frames, Packets
  • Physical -> Bits

MAC Addresses

  • Example: 56:42:ea:ca:22:79
  • First 24 bits are vendor code
  • Administrators have the option of modifying MAC addresses through factory supplied programs (LLA)
  • List of vendor codes
  • 48-bit hexadecimal
  • Hard coded into NIC
  • Also known as physical address
  • Each device only has one unique address
  • Viewable in Linux with Ifconfig
  • Viewable in Windows with ipconfig /all

Binary and Hex

  • Bits are represented with 0 and 1
  • In current state modulation presence of light is used to indicate on or off (1 or 0)
  • State transition where voltage above and below 0 (0 and 1)
  • 20 = 1, not 0
  • IPv6 – 255.0.0.0 is 11111111.00000000.00000000.00000000
  • Valid HEX fields: 0-9 and A-F
  • 48 bit HEX = 01:23:45:67:89:ab or 01-23-45-67-89-ab
  • 64 bit HEX = 01:23:45:67:89:ab:ef:a1 or 01-23-45-67-89-ab-ef-a1
  • IPv6 and IEEE 1394 require a 64 bit MAC Address, everyone else uses 48-bit MAC addresses

Decimal to binary conversion is 2 based

  • 128
  • 64
  • 32
  • 16
  • 8
  • 4
  • 2
  • 1

Converting 117 to binary

1286432168421
01110101

Network Types

  • Physical topology is an outline of the physical devices
  • Logical topology is a description of how the data flows

Geography

  • PAN – Personal Area Network
  • LAN – Local Area Network
  • CAN – Campus Area Network
  • MAN – Metropolitan Area Network
  • WAN – Wide Area Network

Physical Connections

Ring

  • Not used anymore
  • Interconnected by a single ring
  • Data flows in one direction
  • Not scalable, break kills everything
  • Token Ring Standardized as IEEE 802.5 speeds of 4 mbps, 16 mbps

Bus

  • Uses T Connector (10base2) or vampire (10base5)
  • One cable per network segment (single point of failure)
  • Cable requires a terminator at both ends
  • Not scalable

Star

  • Most popular
  • Switch in the center
  • Cable break only impacts 1 device

Hub and Spoke

  • Bigger version of Star
  • Benefit is minimal link
  • Suboptimal routes
  • Hub is single point of failure
  • Lacks redundancy

Full Mesh

  • Directly connects every site to every other site
  • Optimal route exists between each site
  • Difficult to scale and expensive
  • Fault tolerant, any site that goes down has no effect on network
  • w = n * (n-1) / 2
    • where w = the number of WAN links
    • n = the number of sites

Partial Mesh

  • Hybrid of hub and Spoke and Full Mesh
  • Designed to provide efficient route but each site is NOT interconnected

IEEE Project Standard

802.1Known as internetworking standard
Bridging and network management
802.1D MAC Bridges, Spanning tree Protocol
802.1Q Ethernet trunking standard, VLANS, Multiple Spanning trees
802.1X Security Stuff
802.2Defines the Logical Link Control sublayer of the data link layer under the OSI model
802.3CSMA/CD
Defines ethernet networking
802.3a 10mbs over thinnet
802.3ab standard defines gigabit ethernet over twisted-pair cabling (1000BASE-T)
802.3ae 10 GB ethernet networking
802.3af power over ethernet at 15.4 watts
802.at power over ethernet at 32.4 watts
802.3u 100 mbps
Fast ethernet networking using CAT5 twisted pair wiring
802.3z IEEE project standard defines gigabit ethernet over fiber-optic cabling or coaxial cabling in the 1000Base-X, 1000Base-T, and 1000Base-CX specifications
1000Base-SX is the most secured network
802.4Token Bus
802.5Token Ring
802.6MAN (Metropolitan Network)
802.10LAN Security
802.11Defines Wireless
802.14Cable Modems
802.15PAN 802.15.1 = Bluetooth

Ethernet IEEE 802.1 and 802.3

  • Standard 10 mbps
  • Fast Ethernet 100 mbps
  • Gigabit 1GB, 10GB etc.

Baseband

  • Transfer frequencies very close to zero, lowpass or non-modulated
  • Uses all the available frequencies on a medium to transmit data
  • Examples are serial cables and LANS (ethernet)
  • Uses Time division multiplexing to decide who gets to go
  • Most networks are baseband i.e. 10GBaseT
  • Digital signaling, bi-directional transmission
  • One channel for both directions of signal
  • IEE 802.3 (ethernet)
  • Very narrow frequency range

Broadband

  • Divides bandwidth available on a medium (copper or fiber-optic cabling) into different channels
  • Cable modem uses Frequency-Division Multiplexing (FDM)
  • Separates tasks into frequencies
  • Incoming Data get freq A, outgoing data on FreqB, FreqC for TV Station 1, FreqD for TV Station 2
  • Uses analog signals
  • Analog signalling, unidirectional transmission
  • For transmission to be both ways, requires two channels
  • High frequency range

Multiplexing

  • Allows different communication sessions to share the same medium
  • Time division multiplexing is each session gets an allotted time to use the medium (regardless of need)
  • Stat Time Division STDM is an improvement where as needed basis plays a part
  • FDM Frequency Division Multiplexing is another description of broadband where mediums frequency range are divided into channels and different communication sessions are assigned different channels
  • Demultiplexer is single in, multi out

Spanning Tree Protocol IEEE 802.1D

  • Improve network reliability at layer 2
  • Allows network layer to stop loops
  • Loops exist but spanning tree stops traffic from looping
  • Spanning tree protocol, actively monitors the network, searches for redundant links, when it finds them shuts them down to prevent switching loops
  • When an STP fails MAC Address table can become corrupted
  • When 1 Mac address table gets corrupted it creates a domino effect where MAC address tables on other switches get confused as well resulting in broadcast storms
  • Switches in an STP topology are either root bridge or non-root bridge
  • The root bridge is the switch that is the reference point for the non-root bridges
  • The switch with the lowest bridge ID (BID) is the root bridge
  • Ports that interconnect switches in STP are a Root port (closest port to the root bridge on a non-root bridge switch)
  • Designated port: closest PORT on a NETWORK SEGMENT to the root bridge
  • ALL ports on the root bridge are designated ports
  • Non-designated ports results in blocked traffic to keep a loop free environment
  • STP Port cost
    • 10 mbps=100
    • 100 mbps=19
    • 1 gbps=4
    • 10 gbps=2
  • Non-designated ports do not forward traffic during normal operation but do receive bridge protocol data units (BPDU)
  • One of the non designated ports become designated ports when the designated goes down
  • When doing this the non-designated port will go through the following life cycle until it becomes the designated port
  • Blocking: default is 20 seconds, during this time port analyzes BPDU to determine its role in the spanning tree
  • Listening: port moves from blocking to listening state for 15 seconds
  • Learning: 15 seconds after listening, during this time the port begins building the MAC Address table
  • Forwarding: port forwards frames

Link Aggregation

  • Combine multiple physical connections into one logical connection
  • IEEE 802.3ad standard supports the Link Aggregation Control Protocol

Autonegotiation

  • Autonegotiation is the protocol that does the work for switches, routers, PCs, and more to understand the devices on the other side
  • Interface is configured to the values that autonegotiation detects
  • Parameters include speed (10mps, 100 mps, etc.), duplex (half or Full), and flow control
  • Both devices need autonegotiation on in order for it work
  • When Autonegotiation fails or not available parallel detection is used
    • Which only sets speed NOT the duplex
  • The duplex in this case is defaulted to half which may be problematic if the device on the other end is running in full duplex mode

Trunking

  • This technique allows traffic for multiple VLANS to travel over 1 connection using multiple network cables or ports in parallel to increase speed
  • This connection is called a trunk
  • IEEE 802.1Q is a trunk standard (most popular)
  • IEEE 802.1Q one VLAN is the native VLAN which means frames belonging to the native VLAN are sent unaltered over the trunk
    • Other VLANS in this scenario are tagged with 4 bytes and added to the ethernet frame

Power over Ethernet

  • Defined byIEEE 802.3af standard
  • Checks for 25k Ohms of resistance in the attached device
  • Switch applies as much as 10V of DC (Direct Current) across specific wires to test current over the wire
  • Pins 1 and 2 form 1 side of the circuit and 3 and 6 form the other
  • Algorithm to test for PoE
    • E=IR
    • E (current) = I (current) * R (resistance)
  • Required power?
    • Switch sends 15.5 – 20.5 V DC to the attached device
  • IEEE 802.af standard can supply a maximum of 15.4 W (Watts) of power
  • IEEE 802.3at offers as much as 32.4 W

Port Monitoring

  • Network sniffer to capture packets

Forwarding Modes

  • Provides reliability and flexibility
  • Also known as switching modes
  • Cut-through switching mode: Sends packet to destination as soon as first 14 bytes of packet are read
    • Fastest mode
  • Fragment-free switching mode: Checks there are no collisions on first 64 bytes (minimum valid size of IEEE 802.3 spec)
    • Middle ground between Cut and Through and Store and Forward
  • Store-and-forward switching mode: Stores entire packet then checks the CRC field before forwarding
  • Adaptive switching: user defined
    • Changes from the other 3 styles as needed

User Authentication

  • IEEE 802.1X switch requires client to authenticate
  • Supplicant: devices that wants access
  • Authenticator: middle man that forwards the supplicant details to the Authentication Server and receives response back from Authentication Server

CSMA/CD

  • Carrier Sense Multiple Access Collision Detection
  • When a collision happens everyone involved is given a cool down timer
    • Random amount of time to wait before transmitting again
  • Carrier Sense – listen to the wire to ensure a frame is not being transmitted on network segment
  • Multiple Access – everyone has access to an Ethernet Segment
  • Collision Detection – if 2 devices collide, use the cool down timer to resubmit

Collision Domain

  • All devices on an ethernet segment
  • An ethernet segment would be a hub
  • Switches creates multiple collision domains
    • Every port on an ethernet switch is a collision domain
    • Because 1 device connects to 1 port on a switch there is no need for a CSMA/CD
    • Devices can run in full duplex mode (which is asynchronous)
  • When running CSMA/CD the network must be running in half duplex

Half Duplex vs. Full Duplex

  • Half duplex devices cannot simultaneously transmit and receive (cannot send and receive in parallel)
  • Full duplex devices can run send/receive in parallel
  • Simplex mode – traffic goes in 1 direction at all times, worse than half duplex

Network Bridging

  • The concept of taking different network segments and creating an aggregate network
  • Bridging takes place in Layer 1 and Layer 2
  • Bridge types: simple bridging, multiport bridging, learning or transparent bridging, and source route bridging

Basic Switch

  • All ports belong to same broadcast domain
  • Devices connected in a broadcast domain have the same network address
  • Devices that have the same network address are said to belong to the same network, or subnet
  • Layer 2 switch uses the MAC addresses of the systems connected to the switch to define VLANs

VLAN IEEE 802.1Q

  • Virtual separation of ports into different broadcast domains on a switch or router
  • VLAN is a layer 2 technology that tags frames
    • Partitions devices into multiple broadcast domains that are isolated from each other
    • Usually done on switches or routers
  • To replicate what a VLAN one would have to have separate collections of network cables
  • VLANS simplify network design
  • The first VLAN (or if there are no VLANS defined) is the Default VLAN (id =1)
  • IEEE 802.1Q is the open protocol associated with VLAN
  • A VLAN is 1 broadcast domain instead of every port on the switch being a broadcast domain
  • The tough part is configuring every switch with the same VLAN information
  • VTP VLAN Trunking Protocol allows one VLAN on a switch to be propagated to another VLAN on a switch
  • An example of how to VLAN
    • Think of partitioned networks for your organization
    • Production servers or devices
    • VOIP
    • Network management
    • Storage area network (SAN)
    • Guest network
    • Demilitarized zone (DMZ)

Methods of VLAN Membership

  • VLAN Membership can be protocol based, MAC based, and port based
  • Static VLANs (assigning ports to a VLAN) and Dynamic VLANs (Software driven VLAN Management Policy Server (VMPS)
  • VLANS may travel over a trunk (which is physical and/or virtually one transport device)
  • It is the tagging method of the VLANS that allows the switch on the other side to know how to forward traffic
  • Native VLAN is the VLAN whose frames are NOT tagged
  • Default VLAN typically has ID of 1
  • For traffic to travel between VLANS it must be routed
  • In order to create VLANS on a Layer 1 Switch manually assign specific ports to VLANS

IP

  • IP Address is measured in 4 octets each containing 8 0 and 1 combinations
  • Combination is separated into 2 areas: the network and the host addres
    • Left justified is network
    • Right is host
  • Subnet mask is ALWAYS ALL 1's in an octet or ALL 0's in an octet
    • The section with all 1's represents the section of the IP that is the network address
  • Shorthand subnet masks: if IP 10.1.2.3 and subnet 255.0.0.0 equals 10.1.2.3 /8
  • DNS resolves FQDN to IP Address
    • DNS uses HOST file
  • WINS resolves NetBIOS name to IP Address
    • NetBIOS uses LMHOSTS file
  • IPX/SPX Addresses use 8 Hex digits for Network ID and 12 Hex for MAC address
  • AppleTalk uses 24-bit address, first 16 bits for Network

Classes of Addresses

  • An IP Address first octet will indicate its subnet mask
    • 255.0.0.0, 255.255.0.0, or 255.255.255.0
    • This is also known as classifying address
  • Subnet 255.0.0.0 or class A address will have 1–126 in the first octet of the IP (123.32.23.2) notation = \8
  • Subnet 255.255.0.0 or class B address will have 128–191 in the first octet of the IP (185.32.23.2) notation =\16
  • Subnet 255.255.255.0 or class C address will have 192–223 in the first octet of the IP (212.32.23.2) notation =\24
  • Class D IP's in range 224–239 are used as destination IP Addresses for multicast
  • Class E is experimental use
  • Values act as a guide (mask) to IP address
  • An IP of 114.23.23.21 tells you the network address (or network id) is 114 while the host address (or host id) is 23.23.21
    • Another way of representing this is 114.23.23.21 /8 due to the first set of octets where the network address

Network ID vs. Host ID

  • subnet mask equals bits dedicated to network id, after is for the host
  • /29
  • 29 = network
  • Reminder:
    • 1st class is 1-126
    • 2nd class is 128-191
    • 127 is a loopback address (Local)
  • Publicly routable IP addresses are globally managed by the Internet Corporation for Assigned Names and Numbers (ICANN)
  • IP Helper
    • 0 -> 0
    • 128 -> 1
    • 192 -> 2
    • 224 -> 3
    • 240 -> 4
    • 248 -> 5
    • 252 -> 6
    • 254 -> 7
    • 255 -> 8

Subnet Notation

  • 255.0.0.0 /8 (Classful subnet mask for Class A networks)
  • 255.128.0.0 /9
  • 255.192.0.0 /10
  • 255.224.0.0 /11
  • 255.240.0.0 /12
  • 255.248.0.0 /13
  • 255.252.0.0 /14
  • 255.254.0.0 /15
  • 255.255.0.0 /16 (Classful subnet mask for Class B networks)
  • 255.255.128.0 /17
  • 255.255.192.0 /18
  • 255.255.224.0 /19
  • 255.255.240.0 /20
  • 255.255.248.0 /21
  • 255.255.252.0 /22
  • 255.255.254.0 /23
  • 255.255.255.0 /24 (Classful subnet mask for Class C networks)
  • 255.255.255.128 /25
  • 255.255.255.192 /26
  • 255.255.255.224 /27
  • 255.255.255.240 /28
  • 255.255.255.248 /29
  • 255.255.255.252 /30

Subnetting Example

  • \19
    • If 255.255.0.0 is \16 and 255.255.255.0 is \24 therefore \19 is in the 3rd octet
    • 19-16 = 3
    • It is the 3rd 0/1 combination of the third octet
    • 1110 0000
    • Add them: 128+64+32+0+0+0+0+0 = 224, so 255.255.224.0 /19
  • /17 = 255.255.128.0
    • We know that 255.255.0.0 is /16
    • There is a span of 128 between the next octet
    • so 128 – 0 = 128, therefore 255.255.128.0

Borrowed Bits

  • Adding bits to a classful mask
  • The bits above the classful mask are the borrowed bits
  • Number of subnets = 2s
    • Where s is the borrowed bit

Number of Subnets

  1. Borrowed bits
    • Bits past the classful network
    • Minus subnet mask from networks class subnet
    • Example: \28 – \24 (where address is a class c)
  2. 2 to the power of borrowed bit
    •  2 * 2 * 2 * 2
  • Example: number of created subnets for 192.168.1.0 \28
    • What is the class mask of 192.168.1.0?
    • 192.168.1.0 is a class C network therefore its mask is 255.255.255.0 or more importantly \24
    • Borrowed bits = 4 or \28 – \24
    • number of subnets = 24 (2 to the 4th power) = 16
      • 192.168.1.0 \28 will create 16 subnets

