Вы находитесь на странице: 1из 3

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .


TCP/IP Suite Summary (continued)

Name Domain Name System Dynamic Host Configuration Protocol Simple Network Management Protocol Transport Layer Security Session Initiation Protocol Real-time Transport Protocol Description Resolves hostnames to IP addresses. Automatically assigns TCP/IP information. Used in network management systems to monitor network-attached devices for conditions that may need attention from an administrator. A security protocol designed to ensure privacy between communicating client/server applications. SIP is an application-layer protocol designed to establish and maintain multimedia sessions such as Internet telephony calls. The Internet-standard protocol for the transport of real-time data.

The Network+ Cram Sheet

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
This Cram Sheet contains the distilled key facts about the CompTIA Network+ exam. Review this information as the last thing you do before you enter the testing center, paying special attention to those areas in which you feel you need the most review. You can transfer any of these facts from your head onto a blank sheet of paper immediately before you begin the exam.


. A router that uses a link-state protocol differs from a router that uses a distance-vector protocol because it builds a map of the entire network and then holds that map in memory. Link-state protocols include Open Shortest Path First (OSPF) and Intermediate System-to-Intermediate System (IS-IS). . Hops are the means by which distance-vector routing protocols determine the shortest way to reach a given destination. Each router constitutes one hop, so if a router is four hops away from another router, there are three routers, or hops, between itself and the destination.

. Routing Information Protocol (RIP) is a distancevector routing protocol used for both the TCP/IP and IPX/SPX protocol suites. . Distance-vector protocols in use today include Routing Information Protocol (RIP and RIPv2), Enhanced Interior Gateway Routing Protocol (EIGRP), and Border Gateway Protocol (BGP). . Switches introduce microsegmentation, by which each connected system effectively operates on its own dedicated network connection.

IEEE Standard

802.11 Wireless Standards

Frequency/ Speed Medium 5GHz 2.4GHz 2.4GHz 2.4GHz/ 5GHz Up to 54Mbps Topology Transmission Range 25 to 75 feet indoors; range can be affected by building materials. Up to 150 feet indoors; range can be affected by building materials. Up to 150 feet indoors; range can be affected by building materials. 175+ feet indoors; range can be affected by building materials. Access Method CSMA/CA CSMA/CA CSMA/CA CSMA/CA

Protocol FTP FTP SSH Telnet SMTP DNS

TCP/IP Port Assignments for Commonly Used Protocols

Port Assignment 20 21 22 23 25 53 Protocol HTTP POP3 NNTP NTP IMAP4 HTTPS Port Assignment 80 110 119 123 143 443 Protocol UDP Ports DHCP TFTP DNS BOOTPS DHCP SNMP Port Assignment 67 69 53 67 161

802.11a 802.11b 802.11g 802.11n



TCP/IP Suite Summary

Name Internet Protocol Transmission Control Protocol User Datagram Protocol File Transfer Protocol Secure File Transfer Protocol Trivial File Transfer Protocol Description A connectionless protocol used to move data around a network. A connection-oriented protocol that offers flow control, sequencing, and retransmission of dropped packets. A connectionless alternative to TCP used for applications that do not require the functions offered by TCP. A protocol for uploading and downloading files to and from a remote host. Also accommodates basic file-management tasks. A protocol for securely uploading and downloading files to and from a remote host. Based on SSH security. A file transfer protocol that does not have the security or error checking of FTP. TFTP uses UDP as a transport protocol and therefore is connectionless. A mechanism for transporting email across networks. A protocol for retrieving files from a web server. A secure protocol for retrieving files from a web server. Used to retrieve email from the server on which it is stored. Can only be used to retrieve mail. IMAP and POP cannot be used to send mail. Allows sessions to be opened on a remote host. Allows secure sessions to be opened on a remote host. Used on IP-based networks for error reporting, flow control, and route testing. Resolves IP addresses to MAC addresses to enable communication between devices. Resolves MAC addresses to IP addresses. Used to communicate time synchronization information between devices. Facilitates the access and downloading of messages from newsgroup servers. Allows files to be copied securely between two systems. Uses Secure Shell (SSH) technology to provide encryption services. A protocol used to access and query directory services systems such as Novell eDirectory and Microsoft Active Directory. Provides a mechanism for systems within the same multicast group to register and communicate with each other.

