Академический Документы
Профессиональный Документы
Культура Документы
Table of Contents
1.0: NETWORKING CONCEPTS.................................................................................... 6
1.1 Compare the layers of the OSI and TCP/IP models................................................6
OSI Model (Open Systems Interconnection Reference Model)................................6
TCP/IP Model........................................................................................................... 8
1.2 Classify how applications, devices, and protocols relate to the OSI model layers 8
1.3 Explain the purpose and properties of IP addressing............................................9
Basic Binary Math................................................................................................... 9
Subnetting.............................................................................................................. 9
Classes of Addresses............................................................................................ 10
IPv4 vs. IPv6......................................................................................................... 11
MAC Addresses..................................................................................................... 12
APIPA (Automatic Private IP Addressing)...............................................................12
Multicast vs. Unicast vs. Broadcast.......................................................................12
1.4 Explain the purpose and properties of routing and switching.............................13
EIGRP (Enhanced Interior Gateway Routing Protocol)...........................................13
OSPF (Open Shortest Path First)...........................................................................14
RIP (Routing Information Protocol)........................................................................14
IS-IS...................................................................................................................... 14
Link State vs. Distance-Vector vs. Hybrid.............................................................15
Static and Dynamic Routing................................................................................. 15
Routing Metrics..................................................................................................... 16
Next Hop............................................................................................................... 16
Spanning Tree Protocol (STP)................................................................................ 17
VLANs (Virtual LANs)............................................................................................. 17
Port Mirroring........................................................................................................ 18
Broadcast Domain vs. Collision Domain...............................................................18
IGP vs. EGP........................................................................................................... 19
Routing Tables...................................................................................................... 20
Convergence......................................................................................................... 20
Types of Switches................................................................................................. 20
1.5 Identify common TCP and UDP default ports......................................................21
1.6 Explain the function of common networking protocols.......................................22
TCP/IP Protocol Suite............................................................................................. 22
1.7 Summarize DNS concepts and its components..................................................25
1.8 Given a scenario, implement the following network troubleshooting
methodology............................................................................................................ 27
1.9 Identify virtual network components..................................................................28
Virtual Machine Manager (VMM)...........................................................................28
Virtual Servers...................................................................................................... 28
Virtual Desktops................................................................................................... 28
Server Consolidation............................................................................................. 29
Virtual Switches.................................................................................................... 29
Network as a Service (NaaS)................................................................................ 29
Onsite vs. Offsite Virtualization............................................................................ 29
Page 1
Virtual PBX............................................................................................................ 30
Page 2
Page 3
CSMA/CD............................................................................................................... 66
CSMA/CA............................................................................................................... 67
Bonding/Link Aggregation..................................................................................... 67
3.8 Identify components of wiring distribution.........................................................67
Distribution frames............................................................................................... 67
MDF (Main Distribution Frame)............................................................................. 68
IDF (Intermediate Distribution Frame)..................................................................68
Vertical / Horizontal Cross-Connects.....................................................................68
Demarc................................................................................................................. 68
Smartjack............................................................................................................. 68
CSU/DSU (Channel Service Unit / Data Service Unit)............................................69
Page 4
Asset Management............................................................................................... 78
Baselines.............................................................................................................. 78
Change Management............................................................................................ 78
4.6 Explain different methods and rationales for network performance optimization
................................................................................................................................. 78
Methods................................................................................................................ 78
Reasons................................................................................................................ 79
Page 5
OSI Data
1.
Converts
informatio
n suitable
for
Page 6
2.
Data is
converted
into
segment
Two sublayers:
LLC (Logical Link Control)
o Encapsulates protocols in upper layers so
multiple upper layer protocols can share the
same media
o Includes PPP, SLIP, SONET, and Frame Relay
MAC (Media Access Control)
o Defines how packets are transferred onto
media
Includes the CSMA/CD contention
scheme
o Attaches MAC addresses to frames
Frames at this layer can be 1500 bytes of data each
o Layer 1: Physical Layer
Signaling, cabling, connectors
5. Frames
You have a physical layer problem
are
converted
Answer: Fix cabling, punch-downs, etc.
Ethernet, Fast Ethernet, FDDI, and ATM/Token Ring exist at
this layer
TCP/IP Model
TCP/IP
Information is
assembled
into frames
1.