Assignable IP Addresses in a Subnet

  • Calculating Available Hosts =  2h -2
    • Where h is the host bits in the subnet mask
  • 32 it the maximum host bits in IPv4
  • 192.168.1.0 \28  it would be 32 – 28
    • h would be equal to 4
  • 24 -2 = 14
  • Assignable IP Addresses in a subnet for 192.168.1.0 \28 is equal to 14

Classless Inter-Domain Routing (CIDR)

  • Process of shortening classful subnets
  • It removes the 1's from the classful mask
  • It allows like classful networks to be combined
  • Example to combine a couple of class C Networks
    • 192.168.32.0/24
    • 192.168.33.0/24
    • 192.168.34.0/24
    • 192.168.35.0/24
    • Find the octet that differs, in the above case #3 (32, 33, 34, 35)
    • 192.168 = 11000000.10101000 is the same
    • 32 = 00100000
    • 33 = 00100001
    • 34 = 00100010
    • 35 = 00100011
    • 001000 is still equal
    • The first 8 octets + the 2nd octets = 16 + the part of the octets that are equal is 22
    • Therefore the CIDR 192.168.32.0/22

IP version 4 Packet Format

  • Time to live field is decremented every time it passes through a router
    • If TTL = 0 packet is discarded from router
    • Helps to prevent loops
  • TCP Segment
    • Value in window size determines how many bytes to receive before acknowledgement
    • Sequence number: id of unique group
    • Acknowledgement: the next number one should receive
  • UDP Segment
    • NO sequence, window, or acknowledge
    • UDP checksum: optional detect transmission errors

IPV6

  • Wikipedia IPv6 address info
  • Written in hexadecimal
    • Characters = 0 – F
  • In 128-bit
    • XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX
  • Abbreviating IPv6
    • Leading 0s in a field can be omitted
    • Contiguous fields containing all 0s can be represented with a double colon
      • Note: This can be done only once for a single IPv6 address
    • Another example
      • ABCD:0123:4040:0000:0000:0000:000A:000B = ABCD:123:4040::A:B
      • 0000:0000:0000:1aff:1923:ab00:0000:22a1:3712:0000:0000:0000:acc2:32aa:8eff:bf00
      • The computer can figure out how many 0’s there are because it knows how long the string should be
        • 0000:0000:0000:1aff:1923:ab00:0000:22a1:3712::acc2:32aa:8eff:bf00
        • ::1aff:1923:ab00:0000:22a1:3712:0000:0000:0000:acc2:32aa:8eff:bf00
  • EUI-64 can be used for IPv6 auto-configuration
  • DHCPv6
  • Site-local addresses equates to Private IP addresses of IPv4 ( 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), site-local address is FEC0::/10.
  • Link-local addresses: Is an IPV6 versions of APIPA (169.254.0.1 to 169.254.255.254). IUPV6 link local addresses always begin with 1111111010 (FE80)
    • Automatic private addressing, when a pc needs an IP, but DHCP is down
  • 3 types of flow: Anycast (one to nearest), Unicast (one to one) and Multicast (one to many)
    • No broadcasts
    • Anycast
      • Addressed and routed to any and only one of a set of IPv6 Address
    • Unicast
      • Addressed and routed to a single IPv6 address
    • Multicast
      • Addressed and routed to multiple IPv6 Addresses
  • IPV6 is 128 bits, IPV6 also requires 64 bit MAC's
  • Simplified header = 5 fields
  • No fragmentation (performs MTU discovery for each session)
  • Can coexist with IPv4
  • Mandatory IPsec support
  • ICMPv6 replaces ARP for Neighbor discovery, uses neighbor slicitation multicast messages for neighbor discovery

Private Address Range

Routers will not route to these addresses:

  • Class A 10.0.0.0 – 10.255.255.255
  • Class B 172.16.0.0 – 172.31.255.255
  • Class C 192.168.0.0 – 192.168.255.255

Default Gateway

  • When traffic is destined for a different subnet it is routed to the default gateway
  • Gateway can usually be described as a router
  • Access point to another network, devices passes message to this when an IP does not match anything in its routing table

IP Address Terms

  • DNS (Domain Name system)
  • FQDN (Fully qualified Domain Name)
  • BOOTP (Bootstrap protocol predecessor to DHCP)
  • DHCP (Dynamic Host Configuration)
  • APIP (Automatic Private IP Addressing)
    • Allows device to self assign 169.254.0.0/16

DHCP Dynamic Host Configuration Protocol

  • Dynamically assigns network configurations to hosts such as assigning IPs on IP networks
  • Instead of configuring each device, admins configure the DHCP server
    • Queries every new connecting device and assigns several parameters such as:
      • Default Gateway
      • Domain Name
      • Name Servers
      • Time Servers
  • These assignments last for a set duration according to the lease set by the DHCP server’s settings
    • Can either be reassigned or altered at the end of the lease
  • A main DHCP server can communicate via relays (big router to repeaters) for the sake of long-distance assignments
    • DHCP relay agents: Most routers default to NOT forwarding broadcasts.
      • Create DHCP relay agents so DHCPDISCOVER broadcasts can be found on other network segments
    • Automatic Private IP Addressing (APIPA): A windows ONLY feature that acts as a DHCP failover mechanism
      • When DHCP fails assigns IP range: 69.254.0.1 to 169.254.255.254
    • A scope is a pool of IP addresses in which the DHCP server assigns to clients
    • A DHCP relay agent is a router that is configured to handle DHCP requests from another network
  • There are three methods of assignment
    • Dynamic allocation – the DHCP server uses the lease system to assign each new device an IP within a set range for a set period of time
    • Automatic Allocation – similar to dynamic, each device is given an IP, however a table is reserved so that devices can receive the same IP upon reconnection
    • Static Allocation – an IP is assigned manually and specifically to the MAC Address of each connecting device semi-permanently (pre-configured)
  • DHCP utilizes two UDP ports
  • Acts in 4 stages according to DORA:
    • Discovery – The client queries the server at address 255.255.255.255 with DHCPDISCOVER
    • Offer – The server responds with DHCPOFFER which includes the clients MAC address, offered IP, subnet mask, lease duration, and the IP of the server making the offer
      • The server makes an offer based on the CHADDR (clients hardware address) and responds with YIADDR (your IP address)
    • Request – If a client received offers from multiple servers, it will select an offer and request that IP with DHCPREQUEST
      • It will also alert the other servers of which offer it accepted
      • The other servers will terminate their offers
    • Acknowledgment – Once the server receives DHCPREQUEST it will respond with DHCPACK
      • Once the client receives that packet of data, it will probe the new IP to ensure there are no conflicts
  • DHCP Inform can be used if the client wants additional DHCP information after DORA
  • DHCP Release can be used optionally to return and terminate an IP address (not mandatory)
  • Clients can choose optional setting available through DHCP and BOOTP PARAMETERS
  • Reliability of DHCP protocols is ensured through the process of renewing leases that may end
    • Clients periodically send DHCPREQUEST through unicast (the direct connection made post IP assignment)
      • If that fails, it is presumed the server is down
    • DHCPREQUEST will periodically be resent to see if the server has come back online
    • If the server remains down, DHCPREQUEST will be broadcast in the hopes that another server can renew the IP lease
    • If no renewal is possible, DHCPDISCOVER will be broadcast so that a new IP address can be assigned

Zeroconf (Zero Configuration)

  • Assigns link local IP address (MS uses IPIPA)
  • Resolves computer names to IP Address (mDNS)
    • mDNS = is network level DNS system
    • Resolves computer names to IP Address
    • Apple uses mDNS, MS uses Link-local Multicast Name Resolution (LLMNR)
  • Locating network services: Service Location Protocol (SLP), MS uses Simple Service Discovery Protocol (SSDP) which is a UPnP protocol (Universal Plug in Play)
  • Apple's ZeroConf implementation is known as Bonjour
  • Avahi in Linux

IPX

  • Valid IPX network ID is composed of eight hexadecimal characters
  • 802.2 and ETHERNET_II are valid IPX frame types

TCP/IP Transmission Control Protocol/Internet Protocol

  • Regulates end-to-end communication of how data should be packetized, addressed, transmitted, routed, and received
  • Fundamentals of networking
  • Architecture designed around two principles:
    • End-to-End: For simplicity’s sake, the checks should be done by the sender and the receiver, not every piece in between
      • The endpoints are responsible for reliability
    • Robustness Principle: Anything sent should be particular and well-formed, but a device should receive anything that is reasonably readable
      • The focus, then, is on smooth processes, not perfection

The TCP 3 Way Handshake

  1. TCP SYN = source sends to destination
  2. TCP SYN/ACK = destination responds with SYN/ACK after source sends SYN
  3. TCP ACK = When source receives SYN/ACK from destination it sends an ACK

TCP/IP Layers

  • Application Layer
    • Creates and utilizes user data, and communicates that to other high-level applications, often through the transport layer pipelines
    • HTTP, FTP (file transfer protocol), and SMTP (simple mail transfer protocol) – All ways that applications communicate with themselves and each other
  • Transport Layer
    • Host-to-host communication, like local networks
    • Communicates on behalf of applications
    • UDP is used for unreliable communications, whereas TCP is called for more reliable transmission, flow control, and connection establishment
  • Internet Layer
    • Exchanges data across network boundaries (internetworking)
    • Responsible for IP address connections
    • Transmits data to the next IP router closer to the final destination
    • Defines the host addressing/identification and routing structures inherent in TCP/IP
  • Link Layer
    • Communication without intervening routers
    • Makes internet-layer datagrams transmissible to next neighbor hosts
    • Similar to Physical Layer in OSI! Deals with firmware, chipsets, etc.

TCP/IP vs. OSI

  • TCP/IP came before OSI and is less robust
  • Goals are a bit different
    • TCP/IP is more flexible, allowing the transport layer to pick either UDP or TCP depending on how much reliability is required
    • The goal, as shown in the key architectural principles, is running code rather than perfect, reliable transmission
  • Each layer in the TCP/IP tends to treat the other layers as black boxes
  • Application layer just deals with app data, and sends that to the transport layer to figure out how to actually get it moving
  • Similarly, routers and such do not evaluate the data they receive, they only care about transmitting it
    • Think of a post office – we write letters at the application layer, the transport layer is the post office concerned with reading the address and determining the destination/route
    • The internet layer is where the post offices make sure the letter is at the nearest possible post office
    • The link layer is the actual post man, getting it into the final destination
  • TCP/IP doesn't prefer a specific environment and can function as long as every client has the functionality to send and receive packets of data

DNS

  • DNS reverse lookups look like X.X.X.X.in-addr.arpa
  • DNS uses UDP 53 for URL queries
  • DNS uses TCP 53 for zone transfers (when nameservers exchange updated records)
  • DNS uses BIND – Berkley Internet Name Domain software on Unix/Linux servers
  • The key functionality of DNS is to translate between human-friendly identifiers (URLs) and a computer-friendly registry (IP and port #) of where to best access a variety of resources
  • DNS affects URLs (Uniform Resource Locator), e-mail addresses, IP addresses, and more
  • Primary vs. Secondary DNS Server
    • Primary overwrites Secondary
    • Primary holds the master copy of the DNS data for the zone
    • Secondary syncs with Primary through zone transfers
    • Only one Primary, you can have as many secondary as required
    • At least one secondary DNS server is required by the spec
    • A good use of a secondary server is a remote child on another network segment
  • DNS can often be related to a phone book, wherein you look up something easy to remember to gain more specific information
    • The chief difference in functionality between a phone book and DNS is that DNS will output the location of specific data based on proximal servers
  • Another key function of DNS is that, rather than creating one centralized database which can be difficult to change, DNS typically assigns a domain range to each user
    • For instance, a household network with a single internet connection has a range of IP addresses with which to connect to the internet
    • This means computers can switch their IPs based on the network administrators designations
    • The DNS is broken into domains, and each domain has its own authority to assign addresses
    • Each domain can also be broken further into sub-domains
    • When LOCAL DNS doesn't know what to do it sends it to a root-level name server on the Internet
  • DNS is structured into authoritative zones, which can be further broken into smaller portions, and are typically represented within a URL and called by each zone’s label
    • For instance, google.com gives us information about three zones
    • The highest level domain is “com”.
    • The first subdomain is “google”
    • And the second subdomain is “www”
    • The ‘.’ indicates the distinction between multiple labels
  • Each top-level domain (‘com’ in the example) requires two servers to contain master lists of its NS data
    • This is to provide redundancy in case one server should fail or become inaccessible
  • ICANN delegates the management of all top-level domains
  • FQDN – Fully Qualified Domain Name
    • Two parts, hostname and domain name

DNS Operation

  • In order to resolve the real location of a DNS search, a recursive query system is setup wherein the requesting computer follows a trail of hints to find the authoritative location
    • For instance, ‘.com’ will be queried first, and then further queries will be made from its recommendations, or hints until the final solution is found
    • This is resource intensive en masse so cached name servers often retain relevant queries for set period of time, determined by the time-to-live (TTL) status of the original query
  • There are three main types of queries that can be made from the clients side
    • Non-recursive queries are requests made directly to authoritative servers
    • Recursive queries are requests made to a server, which will then continue to query other servers until it can give an authoritative answer to the client
    • Iterant queries are when the client side queries multiple servers to find the authoritative answer itself
  • Requests can sometimes become circular, when servers refer queries to a location that is also on an unknown server
    • In these cases, the querying server can look at the glue, or alternate server hint provided in the original query response
  • Because query records can be maintained for the duration of the TTL (time to live) set by the server administrator, DNS updates do not happen immediately, and can take up to several days if records are held for long periods of time
  • Servers and Host Names are not One-to-One

DNS Messages

  • Question
  • Answer
  • Authority
  • Additional Space
  • Header Section
    • Identification
    • Flags
      • Query/Response (0/1)
      • Reply/Status/Request (4 bit value of 1/2/0)
      • Authoritative? (0/1)
      • Client Request Recursion? (0/1)
      • Replying Server Support Recursion? (0/1)
    • Number Of Questions
    • Number of Answers
    • Number of Authority Resource Records (RR)
    • Number of Additional RR

Common DNS Record Types

  • Wikipedia List of DNS Record Types
  • A – 32 bit IPv4, resolves hostname
  • AAAA – 128 bit IPv6, resolves hostname
  • CNAME – Canonical Name Record – Alias of one name to another in the DNS zone
    • Makes google.com and www.google.com go to the same place
    • Always points a domain name to another domain name
  • DNAME – Delegation Name Record – Alias of all sub-names not just exact label names like CNAME records
    • This record is now obsolete
  • IPSECKEY – Works with IPSec to provide security
  • MX – Mail Exchange Records – maps a domain to message transfer servers
  • NS – points to host records for the hosts that are DNS servers for the zone
  • PTR – opposite of A records. Resolves IP addresses to hostnames
    • Reverse lookup zones contain PTR records
  • SOA – configuration information for the DNS zone itself like the serial number and refresh time

Routing

Characteristics of a Routing Protocol

Believability

  • Administrative Distance
  • Directly connected network 0
  • Statically configured network 1
  • Enhanced Interior Gateway Routing Protocol (EIGRP)
  • Border Gateway Protocol (BGP)
  • interior Gateway Routing Protocol (IGRP)
  • Intermediate System-Intermediate System (IS-IS)
  • External EIGRP
  • Unknown of unbelievable 255 (considered to be unreachable)

Metrics

  • There may be multiple routes to a destination
  • Each route needs a score that indicates cost

Interior vs. Exterior Gateway Protocols

  • IGP within an autonomous system
  • EGP operates between autonomous systems
  • IGP is for the internal network
  • EGP is for the internet (BGP is really the only EGP)

Route Advertisement Method

  • Information is when 2 routers first meet
  • How the protocol receives, advertises and stores routing information

Routing Table

  • When router needs to route an IP packet it consults its IP Routing table
  • Best match is the route with the longest prefix
  • Sources of routing information: Directly connected, Static (input by admin), Dynamic routing protocols
  • A router will install directly connected networks into the routing table, use static route to indicate a desired route for a router
  • When a routing table is used it analyzes every IP In the routing table to find the correct path
  • Routers communicate via routing protocols
  • Routing Protocol: enable routers to learn about their surrounding networks
  • Routers tend to be WAN centric, Switches tend to be LAN Centric
  • A default gateway is typically a router
  • Static route example
    • IP route <IP address> <subnet> <nic>
    • IP route 123.123.123.0 255.255.255.0 gi0/0
  • Dynamic routing a routing protocol is used for routers to determine how to determine the best way to each other
  • Default route method to tell ALL traffic how to work
    • IP route 0.0.0.0 0.0.0.0 gi0/0
  • To view route tables
    • Unix = netstat -r
    • Windows = route print
    • cisco = show ip route