Ad hoc/ infrastructure Up to 11Mbps Ad hoc/ infrastructure Up to 54Mbps Ad hoc/ infrastructure Up to 600Mbps Ad hoc/ infrastructure


Simple Mail Transfer Protocol Hypertext Transfer Protocol Hypertext Transfer Protocol Secure Post Office Protocol version 3/ Internet Message Access Protocol version 4 Telnet Secure Shell Internet Control Message Protocol Address Resolution Protocol Reverse Address Resolution Protocol Network Time Protocol Network News Transport Protocol Secure Copy Protocol Lightweight Directory Access Protocol Internet Group Management Protocol

. A MAC address is a 6-byte hexadecimal address that allows a device to be uniquely identified on the network. A MAC address combines numbers and the letters A to F. An example of a MAC address is 00:D0:59:09:07:51. . A Class A TCP/IP address uses only the first octet to represent the network portion, a Class B address uses two octets, and a Class C address uses three octets. . Class A addresses span from 1 to 126, with a default subnet mask of . Class B addresses span from 128 to 191, with a default subnet mask of . Class C addresses span from 192 to 223, with a default subnet mask of . The 127 network ID is reserved for the local loopback. . Application protocols map to the application, presentation, and session layers of the OSI model. Application protocols include AFT, FTP, SFTP, TFTP, NCP, NTP, NNTP, SSH, Telnet, SCP, LDAP, and SNMP. . Transport protocols map to the transport layer of the OSI model and are responsible for transporting data across the network. Transport protocols include ATP, NetBEUI, SPX, TCP, and UDP.

. Default gateways are the means by which a device can access hosts on other networks for which it does not have a specifically configured route. . IP is a network protocol responsible for providing addressing and routing information. . The TCP/IP suite is used by all major operating systems and is a routable protocol. . DHCP/BOOTP is a network service that automatically assigns IP addressing information. . In a network that does not use DHCP, you need to watch for duplicate IP addresses that prevent a user from logging on to the network. . Subnetting is a process in which parts of the host ID portion of an IP address are used to create more network IDs. . APIPA is a system used on Windows to automatically self-assign an IP address in the 169.x.x.x range in the absence of a DHCP server. . DNS resolves hostnames to IP addresses. . NAT translates private network addresses into public network addresses.


. Peer-to-peer networks are useful for only relatively small networks. They are often used in small offices or home environments. . Client/server networks, also called server-centric networks, have clients and servers. Servers provide centralized administration, data storage, and security. The client system requests data from the server and displays the data to the end user. . The bus network topology is also known as a linear bus because the computers in such a network are linked using a single cable called a trunk or backbone. . If a terminator on a bus network is loose, data communications might be disrupted. Any other break in the cable will cause the entire network segment to fail. . In a star configuration, all devices on the network connect to a central device, and this central device creates a single point of failure on the network. . The wired mesh topology requires each computer on the network to be individually connected to every other device. This configuration provides maximum reliability and redundancy for the network. . A wireless infrastructure network uses a centralized device known as a wireless access point (AP). Ad hoc wireless topologies are a peer-to-peer configuration and do not use a wireless access point. . 802.2, the LLC sublayer, defines specifications for the Logical Link Control (LLC) sublayer in the 802 standard series. . 802.3 defines the carrier sense multiple access with collision detection (CSMA/CD) media access method used in Ethernet networks. This is the most popular networking standard used today. . Many factors cause EMI, including computer monitors and fluorescent lighting fixtures. . Copper-based media are prone to EMI, whereas fiber-optic cable is immune to it. . Data signals might also be subjected to crosstalk, which occurs when signals from two cables, or from wires within a single cable, interfere with each other. . The weakening of data signals as they traverse the media is called attenuation. . Half-duplex mode enables each device to both transmit and receive, but only one of these processes can occur at a time. . Full-duplex mode enables devices to receive and transmit simultaneously. A 100Mbps network card in full-duplex mode can operate at 200Mbps. . 802.11b/g uses 2.4GHz RF for transmissions, whereas 802.11a uses 5GHz RF. 802.11n uses 2.4 or 5GHz. . UTP cabling is classified by category. Categories 5/5e and 6 offer transmission distances of 100 meters. . F-type connectors are used with coaxial cable, most commonly to connect cable modems and TVs. F-type connectors are a screw-type connector. . SC, ST, LC, and MT-RJ connectors are associated with fiber cabling. ST connectors offer a twisttype attachment, and SC, LC, and MT-RJ connectors are push-on. . RJ-45 connectors are used with UTP cable and are associated with networking applications. RJ-11 connectors are used with telephone cables. . Plenum-rated cables are used to run cabling through walls or ceilings.