Frames go
into an IP
packet
Layer
1
Cables
NICs
Hubs
Layer 2
Layer 3
Frames
IPMACaddresse
address
s
EUIRouters
48/64
Packets
Switches
Protocol Binding is the
Layer 4
Layer 5
TCPControl
segment and
s
tunnelin
UDPg
datagra
protocols
ms
process of assigning a
Layer 6
Layer 7
Encryptio Decrypte
n devices d
(SSL/TLS) informati
on on
screen
protocol to NIC
A bit is 0 or 1
8 bits = 1 byte
o Also referred to an octet
A binary-to-decimal conversion chart is good way to calculate a
binary number
Placehold 128 64
32
16
8
4
2
1
er:
Binary #: 1
0
0
0
0
0
1
0
Value =
128 0 + 0 + 0 + 0 + 0 + 2 + 0
130:
+
Page 9
So 11111111 = 255
Anywhere where there is a 0 in a subnet mask means is part
of the host ID
Subnetting
A subnet mask is used to identify the host ID, subnet ID, and
network ID of an IPv4 address
o The formula 2x 2 is used to determine the number of host
addresses
A computer uses a subnet mask to determine if the sending address is
local to the network or located in a different network. If the subnet
masks match, the destination is local
Anywhere a 255 exists in an address is the mask, and the client
addresses are just zeros
There are 256 possible addresses per octet
o Only 254 possible clients/hosts because the subnet address and
broadcast address are subtracted
How to calculate subnet address and broadcast address:
Given IP Address is
11000000.10101000.00000001.00000
192.168.1.165:
000
With subnet mask of
11111111.11111111.11111111.00000
255.255.255.0:
000
Perform bitwise AND:
11000000.10101000.00000001.00000
000
Subnet Address:
192
.168
.
1
.0
Change zeros to 1s in last
11000000.10101000.00000001.11111
octet:
111
Broadcast Address:
192
.168
.
1
.255
o So thus, you figure out the subnet address by converting the IP
address and subnet mask to binary and then using something
called a bitwise AND to write out a new address in which you
place a 1 where ever there is a 1 in the same place in both IP
address and subnet mask. Then the broadcast address is
obtained converting the subnet address to binary and changing
an octet with all zeros to all ones and then reconverting the
binary to decimal.
Common CIDR notations are /8, /16, /24, /32, or multiples
of 8. However, we are not limited to this
To modify the subnet, keep adding 1s to the remaining
zeros in the subnet mask and increment each CIDR
notation by one each time you do that
Page 10
Classes of Addresses
Page 11
Page 12
IPv4
o
o
IPv6
o
o
o
o
o
o
o
Page 13
MAC Addresses
LAN
ID
Identifier/Device ID
EUI-64
o Used in newer technologies
o Used by FireWire and IPv6 link-local auto configuration
o Eight bytes in hexadecimal
o First three bytes are the OUI
o Last five bytes are also assigned sequentially and look the same
as EUI-48, just longer
o Useful for IPv6 hosts
Converting to EUI-64 from EUI-48
o Split the EUI-48 address into two pieces, 24 bits each
o Insert FFFE in the middle of the EUI-48 address
o The 7th bit in the OUI is set to 1 for locally created addresses and
set to 0 for globally unique addresses
o After this 7th bit in the OUI is set, you end up with the EUI-64
address
A link-local address
o Not routable: It can be used on a local subnet, but is not an
address a router will forward to other subnets
IETF has reserved 169.254.1.0 though 169.254.255.254 for APIPA
o These addresses are automatically assigned
o Uses ARP to confirm the addresses are not already in use
Page 14
Unicast
o One station sends information to only one other system
o Private information is sent between systems
o Used in web surfing and file transfers
o Not good for streaming media
Broadcast
o Sends information to everyone at once
o One packet is sent out, but everyone receives it
o Only allows a limited scope in what is called a broadcast domain
o Kept only on a small subnet of a network
o Used in routing updates, ARP requests, etc.