Routing Table Route Types

  • Host route: Route to a host (not a network)
    • Subnet mask = 255.255.255.255 prefix /32
  • Subnet: portion of major network
    • Example: 10.10.10.0/24 (255.255.255.0)
  • Summary: group of subnets,
  • Major Network: Any classful network, along with NATIVE mask 10.0.0.0/8 (255.0.0.0)
  • Supernet: Group of major networks, 10.0.0.0/7 references 10.0.0.0/8 and 11.0.0.0/8
  • Default route: 0.0.0.0/0 (0.0.0.0) when no other route can be determined

Routing Protocols

  • Routers become aware of their surrounding network
  • Classful routing protocols do NOT advertise subnet, classless (the more modern approach) does
  • Attached devices on the network, static routes and reports from routing protocols all go into the equation when a router decides where to forward a packet
  • These variables are analyzed and each is assigned Administrative Distance
  • In Administrative Distance the lower number wins, which means that will be the path the router forwards the packets
  • Convergence: the process of failing over from one route to a backup route, a network is converged when ALL the working routing protocols on the network have no changes to report
  • Redistribution is the process of injecting routes into a routing protocol from another protocol
    • Example redistribute EIGRP routes into OSPF

Route Advertisement methods

  • Distance Vector: protocol sends a copy of its routing table directly to its neighbors
  • Drawbacks: redundant messages, time to converge (i.e. the time other routers update themselves with reported changes), routing loops
  •  To prevent routing loops Distance vector protocols utilize split horizon and poison reverse techniques
    • Poison reverse: Router A tells Router B this IP is too many hop counts away
  • Link State: Routers build there own topographical map of their surrounding networks, routers send link-state advertisements (LSA) to advertise the networks they know how to reach
  • Based on this routers utilize Dijkstra’s Shortest Path, First to figure out whom to send traffic to
  • The only time 2 routers exchange full routing
  • Dynamic Routing Protocols
  • RIP: Distance vector based protocol, is classful (does not report subnet)
    • Uses hop count to determine route
    • Does Not consider available bandwidth
    • RIP is an IGP (interior gateway protocol)
    • Max hops = 15
    • Communicates via broadcast (every 30 seconds)
    • UDP based, utilizes port 520
  • RIP V2: improvement of RIP classless
    • Multicasts
    • Max hop count is 255
  • RIPng: version for IPv6, port 521
  • Open Shortest Path First (OSPF): link-state classless routing protocol, uses metric of cost, link speed between 2 routers
    • It is an IGP (interior gateway protocol)
    • Elects one router to become designated router and a backup
    • DR does the job of calculating paths
    • Runs directly over IP
    • Does not use a protocol (TCP/UDP)
  • Intermediate System to Intermediate System (IS-IS)
    • Similar to OSPF run Dijkstra’s algorithm
  • IGRP: Distance based routing protocol that is more advanced than just counting hops, it uses  bandwidth, delay, load, MTU, and reliability to compare 2 routes
    • It is a classful routing protocol
  • EIGRP: Cisco technology, is a classless improvement on IGRP
    • ONLY works on a network with ALL Cisco routers
  • BGP: Border Gateway Protocol, the only EGP in widespread use today
    • BGP runs the internet, path-vector routing protocol
    • Autonomous system is known as a prefix, routes most desired have the least amount of prefixes to travel through
  • OSPF Calc
    • 100 Mbps (100,000,000 / 100,000,000 bps) = 1
    • 10 Mbps (100,000,000 / 10,000,000 bps) = 10
    • 1.5 Mbps (100,000,000 / 1,540,000 bps) = 64 (results are rounded)
    • Note: 1 GBps (100,000,000 / 100,000,000,000 bps) = 1 (still 1 because 0 and less not supported)

Multicast Protocol

  • Most modern protocols communicate via multicast packets
  • Communicated hosts are NOT defined by IP Address and mask combination (like broadcast)
  • Communication resembles a conference call
  • The speaker broadcasts only to the conference call
  • Unicast: one to one
  • Broadcast: one to all
  • Multicast: one too many
  • Multicast address range is the range of Class D Addresses 224.0.0.0 to 239.255.255.255

IGMP = Internet Group Management Protocol

  • Protocol used between clients (PCs) and Routers to let routers know which of these interfaces have multicast receivers attached
  • Popular implements include IGMPv1 and IGMPv12
    • In both client sends request to router to join group
    • In IGMP v2 router can also accept a leave group message
  • PIM = Protocol Independent Multicast
    • PIM is concerned with routing multicast traffic between routers
    • 2 modes of operation PIM-DM (dense mode) and PIM-SM (sparse mode)
    • PIM-SM is the preferred approach due to PIM-DM's flood-prune methodology
  • PIM DIM: uses a source distribution tree it finds the optimal path between source router (router closest to multicast sender) and each last hop router (router closest to each multicast receiver)
    • To do this traffic must be flooded through the entire network in order to figure out how to build the Source Distribution Tree
    • After the whole network flood happens, routers send messages to other routers that it can be pruned of the source distribution tree
    • When pruning is complete the optimal path between source router and last-hop router is created
    • The flooding and pruning process takes place every 3 minutes
  • PIM SIM: Shared Distribution tree
    • Does not initially form an optimal path
    • Multicast source sends traffic to rendezvous point RP
    • When other routers want to join the multicast (notified by a client PC)
    • Sends a message to RP
    • Initially the path from last-hop to RP is NOT optimal but after the last hop figures out where the RP is it can use unicast and routing tables to determine the optimal path

NAT

  • NAT allows private IP's to be routed through a public Internet IP
    • Inside local: refers to a private IP
    • Inside global: public IP inside the network
    • Outside global: public and NOT within network
  • NAT allows for one node to share its connection with several other nodes
  • Home networks only pay for one IP, but have up to dozens of devices
  • It's similar to having multiple people living in a house
  • It is difficult to connect a remote host to a NAT controlled node
    • No port is directly open for the communication
    • However it is easy for a NAT controlled node to open a connection to a remote host
    • Port-forwarding can help here
  • NAT automatically changes local IP data in packet headers before sending it past the NAT configured routing device
  • PAT: Nat with ports
    • Allows multiple inside local addresses to share a single inside global address
    • Sessions are kept separate via ports
    • Port Address Translation
      • Multiple computers receive the same IP
      • Different Port number so the router knows where to send packets
    • ICS allows one internet connected device to share its connection with other devices
      • It’s a version of NAT
  • Defined private IP addresses for NATing
    • 10.0.0.0 – 10.255.255.255
    • 172.16.0.0 – 172.31.255.255
    • 192.168.0.0 – 192.168.255.255
  • DNAT is when private IP's are assigned inside global addresses from a pool of available public IPs
  • SNAT is static NAT

Port Forwarding

  • Designating a local address for various network services
  • Works with NAT to provide openings for incoming traffic to internal network nodes
    • Basically resolves the major NAT issue
    • Allows remote hosts to establish reliable connections by keeping a port open
  • For example, if a file sharing program needs to use TCP 4567 on a specific terminal, that message will normally get sent to the router
    • Port forwarding allows the router to redirect that request to the specific terminal on its NAT setup
  • Port Request on (TCP/UDP) (Port Number) Forwards to (Internal IP Address)
  • DMZ Host – Demilitarized Zone Host
    • Any port request sent to the router is automatically forwarded to this host’s IP
    • Port Forwarding doesn’t have to be manually configured for each request
      • Convenient but risky
    • All requests can be sent to a single sanitized host
      • That host can deal with the issue securely

Telecom and WAN

  • Central Office (CO): where phone lines terminate
  • POTS = Plain Old Telephone Service
  • Local loop = connection between home and telephone office
  • Tip and ring = red and green wires found in an RJ-11
  • Demarc = dividing line when maintenance become responsibility of owner instead of telecom
    • Juncture at which the ISP's cabling ends and local cabling begins
    • Smart jack is placed on the demarc
    • Remote line diagnostics
  • LATA: separation between regional phone companies
    • Significant because when a T1 order crosses LATA's the cost is higher
  • Latency: the amount of time it takes data to be processed or moved
    • Propagation delay is distance
    • Processing delay is work being done to data
  • Multiplexing: taking multiple signals and sharing them on a single signal
  • PBX: Private Branch Exchange
  • Smart jack: device that terminates a digital circuit
    • It's smart because telephone company can control it remotely
  • SONET: standard for fiber-optic transmission systems
    • European equivalent is synchronous digital hierarchy (SDH)
    • Hybrid fiber-coax is the Cable mode
      • World mix of fiber and coaxial
    • Synchronous Optical Network (SONET) is a Layer 1 technology that uses fiber-optic
  • Although physical media on a WAN closely resembles LAN media, Layer 2 protocols running over the media is usually different for WAN links, as opposed to LAN links
    • WAN technologies generally do NOT support broadcasts
  • When troubleshooting remote connectivity on a cable or DSL modem, use the LEDs on these devices
    • Refer to the manufacturer’s website for specific information about error codes and LEDs
    • A link light should be on to indicate that the physical connection is complete
    • A flashing LED indicates that the connection is active

Wan Types

  • Dedicated lease line: Always on, customer does NOT share bandwidth
    • A T1, E1, T3, E3 are dedicated leased lines (specifically dedicated circuits)
    • Point-to-Point protocol is commonly run over a dedicated lease line
    • Implemented via a CSU/DSU
  • Circuit switched connection: brought up as needed
    • ISDN
  • Packet switched connection: Always on, allows multiple connections to share bandwidth
    • Frame relay
    • ATM (cell switched)
  • Difference between Packet-Switching and Circuit Switching
    • Network devices accept packet information and make decision on how to forward the packet
    • End points are dynamically figured and the path that 2 endpoints use to connect may change
    • Circuit switching requires a dedicated physical connection between 2 endpoints
      • Think of a standard telephone
  • Channel service unit/data service unit (CSU/DSU)
    • Technology that allows an organization to connect to a T1 or T3 WAN connection provided by a telecom provider
    • The CSU is implemented within your organization and connects to the DSU unit managed by the provider to establish the WAN link
    • Channel Service Unit interfaces with WAN Links and Data Service Unit interfaces with Data equipment such as routers
    • Note: this is how a dedicated leased line is implemented

WAN Speeds

Data LineCapacity
X.2556 Kbps or 64 Kbps with digital implementations
Frame Relay56 Kbps – 1.544 Mbps
T11.544 Mbps
T26.312 Mbps, using 96 64 Kbps B channels
T344.736 Mbps, using 672 64 Kbps B channels, synonymous with D3
T4274.176 Mbps by using 4,032 64 Kbps B channels
E12.048 Mbps
E334.4 Mbps
ATM155 Mbps – 622 Mbps
SONET51.84 Mbps (OC-1) – 159.25 Gbps (OC-3072)
BPL (Broadband over power lines)2.7 Mpbs (typically) homeplug
  • X.25 WAN: uses a PAD
    • Primarily analog voice lines
    • 2 mbps
  • Optical network terminal (ONT) terminates fiber to the premise connections
  • T-carrier system: uses digital signaling
    • T1 (1.544 Mbps), T3 (44.736 mbps)
    • T-carrier connections are not widely used outside of the United States and Canada
    • T1 Lines typically interface with Smartjack (a type of NID)
    • In Europe it is the E-carrier hierarchy
    • In Japan its the J-Carrier
    • Hardware at the demarc point is a smart jack (or a NID)
Types of T1
  • Channelized 24 voice channels on a voice circuit
  • Each channel contains it own signaling (in-band signaling)
  • DS1 =T1
  • PRI: Primary Rate Interface is sometimes referred to Digital T1s
  • 23 available channels known as bearer channels (as opposed to 24)
  • The 24th channel is the data channel and set aside for out-of-band signaling
  • Clear Channel
    • No frames
    • No channels
    • No organization of bits
    • Very rare
Encoding T-Carrier
  • Alternate Mark Inversion (AMI): voice never data
  • Binary Eight Zero Substitution (B8ZS): voice and data, improved version
  • Phone audio is sampled at 8000 times per second (8khz)
  • D4/Superframe: standard voice framing
  • Extended Superframe: framing for data
Configuring T1
  • Configure both sides with the same encoding that matches the circuit’s provisioned encoding
    • AMI vs B8ZS
  • Configure both sides with the same framing that matches the circuit’s provisioned framing
    • D4/SF vs. ESF
    • T1s for data should always be D4/SF
  • Configure how many channels will be used for the link, which channels will be used, and what speed they will be
    • Tell CSU/DSU how many channels are being used
T3
  • DS3 is the logical carrier sent over a physical T3 circuit
  • A channelized DS3 has 672 DS0s, each capable of supporting a POTS phone call
  • Ds-3 links support AMI, Bipolar Three Zero Substitution (similar to B8ZS), and High-Density Bipolar Three (HDB3, used in Japan and Europe)
  • A clear channel Ds3 link is used for Data

Bandwidth

  • Usually measured in kbps, mbps, gbps
Dedicated Digital ServiceT-CarrierSpeed
DS0Frame Relay 1 link56 kbps – 1.544 Mbps
DS1T1 24 Channels1.544 Mbps
DS2T2 96 Channels6.312 Mbps
DS3T3 672 Channels44.736 Mbps
DS4T4 4,032 channels274.176 Mbps
  • SONET is measured in Optical Carrier (OC)
  • The base is OC-1 link is 51.84 Mbps
  • OC-X levels are multiples of 1
  • OC-3 = (51.84 * 3) = 155.52
  • Optical Carrier Levels
    • OC1 51 Mbps 50 Mbps
    • OC3 155 Mbps 150 Mbps
    • OC12 622 Mbps 601 Mbps
    • OC48 2,488 Mbps 2.4 Gbps
    • OC192 9,953 Mbps 9.6 Gbps
    • OC768 39,813 Mbps 38.5 Gbps
  • ATM
    • 155 Mbps – 622 Mbps
  • SONET
    • 51.84 Mbps (OC-1) – 159.25 Gbps (OC-3072)
    • Multiplex different network transmissions into a single data stream for transmission over one cable
    • Often different organizations share a SONET connection
    • Synchronous Digital Hierarchy (SDH) is the European counterpart to SONET
    • SONET uses a single wavelength of light and TDM (time division multiplexing) to support multiple data flows on single fiber
  • Dense wavelength division multiplexing (DWDM)
    • Replaces SONET/SDH regenerators with erbium doped fiber amplifiers (EDFAs)

Wireless WAN Technology

  • GSM – Global System for Mobile Communication
    • Utilizes TDMA (Time Division Multiple Access)
      • Each phone gets a time slot to transmit over very short intervals
    • Standard cellular data system everywhere except USA and Russia
    • Requires a SIM
  • CDMA Code Division Multiple Access
    • Cellular tech
    • More security than GSM
    • Allows more people to connect at once
    • Built into phones – no SIM
  • LTE – Long Term Evolutions
    • Built off GSM/EDGE
    • Marketed as 4G, but not truly 4G
    • Only slightly better than WiMax
  • WiMax – Worldwide Interoperability for Microwave Access
    • IEEE 802.16
    • Competes with LTE
    • Supports mobile, fixed, and nomadic connections
    • 10 Mbps
  • LTE-Advanced and WiMax-Advanced are true 4G tech
  • HSPA+ (Evolved High-Speed Packet Access)
    • Max 84 Mbps
    • 3G transitional technology
    • Radio 2 kHz through 300 GHz
  • Wireless Internet Service Provider (WISP)
    • Provides wireless hotspots

Point-to-Point Protocol

  • Common layer 2 protocol used on dedicated leased lines
  • Replaced Serial Line Internet Protocol (SLIP)
  • PPPoE and PPPoA (Over Ethernet, Over ATM)
  • PPP Permits multi layer protocols on the same communication link
  • Layer 3 control protocols (IP, IPX, etc.) run an instance of Link Control Protocol
  • High-Level Data Link Control (HDLC) is responsible for encapsulating data for transmission over a PPP connection
  • Network Control Protocols: Set up protocols (IP, IPX) that will be used
    • Internet Protocol Control Protocol (IPCP) is an example of NCP

4 Features of LCP (Link Control Protocol)

  • Used to establish the PPP
  • Handle and terminates connections
  • Multilink interface: multiple physical connections to be bonded together in a logical interface
  • Looped link detection
  • Error detection
  • Authentication: A device at one end of a PPP link can authenticate the device at the other end of the link
    • Approaches to authentication
      • Password Authentication Protocol (PAP)
      • Challenge-Handshake Authentication Protocol (CHAP)
      • MSCHAP (Microsoft's version of CHAP)