Comparing IPv4 and IPv6

IPv4 Address IPv4 public address ranges IPv4 automatic private IP addressing ( IPv6 Address 0:0:0:0:0:0:0:1 (::1) Global unicast IPv6 addresses Site-local address ranges (FEC0::)

Address Feature Loopback address Network-wide addresses Private network addresses

Autoconfigured addresses

Link-local addresses of FE80:: prefix

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ethernet Standards TABLE 5 Summary of 802.3u Fast Ethernet Characteristics

100BaseTX Baseband 100Mbps 100 meters Category UTP, STP RJ-45 100BaseT4 Baseband 100Mbps 100 meters 100BaseFX Baseband 100Mbps 412 meters (multimode, half-duplex); 10,000 meters (single-mode, full-duplex) Category 3, 4, 5 Fiber-optic 5 or greater RJ-45 SC, ST Characteristic Transmission method Speed Distance Cable type Connector type


Device Hub Switch

Network Devices Summary

Description Connects devices on an Ethernet twisted-pair network. Connects devices on a twisted-pair network. Regenerates data signals. Key Points Does not perform any tasks besides signal regeneration.


Summary of IEEE 802.3z Gigabit Ethernet Characteristics

1000BaseSX Baseband 1000Mbps Half-duplex 275 (62.5-micron multimode fiber); half-duplex 316 (50-micron multimode fiber); full-duplex 275 (62.5-micron multimode fiber); full-duplex 550 (50-micron multimode fiber) 62.5/125 and 50/125 multimode fiber 1000BaseLX Baseband 1000Mbps Half-duplex 316 (multimode and single-mode fiber); full-duplex 550 (multimode fiber); full-duplex 5000 (single-mode fiber) 1000BaseCX Baseband 1000Mbps 25 meters for both full-duplex and half-duplex operations

Characteristic Transmission method Speed Distance

Cable type

Connector type

Fiber-optic connectors

62.5/125 and 50/125 multimode fiber; two 10-micron single-mode optical fibers Fiber-optic connectors

Shielded copper cable

Nine-pin shielded connector


Summary of 1000BaseT Characteristics

Description Baseband 1000Mbps 75 meters Category 5 or better RJ-45

Characteristic Transmission method Speed Total distance/segment Cable type Connector type


Summary of 802.3ae Characteristics

62.5-micron multimode fiber Up to 33 m Not used Not used 50-micron multimode fiber 300 m Not used Not used Single-mode fiber Not used 10 km 40 km