Multicast
o Delivery of information to interested systems
o The end station must be configured to accept multicast
o Used for local type of multimedia delivery
o Stock exchanges are done over multicast, for example
o Very specialized and difficult to scale across large networks
Anycast
o Used by IPv6
o Selects one out of many nodes based on which one is the closest
Page 15
Page 16
IS-IS
Page 17
Dynamic Routing
o Routing protocols that make decisions on their own
More reliable, automatically detects problems
o All automatic and no human configurations are required
Builds and updates routing tables themselves
o Minimal configuration on the router
o Convergence is handled automatically by the routing protocol
The time to converge is based on the protocol
o Many options for dynamic routing, including RIP, OSPF, or EIGRP
Static Routing
o The human configures the routes manually
o Can range from being very simple to very complex
Every network is different
o Very common, even in large environments
Simple to configure
Gives you complete control that dynamic routing does not
give you
Page 18
Routing Metrics
Routing metrics will help you decide which direction the traffic
will take
Different routing protocols use different metrics
o RIP uses hop counts
o EIGRP uses a metric between 0 and 4,294,967,295
o Windows uses a metric between 1 and 9999
Common routing metrics:
o Hop-count
o Speed of the network
o Throughput
o Bandwidth
Throughput of a network route measured in bits/sec
o Cost
The efficiency of a route. Calculated by
8
10
bandwidth(link speed )
o Load
The amount of bandwidth currently being used. Calculated
by Total Bandwidth Available Bandwidth
o Link utilization
o MTU (Maximum Transmission Unit Size)
Determines the largest size of packets that can fit across
networks that a route can carry
Avoids/reduces the fragmentation of IP packets
o Path reliability
The percentage of time a path is available
o Packet loss
o Latency
o Delay
The time it takes for a data packet to reach its destination
Next Hop
Page 19
Page 20
Port Mirroring
Collision domain:
o A historical footnote
o A network where a group of nodes can compete with each other
for media access
o The word collision is misleading because collisions were normal
in the process of transferring information over Ethernet networks
o The network was one big segment and everyone heard everyone
else signals
Similar to ad-hoc networks or NetBIOS networks
Think bus topologies
o Only one station can send data at a time
Accomplished through CSMA (Carrier Sense Multiple
Access)
Stations will listen and send traffic when no communication
is occurring
o A collision occurs when two devices communicated at the same
time
A difference in signal on the wire occurs when a collision
happens and a Collision Detection (CD)(hence CSMA/CD) system
picks up on this and sends a signal
o When networks on collision domains got larger, bridges
separated the network into different parts to reduce collisions
o Very large networks eliminated collision domains by having all
devices connect to a single bridge and communicate in full
duplex
On collision domains, which used hubs, communication
could obviously only be half duplex
o Switches define the size of a collision domain
Broadcast domain:
o A logical area in a network where any node connected to a
computer network can directly transmit to any other node
without going through a central routing device
o Deals with the type of packets going across the network rather
than the signal like in collision domains
Page 22
o Traffic will pass right through the switch/bridge and will only stop
once it reaches a Layer 3 device like a router
o Everyone on the subnet on one side of a router will see the
broadcast
Like in collision domains, multiple routers are placed in a
network to further specialize which systems received the
broadcast
o Only routers can determine the size of a broadcast domain
Multiple collision domains can make up a broadcast domain,
but multiple broadcast domains can only be one collision
domain
AS (Autonomous System)
o Important for understanding IGP and EGP
o A group of IP routes under common control (clearly defined
routing policy)
o You will configure a network to act as a singe autonomous
system
o IANA assigns an ASN number between 0 and 65,535
IGP (Interior Gateway Protocols)
o Used within a single AS
o Not intended to route between different AS
o OSPF, IS-IS, EIGRP, RIP, and RIPv2 can use this
EGP (Exterior Gateway Protocols)
o Used to route between AS
o Leverages the IGP at the AS to handle local routing
BGP (Border Gateway Protocol)
Connects all AS on the Internet
Known as the glue of the Internet)
Used by ISPs because it supports the implementation of
policies and can restrict access
This is the standard to make EGP possible
Advertises route information about the networks in each AS
and the ASNs
Routing Tables
Page 23
Convergence
Types of Switches
Cut-through switch
o Forwards data packets as soon as it receives them and does not
check for any errors. Uses only the header bits to determine the
packets MAC address
Fragment-free switch
o Waits for the first 64 bytes before forwarding in order to check
for corruption
Store-and-forward switch
o Calculates the CRC value and compares it to the packets value
before forwarding. This is the slowest kind of switch because it
inspects a packets entire frame [FCS (Frame Check Sequence)]
before forwarding it
Multi-layer switch
o A layer 2 router/layer 3 switch/IP switch. New technology/not
standardized
Content switch
Page 24
Page 25
UDP Ports
o DNS (Domain Name Services)
UDP/53 (queries)
o BOOTP/DHCP (Bootstrap Protocol / Dynamic Host Configuration
Protocol)
UDP/67
o TFTP (Trivial File Transfer Protocol)
UDP/69
o NTP (Network Time Protocol)
UDP/123
o SNMP (Simple Network Management Protocol)
UDP/161
Page 26
o Application
BOOTP (Bootstrap Protocol)
Automates the IP address configuration process
Allocates IP addresses to devices without any local
storage
Replaced by DHCP
DNS (Domain Name Services)
Converts domain names to IP addresses
NTP (Network Time Protocol) / SNTP
Automatically synchronizes clocks on all devices in a
network
Useful because it centralizes the times of all logs on
client workstations
Operates over UDP port 123
Listens on multicast address 224.0.1.1
NNTP (Network News Transfer Protocol)
Posts and retrieves news feeds from USENET
Operates over TCP port 119
NFS (Network File System)
Lets users share files distributes across a network as
if they were stored locally
Operates over port 2049
SMB (Server Message Block) / CIFS (Common Internet File
System)
Uses a client-server model to allow networked
computers to communicate and share resources like
files, printers, and serial ports
o Uses NetBIOS names (workstations, domains,
and AD)
Used in Microsoft systems
Operates over port 445
CIFS is the most recent version of SMB
o Has widespread support on Linux and Mac OS
ICMP (Internet Control Message Protocol)
Sends management messages between systems
Reports on the communication between two devices
Used with ping, sending echo requests and getting
an echo reply
Page 27
Page 28
Page 29
VoIP
Page 30
"."