PPP Process

  • Link Dead: link fails or one side disconnects
  • Link Establishment Phase: LCP negotiation is attempted
    • If successful control goes to authentication network-layer protocol phase
  • Authentication Phase (optional): sides authenticate to each other before a connection is established
    • If successful control goes to the network-layer protocol phase
  • Network-Layer Protocol Phase: desired protocols Network Control Protocols are invoked
    • For example, IPCP is used in establishing IP service over the line
  • Data transport for all protocols which are successfully started with their network control protocols also occurs in this phase
    • Closing down of network protocols also occur in this phase
  • Link Termination Phase
    • This phase closes down this connection
    • This can happen if there is an authentication failure, if there are so many checksum errors that the two parties decide to tear down the link automatically, if the link suddenly fails, or if the user decides to hang up his connection

Cable

  • Data Over Cable Service Interface Specification (DOCSIS): methods for transporting data over a cable (CATV) plant utilizing QAM and/or QPSK RF modulation
  • HFC: Hybrid Fiber Coaxial: combines coaxial and Fiber cabling
    • Generally the Cable providers use an HFC network

DSL

  • DSL is an Internet access method that uses a standard phone line to provide high-speed Internet access
  • Asymmetric DSL (ADSL): unequal upstreams and downstreams
    • 18,000 ft distance limitation due to inability to cross a load coil
    • Download speed 8 Mb, Upload 1.544 Mb
    • Must be within 4 km (2.5 miles) from Central Office
  • Symmetric DSL (SDSL): equal upstreams and downstreams
    • Distance 12,000 ft
    • Upload and download rate is 1.168 Mb
  • ISDN DSL (IDSL): when ADSL and SDSL is not available
  • Very High Bit-Rate DSL (VDSL)
    • 52 Mbps up, 12 Mbps down
    • Distance = 4,000 ft
  • DSL allows for Phone and Data simultaneously
    • Phone is < 3.4 khz
    • Data > 3.4 khz

ISDN

  • Transmits voice and data over phone lines digitally
  • Device that connects a PC to an ISDN network: Terminal Adapter, not a modem because ISDN is ALL digital
  • ISDN circuits are classified as either a basic rate interface (BRI) circuit or a primary rate interface (PRI) circuit
  • ISDN enables the transmission of voice and data over the same physical connection
  • The B channels carry the voice or data, and the D channels are used for signaling

ISDN BRI

  • Uses 3 separate channels, 2 two bearer (B) channels of 64 Kbps each and a delta channel of 16 Kbps
  • B channels can be divided into four D channels, which ENABLE businesses to have eight simultaneous Internet connections
  • Maxspeed = 128 Kbps, 16 Kbps D channel
  • ISDN BRI is also known as 2B+D

ISDN PRI

  • PRI is a form of ISDN that generally is carried over a T1 line and can provide transmission rates of up to 1.544 Mbps
  • PRI is composed of 23 B channels, each providing 64 Kbps for data/voice capacity, and one 64 kbps D channel, which is used for signaling
  • ISDN PRI is also known as 23B+D
  • Maxspeed = 1.544 Mbps, 64 Kbps D channel

Frame Relay

  • Layer 2 technology
  • Digital data is formatted into frames and moved from device to device
  • Diagrams with Frame relay often depict the network as a cloud
  • Virtual Circuits through the cloud allow delivery to other endpoints
  • VC's may be switched or permanent (permanent is the most common)
  • Each end of VC has a layer 2 address called data link control identifier (DLCI)
  • DLCI is unique to the customer
  • Telecom provider manages DLCI for each customer
  • DLCI's map very similar to MAC's in a Frame Relay
  • Inverse ARP maps DLCI to IPs
  • Frame Relay link shares space in the cloud
  • If you are NOT using the bandwidth someone else will
  • To ensure quality telecoms and customers use committed information rate (CIR)
    • Physical address and phone number of end point
    • Port speed at the end point
    • CIR (rate of transfer you want to provide)
    • Burst rate (max speed of VC)
    • Frames between CIR and Burst rate are marked as discard eligible
    • When a CIR is greater than port speed at end point that is known as oversubscription and this is a bad thing because customer frames may be lost

Frame Relay Congestion

  • Telecom sends the Forward Explicit Congestion Notification (FECN) to the customer routers, while customer routers send the Backward Explicit Congestion Notification (BECN) back to the Telecom Device
  • Frame Relay cloud does no flow control that is left up to the customers devices
  • Local Management Interface (LMI): enhancement to Frame Relay
  • Adding the exchange of status messages between VCs
  • Troubleshooting frame relay:
    • Is the customer device on?
    • Is it receiving LMI?
    • Are the VCs active?

ATM

  • ATM data is fixed size cells of 53 bytes (a 5 byte header and 48 bytes of payload)
  • Functions like Frame relay in that it requires a VC to connect endpoints and assigns DLCI to each VC
  • Core protocol for SONET/SDH
  • If a frame relay or ATM is always connected it is a permanent virtual circuit (PVC)
  • If it is on demand it is Switched Virtual Circuits (SVC)

Multiprotocol Label Switching (MPLS)

  • The current favorite solution for WAN providers, much cheaper than Frame relay and ATM
  • Packets in an MPLS network are prefixed with MPLS headers
  • Header contains a label value, traffic class field (for QOS), bottom of stack flag, 8 bit TTL
  • No routing lookups are required
  • MPLS is very much like a VPN without the encryption
  • Similar to how DLCI works for Frame relay the Labels work for MPLS it encapsulates the customers traffic within the telecom's network
  • Considered a Layer 2.5 protocol requires BGP to work properly
    • The reason is the label acts like an OSI level 3 function
  • Accommodates many protocols on one network
  • MPLS inserts a 32-bit header between Layer 2 and Layer 3 headers
  • Referred to as a shim header or 2 1/2 technology
  • PON: used to deliver fiber optic to the premises
    • Unpowered optical splitters split fiber so it can service multiple locations
    • Uses optical line termination (OLT) at the split and optical network units (ONUs) at each end

Hardware

NIC

  • MAC address (Media Access Control) is burned in NIC
  • NIC cards using coax are half duplex
  • NIC cards using fiber or UTP are full duplex
  • Bonding: Two or more NIC's in a system working together to act as a single NIC
    • Increases performance
    • Technology groups multiple physical network interfaces into a single virtual interface, distributing the networking I/O load between the interfaces

Transceiver

  • Devices that transmits and/or receives analog/digital signals
  • Built into the NIC
  • In ethernet networks a transreceiver is called a Medium Access Unit
  • 10Base5 NIC's use an external receiver that plugs into an AUI port

Cables and Connectors

Coaxial Cabling

  • Shielded cable line
  • 2 conductors, resistant to EMI because of inner conductor
  • RG Prefix stands for Radio Guide, common standards:
    • RG-59 (short distance, HD between 2 close devices, baseband cable used in closed-circuit TV)
    • RG-6 (75 ohms, wired homes, used in most cable TV and satellite)
    • RG-58 (early 10BASE2)
  • Coaxial RF connectors:
    • BNC (larger than F connector)
      • Quick Release
      • Military and industrial usage
      • Composite signals
    • F connector
      • Most cable TV and satellite
    • N connector
      • Couple coaxial cables

Twisted Pair

  • Most popular, 2 types shielded (STP) and unshielded (UTP)
  • TIA/EIA-568 standard industry standard pinouts and color coding for twisted pair cabling
  • Shielded
    • Guards against EMI
    • Much larger cables, more difficult to install
    • If improperly grounded, the shielding can actually cause MORE interference
    • More expensive, and require maintenance if ground or shielding is damaged
    • Token Ring is associated with Shielded Twisted Pair
  • Unshielded
    • Guards against EMI by twisted the cables tightly
    • The tighter the twists, the more the crosstalk is canceled out
    • In non-industrial setting, the twisted wires themselves are enough to prevent interference
    • Doesn’t require a solid ground
    • Cheaper
    • Standard 100m range

Plenum Cabling

  • Cabling that is rated to be placed in the plenum space of an office (for example the drop ceiling)
  • Plenum cabling is Low-smoke PVC and Fluorinated ethylene polymer (FEP)
  • Cable placed in drop ceilings should be plenum rated
  • A broken copper strand is known as an open

Categories of UTP

  • Cat3
    • 10 Mps to 16 Mps
    • Typically used in telephony
  • Cat5
    • Ethernet 100baseT 4 pairs of 24 gauge wires (carry ATM at 15 mbps)
    • 1 pair of wires has a twist every 5 cm
  • Cat5e
    • Reduced crosstalk
    • 1gbps
  • Cat6
    • Thicker 22 or 23 gauge wire conductors
    • Thicker insulation, reduced crosstalk
  • Cat6a
    • Augmented Cat
    • 2x frequencies
    • Transmits 610 gbps
  • 10Base-2 and 10base5 standards utilize coaxial cabling
  • 10Base-2 (and 10base5) networks follow the 5-4-3 rule, which specifies that the network can be composed of five total network segments joined by four repeaters, but only three of the five network segments can be populated with hosts

Crossover vs. Straight Through

  • Medium Dependent Interface (MDI)
  • Ethernet over Twisted pair defines medium dependent interface crossover (MDIX)
  • Auto-MDIX is the helper
  • Allows two devices connected by ethernet to auto-negotiate maximum speeds and duplex capacities
  • Removes the need for crossover cables

MDI and MDX

  • Straight-through: RJ-45 jacks at each end have matching pinouts
    • Matching pinouts refers to the colors at the ends of the RJ-45 jack
    • Straight through means both sides of the connect will have colors aligned in the same position
    • Cross over means they will NOT be aligned
    • Use cross over when devices are identical in function
    • Use straight through when devices are NOT alike
    • Router to Router is a crossover cable
    • Switch to Switch is a crossover cable
    • PC to Router is a crossover cable (oddity)
    • Switch to Router (straight through)
    • PC to Switch (straight through)
  • When traditional port on a NIC is an MDI (media dependent interface) when using straight through to connect to switch the Ethernet port switch needs to know to swap the transmit pair of wires
  • To do this the switch will use an MDIX (Media Dependent interface crossover) which reverses the transmit pairs

Straight-through Cable

  • T-568A or T-568B on both ends of the cable
  • Either end will work
  • Connects two different kinds of devices
  • Also called Patch cable

Crossover Cable

  • Use when media connector cannot use the same pinouts
  • In a crossover cable, wires 1 and 3 and wires 2 and 6 are crossed
  • Crossover cable T-568A on one end and T-568B on the other (pins 1 to 3 and 2 to 6)
  • Connects two similar devices (2 computers or 2 routers)

Attenuation

  • Refers to the weakness of data signals as it travels through a medium
  • Fiber-optic cable does not suffer from attenuation, but it can suffer through chromatic dispersion

Common Connectors for Twisted Pair Cables

  • BNC
    • THINNET
    • RJ-58
    • 10Base2
  • AUI
    • THICKNET connector (RG-8)
    • 10Base5
  • RJ-45
    • 8pin although usually only 4 of them are used
    • Typical in ethernet
  • RJ-11
    • 6 pin usually only 2 are used
    • Home phone
  • DB-9
    • 9pin
    • Used for asynchronous communication
    • Serial cable
  • Plenum cabling
    • Safety protection
    • Outer insulator
    • Fire retardant

RJ (Registered Jack) Connectors

  • Copper cabling
  • Common Configurations for Registered Jack Types
    • RJ11
      • Two-wire POTS connection
    • RJ14
      • 4-wire, two line POTS connection
    • RJ25
      • 6-wire, three line POTS connection
    • RJ45
      • 8P8C connector
      • Data Line Connection
      • Primarily used for Ethernet
    • RJ48
      • Terminates a T1 connection
    • RS-232
      • Serial transmission of data
      • Old-school serial cables
      • Used to connect reliable PSUs, monitors, mice, etc.
      • Low speed, wide voltage swing

RJ45 Wiring Standard

  • 4 pairs of wires (8 in total)
  • 10BaseT/100BaseT uses only 2 (orange and Green)
  • Other 2 Blue and Brown used for a 2nd line or phone.
  • 2 standards T-568A and T-568B
  • T-568A = Green Stripe, Green, OStripe, Orange
  • T-568B = OStripe, Orange, Green Stripe, Green
  • Stripes before solid
    • Stripes are positive (+)
    • Solid is negative (-)
  • O= Tx, G = Rx
  • T-586B is most common and Orange Stripe first
1Orange StripeTx+1Green StripeRx+
2OrangeTX-2GreenRx-
3Green StripeRx+3Orange StripeTx+
4Blue 4Blue 
5Blue Stripe 5Blue Stripe 
6GreenRx-6OrangeTx-
7Brown Stripe 7Brown Stripe 
8Brown 8Brown 
  • Crossover cable = T-568A on one end, and T-568B on the other end
    • Connect TX+ to RX+, and TX- to RX-
    • Crossover cable is used to connect PC – PC, router to PC, switch to switch (with no uplink)
  • Straight-through cable = T-568B or T-568A on both ends
    • Connects pin 1 to pin 1, pin 2 to pin 2, pin 3 to pin 3, and pin 6 to pin 6
    • Used to connect PC or router to Switch
  • In both T-568A, T-568B, and OrangeWhite=TX+, O=Tx-, GW=RX+, and G=RX-
  • In both T-568A and T-568B connect TX+ to RX+, TX- to RX-, and vice versa

Ethernet and Cabling

  • Base refers to baseband
  • BaseT = Twisted Pair
  • BaseF = Fiber
  • BaseER = Extended Range (singlemode)
  • BaseSR = Short Range (multimode)
Name/Max Cable LengthTypeSpeedUse
10Base5 / 500 mSpecial coaxial cable
Needs vampire taps (cut into wire to read)
SHARED MEDIUM (similar to bus)
10 MbpsOldest technology and media
Rarely used today
10Base2 (“ThinNet”) / 185 mCoaxial cable with BNC connector
SHARED MEDIUM
10 MbpsAlso old and rarely used
Remember that it requires special circular BNC connector
Similar to cable TV connector
10BaseT / 100 mTwisted Pair wire with EXCLUSIVE MEDIA (connected to hubs rather than to other nodes)
RJ-45
10 MbpsUsed RJ-45 connectors (look like large phone line connector)
100BaseTX (“Fast Ethernet”) / 100 mTwisted pair wire
EXCLUSIVE MEDIA
RJ-45
100 MbpsAn improvement on speed of 10BaseT
Capable of auto-negotiation of speed
1000BaseT (“Gigabit Ethernet”) / 100 mTwisted pair wire
EXCLUSIVE MEDIA
RJ-45
Uses two pairs of wires for transmission
1000 MbpsAnother speed improvement
100 m range
Faster Speed/Other media Ethernet (10GBASE-SR, 10GBASE-CX4, etc) / 2000+ mUses next-generation fiber optic cabling to achieve 10+ Gbps speeds10+ GbpsAnother speed improvement
Change in connectors, cabling
100BaseFX2 kilometer length
Full duplex multimode
Fiber
  
1000BaseTXCat6
2 pairs of wire
100 meter range
1Gbps 
10GBaseSRMultimode fiber
400 meters
  
10GBaseERSingle mode fiber
40 kilometers
  
10GBaseSWMultimode
SONET
300 meters
  

Fiber Optic Cabling

  • Light based
  • 2 types: multimode and single (MMF, SMF)
    • MMF has to deal with refraction, SMF does not
    • Outer cladding, refraction is the scientific term that means light is not allowed to leave the core (due to law of refraction)
    • Single mode fiber diameter is so small it only allows one mode
  • Fiber cables function through total internal reflection wherein light bounces at such an angle that there is no dispersion or refraction
    • This is one of the main differences between fiber
    • Because single mode only allows a very specific frequency to run through it
    • The integrity of that frequency can be better maintained
  • Modern fiber cables require a repeater every 43 – 93 miles due to its low attenuation (reduction in signal over distance)
    • Losing as little as 3% of its signal strength over 100 m
  • Fiber is more durable, more energy efficient, faster, and more reliable than copper
    • Highest rates in a single channel are around 111 Gbps, though 40 Gbps is more common
    • The highest rate on a single core is 101 Tbps
    • The highest rate on a multicore fiber is 1.05 Pbps
  • The index of refraction is used to quantify the speed of light in a material
    • Calculated by dividing the speed of light in a vacuum by the speed of light in that material
    • A good, single-core fiber has an index of 1.444
Single Mode SMF
  • 1310 and 1550 nm wavelengths
  • Single mode only allows a very specific frequency to run through it, the integrity of that frequency can be better maintained
  • Single Mode Fiber uses a very small core
    • Less than 10 times the wavelength
    • Usually 8 – 10 micrometers
    • Compared to MMF’s 50-several 100 micrometers
  • 10Gbps over 80 km (50 mi)
Multimode MMF
  • 850 and 1300 nm wavelengths
  • Larger core to support multiple transverse modes
  • Greater wavelength acceptance makes for easier connections
  • Inferior over long distances to SMF
  • Speeds
    • 100 Mbps over 2 km
    • 1 Gbps over 1 km
    • 10 Gbps over 550 m

