This action might not be possible to undo. Are you sure you want to continue?
A Bus network is also called a trunk or backbone. Computers connect to a drop cable. They are tough to troubleshoot. In a star topology all devices connect to a central device which creates a “single point of failure”. But it is the most popular. In a ring topology the loop must be broken if a fault occurs or the network needs to be expanded. *You are unlikely to see a mesh layout in a LAN setting. But it is the most fault tolerant.
*An ESS (extended service set) is two or more Basic Service Sets combined to form a sub-network.
A wireless mesh is cheaper that a wired mesh.
Test: *2. You can assign computers to a VLAN by protocol, ports, and MAC addresses (w/ a switch) *6. You need a VPN server, client, and protocol to establish a VPN connection. 9. An Infrastructure topology is where each client accesses the network through a wireless access point. 17. A mainframe is an example of a centralized computing model (distributed is server client)
Chapter 2 Chromatic dispersion is the weakening of light strength in a fiber optic cable. Plenum cables are coated with a nonflammable material. Due to shielding STP distances are greater than UTP. Half-duplex can transmit or receive but not both at the same time. With fiber optic cable, single mode is faster and longer than multimode.
*Two types of cable can connect devices to hubs and switches: crossover and straight through. *The Cisco rollover cable is used to connect a computer system to a router, switch, or firewall port. *The loopback cable uses UTP cable and RJ-45 connectors. The main or vertical cross connect is the location where outside cables enter the building for distribution. The horizontal cross connect is the location where the vertical and horizontal connections meet. *The patch panel provides a connection point between network equipment (hubs, switches) and the ports to which PCs connect. The 110 block improves on the 66 block by supporting higher frequencies and less cross talk. The main wiring closet is known as the Main Distribution Frame (MDF). If a modem fails it is replaced by the ISP (demarcation point). Test: *1. DB-25 (pins or holes) and DE-9 are associated with the RS-232 standard (modem, keyboard) 2. The 568 standards specify the pin arrangements for the RJ-45 connectors on UTP cable. 3. An F-Type connector connects a (coaxial) cable internet modem (screws on) 4. Category 6 UTP is 10Gbps w/ 250 MHz bandwidth. 5. Category 5 UTP cable uses RJ-45 connectors. *7. Cat6 UTP and fiber optic support 1000 Mps *10. Multimode can travel 412 meters (single mode 10,000) *14. 66 punchblock has 50 rows of IDC contacts (insulation displacement connector). 15. F-type connectors are not associated with fiber optic, but SC, ST, and LC are. 17. Horizontal cable is from the wiring closet to the telecommunications port for the client system.
Chapter 3 *Collisions do not occur on “switches” so CSMA/CD is not needed. *Micro-segmentation is the process of direct communication between sender and receiver that switches perform to decrease collisions.
*For full-duplex connection you need a switch, the right cable, and a NIC (and driver). Trunking is the use of multiple network cables or ports in parallel to increase the link speed beyond the limits of any one cable or port. *The majority of ports on a hub/switch are normally MDI-X (crossed MDI) ports, and hosts (PCs, routers) usually come equipped with MDI ports. If “both” are MDI then crossover cable is needed. If one is MDI and the other MDI-X (Medium Dependent Interface Crossover) a straight-through cable is needed. Hubs and switches usually have 8, 16, 24, or 32 ports (all multiples of 8). The 80/20 rule states that 80% of traffic should not cross a bridge (it should be local). STP- “Spanning Tree Protocol” is layer 2 along with bridges and switches. STA is the algorithm used by STP. STP ensures that no redundant links or paths are found in the spanning tree. STP is defined in the 802.1 d standard. *Transparent bridges are the most popular (they only block or forward data based on MAC). They segregate Ethernet networks. Translational bridges connect two different networks like Ethernet or token-ring they “translate”. *Routers use the software-configured network address. Hubs and switches use the hardware-configured Mac address. *A system network architecture (SNA) sits between the client PC and mainframe and translates requests and replies from both directions. AT modem commands: ATA – answers, ATH – hangs up, ATZ – resets, ATI3 - displays ID info. Universal Asynchronous Receiver/Transmitter chips: 8250 – 9,600 bps / 16450 & 16550 – 115,200 / 16650 – 430,800 / 16750 & 16950 – 921,600 *The PCMCIA (Personal Computer Memory Card International Association) card is both a modem & NIC. Media converters allow us to use the existing infrastructure while keeping pace w/ changing technologies. *A DHCP assigns IP addresses. Some companies run more than one DHCP server. *A multilayer switch operates as both a router and a switch. *A content “switch” (no relation to Internet content) is sometimes called a load-balancing switch. It can distribute data to specific application servers. *Load balancing increases redundancy and therefore availability to data. It can be a hardware or software device.