(D N S Ro o t
S erve r)
.co m
Domai
n
TDL
mail.ucdenver.edu
FQDN
DNS Servers
o Authoritative Servers
Stores IP and FQDNs of systems on a domain
o Cache-only Servers
Only forwards requests and caches some common ones
o Parts of a DNS server:
Forward Lookup Zone
Where IP addresses and FQDNs are stored
The most important part of a DNS server
Reverse Lookup Zone
Enables a system to determine an FQDN based on an
IP address
Uses the PTR record
Cached Lookups
Stores already resolved FQDNs
Page 31
Page 32
Page 33
Virtual Servers
Virtual Desktops
Server Consolidation
Virtual Switches
Page 35
Onsite virtualization
o Allows you to manage your own infrastructure
Build it, host it, maintain it
o Advantages include giving you complete control, flexibility to
change an shift as needed, and secure as you need
o Disadvantages include the fact that it is costly, requires
significant networking infrastructure, and not easy to upgrade
Offsite virtualization
o Allows you to virtualize in the cloud
o Requires a stable Internet connection
o Advantages include no infrastructure costs, management is
handled by others, geographical flexibility, and seemingly
unlimited upgrade options
o Disadvantages include the fact that data is in the cloud and there
are contractual limitations
Not a great option if your data is extremely sensitive
Virtual PBX
Page 36
Access routers
o Located at remote sites, used in SOHO networks
Distribution routers
o Collects data from multiple access routers and redistributes the
data to a primary enterprise location
Core routers
Page 37
Routing Tables
The name, destination, and next hop are determined for all
possible directions
A default route should also be configured
Redundant routes in a routing table should have precedence over
one another
You need to visually look at a network to really determine how the
routing tables should be configured
Routers each change the packets MAC address to the MAC
address of the router in the next hop, but never the IP address
of the packet
Types of routes:
o Directly connected routes
o Remote routes
o Host routes
Packets go to a specific IP address
o Default routes
Parts of a routing table:
Network
NetMask
Gateway
Interface
Metric
Destinati
on
Address of Determines the
Address of Where data
Cost of a
host
extent to which
a packets
is sent after
route
destinatio the destination
first
the Network based on
ns
address must
hop/adjace Destination
hops or
match the
nt router
is
other
Network
determined
various
Destination
criteria
before that route
is used
Page 38
External to Internal
Individual port numbers of external traffic are picked
up and the address is converted and routed to the
appropriate server
o Used to convert externally accessible IP addresses to an internal
address
o Address is converted into a specific address
PAT or Source NAT (SNAT)
o Converts a source IP address to another IP address
Internal to External (192.168.0.1 to something unique
before getting onto the Internet)
Often used to convert a large number of internal IP
addresses to one external address
o Uses Dynamic NAT to map an unregistered address with a single
registered address using multiple ports
192.168.0.1 / or home routers
o Used in SOHO networks
o A translation table is held to keep track of what the original IP
addresses were
o Also known as Overloaded NAT
Dynamic NAT
o IP address is converted based on the first available address from
a pool
VLAN
Unmanaged switches
o Plug and play
o Very few configuration options
o Fixed configurations, so no VLANs
o Very little integration with other devices
No management protocols
Page 39
o Low cost
Managed / Intelligent switches
o Allow you to monitor and configure their operation
o Has its own IP address and a configuration interface
o VLAN support (802.1q)
o Traffic prioritization (QoS)
o Redundancy support
For STP (Spanning Tree Protocol) where many switches are
connected
o External management (SNMP)
o Port mirroring to capture packets
Interface Configurations
Traffic Filtering
Diagnostics
VLAN Trunking
o A trunk link connects various VLANs with a single switch
Manual configuration with many VLANs on a switch can be difficult