Fiber Tech Standards

  • SONET – Synchronous Optical Network
    • SDH – Synchronous Digital Hierarchy
    • Transport protocol to replace PDH
    • Allows the synchronized data transfer of multiple digital bit streams over fiber using lasers
    • Transports in STM-1 units, STS3c, and OC3 units
    • Unlike how other files at this layer send (frame first, then payload) this transfer uses overhead instead of headers and sends the overhead mixed into the data stream
    • SONET OC Rates
    • Typically based on Dual Ring Topology
  • CWDM – Coarse Wavelength Division Multiplexing
    • Less than 8 wavelengths per fiber
    • Compact, cost effective, and shorter range than DWDM
  • DWDM – Dense Wavelength Division Multiplexing
    • More than 8 wavelengths per fiber

Common Fiber Connectors

  • ST: Straight tip or Bayonet
    • Most common connector
    • Spring loaded
    • Used with MMF
    • Push in and twist to lock in place
  • SC: Standard Connector
    • A little more expensive than ST
    • High performance and growing in popularity
    • Snap-in connector
  • LC: Lucent Connector
    • Push into terminator
    • Screws on, looks like ST
  • FC
    • High-performance, small form factor
    • Favored for Single Mode Fiber
  • MT-RJ: Media Termination Recommended Jack
    • 2 strands a transmit and a strand
  • GBIC and SFP (gigabit interface converter and small form factor pluggable)
    • Standard defines specifications for a hot-swappable electrical interface that converts fiber-optic gigabit ethernet to copper wiring
    • Small form factor pluggable transceiver (SFP) made GBIC obsolete
    • Big and small versions of a device that convert from electrical to optical
  • Other Single Mode Connectors (control the light signal)
    • APC – Angled Physical Contact
    • UPC – Ultra Physical Contact

MDF

  • Main Distribution Frame, the main wiring closest
  • Key component is the primary patch panel
  • Cabling rack that connects and manages telecommunication wiring between itself and IDFs – Intermediate Distribution Frame
  • MDF connects between public and private lines entering a building
  • IDF connects between MDF and equipment

Patch Panels

  • 66 block (old device)
    • Looks like a radiator
    • Subject to cross talk
  • 110 block (new device)
  • A patch cable that connects to the patch panel is called a horizontal cross-connect (HCC) cable
  • IDF: collection of patch panels
  • Cable that connects the MDF to the IDFs is called the vertical cross-connect (VCC) cable

Connecting Components

  • Connecting a switch to a switch
    • To uplink two switches, you can connect the cascade port on one switch to a standard port on the second switch
    • Alternatively, you can also connect any port on the first switch to any open port on the second switch using a crossover cable
  • Cascading a Hub or Switch: is the act of adding additional ports
    • If Hubs are cascaded Hub 1 will send traffic to Hub2 everything in the entire connection is a part of the same collision domain
  • Ring in and ring out ports connect Token based MAUs
  • Rollover Cable: Also known as Yost cable or Cisco console cable
    • Used to connect a PC to router's console port
    • Not used for networking, it's used for administering device

Network Storage

  • SAN – Storage Area Network
    • Enables mass block-level data storage to be accessed by the network
    • Works with disk array, tape libraries, and optical jukeboxes
    • Dedicated local network of storage devices
  • iSCSI – Internet Small Computing Systems Interface
    • Protocol for connecting data storage units to one another over a network
    • Allows SAN style storage to appear as disks to most clients
  • NAS – Network Attached Storage
    • Enables file level data storage to be accessed by the network
    • Works better in RAID arrays, and primarily with hard disks or SSDs

RAID

  • Redundant Array of Inexpensive Disks
  • Raid is a configuration of multiple hard-drives to increase performance and/or redundancy for data
  • Redundancy is checked via parity, and corrected via XOR
    • Parity checks the data for accuracy and responds with an error
    • XOR identifies which of the two competing data streams is accurate, and returns the accurate data set
  • Hybrid RAID can utilize the power of a few fast SSDs to boost the reliability and performance of a mostly mechanical hard-drive system given the appropriate controller
  • Striping is when data is split among several storage volumes so that data (I/O demands) can be retrieved in parallel
    • Important when data needs to be retrieved quickly
  • Nested RAID is when multiple RAID levels are nested through groups of hard drives
    • A set of 2 RAID 1 mirrored drives are then striped by RAID 0 across another set of RAID 1 mirrored drives

RAID Types

  • RAID 0
    • No data redundancy, no fault tolerance, no mirroring, no error detection
    • Improves performance through parallelism, only performance benefits of striping
    • Provides no redundancy, one drive goes down the whole thing goes down
    • Total usable volume is the cumulation of every drive in the RAID
    • Highly vulnerable to drive failures, more so even than a single large volume
  • RAID 1
    • Mirroring, array operates as long as 1 drive is alive
    • Basic data redundancy, without parity or redundancy
    • Read speeds are normally slower than that of the fastest drive
      • Though theoretically the system supports speeds as fast as RAID 0
    • Write speeds are limited to the slowest drive
  • RAID 2: redundant array of inexpensive disks, not used
  • RAID 3: similar to RAID 2, not commonly used
  • RAID 4: not generally used, parity drive is a bottleneck
  • RAID 5
    • Block level striping, with distributed parity
      • Data is maintained as long as n-1 drives remain
    • Requires at least 3 drives, requires all drives but one be present in order to operate
    • The sum of all the drives put together minus one drive worth of space
    • High speed, and decent data redundancy make this practical
      • However, when one drive goes bad, the system must rebuild the array (check for and redistribute parity)
      • Because speeds are so slow, the time it takes to rebuild the array can crash a second drive, rendering the RAID useless
  • RAID 6: high Availability solution, does not perform as well as RAID 5
  • RAID (0+1)
    • A nested RAID
    • Striped drives, that are also mirrored (S1+S2) + (S1+S2)
      • Provides speed improvements from the striping, and redundancy/parity from the mirroring
    • Disadvantaged against RAID 10 due to the long rebuild process if even a single drive goes bad
    • If one drive goes bad, such as M1, its complementary drive is also useless
      • This leaves you with essentially a RAID 0 setup with no redundancy
  • RAID 10 (1+0): Combines RAID 1 and RAID 0
    • Requires 4 drives
    • The preferred RAID setup for data-intensive systems
    • Creates a stripe across two pairs of mirrored drives
    • Performance second only to RAID 0, with redundancy and parity
    • As long as one drive is still function, data retains integrity
  • RAID 50 (5+0)
    • Distributed parity and striping, which is then also striped
    • Volume equal to 2/3rds the total capacity of all involved drives
    • High performance, fairly redundant
    • Same, and possibly increased, limitations as RAID 5
      • The rebuild process can put significant strain on the system during drive failure
    • Requires hot swapped drives in case of any failure
    • Can handle a failure of a single drive in each set of RAID 5
    • Requires a minimum of 6 drives

Common types: 0, 1, 5 and 10

Routers and Switches

  • Main jobs include path determination and packet forwarding

Switch

  • Analyzes traffic and forwards it off the appropriate port
  • Layer 2 device means addresses are physically burned into a NIC
  • Multilayer Switch: functions at layers 2, 3, and 4
    • Multilayer switches that function at every level do exist as well

Router

  • Layer 3 device
  • Forwards based on logical network address (IP addressing)
  • Contains 2 or more connections (IP addresses)
  • Each port in a router is a broadcast domain
    • Do not propagate broadcasts

Hub

  • Replaced by switch interconnects devices
  • Does not perform any inspection of the traffic, repeats traffic to all ports
  • Subject to collision domain issues
  • There are 3 kinds: passive, active, and smart hub
  • Each side of a bridge or repeater is considered a segment
    • Each side of a router is considered a (separate) network
  • Difference between hub and switch:
    • Hub (OSI layer 1) repeats the frame down every connected network cable hoping one of the clients on the other end is the intended recipient
    • Switch (OSI layer 2) knows everyone that is connected and reads the incoming frame and forwards traffic to the correct recipient within a LAN (switch) between LANS (routers)
    • To Forward traffic means to pass packets from one side of the bridge to the other
    • Filter traffic means to stop the packet from crossing from one network to the next
  • Brouter: Works as bridge and router
    • Routes packets for known protocols and simply forwards all other packets as a bridge

Wireless

  • WLANS (802.11) is a shared media that replaces wired technology at layer 1 and layer 2
    • Radio frequency
    • Similar rules to ethernet
  • Wireless is more expensive than wired networks
  • Wireless is also affected by most other transmissions
  • MAC bridge can translate wireless frames into ethernet frames and vice versa
  • Wireless isn’t secure by default
  • 802.11
    • 1997
    • 2.4 GHz
    • 1 Mbps or 2 Mbps DSSS or FHSS
    • 20 m indoors, 100 m outdoors
  • 802.11a
    • 1999
    • 5 GHz
    • 54 Mbps OFDM
    • 35 m indoors, 120 m outdoors
  • 802.11b
    • 1999
    • 2.4 GHz
    • 11Mbps DSSS
    • 32 m indoors, 140 m outdoors
  • 802.11g
    • 2003
    • 2.4 GHz
    • 54 Mbps OFDM or DSSS
    • 32 m indoors, 140 m outdoors
  • 802.11n
    • 2009
    • 2.4 GHz
    • 5 GHz (or both)
    • > 300Mbps (with channel bonding) OFDM
    • 70 m indoors, 250 m outdoors
    • Uses multiple input, multiple output (MIMO) for superior output
      • MIMO uses spatial multiplexing which is decoded data based on the antenna
      • It will be transmitted from channel bonding (40 MHz mode)
Name-StandardSpeed (Mbps)Usage
802.11a545GHz band
Outdated
Used for LAN networking in businesses
Expensive
802.11b11Cheaper 2.4GHz mode
802.11g54/108Cross between A and B flavors
2.4GHz at fast speeds
Also offers backwards compatibility
802.11n150/300/450/600Works at either 2.4 GHz or 5 GHz
  • Wireless Lans can be characterized based on their use of Wireless AP (Access Points)

Wireless Router

  • Obtains an IP address via DHCP from the Internet service provider (ISP)
  • Router uses Port Address Translation (PAT) to provide IP addresses to attached wireless and wired devices

WAP (Wireless Access Point)

  • WAP is both a transmitter and receiver
  • Can operate a bridge (standard wired to wireless) or a router (passing data from one access point to another)
  • Things to consider when selecting an antenna:
    • Distance between AP and client
    • Coverage direction (omnidirectional vs unidirectional)
    • Indoor / Outdoor space
    • Number of other access points
    • Gain = strength of electromagnetic waves emitted from antennae
      • Gain is measured in DBI (decibel isotropic)
      • G dBi = 10 * log 10 ( G )
  • Antenna types: sector (pie shaped) and Yagi (type of directional)
  • Uses DCF with random timers
  • WLANS are separated based on Service Set Identifier (SSID)
  • Mismatched SSIDs ignore each others traffic
    • Collision is still possible
  • 3 types of SSIDs
  • ISM bands
    • Industrial
    • Scientific
    • Medical

Bands Commonly Used by WLANS

  • 2.4 GHz – 2.5 GHz (2.4 ghz band) or 5.725 GHz –5.875 (5 Ghz band)
  • To avoid interference with nearby wireless APs you should use different channels
  • Each channel reserves 5mhz
  • There must be 22 MHZ between channels, so 5*5 ghz of space between channels
  • Typical recommended US overlapping bands on 2.4 Ghz: 1, 6, and 11 (14 is NOT supported in US)
ChannelFrequency
12412 MHZ
62437 MHZ
112462 MHZ
  • Beacons: Advertise the access point
    • Average Beacon Rate is 100 TU
    • Information stored is timestamp, beacon interval, capability info, SSID, support rates, parameter sets (Frequency Hopping Set, Direct-Sequence (DS) Parameter Set, Contention-Free (CF), IBSS Parameter Set), and Traffic indication map (TIM)
  • Methods that clients scan for access points
    • Passive: listens for beacons
    • Active: transmits probe requests
      • SSID replies with probe response
      • Information in a probe response is the same as a beacon response

CSMA/CA (Carrier Sense Multiple Access / Collision Avoidance)

  • Non-wireless half-duplex connections require collision detection, wireless collision avoidance
  • Same pattern WLAN device listens to a wireless channel to see if it is safe to transmit

Spread Spectrum Technology

  • Direct-sequence spread spectrum (DSSS): modulates data over entire range of frequency
    • Minimizes the effects of interference and background noise
    • Faster, more expensive
  • Frequency-hopping spread spectrum (FHSS): Allows participants to hop between predetermined frequencies
    • More scalable
  • Orthogonal frequency division multiplexing (OFDM): slow modulation rate
    • 52 evenly spaced frequencies
    • DSSS and OFDM are commonly used
  • When a single AP is connected to the wired network and to a set of wireless stations, it is called a Basic Service Set (BSS)
  • An Extended Service Set (ESS) describes the use of multiple BSSs that form a single subnetwork
  • Ad hoc mode is sometimes called an Independent Basic Service Set (IBSS)
    • Point to point, temporary connections between wireless devices

Radio Frequency Interference

  • Sources include: other devices, wireless phones, microwave ovens, wireless security systems, physical obstacles, and various devices with high signal strength
  • ESS Planning
    • 10 – 15 percent overlap between adjoining cells
      • If you have more than 3 deploy in a honeycomb fashion
    • Step 1: add an access point with same SSID
    • Step 2: make sure SSID is on a non overlapping channel
    • Step 3: ensure there is at least a 30% overlap between the 2 cell signals

Wireless Security

WLAN Threats

  • Wardriving: term for searching for wireless hotspots
  • Warchalking: term for marking wireless hotspots
  • Hackers, anarchist, and other labels of disruption
  • Employees: shadow IT and rogue devices
  • Evil twin: spoofing
  • CIA security triad:
    1. Confidentiality (secure data)
    2. Integrity (detect tampering)
    3. Authentication (identity verification)

WLAN Security

  • Mac Address filtering (mac address whitelisting)
  • Disable SSID broadcast
  • Extensible Authentication Protocol is a framework for authentication and a means to offer dynamic WEP keys to wireless devices
  • Preshared key (PSK): Used by WPA Personal
    • 8 to 63 character passphrase or a 64 character hexadecimal passphrase
    • Commonly used in home networks, not as good for large companies
    • Also known as personal mode

IEEE 802.1X

  • Also known as WPA Enterprise
  • Supplicant is a device that wants to join the network
  • Authenticator (the middle man) is the device that interfaces with supplicant and authentication server
  • Server allows wireless clients to authenticate with their own username and password
  • Authentication server must provide authenticator a session key who provides that to supplicant
  • Works in conjunction with Extensible Authentication Protocol.
  • Types of EAP
    • Lightweight Extensible Authentication Protocol (LEAP)
    • EAP-Flexible Authentication via Secure Tunneling (EAP-FAST)
    • EAP-Transport Layer Security (EAP-TLS)
    • Protected EAP–Generic Token Card (PEAP-GTC)
    • Protected EAP–Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MSCHAPv2)

Wireless Security Standards

  • WEP: Wired Equivalent Privacy
    • 128-bit WEP: 24-bit initialization vector and then a 104-bit encryption key
    • 64-bit WEP: 24-bit initialization vector and then a 40-bit encryption key
    • Client WAP share a static 40-bit WEP key
    • Prone to brute-force attacks
    • WEP transmits keys in clear text (additionally it is 24 bit which is considered weak)
  • WPA: WiFi Protected Access
    • Developed by WiFi alliance
    • Enterprise mode requires users to be authenticated before keys are exchanged
      • Temporary session keys
    • Uses 48 Bit IV Temporal Key Integrity Protocol (TKIP)
      • TKIP leverages Message Integrity Check (MIC) which verifies data was NOT modified in transit
    • WPA does NOT have AES-CCMP
  • WPA2: WiFi Protected Access version 2
    • IEEE 802.11i
    • Uses Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) for integrity checking and Advanced Encryption Standard (AES) for encryption
    • AES-CCMP is associated with WPA2
  • WPA modes
    • Personal
    • Enterprise
  • Wireless MAC Authentication
  • 802.11z: specifies extensions to direct links
  • Enterprise Encryption Gateway (EEG): authenticate wireless clients before they access the wireless media and encrypts the data