Most OS systems can act as a DNS server! A DNS server answers client requests to translate hostnames to IP addresses. DNS is platform independent so Linux, Unix, Windows, and Netware are ok. *CSU/DSU (Channel/Data Service Unit) changes the signal from one digital format to another. It acts as a “translator” (gateway) between LAN and WAN data formats. A basic router is needed to connect LAN/ WAN. Test: *2. A multi-layer switch routes traffic between subnets and operates as a Layer 2 network switch. *4. A bridge makes forwarding decisions based on MAC addresses (layer 2). *5. A switch determines the port to send data by the MAC address of the device. *8. The uplink port on a hub or switch enables the two to be connected, enables computers to connect to the device, and provides a spare port. *11. Two states of a spanning tree are disabled and listening. *19. A router makes forwarding decisions based on IP address (software-configured). 20 Before buying a network card consider the bus, network, and hardware compatibility.
Chapter 4 IP operates at the network layer (3) and *TCP (and UDP) operates at the transport layer (4). *HTTP uses TCP as a transport protocol. *Telnet is used to access Unix and Linux systems. HOSTS files were used to perform name resolutions. *SNMP has the three commands – Get, Get Next , and Set. *MIB – Management Information Base (virtual DB for managing entities in a communications network). *DHCP is a “protocol dependent” service, but not platform dependent. RTP is the Internet standard protocol for the transport of real-time data, including audio and video. It does not guarantee delivery (UDP). Test: *4. With FTP use mput to upload multiple files.
7. Network Time Protocol communicates time synchronization info between systems *11. In SNMP a Trap message is sent by a system if a threshold is triggered. *16. The DNS “protocol” may not be working if you can ping the IP address of a remote system but not its hostname.
Chapter 5 The IP address defines both the network and host (node) address. Each device on the same segment has the same network ID and each has its own node ID. *Some systems such as “web servers” should always have a static IP address (manually assigned). *BOOTP is for diskless workstations to get info. APIPA assigns an IP address if it can’t get one from a DHCP server. It starts at 169.254.0.0 until it finds one unused. Zero-config is for connecting non-computer devices like house lights (does not use DHCP or DNS) Broadcast addressing sets the final part of the address to .255 (everyone). CIDR (Classless Inter-Domain Routing) assigns addresses outside Class A, B, C. *Default gateways allow a device to access hosts on other networks for which it “does not have a specifically configured route”. It must be on the same network as the node that uses it. To create at least four “networks” the “subnet mask” would be 255.255.255.224 (31 left for each address range). You need at least 3 bits (3 to the 2, -2 *can’t use+ = 6 is >= 4) (128, 64, 32 = 224! the last [leftmost] 3 of 1 ,2 ,4 ,8, 16 ,32, 64, 128) so the networks would be 126.96.36.199, 64, 96, 128, 160, 192 Network address of 188.8.131.52 sub-netted: 184.108.40.206 has a usable range of 220.127.116.11-63 to 18.104.22.168-223 (a total of 6 ranges). The first number is not used, it is the network address. No portion of an address can be all 0s or 1s (bits) 2 to the power of the number of bits minus 2 equals the number of networks, and 2 to the power of the number of unmasked bits minus 2 gives you the number of usable nodes on the network. A system w/ address 22.214.171.124 would be on network 126.96.36.199 and the host ID would be 26 (96 + 26 = 122) *IPv4 Address Classes: Class A - 1-126 (126 networks, many hosts, subnet mask 255.0.0.0), Class B – 128191 (16384 networks, 65,534 hosts, subnet mask 255.255.0.0), Class C – 192-223 (2,097,152 networks, 254 hosts, subnet mask 255.255.255.0).