Cisco created VTP to automatically configure VLANs
o Configure one switch and VTP transfers those settings to the
other switches
Eliminates the overhead in porting a VLAN in another network
MVRP (Multiple VLAN Registration Protocol) does this on nonCisco switches
UTP on a switch:
o Server mode: default
o Client mode: Cannot modify VLANs
o Transport mode: Configuration is not transmitted to other
switches in the group
Port Mirroring
Page 42
Wireless LANs
WAP Placement
Antenna Types
Omnidirectional antennas
o One of the most common
o Included on most access points
o Signal is evenly distributed on all sides
o Good choice for most environments
o Disadvantage: No ability to focus signal
Directional antennas
o Focuses the signal in a particular direction
o Sends and receives signal in a single direction
Focused transmission and listening
o Antenna performance is measured in dB
o Double power every 3dB of gain
Yagi antenna
o Very directional and high gain
o Looks like a stick
o Found on rooftops to send signal from one direction to another
Parabolic antenna
o Focuses the signal to a single point
o Looks like a dish
Gain is the ratio of input and output power of an antenna
Larger the antenna, lower the frequency of transmit
Interference
Page 44
o Microwave ovens
o Cordless telephones
o High-power source
Unpredictable interference:
o Multi-tenant building with multiple WAPs
You can see interference problems with netstat -e on Linux and
Performance Monitor in Windows
A spectrum analyzer helps you visually see interference
Page 45
3.7 GHz
o Licensed spectrum was added with 802.11y-2008
o Used in 802.11a
o Range of up to 5,000 meters
Only in the United States
Wireless Standards
Page 46
o Uses MIMO
802.11ac
o Operates at 56 GHz
o Speeds of up to 1 Gbps
Compatibility (802.11 a/b/g/n)
o 802.11g introduced the need for wireless standards to be
compatible with each other
Due to its requirement to be compatible with 802.11b
o Mixing standards will reduce the speed
o 802.11n attempted to maintain compatibility with the older
wireless standards by offering 2.4 and 5 GHz
Legacy mode: acts as 802.11a, 802.11b, or 802.11g
Mixed mode: Transmits older technologies along with the
new
Interoperability feature adds additional performance costs
o A pure network made up of one standard is the best way to reach
the maximum speeds of that standard
802.22: WRAN (Wireless Regional Area Networks)
o Used in rural areas with lower network usage
o Uses 54 and 862 MHz of whitespace television signals
o Point-to-multipoint
o 18 miles distance limitation for users, but 60 miles for
enterprises
o Similar to DSL in speed
1.5 Mbps down / 384 Kbps up
SSID Management
Page 47
Reservations
Page 48
Static allocation
o Administratively configured
o The admin will put in a list of MAC addresses and set to assign a
particular IP address to that MAC address
o Also known as Address Reservation or IP Reservation
Scopes
Leases
Options
Page 49
Interference
o A site survey can help you see what frequencies other networks
around you are using
o External sources may be outside your influence
o Signals may bounce off of obstacles and obstructions
Signal strength
o Interference weakens signal strength
o Transmitting signal, transmitting antenna or the receiving
antenna impact signal strength
Incorrect channel
o Channel selection is usually automatic, so look for a manual
tuning option
Bounce and latency
o Multi-path interference and flat surfaces create bounce and thus
latency
Incorrect WAP placement
o Locate closer to users
Configurations
o Basic configuration settings include the IP addressing,
uplink/WAN connection on the WAP
o SSID mismatch is when two APs have incorrect names that make
it so you cant move from one side of the building to another or
when a device has a different SSID than the AP
Incompatibilities
o WAP must be backwards compatible with older wireless
standards
Page 50
Encryption type
o WPA, WPA2, WPA2-Enterprise, and encryption keys are all
methods of encryption that must be compatible with users and
multiple WAPs
Page 51
o Slow throughput:
Do you have a link light?
Is the cable damaged?