Bluetooth

  • Bluetooth uses the FHSS spread-spectrum broadcasting method
    • Switches ong any of the 79 frequencies available in the 2.45 GHz range
  • 4 stages of Bluetooth:
    1. Device discovery
    2. Name discovery
    3. Association
    4. Service discovery
  • Max throughput: 1 mbps, some have 2 mbps
  • Communication mode: master/slave
  • Max range: 30 ft and 300 ft
  • Infrared: up to 16 mbps
    • 1 m range
    • Point to point, direct line
    • Secure

Network Protocols and Services

  • ARP: Address Resolution Protocol
    • Allows workstation to discover MAC address (layer 2)
    • Similar to DNS but for MAC’s
    • Layer 3 to Layer 2 mapping: Resolves IP to MAC
  • RARP: Reverse of ARP resolves MAC to IP
  • DHCP: Dynamic Host Configuration Protocol
    • Router dynamically assigns IPs to devices
    • Uses UDP and ports 67 and 68
  • DNS: Domain Name Service
    • Name to IP address
    • Port 53
  • ICMP: Internet Control Message Protocol
    • Service for ping
    • Does not use a port
  • PING: Packet Internet Groper
    • Uses ICMP
    • Does not use a port
  • IGMP: Internet Group Management Protocol
    • Indicates machine wants to take in multicast traffic
  • IMAP4: Internet Message Protocol
    • Email protocol that retrieves mail
    • Port 143
  • POP3: Post Office Protocol v3
    • Email protocol that retrieves mail
    • Port 110
  • RTP: Real Time Transfer Protocol
    • Used for VOIP
    • Recommended port is 6970
  • SIP: Session Initiation Protocol
    • Used for VOIP
  • SMTP: Simple Mail Transport Protocol
    • Sends mail
    • Port 25
  • SSH: Secure Shell
    • Port 22
  • FTP/FTPS: File Transport Protocol (Secured)
    • Ports 20, 21
  • TELNET
    • Remotely log into a computer in cleartext
    • Port 23
  • TFTP: Trivial File Transfer Protocol
    • Runs UDP on port 69
  • TLS: Transport Layer Security
  • NTP: Network Time Protocol
    • Port 123
  • NNTP: Network News Transfer Protocol
    • Port 119
  • RDP: Remote Desktop Protocol
    • Windows remote connection service
    • Runs on port 3389
  • TACACS+
    • Port 49
  • RADIUS
    • Port 1812
  • IPSec
    • ESP port 50
    • AH port 51
    • IKE port 500 (UDP)
    • Port 4500 NAT traversal
  • L2TP
    • Port 1701
  • PPTP
    • Port 1723
  • Novell GroupWise servers and clients messaging uses port 1677
  • UPnP: Universal Plug In Play)
    • Networking protocols that allow devices to discover other devices on the network and establish functional network services

TCP/IP Stack Protocols, by OSI Layer

Data Link

  • ARP – Address Resolution Protocol
    • Translates logical IP addresses into physical MAC addresses
    • Basically the connection between layer 2 and 3
  • RARP
    • Reverse ARP
    • It does the opposite of ARP

Network

  • ICMP – Internet Control Message Protocol
    • Connectionless protocol that enables pinging routes
    • Manages control messages
    • Pings return RTT – Round Trip Time
  • IGMP – Internet Group Messaging Protocol
    • Add, delete, and modify members of multicast group
    • Unlike broadcast, allows you to send message to multiple specific nodes, rather than all
  • RIP – Routing Information Protocol
    • Allows for routing of internal and some internet traffic
    • Adapts to changes in network structure

Transport

  • TCPTransmission Control Protocol
    • Connection oriented protocol that allows sending and receiving with receipts
    • Introduces concept of ports, or specific openings on nodes for specific data
  • UDP – User Datagram Protocol
    • Sessionless TCP – no receipts, no guarantee of delivery

Application

  • HTTP – Hypertext Transfer Protocol
    • transports data on the Internet, typically in pages and HTML
    • Port 80
  • HTTPSSecure HTTP
    • Uses port 443 and SSL (Secure Socket Layer) to securely transfer data on the Internet
  • SMB – Server Messages Block
    • Allows shared access to files, printers, and more on a network
  • CIFS – Common Internet File System
    • Commonly known as c$
    • Port 445
  • FTP – File Transfer Protocol
    • Port 20 (data) / Port 21 (transmission control)
    • Securityless transfers of simple data
    • SFTP – Secure FTP
      • Uses port 22
      • UsesSSH to transfer simple files securely
    • FTPS
      • Uses port 990
      • Occasionally uses port 21 and SSH to transfer simple files securely
    • FTPS/SFTP secure files differently, but both use SSH and AES
    • TFTP – Trivial FTP
      • Port 69
      • UDP based FTP
      • Unreliable, mostly used for local data
  • Telnet – Telecommunications network
    • Allows you to fully connect to a remote computer
    • Port 23
    • Cleartext commands, not secure
  • SSH – Secure Shell
    • Port 22
    • Essentially secure Telnet
    • Allows remote command-line login, remote command execution
  • SCP – Secure Copy
    • FT protocol based on SSH
  • NNTP – Network News Transfer Protocol
    • Port 119
    • Carries USENET data back and forth
  • LDAP – Lightweight Directory Access Protocol
    • TCP and UDP Port 389
    • Allows a node to act as a directory for a specific kind of data
    • Microsoft's Active Directory
  • NTP – Network Time Protocol
    • UDP 123
    • Syncs network time with a server
  • POP3 – Post Office Protocol
    • TCP 110
    • Allows for the retrieval and subsequent deletion of mail from a server
    • Downloads mail and stores it locally
  • IMAP4 – Internet Message Access Protocol
    • TCP 143
    • Better, more commonly used than POP3
    • Allows your messages to be stored longer on the central server
    • Local host only holds some data
  • SMTP – Simple Mail Transfer Protocol
    • TCP 25
    • Allows you to send mail
    • Works with POP3 and IMAP4
  • DNSDomain Name Services
    • UDP 53
    • Takes human readable names and makes them into machine logical names
  • SNMP Simple Network Management Protocol
    • UDP 161
    • Manages devices on IP networks like printers, routers, modems, and more

Network Management

  • Be proactive not reactive
  • Keep machines clear, use an IPS
  • The nines of availability
    • 5 = 99.999 translates to max of 5 minutes of downtime
    • 6 = 99.9999 translates to 30 seconds
  • Availability of a network increases as the mean time to repair (MTTR) of the network devices decreases and mean time between failures (MTBF) increases
  • FCAPS
    • Fault Management
      • How to avoid faults in a network
    • Configuration Management
      • Rollback strategy
      • Updates
      • Archiving
    • Accounting Management
      • Record keep traffic
      • Keep Logs
    • Performance Management
      • History

Fault Tolerant Network

  • Centralized devices that act as single points of failure are made redundant
  • No single points of failure means ALL of the network component structure is redundant

Hardware Redundancy

  • Using NICs, multilayer switches
    • Active-Active both things are actively working
      • Each NIC would have its own MAC
    • Active Standby: Only one MAC is active at a time
      • Client appears to have a single MAC and IP
  • Difference between Fault Tolerant and High Availability
    • Fault Tolerant NO Delay
    • High Availability extremely minor delay (element of delay during failover)

Layer 3 Redundancy

  • Redundancy Solutions that assign multiple hosts to IP
  • Hot Standby Router Protocol (HSRP)
    • Cisco proprietary
    • The concept that there are 2 routers and a third Virtual Router (i.e. IP Address)
    • The Virtual Router uses the services of the active router
  • Common Address Redundancy Protocol (CARP)
    • An open-standard version of HSRP
    • Group multiple hosts
    • 1 host is master all others slave
    • Slave becomes master when master fails
  • Open Source Virtual Router Redundancy Protocol (VRRP)
  • Link Aggregation Control Protocol (LACP)
    • Multiple links between devices
    • Protocol load balances over links
  • The difference between these redundancy solutions is NOT in what they do but extra features such as Message authentication
    • CARP uses SHA while HSRP and VRRP use Md5
  • In Band vs. Out of band (OOB) management
    • Network management tools are on the network or not
    • Preferred OOB because the impact on network is NOT as great (if at all)

Configuration Management

  • Documenting consistent practices across networks
  • Asset Management
    • Tracking network components
    • Process would be a database of workstations on network
    • Cisco Lifecycle Services Maintenance model
      • Prepare, Plan, Design, Implement, Operate, Optimize (PPDIOO)
  • Baselining
    • Collection of data on network devices
    • Normal activity, capabilities, stats, etc.
  • Cable Management
    • Documenting network existing cable infrastructure
  • Change Management
    • The Entire System used to handle network outages (both planned and unplanned)
  • Network Documentation
    • Contact info
    • Policies
    • Network maps and wiring schemactics
  • Documenting physical network infrastructure
    • AKA Network maps
    • Location of network servers, workstations, switches, routers, firewalls
    • Contains make, model, MAC addresses
    • Also WAN links and their type and speed
  • Logical network map (not physical)
    • Domain controllers
    • IP assignments
    • Location of DHCP and DNS server(s)
    • Services running on network servers

Simple Network Management Protocol

  • Simple Network Management Protocol (SNMP) started in 1988
  • Contains an SNMP manager, SNMP Agent (runs on managed devices), and Management Information Base (MIB)
  • SNMPv3 is an improvement over SNMPv1 and SNMPv2c from a security perspective
    • Uses MD5 or SHA authentication strategy
    • SNMP v1 and v2 use community strings to gain access to a read only or write-access managed device
  • Monitoring = health check
  • RMON remote network monitoring
  • RMON v1 = packet level
  • RMON v2 = network and application level stats
  • SNMP Message types
    • GET (fetch messages from a managed device)
    • SET (set variable or trigger action on a managed device)
    • Trap (an unsolicited message sent from a managed device to the SNMP manager)
  • A logical grouping of SNMP systems are known as communities
    • Example SNMP community names: public, private
  • Syslog
    • Common server that accepts log info from multiple devices, servers, and other syslog devices
  • Log levels
    • 0 Emergencies
    • 1 Alerts
    • 2 Critical
    • 3 Errors
    • 4 Warnings
    • 5 Notifications
    • 6 Informational
    • 7 Debugging
  • Different types of logs
    • Application Logs
    • Security Logs
    • System Logs

Design Considerations for High-Availability Networks

  • Where will module and chassis redundancy be used?
  • What software redundancy is appropriate?
  • Which protocol characteristics affect design requirements?
  • What redundancy features should be used to provide power?
  • What redundancy should be in place for environment factors? (Air conditioning for example)

High Availability Best Practices

  • Examine goals
  • Identify budget
  • Categorize apps into profiles and define unique levels of availability
  • Establish performance standard
  • Define how to manage and measure the high availability solution

Techniques

  • Content Caching
    • Placing content into local locations to serve content faster
  • Load Balancing
    • Distributing requests across multiple request handlers
    • Session affinity is a feature of a load balancer

Backups

  • Archive bit: File attribute that indicates whether file has been backed up or not
    • Full and incremental backups clear the archive bit
    • Differential backups Don't clear the archive bit
  • Full backup is everything
  • Incremental backup (cumulative) copies all files within the backup selection that have changed since the last full or incremental backup
  • Differential backup copies only the data that has changed since the last backup operation of any kind

Maintenance Tools

  • Crimping Tool
    • Connects ends to twisted pair wires
    • Use a crimper with a spool of Cable and box of RJ45 connectors to create your own patch cables
  • Punch Down Tool
    • Tool used when terminating wires on a punch down block
    • Connects twisted pair wires to the Insulation Displacement Connector (IDC)
    • Connects wires to fixed locations (like wall jacks)
  • TDR tool – Time Domain Reflectometer/Optical Time Domain Reflectometer
    • TDR for Copper and OTDR for Fiber
    • Sends an electric signal through a cable
    • When the cable comes across a problem it sends a signal back with an approximate location of where in the cable the issue is happening
    • Times the bounce back of a signal down a wire
  • Tone Generator
    • Helps identify a cable by the tone generated
    • Tells you whether or not you have connectivity through the wire
    • Example: Fox and Hound
  • Oscilloscope
    • Frequency and voltage of analog and digital signal
  • Cable Certifier
    • Verifies performance and compliance with ISO and TIA standards
    • Used to test media's (UTP, STP) distance and throughput
  • Electrostatic Discharge
    • UNLIMITED POWAH
  • Bit-Error Rate Tester
    • Measurement of transmission errors
    • BER = Bit errors / Bits transmitted
    • Use a bit-error rate tester (BERT) to calculate BER
  • Butt Set
    • Used by telephone operators to test the line
  • Cable Tester
    • Test continuity
    • Verify RJ45 pinouts are connected appropriately
  • ESD Wrist Strap
    • Guards against Electrostatic Discharge
  • Environment Monitors
    • Devices that monitor the environment for changes that would cause physical harm to the devices ( Air Conditioner goes down)
    • Often Environment monitors will work with Simple Network Management Protocol (SNMP) to send an alert known as an SNMP trap
  • Loopback plug
    • For testing a network interface is working properly
    • Connects transmit pins on connector to receive pins
  • Voltage Event Recorder: used to measure quality of power (power sags, spikes, surges, or other power variations)
    • Power Spikes are when power level rises less than 1 second
    • Power Sags are when power level lowers less than 1 second
    • Power Surges are when power rises more than 1 second
    • Brownouts are when power lowers more than 1 second
  • Multimeter
    • Used when working with copper cabling
    • Checks electrical characteristics, has an ohmmeter and a voltmeter
  • Protocol Analyzer
    • Also known as a network sniffer
    • Examines bandwidth a particular protocol is using
    • Identifies patterns and decodes information
  • Throughput tester
    • Nnetwork appliance that floods the network with random data

Command Line Utilities

Windows

  • ping uses Internet Control Message Protocol (ICMP)
    • Layer 4 protocol
    • When ping works you can assume OSI levels 1-3 are good
    • -a resolve host names
    • -t ping until stop
    • -l send buffer size
    • -i TTL time to live
    • -n count
    • -f do NOT fragment
    • -S set IP, useful if you are hitting a device with multiple IPs
    • Important ping types
    • 0 = Echo
    • 3 = destination unreachable (may subtypes=0 network, 1 host unreachable, 2 protocol, 3 port)
    • 5 = redirect message
    • 8 = echo request
    • 9 = router advertisement
    • 11 = time exceeded
    • 13 = timestamp
  • arp
    • Layer 2 MAC corresponds to a layer 3 IP
    • Add entry
      • arp -s $IPAdress $MACAddress [ $InterfaceAddress ]
    • Delete arp entry
      • arp -d $IPAdres [ if_addr ]
    • Display current entries
      • arp -a [ $IPAdress ] [ -N $InterfaceAddress ] [ -v ]
      • arp -g
  • ipconfig
    • /all
    • /renew
    • /release
    • /renew6
    • /release6
  • nbtstat
    • Displays netbios info
    • nbtstat -a $remotename nbtstats -A $IPAddress
    • nbtstat -c command displays the contents of the NetBIOS name cache
    • nbtstat -n list NetBIOS names for the local machine
    • nbtstat -r name resolution
  • netstat
    • Current IP Sessions on a PC
    • -a all tcpip IP + UDP
    • -b the name of the associated program
    • -o the process ID
    • -e statistical info
    • -d does not resolve host names
    • -f fully qualified domain name
    • -p protocol (icmp, icmpv6, ip, udp, etcv..)
    • -r displays routing table
    • -s stats for protocols
    • Note: netstat -p is protocol for Windows but pid for Linux
  • nslookup
    • nslookup $domainName
    • Note: nslookup has interactive mode while dig does not
  • route
    • Display add or delete route entries
    • route -f clear gateway entries
    • route -p used with add command, optional
    • route commands
      • print
      • add
      • delete
      • change
    • route print will display routing table
    • route examples
      • route add 10.1.1.24/24 192.168.1.1
      • route delete 10.1.1.24/24 192.168.1.1
      • route print
  • tracert
    • Similar to ping
    • Pings each router hop and reports back round trip numbers
    • Uses ICMP protocol
    • -d (does NOT resolve host names)
    • -h max hops
    • -w timeout
    • -R, -S IPv6 settings
    • -4 or -6 choose between IPv4 or IPv6