* address ranges: Class A - 10.0.0.0-10.255.255.255 (subnet mask 255.0.0.0), B – 172.16.0.017188.8.131.52, C – 192.168.0.0-192.168.255.255. IPv6 is 128 bits. There are 8 16-bit boundaries with each 16-bit block represented as 4 numbers. All 0s between two points can be condensed with :: *In a stateful configuration network devices obtain address info from a server. *Routable protocol enables systems to be identified by their network address and unique ID. Metric can mean the number of hops. Two types of routing protocols are distance-vector (communicates routes to neighbors) and link-state (maintains a database of all routers). Routing Info Protocol (RIP) metric is limited to 15 hops. PAT (Port Address Translation) maps clients to a single public IP address. Test: *1. OSPF is a link-state routing protocol used on “TCP/IP” 2. SNAT (source NAT) maps a private IP address directly to a persistent (static) public IP address. *3. w/ Split horizon routes are not advertised back on the interface from which they were learned. 5. Count to infinity can arise when routers advertise a route back to the router from which it was learned. 7. RIP is a distance-vector routing protocol used on TCP/IP networks *11. EGP (exterior gateway protocol) is used with BGP 13. 127.0.0.1 is equal to 0:0:0:0:0:0:0:1 and ::1 14. 184.108.40.206/24 needs subnet mask 255.255.255.0 *16. IPv6 uses multi-, uni-, and anycast (not broadcast) *19. “Unique local address” types (IPv6) are associated with IPv4’s private address ranges. *20. “Link-local address” types (IPv6) are associated w/ IPva’s automatic 169.254.0.0 addressing.
Chapter 6 CSMA/CD is a contention media access method because systems contend for access to the media. Network switches can create many collision domains and therefore reduce impact on performance. With CSMA/CD every node has equal access to network media. CSMA/CD has low overhead & utilizes all available bandwidth when possible. But collisions degrade performance, priorities cannot be assigned to certain nodes, and performance degrades exponentially as devices are added! CSMA/CA uses listen before talking. The channel must be clear before sending data. *Token passing is more complex and costly. It generates overhead on the network. Ethernet bonding requires one or two network interfaces on the host combined together to increase throughput. It increases speed and adds redundancy. 802.3 “Ethernet” can have multiple physical topologies. The digital signal used in baseband occupies the entire bandwidth of the network media to transmit a single data signal. It is bi-directional but sending and receiving can’t happen at the same time. Ethernet networks use baseband (110BaseT, FX etc.). Time Division Multiplexing divides a single channel into slots allowing multiple signals on a single cable. Baseband uses digital. Broadband uses “analog” signals in the form of optical or electromagnetic waves over multiple transmission frequencies. The transmission media must be split into two channels. Or two cables can be used to send and receive. Base in 10Base2 means that the media can carry only one data signal per wire, or channel. A 10Base2 network can have a max of 5 segments with only 3 populated. The 5-4-3 rule w/ Ethernet networks that use coaxial means that the network can have 5 segments w/ no more than 4 repeaters, and only 3 can be populated. *The max number of computers supported on a 10BaseT network is 1,024 (2 to the 10th power). *Crossover cables allow two systems to be connected directly w/out a hub. They can also connect two hubs or switches. 10BaseFl can cover up to 2km. It is 10Mpbs Ethernet over fiber-optic cabling. But 100BaseFX is faster. Fast Ethernet is often referred to as 100BaseX which refers to 100BaseTX (UTP/STP, 100 meter, 100Mbps, RJ45), T4 (uncommon), and FX (100Mbps, 412 meters, fiber optic, SC, ST) standards. 100BaseTX can reach 100Mpbs which is the speed of most LANs.
100BaseFX can reach 412 meters for half-duplex multimode and 2km with full-duplex. Full-duplex singlemode fiber can reach 10,000 meters. 1000BaseSX (short) and LX (long) are laser standards over fiber. 10GbE can send 10 gigabits per second. That’s 10,000Mbps, 100 times faster than most modern LAN. It is used for WAN & MAN and was ratified as the IEEE 802.3a. Dark fiber refers to unlit fiber, fiber that is not in use and connected to any other equipment. 10GBaseSR/SW is for LAN & MAN w/ a max distance of 300 meters. 10GbE is defined as the IEEE802.3ae standard. Test: 1. 10GBaseER has the longest distance at 40,000 meters 3. CSMA/CD relates to 802.3 4. 100BaseFX full duplex single mode can reach 10,000 meters. 8. 10GBaseT is associated with 802.3an (needs 6 or 6a twisted pair) 10. 802.3u is associated with 100 Base FX (fiver), TX, and T4. 11. 802.3z (laser) is associated with 1000BaseLX, CX, and SX. 13. 1000BaseT has a max of 100 meters. 14. 100BaseFX can be implemented over greater distances than 100BaseTX. 15. 1000BaseCX (STP, 25 meters) and 10GBaseT can be implemented over copper cables. 16. 802.3ab specifies 1-gigabit transfer over category 5 cable.
Every 3dB of gain added doubles the effective power output of an antenna. Omnidirectional antennas are good for clear line of sight. Directional are good for a series of obstacles. *Polarization refers to the direction that the antenna radiates wavelengths. 802.11a is not compatible with other wireless standards b & g.