Swap the cable
o Intermittent connectivity:
Check for link light flickering
Swap the cable
o Swapping the cables is the number one thing you can do to fix a
network cabling issue
A short can occur if a cable is broken or damaged
Port Configuration
VLAN Assignment
Page 52
DLC Header
bytes)
(14
IP Header
bytes)
(20
TCP Header
bytes)
(20
TCP Data
(1460 bytes)
FCS (Frame
Check
Sequence) [4
bytes]
Power Failure
Bad/Missing Routes
Duplicate IP Address
Wrong DNS
SOHO Cabling
Page 55
Device Types
Environmental Limitations
Equipment Limitations
Compatibility Requirements
SOHO devices are all configured the same way from ISPs so that
troubleshooting is easy
SOHO networks have standardized networks and identical
configurations
Support is abundant due to these standardized factors
Operating Systems are among the strict compatibility requirements of
SOHOs
Transmission by light
Very difficult to monitor tap, as there will be a noticeable signal loss
Signal is slow to degrade and efficient for communication over long
distances
Cladding surrounds the core and reflects light back into it
Immune to radio interference
Multimode fiber
o Light bounces off the sides of the cable
o Short-range communications
2km or shorter
o Used for going between different buildings or in even one
building
o Inexpensive light sources like LEDs are used
o Graded-index MMF
Better prevents light dispersal by the center of the core
being faster than the outer core
Singlemode fiber
o Light is one straight line through the cable
o Used for long-range communication
100km without processing
o 30 MHz bandwidth
o Expensive light sources like laser beams are used
o Has a smaller core than MMF
o Step-index SMF
Total internals reflection is used where the speed of
transmitted light is higher than the cladding and a step
down occurs which reflects all light back into the core
If you cut a fiber cable, you must polish the rough edges so light is not
displaced as it leaves the fiber
Consists of:
Page 57
Core
100 microns
thick
Buffer
Strengthening
Materials
Sheilding
materials
Optional
Outer jacket
Plastic coating
Can be plenum
Copper
Coaxial
o Two or more forms of the cable share a common axis
o Used in older Ethernet networks
10Base5 (Thicknet) RG-8/U, 10Base2 (Thinnet) RG-58
RG-8 cables implemented in Thicknet networks
required vampire taps, which cut into the cable to
establish a connection
o Today it is used in television/digital cable
Broadband Internet
o RG-9 cables are used in cable television/modem applications
o RG-62 cables are used in ARCNET networks
o RG-59 cables send video signals to another location
o RG-6 cables are used for DSL and cable TV
Twisted pair
o Uses balanced pair operations
Two wires have equal and opposite signals (Transmit+,
Transmit- / Receive+, Receive-)
o The twist of the cables keeps the cables away from interference
Each cable has a different twist rate
o STP (Shielded Twisted Pair)
Additional shielding that protects against interference
Requires the use of an electrical ground
o UTP (Unshielded Twisted Pair)
No additional shielding
Page 58
Cable Categories
Straight-Through cables
Patch cables
o Network jack to a patch panel
o Cables that connect a network device to a jack are also known as
drop cables
The most common Ethernet cable
Connects workstations to network devices
Wires go straight through the cable to an equivalent connection
Two types of network ports:
o MDI (Media Dependent Interface) is usually a NIC
Pin 1: Transmit+
Pin 2: Transmit Pin 3: Receive+
Pin 6: Receiveo MDIX (Media Dependent Interface Crossover) is usually a network
switch
Pin 1: Receive+
Pin 2: Receive Pin 3: Transmit+
Page 59
Pin 4: Transmit-
Crossover cables
Plenum Cables
Media Converters
Page 60
ST (Straight Tip)
o Bayonet connector
o Push it in and turn it to lock
o Most commonly used in multimode patch panels
SC (Subscriber/Standard/Square Connector)
o Weaker lock
o Connecters are stuck together in pairs (for transmit and receive)
o Transmit and receive will be different colors
o Used in duplex configurations
Page 61
LC (Lucent/Local/Little Connector)
o Smaller than ST or SC
o Also packaged in pairs
o Locks on top of the connector (push down to release)
o Can be used in SMF or MMF
MT-RJ (Mechanical Transfer Register Jack / Media Termination recommended jack)
o Same size as a RJ-45 cable for the same amount of real estate
can be used for fiber
o Both transmit and receive are combined into one connection
o Smallest type of fiber connection
o Used in MMF applications
o Also called fiber jack
FC (Face Contact)
o Heavy duty connections for industrial purposes
o Strong ceramic or metal center tube
o Round-shaped