Unix

  • man
    • Each Unix command has help
    • Example: man arp
  • arp
    • Same as Windows
    • -i command should be limited to interface
    • -d * delete all host entries
    • ifscope limit to a specific interface
    • -f filename import a collection of ARP entries
  • nslookup
    • Same as Windows
  • dig
    • Advanced nslookup
  • host
    • Resolving FQDNs to IP addresses
  • ifconfig
    • Very similar to ipconfig (each interface, with MAC, IP, MTU, IP etc.)
    • There are many other commands with ifconfig
  • traceroute
    • Same as Windows
  • netstat
    • Display information regarding current connections
    • Arguments are exactly like Windows
  • route
    • Different than Windows route
    • Is used to edit the route table NOT display the route table
  • useradd
    • useradd -c “Carl Turkeybaster” -m cturkey
    • -m creates the directory under home default params located in /etc/default/
    • -d specify homedir
    • -g group
    • -G list of groups
    • -s shell
  • userdel
    • userdel -r wbuff deletes user
    • -r kills home directory as well
  • usermod
    • usermod -G to add a user to a group
    • Similar commands to useradd
  • chage
    • -m mindays
    • -M maxdays
    • -d lastday
    • -I inactive
    • -E expiredate
    • -W warndays user
  • groupadd
    • Can't be used to add users only groups
    • groupadd -g $gid
    • -r add system account
    • -f exists when already exists
  • groupmod
    • groupmod -A "GOGO" bgates
    • Add user to a group
  • chmod
    • Value of Read (4)
    • Value of Write (2)
    • Value of Execute (1)
    • Value of Full (7)
    • Value of Read and Write (6)
    • Value of Read and Execute (5)
    • Example: chmod 775 $filename
      • chmod -u 7 -g 5 = o5 or chmod -a 7 $filename is chmod 777 $filename
  • MTR
    • Combines Ping and Traceroute
  • Local user accounts in Linux
    • /etc/passwd and /etc/shadow (encrypted passwords)
    • /etc/group = group definitions and /etc/gshadow (encrypted passwords)
  • Location of log files in Linux
    • /dev/log
    • Syslog daemon writes to /var/log/messages (also known as general log file)
    • /var/log/lastlog contains info about users last login
    • /var/log/wtmp (system login info, accessed using who and last commands)
  • Linux ifconfig is deprecated and replaced by the ip command
    • ip a add
    • ip a delete
    • ip addr
    • ip addr add
    • ip addr delete
  • Restart a network interface on a Linux server
    • ifconfig eth0 down
    • ifconfig eth0 up
    • Alternatively
    • ifdown eth0
    • ifup eth0
    • Restart all networking services
    • /etc/init.d/networking restart

Cisco

  • show to display things
  • enable to switch from read only mode to modify mode
  • disable to switch to read only
  • config term allows one to make changes
  • to select an interface
    • interface f0/0
  • to set an interface's IP
    • ip address 192.168.1.100 255.255.255.0

Security

  • Netstat scans for open ports
  • Nessus is a closed source vulnerability scanner
    • Typically installed on a server and runs as a web-based application
    • Uses plugins
  • NMAP is used for mapping network hosts and the hosts’ open ports
    • Open source scripting engine that allows people to create NMAP scripts

Performance

  • sar -A is everything
    • -b I/Ostats
    • -B paging stats
  • top
  • vmstat
  • tcpdump
    • Prints contents of packets on an interface
    • tcpdump -i eth2 // on a unique interface
    • tcpdump -c 2 -i eth0 // -c is the amount of packets to capture
    • tcpdump -A -i eth0 // display in ascii
    • tcpdump -XX // display hex
    • tcpdump -w 08232010.pcap // write to a file
    • tcpdump -r // to read from a file
  • iperf is a command line tool for measuring TCP and UDP bandwidth performance

Network Security

  • Confidentiality: network security mechanisms to limit access (access control lists, firewalls), username/password, encryption
  • Integrity : ensures data has not been modified in transit, origin authentication, hashing, attacks are man in the middle
  • Availability: 5 nines, Attacks are DoS, Distributed Denial of Service (DDoS)
  • Security Association (SA): Agreement between 2 IPSec peers about crypto parameters to be used in an ISAKMP session
  • ISAKMP (Internet Security Association and Key Management Protocol): secure session within IPSec session is negotiated
  • PFS (Perfect Forward Security): ensures session key remains secure even if one of the private keys becomes compromised
  • Diffie-Helman: Securely Establishes a Shared Key over an unsecured medium

Encryption

  • Encryption and decryption happens at the Presentation layer
  • 2 forms of encryption:
    • symmetric encryption
    • symmetric encryption

Symmetric Encryption

  • Faster than asymmetric
  • Same key used by both parties (shared key / Session Key)
  • Data Encryption Standard (DES):
    • Weak
    • 56 bit
    • Created in 1970s
  • 3DES: Triple DES (3DES)
    • 1990's
    • 3 x 56 bit keys (total 168 bits)
    • 3 keyring options
      • All 3 keys are different
      • 2 of the keys are different
      • 1 key is different
  • Advanced Encryption Standard (AES)
    • 2001
    • Preferred
    • Available in 128, 192, and 256 bit versions
    • Replaces DES – Data Encryption Standard
    • Used with SSH

Asymmetric Encryption

  • Slower but more secure
  • Different keys for the sender and receiver
  • RSA: public key infrastructure (PKI) system
    • Uses digital certificates and a certificate authority (CA) across a public network
  • PGP (Pretty Good Privacy)
    • Free version is GPC GNU Privacy guard
  • Anatomy of an SSL request
    1. Browser (Client) sends a request to a server for servers certificate. Data in the request includes the version of SSL/TLS it can use and available cipher suites
    2. Server receives request, determines the best options the 2 can use for a session (cipher, compression SSL/TLS) and sends certificate back to client
    3. Client receives servers certificate and decides if automatically trusts the server's certificate. If not it will then test whether it trusts the servers certificate authority
    4. Client extracts public key from certificate
    5. Client generates a random key called session key, it encrypts this value using the server's public key
    6. Server 1 decrypts the session key using its private key
  • The important thing to remember about PKI is that a message encrypted with a public key can be decrypted only with the corresponding private key
  • The public key can’t be used to decrypt a message encrypted with the same public key

Hashing

  • Converting a string to gibberish through a predetermined algorithm
    • Produces strings of the same size regardless of the content
  • Message Digest 5 (MD5): 128 bit
  • Secure Hash Algorithm (SHA-1): 160 bit
  • HMAC: Hash Based Message Authentication Code
    • Adds a secret key to hash algorithm
    • Challenge-Response Authentication Mechanism Message Digest 5 (CRAM-MD5) is a common variant of HMAC

Confidentiality Attacks

  • Packet capture (packet sniffing)
  • Ping sweep and scan
  • Dumpster diving (literally)
  • EMI interception
  • Wiretapping
  • Social engineering
  • Sending info over overt channels (Steganography: placing secret data into a jpg)
  • Sending data over covert channels (Morse code with bits)
  • FTP bounce (hacker utilizes the FTP port command via passive FTP mode to instruct the FTP server to send file to a port that the hacker wants to attack)

Integrity Attacks

  • Man-in-the-middle attack
  • Salami attack (multiple little attacks make one big one)
  • Data diddling (changing content of data before it is stored)
  • Trust relationship exploit (hacker gets control of web server to do damage to DB server)
  • Password attack (trojan horse, packet capture of NIC, keylogger, brute force, dictionary attack (smarter brute force), Botnet , Session Hijacking)

Availability Attacks

  • DoS: Denial of Service variants
    • TCP Syn Flood (send TCP SYN Segments but never complete the TCP Handshake)
    • Buffer Overflow (crashing one program crashes another because of damaged buffer spaces)
    • ICMP Attacks (ping attacks)
    • Electrical Disturbances (power spikes, electrical surge, power fault, blackout, power sag, brownout)
    • Physical Environment attack (Temperature, humidity, gas)
  • Distributed Denial of Service (DDoS): Master and zombies (botnet)
  • Smurf Attack: Hacker pings a set of systems with a spoofed source address. All servers reply to the spoofed address causing a DOS on the spoofed IP

Security Defense

  • User training
  • Patching
  • Security Policies (AUP – Acceptable Use Policy, Governing Policy, Technical Policies, End User Policies, etc.)
  • Incident Response (how an organization reacts to a security issue)
    • Requires the gathering of motive, means, and availability to cause the security violation
  • Vulnerability Scanners: Nessus, Nmap
  • Honey Pot: A detractor target meant to grab attention and study actions
  • Honey Net: Collection of honey pots
  • Access Control Lists

Remote Access Security

  • Microsoft Remote Access Server (RAS)
  • Point-to-Point Protocol over Ethernet DSL to service provider
  • Independent Computing Architecture (ICA): remote access that sits above the OS (Windows client can control Unix server)
  • SSH: Secure Shell
  • Kerberos:  Works on the basis of tickets to allow communication on a non secure network
    • Mutual authentication, client and server verify each others identity
    • Which relies on a trusted third party, instead of a username
    • It is used for LAN authentication
    • A key factor in Windows authentication
  • AAA Authentication, authorization, and accounting: Single repo of user credentials (protocols RADIUS and TACACS+)
  • RADIUS: manages remote access AAA functions
    • Radius versus TACAS+: Radius is UDP and TACACS+ is TCP based
  • NAC Network Admission Control: permit or deny a device access to network based on its characteristics
    • IEEE 802.1X is a NAC
    • Port Authentication IEEE 802.1X restriction based on MAC Address
    • A set of rules that anyone connecting to the network must follow
      • Often includes antivirus definitions
      • Enforces AAA
      • Enforces user roles, policies, and permissions
    • Pre-admission NAC
      • Requires users to meet requirements and validate themselves before connection
    • Post-admission NAC
      • Client is granted or denied permissions after connection
    • 1x PNAC – Port based NAC
      • When a device is connected to a port, the port is switched to unauthorized
      • Only EAP (Extensible Authentication Protocol) data can be communicated through that port until the device is authenticated
    • MAC Filter
      • NAC utility that checks the physical address of an NIC (Network Interface Card)
  • ACL – Access Control List
    • Lists permissions of an object
      • Who and what can access it
    • Implicit Deny Policy – anything not positively verified by the ACL is refused
  • TEMPEST
    • NSA specification designed to prevent signal leakage and eavesdropping on sensitive info
  • CHAP: Challenge-Handshake Authentication Protocol (CHAP)
    • Three-way handshake (challenge, response, and acceptance messages)
    • Uses M5 encryption
  • Main difference between CHAP and MS-CHAP
    • CHAP authenticates the client
    • MS-CHAP authenticates the server as well (mutual)
  • Extensible Authentication Protocol (EAP)
    • Specific to how authentication happens between IEEE 802.1X

Two-Factor Authentication

  • Two types of authentication
    • Password and a fingerprint (know something and have something)
  • Multi Factor: Two-factor with different combinations
  • Multifactor authentication requires the user to supply two or more authentication factors from the three categories of authentication factors:
    1. Something they know
    2. Something they have
    3. Something they are
  • Single Sign On (SSO) Types
    • Kerberos
    • Smart Card
    • OTP Token
    • Integrated Windows auth
    • SAML

Mitigation for Common Network Attacks

  • Education
    • Social engineering
    • Phishing
  • Modern firewalls
    • IP spoofing
    • Ping sweeps
    • Packet sniffers
    • Port scans
  • IPSEC, IP Security
  • The Security triad
    • Man in the middle attack
  • Disable zone transfers
    • Pharming
    • DNS spoofing redirect to another site
  • Combat brute force by using strong passwords
    • Password attacks
    • Brute force attacks
    • Keyloggers
  • Firewalls, Intrusion Prevention Systems designed to detect DOS
    • Availability Attacks
    • Denial of Service DoS
    • Distributed denial of service attack DDoS
    • SQL Slammer famous DoS attack
  • Difference between a Worm and a Virus
    • Worms use available network connections to send copies of itself to other computers
    • Viruses must infect a host (such as a file or exe)
      • irus is replicated when copied to another machine
  • Zero Day Attacks: Vulnerability that developers have not yet seen or had time to patch

Common Attack Process

  • Perform recon
    • Ping sweeps
    • Port scans
    • Packet sniffers
  • Document apps and OSs
  • Manipulate users
  • Escalate privileges
  • Hather additional passwords and secrets
  • Install backdoors
  • Leverage system resources

Best Practices

  • Patching
  • Shut off unnecessary services and ports
  • Strong passwords
  • Physical controls
  • Validation
  • Backup
  • Education
  • Encryption in transit and at rest
  • Investment in firewalls and intrusion prevention system
  • Written security policy
  • To monitor network traffic on the wired network, the network board in the management system must be able to operate in promiscuous mode
  • To capture wireless traffic, you must implement a wireless interface that is capable of operating in monitor mode

Firewalls

  • 2 types
    • Hardware (metwork layer)
    • Software (application layer)
  • Enforce access controls between domains

Firewall Inspection Types

  • Packet Filtering
    • Analyzes packet's header
    • Filters traffic based on ACL-like rules
    • One may use iptables to implement this
    • Filters on IP (OSI layer 3) and Port (OSI layer 4)
  • Circuit Level Filtering
    • Circuit-level gateway: monitors status of three way TCP handshakes
    • Application Proxy to access the web on behalf of or downloads on behalf of
      • Proxies also implement cache to improve performance
    • Operates on the session layer
    • Filters based on the presence of a TCP handshake
    • Needs a secure connection
  • Application Level Filtering
    • Application-level gateway: simple firewall such as allow port 80 traffic, functions at application layer of OSI Model
    • Looks at the actual content of packets
  • Stateful Inspection
    • Stateless vs. Stateful
      • Stateful allows dynamic firewalls
      • For instance allows a user to go out and then opens a port for traffic
      • Operates at transport layer of OSI model (for ports))
    • Stateful Firewall: Supports sessions, stateful inspection is the idea of support sessions
    • Stateful firewall will not allow IP packets that emit from a session that did NOT begin from inside the firewall's domain
    • Most commonly used
    • Operates at both the Network and Application Level
    • Requires a secure connection via TCP
    • Inspects the actual contents of packets
    • Basically application + circuit level

Firewall Best Practices

  • Separate network objects into Firewall zones
  • Inside network is you, outside is everyone else
  • DMZ is servers that need to serve the outside (web servers, email servers, etc.)
  • Use a restrictive approach, all ports should be disabled by default

Intrusion Prevention and Detection Systems

Detection Methods

  • Profile based: know the normal working of network and stops abnormalities
    • Sometimes also referred to as statistical anomaly-based detection
  • Signature Based: signature is known attacks
    • IPS detects the attack and prevents traffic from reaching network
  • Behavior Based: identifies deviations of protocol states by comparing observed events with predetermined profiles of generally accepted definitions of benign activity
    • Permissive in nature, and requires a lot of tuning to avoid false positive and false negatives
  • A dedicated device that acts as an IPS (Intrusion Prevention System) is known as a NIPS (Network Based Intrusion Prevention System)
    • HIPS: Host Based Intrusion Prevention System
  • Differences in IDS and IPS
    • Observe and report = IDS
    • Stop attacks = IPS

Intrusion Prevention

  • NIPS
  • HIPS
  • WIPS
  • NBA (Network Behavior Analysis)

Intrusion Detections

  • Host-based IDS usually reviews the OS log files to detect intrusion
  • Network Based Intrusion Detection Systems (NIDS) monitors network traffic

VPN

  • Turning the Internet into a WAN
  • Site to site (virtual leased line)
  • Client to site
  • SSL VPN, accessed via browser
  • Tech behind VPN is IPSEC (IP Security)
  • Suite of protocols working together to provide CIA
  • In IPv4 IPSEC is optional, in IPv6 is it required

IPSec

  • Used to ensure confidentiality (encryption), Integrity (hashing),  and Authentication (data authentication) for a VPN connection as it goes over the Internet
  • IPSec relies on ISAKMP and IKE to create a security association between the two endpoints of the VPN tunnel
  • Associated with AH (Authentication Header) protocol and ESP Encapsulated Security Packets

ISAKMP Security Protocol

  • Protocols used:
    • Authentication Headers (AH)
    • Encapsulating Security Payloads (ESP)
    • Security Associations (SA) = ISAKMP (IKE and IKEv2)
  • Transport mode
    • Only the payload is encrypted
  • Tunnel mode
    • Entire IP packet is encrypted and/or authenticated
    • Tunnel mode is used to create VPNs
  • Crypto Algo
    • HMAC-SHA1 for integrity protection and authenticity
    • TripleDES-CBC and AES-CBC for confidentiality
  • TLS is an alternative to IPsec
    • Use SSL/TLS when IpSec is being stopped by firewall and/or network address translation

Internet Key Exchange (IKE)