Forwards data to its destination by using the MAC address embedded in each packet. Repeater The function a repeater provides typically is built into other devices, such as switches. Bridge Connects LANs to reduce overall Allows or prevents data from passing through it by network traffic. reading the MAC address. Router Connects networks. Uses the software-configured network address to make forwarding decisions. Gateway Translates from one data format Can be hardware- or software-based. Any device that to another. translates data formats is called a gateway. CSU/DSU Translates digital signals used on CSU/DSU functionality is sometimes incorporated into a LAN to those used on a WAN. other devices, such as a router with a WAN connection. Modem Provides serial communication Modulates the digital signal into analog at the sending capabilities across phone lines. end and performs the reverse function at the receiving end. Network card Enables systems to connect to Can be an add-in expansion card, PCMCIA card, or the network. built-in interface. Media converter Interconnects older technology A hardware device that connects newer Gigabit Ethernet with new technology. technologies with older 100BaseT networks or older copper standards with fiber. Firewall Provides controlled data access Can be hardware- or software-based and is an between networks. essential part of a networks security strategy. DHCP server Automatically distributes IP Assigns all IP information, including IP address, subnet information. mask, DNS, gateway, and more. Load balancer Distributes the network load. Load balancing increases redundancy and performance by distributing the load to multiple servers. Multifunction Combines network services. A hardware device that combines multiple network device services into a single device, reducing cost and easing administrative difficulty. DNS server Provides name resolution from Answers clients requests to translate hostnames hostnames to IP addresses. into IP addresses. Bandwidth shaper Manages network bandwidth. Monitors and controls bandwidth usage. Proxy server Manages client Internet requests. Serves two key network functions: increases network performance by caching, and filters outgoing client requests. CSU/DSU A conversion device that connects Acts as a translator between the LAN data format and a LAN and WAN. the WAN data format. . Computers connect to a hub via a length of twistedpair cabling. . Active hubs regenerate a data signal before forwarding it to all the ports on the device and require a power supply. . Passive hubs, which today are seen only on older networks, do not need power, and they dont regenerate the data signal. . A hub takes data from one of the connected sending devices and forwards the message to all the other ports on the hub. . The method of sending data to all systems regardless of the intended recipient is called broadcasting. On busy networks, broadcast communications can have a significant impact on overall network performance. . A hub forwards data to all ports, regardless of whether the data is intended for the system connected to the port. Rather than forwarding data to all the connected ports, a switch forwards data only to the port on which the destination system is connected. . By channeling data only to the connections that should receive it, switches reduce the number of collisions that happen on the network. . A switch makes forwarding decisions based on the Media Access Control (MAC) addresses of the devices connected to it to determine the correct port. . In cut-through switching, the switch begins to forward the packet as soon as it is received. . In store-and-forward switching, the switch waits to receive the entire packet before beginning to forward it.

. In fragment-free switching, the switch reads only the part of the packet that enables it to identify fragments of a transmission. . Switches reduce collisions through a process called microsegmentation. Each port on a switch is a dedicated link between the switch and the connected computer. . Hubs and switches have two types of ports: mediumdependent interface (MDI) and medium-dependent interface crossed (MDI-X). . A straight-through cable is used to connect systems to the switch or hub using the MDI-X ports. . In a crossover cable, wires 1 and 3 and wires 2 and 6 are crossed.

. PoE is a technology that allows electrical power to be transmitted over twisted-pair Ethernet cable. The power is transferred, along with data, to provide power to remote devices. These devices may include remote switches, wireless access points, VoIP equipment, and more. . The term trunking refers to the use of multiple network cables or ports in parallel to increase the link speed beyond the limits of any one cable or port. . Port mirroring provides a way to monitor network traffic and monitor how well a switch is working. . Port authentication involves authenticating users on a port-by-port basis. One standard that specifies port authentication is the 802.1X standard, often associated with wireless security.