802.11 wireless standards can be Ad-hoc (no WAP) or infrastructure. 802.11n has MIMO (Multiple Input Multiple Output) which allows greater speeds. It also enables channel bonding, which doubles the data rate. In the US 802.11b/g use 11 channels and 1,6 ,11 are non-overlapping. Ipconfig can give the status of IP configuration. *With spread spectrum, data signals travel through a radio frequency. Data does not travel straight through a single RF (narrowband transmission). It is more reliable but uses more bandwidth. Data signals using FHSS (Frequency “Hopping” Spread Spectrum) switch between RF bands and have a strong resistance to interference. *W/ Direct Sequence Spread Spectrum the transmission is spread over a full transmission. For every bit of data sent, a redundant bit pattern is sent. The 32-bit pattern is called a chip. DSSS provides higher security than FHSs but it is a sensitive technology. *Orthogonal Frequency Division Multiplexing transfers large amounts of data over 52 separate frequencies. The amount of crosstalk is reduced. It is associated with 802.11a, g, and n. The beacon frame includes channel info, supported data rates, SSID, and Time Stamp. With active scanning a probe request is sent out and a probe request is given. *DTIM (delivery traffic indication method) ensures that when the multicast or broadcast traffic is sent, all systems are awake to hear it. *A client and AP must start w/ association & authentication. Water is a major interference because molecules resonate at 2.4. Site surveys are the first step in a wireless network. Moving an AP could make things worse. WPA uses TKIP. TKIP is defined in IEEE 802.11i. It was developed to help improve WEP. It wraps additional code at both ends. *During port based access a LAN can be an authenticator or supplicant. Radius performs AAA. Test: 6. WEP-shared offers the greatest level of security over other WEP configurations.
Chapter 8 Three types of switching: 1. Packet: most popular, used for LANs. The receiving device reconstructs the packets according to builtin sequence numbers. Size is restricted to ensure packets can be stored in RAM instead of hard disk. a. Virtual circuit packet switching – permanent (PVC) and switched (SVC). b. Datagram packet switching – connectionless, packet size kept small in case of error 2. Circuit switching – requires dedicated connection. It can hog connection. 3. Message switching – divides data into messages. Store-and-forward is good for email. Does not require dedicate connection so sharing is allowed. Store-and-forward is not a good choice for real-time applications and PC systems must store messages using their hard disk. *Frame Relay is a packet-switching technology that uses PVC (permanent virtual circuit). T-carrier lines can support voice and data. T1 – 1.544Mbps (fixed cost), T2- 6.3 (uses 96 64Kbps B channels), T3 – 44.736Mbps. With muxing (T1) a signal is broken into smaller pieces and assigned IDs. Many companies use T1 to Internet. Fractional T is leasing a portion. OC (optical carrier levels) represents the range digital signals can be carried on Sonet. ATM uses cells 53 bytes (48 data, 5 header) long and it is more efficient (and flexible) than Frame Relay. ISDN is a circuit-switched phone network system designed to enable digital transmission of voice and data over copper wires. Digital is used the whole way. *Basic Rate Interface (PTSN, 128Kbps) is referred to as 2B+D. The connection must be within 5,486 meters of the ISDN provider’s BRI center. ISDN is a leased line from the service provider. Primary Rate Interface is 1.536M on T1. AT commands: ATA – autoanswer, ATH – hangs up, ATD – dials, ATZ –resets, ATI3 – displays name and model. *DSL (digital subscriber line) uses a “standard phone line”. A different frequency can be used for digital and analog so you can talk while uploading data. Asymmetric (downloads faster, Internet) and symmetric (can’t share phone line, high speed both ways) DSL. A telephone cable uses two frequencies: high and low. *A dedicated DSL line is not used for regular voice transmissions.