  • Establishes the IPSec tunnel
  • Allows admin to configure keys
  • 3 modes of operation between peers:
    1. Main
    2. Aggressive
    3. Quick
  • Main Mode: 3 exchanges of info between IPsec peers
    • Initiator sends one or more proposals to responder
    • Proposals include: supported encryption, auth type, key lifetime should perfect forward secrecy (PFS) be used
  • Aggressive Mode: faster only 3 packets
    • Initiator sends packet with security association (SA)
    • Responder sends packet back with details from first packet
    • Initiator sends initiatives ISAKMP
  • Quick Mode: SA and ISAKMP session creation happens in one go
  • Authentication Header (AH) port 51 vs Encapsulating Security Payload (ESP) port 50
  • Both have origin authentication and integrity services
  • AH has no encryption, ESP does
  • 2 modes transport mode vs. tunnel mode:
    • Transport mode uses the original packet header
    • Tunnel mode wraps the current header and adds one of its own
      • Use transport mode when packet size is an issue
  • Generic routing encapsulation (GRE) tunneling protocol
    • Wraps the IPsec header
  • Steps to setup and tear down an IPsec site to site VPN
    1. PC1 sends traffic destined for PC2
    2. Router1 classifies the traffic as special traffic, which initiates the creation of an IPsec tunnel
    3. Router1 and Router2 negotiate a security association (SA) used to form an IKE Phase 1 tunnel, which is also known as an ISAKMP tunnel
    4. Within the protection of the IKE Phase 1 tunnel, an IKE Phase 2 tunnel is negotiated and set up
      • An IKE Phase 2 tunnel is also known as an IPsec tunnel
    5. After the IPsec tunnel is established, special traffic (for example, traffic classified by an ACL) flows through the protected IPsec tunnel
      • Note that traffic not deemed special can still be sent between PC1 and PC2
      • However, the non interesting traffic is transmitted outside of the protection of the IPsec tunnel
    6. After no special traffic is seen for a specified amount of time, or if the IPsec SA is deleted, the IPsec tunnel is torn down

Other VPN Protocols

  • SSL: cryptography for layers 5-7
  • Layer 2 Tunneling Protocol (L2TP): no encryption, usually requires another protocol for security purposes
  • Layer 2 Forwarding (L2F): Cisco, used for PPP (point to point protocol)
  • Point-to-Point Tunneling Protocol (PPTP): older protocol
  • Transport Layer Security (TLS): SSL replacement

PPTP

  • Point to point tunneling protocol over TCP
  • GRE tunnel that encapsulates the PPP packets
  • Old and no longer recommended
  • Extensible Authentication Protocol (EAP)
    • Recommended approach to VPN security
    • EAP is a framework NOT an implementation
  • EAP Implementations
    • LEAP
    • EAP-TLS
    • EAP-MD5
    • EAP-POTP (protected one time password)
    • EAP-PSK (pre shared key)
  • VPN PPTP uses port 1723
  • EAP assumes someone else is handling security
  • Protected Extensible Authentication Protocol (PEAP) encapsulates EAP within an encrypted TLS tunnel
  • VPN L2TP: layer 2 tunneling protocol
    • Sent within a UDP datagram, carrying PPP sessions
    • Relies on IPsec to provide security (L2TP/IPsec)
    • Uses port 1701, UDP port 5500 (for IPSec), and UDP port 500 (for key exchange via ISAKMP)

Independent Computing Architecture (ICA)

  • Citrix runs on this
  • Only keystrokes, mouse actions, and screen updates are transmitted on the network
  • ICA Runs on port 1494
  • Port 80 must also be open to allow browsing of available applications in the server farm (ICA browsing port)

Network Troubleshooting

Structured Troubleshooting Methodology

  1. Identify the Problem
  2. Establish a Theory of Probable Cause
  3. Test the theory to determine cause (go back to step 2 if incorrect)
    • Perform sanity check
  4. Establish a plan of action (and back-out plan) to solve the problem and identify effects
  5. Schedule and implement the solution or escalate as necessary
  6. Verify full system functionality and implement preventative measures if applicable
  7. Document findings, actions, and outcomes (create post mortem report)

Troubleshooting Layer 1 (Physical)

  • Bad cables or connectors
  • Open is a broken strand of copper preventing flow
  • When 2 coppers wires connect a short occurs
  • Splitting pairs in a cable: UTP uses only 4 of 8 wires
  • dB loss: Signal loss
  • Transposed Tr/RX leads: ensure you have crossover cables when you require crossover cables and straight through for other connections
  • Cable placement: EMI
  • Distance limitations
  • Cross talk: More EMI common in analog systems (such as a phone)

Troubleshooting Layer 2 (Data Link)

  • Power failure
  • Bad module on the switch
  • Layer 2 loop: MAC Address table corruption, broadcast storms
  • Port configuration: bad parameters such as speed, duplex, and MDIX
  • VLAN Configuration

Troubleshooting Layer 3 (Network)

  • MTU Black hole: MTU size from send is too big for router and ICMP is blocked
    • Mismatched maximum transmission unit (MTU): defines the largest packet the router interface will forward
    • 1500-byte packet could not be forwarded by an interface with a 1470 MTU
  • Incorrect subnet mask
  • Incorrect default gateway
  • Duplicate IP addresses
  • Incorrect DNS

Wireless Troubleshooting

  • RFI: Radio Frequency Interference
    • 2.4-GHz cordless phones
    • Microwave ovens
    • Baby monitors
    • Game consoles
  • Signal strength: Received Signal Strength Indicator (RSSI) is a value measures power of signal
    • Varies based on distance and line of sight issues
  • Misconfiguration of wireless parameters: number of parameters should match between a wireless client and a WAP
    • 802.11 standard
    • Wireless channels used
    • Encryption standards must match
    • Matching SSID
  • Latency: usage of CSMA/CA can cause this
  • Multiple paths of propagation: obstacles that are highly conductive can cause data to arrive at the WAP at uneven times
  • Incorrect AP placement: bad placement of Wireless Access Point

Black Hole Router

  • Intermediate network segment has a maximum packet size that is smaller than the maximum packet size of the communicating hosts
    • And also if the router does not send an appropriate Internet Control Message Protocol (ICMP) response to this condition or if a firewall on the path drops such a response
  • Bottom up or top down and divide and conquer:
    • Start at the bottom or top of the OSI Model (Physical, Data, Network, Transport, Session, Presentation, Application)
  • Follow the path: should have good network documentation is in place

Troubleshooting Tools

  • We've seen these commands before at this point but they are super useful to learn. So here they are again.
  •  Ping
    • Consider the use of ICMP’s ping when trying to figure out why you can’t reach your company’s Outlook
    • You can ping the router, to see if there’s an open connection or if the Internet is down
    • Pinging in IPv6 Windows
      • Ping -6 host1 or ping host1 -6
    • Pinging in IPv6 Linux
      • ping6 host1
  • NMAP – Network Mapper
    • Security scanner used to discover hosts and services on a network
  • Tracert – Traces the connection all the way back to a remote host
    • Allows you to see exactly where the connection is lost
  • Netstat – gives info about TCP/IP connections and protocols
    • All connections
    • Listening ports
    • Routing table
    • -a shows all active protocols and listening ports
  • Ipconfig – shows IP configuration info
    • IP address, default gateway, subnet mask /all
    • Can force DHCP release/renew /release, /renew
  • Ifconfig – IP configuration in UNIX environment
  • Winipcfg – GUI based Windows 9x-era ipconfig tool
    • Windows based
  • ARP – returns MAC address of specific IP
  • RARP – returns IP from specific MAC address
  • NSlookup – troubleshoot DNS
    • Can show IP of given domain name
  • Nbtstat – Windows command to troubleshoot Netbios name resolution issues
  • Each of these tools provides relevant information in specific situations, so consider what data is available and use these tools to find out the rest of the data
    • Think of it like algebra

Quality of Service (QoS)

  • QoS does NOT limit traffic, it prioritizes
  • When their is no competing traffic QoS does NOT come into play
  • Managed unfairness/predictable performance
  • Converged network carries multiple forms of traffic
  • Issues with this pertain to dealing with contention and prioritizing traffic
  • Delay = time required for a packet to travel from its source to its destination
  • Jitter = uneven arrival of packets
    • Voice cannot tolerate jitter and packet loss
    • Jitter variations in delay
  • Drops occur when a link is congested and a router’s interface queue overflows
  • Utilizes The 8 bit TOS field in TCP/IP
  • Does a classic bitmask on this field to figure priority
  • ATM and MPLS have built in QoS

IP Precedence

DSCP NameDS Field Value (Dec)IP Precedence (Description)
CS000: Best Effort
CS1, AF11-138,10,12,141: Priority
CS2, AF21-2316,18,20,222: Immediate
CS3, AF31-3324,26,28,303: Flash – mainly used for voice signaling
CS4, AF41-4332,34,36,384: Flash Override
CS5, EF40,465: Critical – mainly used for voice RTP
CS6486: Internetwork Control
CS7567: Network Control

Best Practice

  • You shouldn’t use IP precedence 6 and 7, as they are reserved for internetwork control and network control
  • Voice RTP packets should always be marked IP precedence 5 (DSCP: EF)
  • All voice control packets should be marked IP precedence 3 (DSCP: AF31)
  • All data traffic should be marked with lower priorities than voice RTP and control packets
  • In general utilize 0, 1, 2, 3, and 4 priorities
  • Allow SSH traffic high priority

QOS Recommendations

  • Voice
    • 150ms delay
    • No more than 30ms jitter
    • No more than 1% packet loss
  • Video
    • 150ms delay
    • No more than 30ms jitter
    • No more than 1% packet loss
  • Data = varies

QoS Policy Creation

  • Identify network traffic type and requirements
  • Group traffic types
  • Define QoS that meets classification requirements

QoS Models

  • Best Effort
    • No QoS to packets, over provision everything
    • Give everything a lot of bandwidth
    • Interfaces contain no management
    • Interface are first in first out (FIFO)
  • Integrated Services (IntServ)
    • Hard QoS
    • Strict bandwidth reservations
    • Famous protocol is Resource Reservation Protocol (RSVP)
    • Application signals the QoS requirements to the network via the Resource Reservation Protocol (RSVP)
    • RSVP process adds overhead, not scalable
  • Differentiated Services (DifServ) Approach
    • When DifServ labels traffic, QoS tool alters traffic based on the following:
      • Classification
        • Categorize traffic (Email = POP3, IMAP, SMTP)
        • Does NOT alter bits
      • Marking:
        • Alters bits within a frame, cell ,or packet to indicate how the network should treat the packet
        • Other tools take action on the markings
        • In IP the type of service (ToS) byte is edited
      • Congestion Management
        • Act of buffering / holding traffic until the bandwidth becomes available
        • Queue algorithms
          • Weighed Fair Queue (WFQ)
          • Low Latency Queue (LLQ)
          • Weighted Round Robin (WRR)
        • When thinking about Congestion Management the term to think of is Queue's (LLQ, WFQ, Weighted Round Robin, etc.)
      • Congestion Avoidance
        • When interface's output queue fills to capacity newly arrived packets are dropped
        • Uses random early detection (RED) to identify how close the situation is to dropping packets and tells the send to resend the packets
      • Policing and Shaping
        • Limiting specific traffic
        • The speed at which the shaped traffic moves is known as the committed information rate (CIR)
        • Committed Burst (Bc) is the number of bits or bytes sent during a timing interval
      • Link Efficiency
        • Compressing traffic
        • Link fragmentation and interleaving (LFI)
        • Compresses different pieces of the packet (header vs. payload)
  • Every IP packet has a field in it called the type of service (TOS) field

VOIP

  • VOIP is full duplex, travels over UDP
  • QoS is used to make sure that packets are sent properly
  • Relies on RTP (Realtime Protocol)
  • Call Control: Setups communication between 2 end points, known as data channel
    • Qos prioritized at IP precedence 3
  • RTP Stream: the payload
    • Qos prioritized at IP precedence 5
  • VOIP Protocols
    • H.323: telephony based standard
      • H.225 is call control protocol
      • H.245 support for H.225 (encryption, tunneling, etc.)
    • SIP: Session Initiation Protocol
      • Open source
    • Skinny Call Control Protocol (SCCP)
      • Cisco proprietary

VOIP Telephony Terms

  • ACD: Automatic Call Distributor
  • ANI: Automatic Number Identifier
  • DNS: Dialed Number Identification Service, what the caller dialed
  • FXO: Connecting a company’s VOIP network, to the outside POTS world (example CO)
  • Softphone: software only, not a real phone

Common Issues With VOIP

  • Latency magic number for VOIP Latency is 300 ms
  • Spec recommends 150 ms
  • 2 causes:
    • Propogational delay (distance)
    • Computational (work being done)
  • Packet loss: Uses QoS to overcome
  • Jitter
  • VOIP should be moved into its own VLAN
  • Trivial File Transfer Protocol: TFTP (port 69) unsecured small item file transfers such as loading IP Phones or booting computers

Virtualization

  • Hypervisor = virtual supervisor
    • Runs virtual machines
    • Allows you to have multiple non-native OS run on a platform
    • VSPHERE
  • Network virtualization Classification
  • Control Plane
  • Data Pane
  • Management Plane
  • Pooling and clustering
  • VSS

Windows Administration

Windows Built in Groups

  • Account Operators exist only on domain controller
    • Perform crud on all users and groups except built ins
  • Administrators
  • Backup Operators: backup, restore, and shutdown
  • Power Users

Active Directory

  • Makes use of LDAP, DNS (via DDNS), and Kerberos
  • 2 main types of objects:
    • Resources (printers)
    • Security Principals (computers accounts and groups)
  • Security Principals have SIDs (Security Identifiers)
  • Schema: an object's skeleton
  • Sites are physical groupings
  • Domain Controller: server that handles security authentication requests
  • AD Fault tolerance is handling via multi-master replication

Logical Divisions of An Active Directory Network

Forest, Tree and Domain
  • A domain = logical group of network objects (computers, users, devices) that share the same active directory database
  • Tree = one or more domains
  • Forest = Collection of trees
  • Active Directory stores information in a database (directory store), log files, and shared system volume
  • Limitations: 16 terabytes and 2 billion objects (but only 1 billion security principals) in each domain controller's database
  • Organizational Units: sub grouping of a domain
  • Shadow Groups: objects placed within OUs are not automatically assigned access privileges based on their containing OU
    • Solution is to script

Review Those Ports

  • Cybrary has a good resource for Standard Network Ports
  • Well-known/System Ports
    • 0-1023
  • User Ports/Registered Ports
    • 1024-49151
  • Dynamic/Private/Ephemeral Ports
    • 49152-65535
  • Port Numbers and their Applications
    • 20 – FTP (Send file data)
    • 21 – FTP (Session info)
    • 22 – SSH, FTPS, SCP!
    • 23 – Telnet
    • 25 – SMTP
    • 49 – TACACS+
    • 53 UDP/TCP – DNS
    • 67 UDP – DHCP and BOOTP
    • 69 – TFTP
    • 80 – HTTP
    • 88 – Kerberos
    • 110 – POP3
    • 119 – NNTP (Network News Transfer Protocol)
    • 123 – NTP (Network Time Protocol)
    • 137,138,139 – NetBIOS
    • 143 – IMAP
    • 161 – SNMP (Agents receive requests)
    • 162 – SNMP (Controller receives data)
    • 389 TCP – LDAP Lightweight Directory Access – 389
    • 443 – HTTPS (over TLS/SSL)
    • 445 – SMB Server Messaging Block – 445
    • 1701 – L2TP, L2F Layer 2 Tunneling Protocol – 1701
    • 1720 – H.323
    • 1723 – PPTP Point to Point Transfer Protocol – 1723
    • 1812,1813 – RADIUS RADIUS – 1813,1812
    • 2427 – MGCP Media Gateway Control Protocol – 2427
    • 2727 – MGCP
    • 3389 – RDP Remote Desktop Protocol – 3389
    • 5004 – RTP Real-time Transport Protocol – 5004
    • 5005 – RTP (Default)
    • 5060 – SIP (unencrypted) Session Initiation Protocol – 5060
    • 5061 – SIP (encrypted with TLS)

Network+ N10-006 Study Notes Conclusion

Wowzers. We did it. Over 20K words of CompTIA Network+ N10-006 goodness. Let me know what was easy for your and of course, what you had trouble with.

If anything needs to be corrected or added, please sound off in the comments below.

Thanks and good luck on the exam!

Update: If you're interested in going further, the next certification that makes sense is the CompTIA Security+ exam. Head over to the SY0-401 exam overview to read more. When you're ready for the exam, jump into the SY0-401 exam study notes post to review your stuff. Study hard, this one has a lot of different concepts to learn!

Pin It on Pinterest