OSI Layer Application Presentation

Summary of the OSI Model

Description Provides access to the network for applications and certain end-user functions. Displays incoming information and prepares outgoing information for network access. Converts data from the application layer into a format that can be sent over the network. Converts data from the session layer into a format that the application layer can understand. Encrypts and decrypts data. Provides compression and decompression functionality. Synchronizes the data exchange between applications on separate devices. Handles error detection and notification to the peer layer on the other device. Establishes, maintains, and breaks connections between two devices. Determines the ordering and priorities of data. Performs error checking and verification and handles retransmissions if necessary. Provides mechanisms for the routing of data between devices across single or multiple network segments. Handles the discovery of destination systems and addressing. Has two distinct sublayers: LLC and MAC. Performs error detection and handling for the transmitted signals. Defines the method by which the medium is accessed. Defines hardware addressing through the MAC sublayer. Defines the networks physical structure. Defines voltage/signal rates and the physical connection methods. Defines the physical topology. . The logical topology refers to how a network looks to the devices that use ithow it functions. . RAID 0 offers no fault tolerance and improves I/O performance. It requires a minimum of two disks. . RAID 1, disk mirroring, provides fault tolerance and requires two hard disks. Separate disk controllers can be useda strategy known as disk duplexing. . RAID 5, disk striping with distributed parity, requires a minimum of three disksthe total size of a single disk being used for the parity calculation. . In a full backup, all data is backed up. Full backups do not use the archive bit, but they do clear it. . Incremental backups back up all data that has changed since the last full or incremental backup. They use and clear the archive bit. . Differential backups back up all data since the last full or differential backup. They use the archive bit but do not clear it. . GFS (grandfather, father, son) is a commonly implemented backup strategy.

Session Transport Network Data link


Horizontal and Vertical Cable and Cross-Connect

. The horizontal cabling extends from the telecommunications outlet, or network outlet with RJ-45 connectors, at the client end. It includes all cable from that outlet to the telecommunication room to the horizontal cross-connect. . Vertical cable, or backbone cable, refers to the media used to connect telecommunication rooms, server rooms, and remote locations and offices. . Main Distribution Frame (MDF) and Intermediate Distribution Frame (IDF) define types of wiring closets. The main wiring closet for a network typically holds the majority of the network gear, including routers, switches, wiring, servers, and more. . A networks demarcation point refers to the connection point between the ISPs part of the network and the customers portion of the network.

. As data is passed up or down through the OSI model structure, headers are added (going down) or removed (going up) at each layera process called encapsulation (when added) or decapsulation (when removed). . Mapping network devices to the OSI model: Hub: Physical (Layer 1) Switch: Data link (Layer 2) Bridge: Data link (Layer 2) Router: Network (Layer 3) NIC: Data link (Layer 2) AP: Data link (Layer 2) . Shaping by application: Administrators can control traffic based on the types of network traffic and assigning that category a bandwidth limit. . Documentation should also include diagrams of the physical and logical network design. The physical topology refers to how a network is physically constructedhow it looks.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Steps in the Network Troubleshooting Methodology

1. Information gathering: identify symptoms and problems. 2. Identify the affected areas of the network. 3. Determine if anything has changed. 4. Establish the most probable cause. 5. Determine if escalation is necessary. 6. Create an action plan and solution identifying potential effects. 7. Implement and test the solution. 8. Identify the results and effects of the solution. 9. Document the solution and the entire process.

. A wire crimper is a tool that you use to attach media connectors to the ends of cables. . Wire strippers come in a variety of shapes and sizes. Some are specifically designed to strip the outer sheathing from coaxial cable, and others are designed to work with UTP cable. . Punchdown tools are used to attach twisted-pair network cable to connectors within a patch panel. Specifically, they connect twisted-pair wires to the IDC. . Voltage event recorders are used to monitor the quality of power used on the network or by network hardware. . Temperature monitors keep track of the temperature in wiring closets and server rooms. . Toner probes are used to locate cables hidden in floors, ceilings, or walls and to track cables from the patch panel to their destination. . Protocol analyzers can be hardware- or softwarebased. Their primary function is to analyze network protocols such as TCP, UDP, HTTP, FTP, and more. . A TDR is a device used to send a signal through a particular medium to check the cables continuity. . An OTDR performs the same basic function as a wire media tester, but on optical media. . Packet sniffers are either a hardware device or software that eavesdrop on transmissions that are traveling throughout the network. . Throughput testers identify the rate of data delivery over a communication channel. . Port scanners are a software-based utility. They are a security tool designed to search a network host for open ports on a TCP/IP-based network. . The netstat -a command can be used on a Windows-based system to see the status of ports. . You can ping the local loopback adapter by using the command ping If this command is successful, you know that the TCP/IP suite is installed correctly on your system and is functioning. . tracert reports how long it takes to reach each router in the path. Its a useful tool for isolating bottlenecks in a network. The tracert command performs the same task on UNIX and Linux systems. . ARP is the part of the TCP/IP suite whose function is to resolve IP addresses to MAC addresses.