*Broadband (analog) refers to high speed Internet access. Both DSL and cable modem are common broadband. Use LEDs to troubleshoot. *Cable modem has a coaxial connection to the provider’s outlet and UTP for attaching directly to a system, switch, or hub. A cable modem usually has a medium dependent interface crossed (MDI-X) port. With cable access you share the bandwidth! If an IP address is assigned via DHCP, the absence of an address is a sure indicator that connectivity is at fault. DSL and cable Internet are always on so be careful. Satellite is always on. Upload is 512Kbps and download is 2048Kbps (four times). A two-way system provides data paths for both upstream and downstream. A home satellite system is likely to use a modem for uplink traffic and downloads coming over the satellite link. Rain can cause the signal to fade. Test: 1. PVCs are permanent, cells cannot take other routes in the event of a circuit failure and when not in use bandwidth is still reserved for the PVC. PVCs are not dynamically connected. 5. A company wants fast DSL for video but does not care about download speeds so use VHDSL (asymmetric)(Very High bit rate DSL) 6. Frame Relay has FRAD (FR Access Device), Frame Relay Switch, and a Virtual Circuit. *9. Satellite Internet access is asymmetric. 15. X.25 and Frame Relay are packet-switching technologies (not ATM or FDDI) *17. ATM uses two types of circuit switching - SVC (switched virtual circuit) and PVC *18. On ISDN the D channel carries signaling info and B carries data signals. *19. A frame relay network has DTE (w/ company, data terminal equipment) and DCE (w/ carrier, data communication equipment) 20. Packet switching uses independent routing.
Going down the OSI model headers are added (encapsulation) and removed (de-capsulation) going up. The physical layer defines the voltage on the cable and the frequency.
*The data link layer can perform checksums and error detection. It has two layers: Logical Link Control (defined by IEEE 802.2) and Media Access Control (Mac address defined here) *The network layer provides the mechanism (does not define) by which data is moved between two networks or systems. It has IP (connectionless!) and IPX (Novell’s IPX/SPX- Internet packet exchange/Sequenced…). On TCP/IP network service identifiers are called ports and on IPX/SPX networks are called sockets. The network layer has the 3 switching methods – circuit, message, and packet. The network layer has logically assigned addresses in contrast to physical MAC addresses. *Hierarchical addressing systems are possible only with routable network protocols. *In a dynamic routing environment RIP and OSPF (adaptive) are used. Transport layer protocols – TCP, UDP (part of TCP/IP!), and SPX. The transport layer sets up and maintains the connection between two devices. This layer also performs error checking and verification and handles retransmissions. The session layer performs the same function as above on behalf of apps. It synchs the exchange of data between two devices at the app level. It also handles error detection & notification to the peer layer on the other device. In windowing data is sent in groups of segments that need only one acknowledgement which reduces overhead. The presentation layer converts data to or from the app layer into another format. It is where encryption and decryption take place. The app layer defines the processes that enable apps to use network services. If an app needs to open a file from a network drive components in the app layer will provide the functionality. Switches are layer 2 but can be layer 3 for modern ones. *Bridges divide the network in to smaller areas through segmentation. It can block or forward by using MAC addresses (making it layer 2). Routers use software-configured logical network devices. Although NICs are physical components they are layer 2 and they rely on the MAC and LLC sub-layers. WAP are layer 2. (R)ARP is on the data link layer (2). ICMP and IGMP are layer 3 with IP. TCP and UDP are layer 4 and most of the rest are layer 7 (DHCP, LDAP, SCP, NTP, SSH, Telent, POP3/IMAP4, HTTP, HTTPS, SMTP, FTP, telnet, SNMP, TLS!, SIP, and RTP)
Test: 8. The Data link defines the method by which the network media are accessed on a logical level.
Chapter 10 The more disks added to Raid 0, the greater the chance a disk will fail. Raid 1 (mirroring) has high overhead and is limited to two hard drives. Disk duplexing has a 2nd level of fault tolerance by using a separate disk controller. Minimum 2 disks. Raid 5 is preferred. It stripes data across all hard drives and is fault tolerant. But it has poor write performance and it takes time to regenerate data. Minimum 3 disks. (Raid 10 needs 4). Software Raid is inexpensive but has high overhead. Hardware Raid is better if you have the money. It has its own controller and can use cache memory. *Through link aggregation four NIC cards can work together. Warm swapping is powering down an individual bus slot to change an NIC. Too many devices can shorten the battery life of a UPS. GFS is the most used rotation method. It uses separate tapes for monthly, weekly, and daily backups. Quality of service describes ways to manage and increase the flow of traffic. Apps can be latency sensitive (voice video) or insensitive (backups, FTP transfers). QoS can prioritize by queuing. VoIP digitalizes and encapsulates voice in data packets and later converts back to voice. It uses RTP packets inside UDP-IP packets. SRTP improves upon RTP. Traffic shaping is a QoS strategy. Load Balancing: sharing the load between many servers is a server farm. Test: 2. Full & incremental clear the bit (to say they no longer need backup due to change). 9. Raid 10 offers the best R&W performance.