FDDI (Fiber Distributed Data Interface)
o Also called a MIC (Media Interface Connector)
o 2 connectors that snap into a receptacle
o Used for multimode connections at full-duplex
SMA (Sub Miniature type A)
o Waterproof connection
o Threaded tube on the outside
Bionic Connectors
o Screw on connectors that are now obsolete
Copper
RJ-45
o An 8 position, 8 conductor (8P8C) connector
o Modular connector
RJ-11
o A 6 position, 2 conductor (6P2C) connector
o RJ14 uses 6P4C for dual-line use
o Only two wires/conductors are involved in telephone connections
BNC (Bayonet Neill-Concelman)
o Used for Ethernet connection over Coaxial
o Often seen on 10Base2 networks with RG-58
o Rigid and bulky
F-connector
o Used for cable television
o Used with RG-6/U and RG-59 cabls
o Twists in
Page 62
T-connector
o Links a cable to a device
o Either a BNC or F connector fit into it
DB-9 (RS-232)
o Recommended Standard 232
An industry standard since 1969
o A serial connector used for modems, printers, early mice, etc
o Now used as a configuration port
66 block
o Legacy patch panel for voice-only connections
o A cross-connection device that connects wires to other devices
o 25-pair cables are used here
110 block
o Wire-to-wire patch panel
o Supports data and voice transmissions @ 1 Gbps on CAT 6 cables
o No intermediate interface required
o Many wires are punched down into this
Supports 25 500 wires of the T568A or B standards
o 100-pair cables are used here
Patch panel
o 110 punch-down block to connect wiring closets together
o RJ-45 is on the front so you can make changes more quickly than
a 110 block
Frame
type
security
protocol
s
Duratio
n (2
bytes)
Time
until
next
frame
Address
1 (6
bytes)
Address
2 (6
bytes)
Address
3 (6
bytes)
Sequen
ce
control
(2
bytes)
Address
4 (6
bytes)
Data (6
2312
bytes)
Frame
Check
Sequen
ce (4
bytes)
Payload
For
integrity
checks
Page 63
Page 64
Satellite
Page 65
DSL
Leased Lines
Dedicated connection
Fixed monthly fee
Speeds: 56 Kbps 2Mbps
Cable
Dialup
Cellular
2G
o Comes in:
GSM (Global System for Mobile Communications)
CDMAone (Code Division Multiple Access One)
o Poor data support
o Originally used circuit-switching, and minor upgrades were
responsible for packet switching
3G
o UMTS (Universal Mobile Telecommunications System)
o Uses UDMA2000
LTE (Long Term Evolution)
o Based on GSM/EDGE/HSPA
o Download rates of 300 Mbit/s, upload 75 Mbit/s
o Data rates are 100x faster than that of 3G networks
50+ Mbps up, 100+ Mbps down
HSPA (Evolved High Speed Packet Access)
o Based on CDMA
o High speed data services
o 14 Mbps up, 5.8 Mbps down
o HSDPA (High Speed Downlink Packet Access)
o HSUPA (High Speed Uplink Packet Access)
o HSPA+ (High Speed Packet Access Plus)
Multicarrier technology that aggregates multiple 5 MHz
carriers
Large combined channel decreases latency and supports
bursty traffic
Download rates of 84 Mbit/s, upload 22 Mbit/s
WiMAX (Worldwide Interoperability for Microwave Access)
o Supports both LoS and NLos
o Operates in between 2 and 11 GHz
o Fixed WiMAX
30 mile signal radius
High speed
Wi-fi on steroids
IEEE 802.16
37 Mbit/s down, 17 Mbit/s up
o Mobile WiMAX
IEEE 802.16e-2005
Theoretical throughput of 1 Gbit/s for fixed stations, or 100
Mbit/s for mobile stations
Distance is 3 10 miles max
Page 67
OCx Standard
Point-to-multipoint
Single fiber can be split up to serve more than one use
Unpowered networking
o Light is split with mirrors and prisms and the light goes out to
multiple connections to multiple ends
o WDM /DWDM is used to send multiple frequencies out
An Optical Line Terminal (OLT) is used with an Optical Network
Terminal (ONT) that splits the light
o One OLT can connect up to 32 ONUs
Ethernet PON is the IEEE 802.3ah-2004 standard
1 Gbit/s upstream, 1 Gbit/s downstream
Encryption is used to secure the different streams that are passing
and splitting
Frame Relay
Page 68
Properties
Circuit switching
o One endpoint creates a single path connection to another
o The circuit is the connection path between endpoints
o Circuit is established between endpoints before data passes
Like a phone call
Connection is never on after it is done being used
o Nobody else can use the circuit while it is idle, so it is inefficient
with resources
o Capacity is guaranteed (bandwidth is set based on what you
paid)
o Types:
POTS and PSTN (Public Switched Telephone Network)
T1/E1/E3
ISDN
Packet switching
Page 69
Page 70
Point-to-Point
A one-to-one connection
Older WAN links (point-to-point T1)
Good for connections between buildings
Point-to-Multipoint
Ring
o Data flows only in one direction
Page 71
Client-Server
Uses a central server that has many clients that are connected
to it
No client-to-client communication