. netstat is used to view both inbound and outbound TCP/IP network connections. . nbtstat is used to display protocol and statistical information for NetBIOS over TCP/IP connections. . ipconfig shows the IP configuration information for all NICs installed in a system. . ipconfig /all is used to display detailed TCP/IP configuration information. . ipconfig /renew is used on Windows operating systems to renew the systems DNS information. . When looking for client connectivity problems using ipconfig, you should ensure that the gateway is set correctly. . The ifconfig command is the Linux equivalent of the ipconfig command. . The nslookup command is a TCP/IP diagnostic tool used to troubleshoot DNS problems. dig can be used for the same purpose on UNIX and Linux systems.

. A firewall is considered a logical security measure and is one of the cornerstone concepts of network security. . At its most basic, a firewall is a device that has more than one network interface and manages the flow of network traffic between those interfaces. . A DMZ is part of a network on which you place servers that must be accessible by sources both outside and inside your network. . An IDS can detect malware or other dangerous traffic that may pass undetected by the firewall. Most IDSs can detect potentially dangerous content by its signature. . An IPS is a network device that continually scans the network, looking for inappropriate activity. It can shut down any potential threats. . An access control list (ACL) typically refers to specific access permissions assigned to an object or device on the network. For example, wireless routers can be configured to restrict who can and cannot access the router based on the MAC address. . When a port is blocked, you disable the capability for traffic to pass through that port, thereby filtering that traffic. . A VPN extends a LAN by establishing a remote connection, a connection tunnel, using a public network such as the Internet. . PPTP creates a secure tunnel between two points on a network, over which other connectivity protocols, such as PPP, can be used. This tunneling functionality is the basis for VPNs. . VPNs are created and managed by using protocols such as PPTP and L2TP, which build on the functionality of PPP. This makes it possible to create dedicated point-to-point tunnels through a public network such as the Internet. . L2TP authenticates the client in a two-phase process. It authenticates the computer and then the user. . To create secure data transmissions, IPSec uses two separate protocols: Authentication Header (AH) and Encapsulating Security Payload (ESP).

. PPPoE (Point-to-Point Protocol over Ethernet) is a protocol used to connect multiple network users on an Ethernet local area network to a remote site through a common device. . The RDP, VNC, and ICA protocols allow client systems to access and run applications on a remote system, using that systems resources. Only the user interface, keystrokes, and mouse movement are transferred between the client and server computers. . AAA defines a spectrum of security measures, policies, and procedures that are combined to create a secure network. . Authentication refers to the mechanisms used to verify the identity of the computer or user attempting to access a particular resource. This includes passwords and biometrics. . Authorization is the method used to determine if an authenticated user has access to a particular resource. This is commonly determined through group associationa particular group may have a specific level of security clearance. . Accounting refers to the tracking mechanisms used to keep a record of events on a system. . Terminal Access Controller Access Control System+ (TACACS+) is a security protocol designed to provide centralized validation of users who are attempting to gain access to a router or Network Access Server (NAS). . Kerberos is one part of a strategic security solution that provides secure authentication services to users, applications, and network devices. It eliminates the insecurities caused by passwords being stored or transmitted across the network. . A public key infrastructure (PKI) is a collection of software, standards, and policies that are combined to allow users from the Internet or other unsecured public networks to securely exchange data. . A public key is a nonsecret key that forms half of a cryptographic key pair that is used with a public key algorithm. The public key is freely given to all potential receivers. . A private key is the secret half of a cryptographic key pair that is used with a public key algorithm. The private part of the public key cryptography system is never transmitted over a network. . A certificate is a digitally signed statement that associates the credentials of a public key to the identity of the person, device, or service that holds the corresponding private key.