Chapter 11 1. Gather info, 2. ID affected areas, 3. Determine changes, 4. Establish probable cause, 5. Consider escalation, 6. Create an action plan & solution, 7. Implement and test solution, 8. ID the results, 9. Document. You can get info from the computer (logs, error messages), the user, and your own observation. A duplicate address often happens when a new system has been added to a network where DHCP is not used. Sometimes fixing a problem creates another. A riser is used to run cable between floors. Always test cables to confirm that they work. Whether it is coaxial or UTP, copper based cabling is susceptible to crosstalk (and attenuation). NEXT – near end crosstalk (outgoing data leaks over to an incoming transmission) and FEXT. Mixing cables can result in impedance mismatch. Shorts occur when the electrical current travels along a different path than was intended. Copper-based media is susceptible to shorts, wireless and fiber optic cables are not. In a switched network, systems do not need collision detection. Hubs are used w/ star, and use twisted pair. Bridges connect segments within the “same” network. At the least a system needs an IP address and subnet mask. The default gateway, DNS server, and WINS are optional (but usually needed). An IP address in the 169.254.0.0 (APIPA) range is not connected to DHCP and will “not” get on the network. DHCP can assign the IP address, default gateway, subnet mask, and DNS. A switching loop is having more than one path between two switches. They occur at layer 2 (data link). Indoor antennas should be kept away from large metal objects like filing cabinets. Wireless signal that travel where not wanted is known as bleed. APs should not be placed vertical to one another on different floors. 802.11a is not ok with b, g, or n, but b & g are ok. Test: 2. The IP address and subnet mask can’t be the exact same.
*20. If a user gets Server Not Found the cable may be disconnected or the protocol configuration on the workstation is not correct. Chapter 12 You can get help on netstat with netstat /? A ping requires an ICMP echo request. Ping switches: -t - until stopped, -a – resolve IP address to hostname, -f – Don’t Fragment Flag is set, -r count –route hops, -R use routing header. *1. Ping the local loopback w/ 127.0.0.1, 2. Ping the IP address of your NIC, 3. Ping the IP address of a working node on your network, 4. Ping the IP address of the default gateway, 5. Ping the IP address of a system on a remote network. To test whether TCP/IP is installed ping the loopback address and then the IP address of a local system. You can ping the DNS name of a remote host if your network uses a DNS server. A congested network might give some replies mixed with Request Timed Out. TTL prevents circular routing which occurs when a ping request keeps looping through a series of hosts. Each hop subtracts one. Traceroute (tracert – Windows) can be used before ping to determine where on a route a problem lies. -h – max number of hops, -d – do not resolve address to hostname, -w – wait time Mtr (my traceroute) is used on Linu/Unix. It combines ping and traceroute ARP is part of the TCP/IP suite. Resolves IP address (phone book listing) to Media Access Control addresses (phone number). The ARP has a cache for known MAC entries. Static entries do not expire and can be added manually. ARP operates on the network layer. An ARP cache lists the Internet Address and then the Physical Address (MAC) and the type (static or dynamic). If a ping fails the device is not always offline. Sometimes ICMP is blocked to prevent attacks. Arp Ping uses ARP rather than ICMP to ping the MAC address directly. It is not built into Windows. Netstat displays packet stats. –n – IP addresses and port number in numeric, -p proto – per-protocol basis, -r – routing table. Netstat –r shows the network destination, netmask, gateway, interface, and metric. Netstat –e (stats) shows bytes, unicast packets, non-unicast (broadcast or multicast picked up), discards, errors (if high could be NIC problem), and unknown protocols, for Received and Sent. Netstat – a (current connections) shows the protocol, local address (ex. laptop:1027 port), foreign address, and state (listening, established, closed, waiting). UDP does not list a state status but gives *:*. Netstat –s gives many stats. Nbstat is on “Windows only”. Nbstat –r shows a list of NetBIOS names that have been Resolved.
Microsoft now prefers DNS over WINS. Ipconfig (Windows) /all A missing or incorrect gateway parameter would limit access to the local segment. *If a user can’t connect to any other system on the same subnet make sure the TCP/IP address and subnet mask are correct. If the network uses DHCP make sure it is enabled. If a user can connect to another system on the same subnet but can’t connect to a remote system make sure the default gateway is correctly configured. *If a user can’t browse the Internet make sure the DNS server parameters are ok. Use pump-s with ifconfig to get DCHP lease info. Nslookup (all OS) and dig (Linux, Unix, Macintosh) are TCP/IP diagnostic tools that can be used to find DNS problems. With nslookup (name server) you can run manual name resolution queries against DNS servers (most common use), or get info about the DNS config of your system. Output for nslookup line by line could be Server, Address (of the DNS server that performed the resolution), space, Name:, Address: (Domain name that was resolved along w/ it’s IP address). Dig does not have an interactive mode but uses command line switches. Dig is considered more powerful than nslookup. The host command is used on Linux/Unix to perform a reverse or forward lookup on an IP address. Test: 1. Netstat (-r) and route can be used to view routing tables on a Windows system. 2. nbstat –R (not small r - resolved) can purge and Reload the remote cache name table. 4. netstat – s can be used to display the protocol stats on a per-protocol basis. 6. If a ping returns Unknown Host, the name of the “destination” computer cannot be resolved.
The topology can be in the physical shape of a star but data is passed in a logical ring. “Ethernet uses a star topology but a logical bus topology”. What happens inside the switch defines the logical bus topology. The logical topology of a network identifies the logical paths that data signals travel over the network.
For baseline purposes one of the most common stats to monitor (capture) is bandwidth usage. Software & hardware configuration documents are required. Regulations are often enforceable by law. Gbps – Gigabit, GBps – Gigabyte. DNS, TFTP, SNMP, DHCP (ports 67 & 68) use UDP. HTTPS uses both TCP/UDP. NTP uses port 123 & TCP. Some ports are closed by default but some are open depending on the OS and this can cause problems. *The quickest way to get an overview of ports used by a system and their status is to issue netstat –a. Performance tests are about the network today and load tests are for future growth. Security logs keep track of failed login attempts and failed resource access. Need admin account to view. App logs contain info logged by apps. It tracks events w/in apps. System logs record info about components or drivers in the system. It is the place to look for hardware device errors, time sync issues, or service startup problems. History logs track internet surfing but can also be compilations of events from other logs files (over a year, for example) Wire crimpers are used for RJ-11 and RJ-45. They are used to connect media to the ends of cables. Squeezing the crimpers handle forces metal connectors through the wires of the cable. Always order more connectors than you need. Strippers and snips can work with coaxial cable and UTP. Punchdown tools are good for blocks and patch panels. Each wire of TP cable needs to be attached to the back of the patch panel for each RJ-45 connector. The metal connectors in which the wires are pressed are insulation displacement connectors (IDCs). *Cable certifiers can determine cable fault locations, length issues, noise problems, and qualify cables for apps like VoIP. The can measure NEXT, FEXT and attenuation. Voltage event recorders monitor the quality of power used on the network or by network hardware. They are attached directly to a wall socket to monitor power. They can isolate a power problem. A toner probe (fox and hound) has a tone generator and the tone locator. If cables are labeled at both ends you do not need a toner probe. Protocol analyzers capture the communication stream between systems. Unlike a sniffer, it also reads and decodes traffic. If a problem occurs w/ specific TCP/IP communications, such as a broadcast storm,
the analyzer can identify the source of the problem and isolate the system causing the storm. They also provided many stats (real-time trend). PAs can be used to ID protocol patterns and decode info. And they enable admin to examine the bandwidth that a protocol is using.
*A media/cable tester (cable tester or continuity tester) tests whether cable works properly. They can help test a segment, look for shorts, improperly attached connectors, or other faults. They can verify that a path exists between two points. A media tester has two parts, one for each end of cable. A TDR (time domain reflector) checks continuity of a cable. They can also locate faults (severed sheath), damaged conductors, faulty crimps, shorts, loose connectors etc. TDRs work on the physical layer. OTDR (optical time-domain reflectometer) is used for fiber (not copper). It can locate how far in the cable the break occurs. *A multimeter can test for shorts in coaxial cable (and even twisted pair). They can measure voltage, current, and resistance. Network multimeters can ping, verify cabling (shorts, split hairs), locate and ID cable (at patch panels and wall jacks using digital tomes), and document findings (can link to a PC). A wireless detector can reveal Wi-fi hot spots and detect wireless network access with LED visual feedback. Some devices can ID where and how powerful RF signals are.
Test: *10. A crimper is needed to make your own long cable. *20. If you suspect s.o. is gaining access to your system use a port scanner and netstat –a.
Chapter 14 Have DO NOT COPY put on all keys. Swipe cards are hard to copy. Firewalls can offer NAT and proxy server services. Stateless firewalls look at each data pack in isolation. It rejects or accepts based on the source or destination address or port number listed w/in the packet header. Stateful firewalls monitor data traffic streams from one end to the other. It refuses unsolicited incoming traffic that does not comply w/ dynamic or preconfigured firewall exception rules. A Network layer firewall can filter based on IP address (both ways), port number, protocol ID, and MAC address (not flexible so not often used).
A circuit level firewall (session-layer) operate at the transport “and” session layer. It validates TCP and UDP sessions before connecting. It maintains a table entry which is removed (and the circuit closed) when the session ends. These days they don’t provide enough protection. *App firewalls are sometimes called a proxy firewall because they have the capability to proxy in each direction. IDS can generate false reports. RRAS – routing and remote access service uses SLIP (serial line Internet Protocol) and PPP. Slip does not support encryption or authentication, and it does not provide error checking or packet addressing so it can be used only in serial communication. PPPoE is used to connect multiple network users on an Ethernet LAN to a remote site through a common device. PPPoE is a combination of PPP and Ethernet protocol. As w/ a dial-up PPP service and ISP will likely assign configuration info like IP address, subnet, default gateway, and DNS server. PPPoE has the discover stage (initiation, offer, request, session confirmation, and termination) and the PPP session stage. VPN encapsulates encrypted data inside another datagram that contains routing info. VPNs support analog modems, ISDN, and dedicated broadband connections such as cable and DSL. SSL VPN uses the browser as the interface and not other software. It uses symmetric encryption. A VPN concentrator is a device that creates and encrypts a tunnel between the remote user and the network. They can also help secure the VPN link by using access lists for remote user sessions. They can use either IPsec or SSL. PPTP is a TCP connection. It does not use PKI but does use a user ID and password. It uses the same authentication methods as PPP like MS-chap, Chap, PAP, and EAP. L2TP is a combo of PPTP and Cisco L2F. It authenticates the client in a two-phase process: first the computer and then the user (to prevent MITM attacks). L2TP operates at the data link layer making it protocol-dependent. So it can support IPX and Appletalk. PPTP is more compatible than L2TP. L2TP is more secure and it supports PKI (certificates). IPsec protects data as it travels within the LAN. Firewalls cannot give such internal protection. AH gives authentication and integrity but not encryption like ESP. With transport mode IPsec protects the whole way. Tunnel mode protects between points or gateways. *Remote control access protocols – RDP (Windows, low-bandwidth used to send mouse movements, key strokes, and bitmap images), VNC (virtual network computing, uses remote frame buffer), and ICA (Citrix Independent Architecture, works similar to RDP).
RDP and ICA are examples of thin client computing: client systems use the resources of the server instead of the local processing power.
Test: *8. Packet filtering occurs at the network and data link layer.
Chapter 15 Mutual authentication is designed to protect against eavesdropping, tampering, and info theft. Tokens can take the form of smart cards or embedded in objects like a USB flash drive. Accountability is the tracking mechanisms used to keep record of events on a system. Auditing is used for this purpose. An NAS can be a WAP, VPN server, or even a 802.1x switch. TACACS+ relies on TCP whereas RADIUS uses UDP. Radius combines AA but Tacacs+ can separate their functions. The private key of public key cryptography is never transmitted over a network. Public key encryption (asymmetric, public key encrypts message or verifies a signature and the private key decrypts the message or signs a document) and private (symmetric). Kerberos requires only a SSO. It is non-proprietary and is used for cross-platform authentication. PKI uses public key. It uses five certification stores: personal, CA, enterprise trust, trusted root, and UserDS. Each party secures their own private key and they share a public key. Trusting the public key is needed for PKI to work. VeriSign and Entrust are public CAs. An ACL has a string of bits called an access mask for privileges. Chap supports non-MS remote access clients. Users don’t actually send passwords over the network. Macro-viruses attack documents. Trojan Horses and Worms do not require a host. THs can be uses to turn systems into zombies. In a Fraggle attack spoofed UDP packets are sent to a network’s broadcast address. Smurf uses ping Test: 16. EAP is used w/ smart cards and certificates.
Final Book Test: A router and multilayer switch can route packets. A switch only forwards. A router can control the number of broadcast domains. It does not forward broadcast. (NIC provides access to Ethernet LAN). 110 block is for CAT 6 UTP that run Gigabit Ethernet. T1 has 24 64kbps channels. (Layer 3 switch can connect two or more broadcast domains) A port scanner can find which services are provided. (EIGRP is a combo of link state and distance vector) (A valid IPV4 address cannot have 255 in it)
T4 has twisted copper pairs. ARCNET –Attached Resource Computer Network Cat5e – max 1 GB Port Mirroring can forward packets to an IDS for monitoring. ADSL – Asymmetric Digital Subscriber Line (not Analog) EGP - Exterior Gateway Protocol A router (layer 3) can pass frames. SSH is typically used to log into a remote machine and execute commands