Advantages include great performance and centralize administration
Disadvantages include high cost and great complexity
Peer-to-Peer
Page 72
Split Cables
Split pairs are a wiring mistake when you mix up wire pairs on
an RJ-45
A simple wire map will pass
Performance will be impacted and suffers from NEXT (Near-End
Crosstalk)
dB Loss
TXRX Reversed
Transmit/Receive reversed
Wiring mistake is usually a cause for this
East to find this mistake on a wire map
To troubleshoot:
o Auto-MDIX may fix an issue with no connectivity
o Locate the reversal location
Often at a punch down
Check the patch panel
Cable Placement
Page 74
EMI/Interference
Do not twist, pull, stretch, or bend the cable past the bend
radius
Do not use staples to secure the cables
With copper cables, avoid power chords, fluorescent lights, electrical
cables, and fire prevention components
Test cables after installation to make sure that no problems with EMI
exist
Causes cracking, humming, poor voice quality, and network
degradation
Crosstalk (XT)
Page 75
Synchronizatio
n and timing
info
Informs all
SFD
(Start
of
Frame
Delimit
er)
(1 byte)
DA
(Destinat
ion
Address)
(6 bytes)
SA
(Source
Addres
s)
(6
bytes)
Frame
Type
(2
bytes)
MAC
address of
computer
sending
frame
Data
(46
1500
bytes)
ID of frames
type or length
of frame
Frame
Check
Sequen
ce
(4
bytes)
32-bit
CRC
value
Page 76
CSMA/CD
Page 77
CSMA/CA
Bonding/Link Aggregation
A generic term for port trunking, NIC bonding, NIC teaming and LAG
Describes a scenario when you plug in multiple interfaces to
increase the throughput between devices
Allows for high performance (multiple 1 Gbit/s or 10 Gbit/s ports)
Redundancy is included in this due to the multiple interfaces
Common to see this in data center environments
All devices must be able to LAG, as defined by the IEE 802.3ad
Horizontal cross-connects
o Connects workstations to the telecommunications closet via drop
cables to the patch panel
Vertical cross-connects
o Connects the telecommunications closet to equipment rooms
Demarc
Page 79
Smartjack
Page 80
Proxy Servers
Page 81
The proxy server makes the request and then provides results back to
the client
Used for access control, caching, URL filtering and content scanning
Three setups of proxy servers:
o Forward Proxy: User and proxy are on an internal network
o Reverse Proxy: Those communicating on an external proxy must
communicate with a proxy server in an internal network before
communicating with a web server
o Open Proxy: Proxy is in the middle of two external networks
Least secure of the three
Content Filter
VPN Concentrator
Page 82
Linemans Handset
Toner Probe
Page 83
Protocol Analyzer
Gathers packets from the network and reports the results back
to you
Many open source software is available
Very powerful, but can be hard to user
Must have a port mirror, hub, SPAN (Switched Port Analyzer),
or physical tap to obtain the data
Gather as much information as possible
Clearly document during the capture process
Will convert hexadecimal to ASCII for you in real time
Allows you to troubleshoot hard-to-understand application
problems
Loopback Plugs
TDR/OTDR
Multimeters
Page 84
Environmental Monitors
Throughput Testers
Ping
Page 85
Tracert
Nslookup/Dig
Ipconfig/Ifconfig
Page 86
Nbtstat
Netstat
Route
Syslog
Traffic Analysis
Page 88
o Bandwidth utilization
o Errors
Flow information:
o TCP response time
o TCP/UDP port usage
Application details:
o Application use
o Application response time
o Sub-application usage (Ex: Google Mail, Google Plus, etc.)
Network Maps
Page 89
Documentation
Cable Management
Asset Management
Baselines
Change Management
Page 90
QoS
o Prioritize traffic performance based on application type
VoIP traffic has priority over web-browsing
Prioritize by maximum bandwidth or traffic rate
o This traffic shaping is known as rate limiting
o Weighting and load balancing is also involved
o Protocol-level management is also useful
CoS (Class of Service) = 802.1q trunk
ToS (Type of Service) = IPv4 and IPv6 header
Load balancing
o Distributes loads over many servers
o A grouping of multiple servers is called a cluster
o Very common in large environments
o CARP (Common Address Redundancy Protocol)
Assign multiple hosts with the same IP address
Open standard, similar to Ciscos HSRP
Implemented in BSD
o Many options for balancing
This includes load distribution and content distribution
o Can load balance in software, but hardware is the best bet
High availability
o Design a system for smallest chance of downtime
o There can only be 5 minutes of downtime per year to maintain
99.999% uptime (five nines)
o Higher availability almost always means higher costs
Page 91
Reasons
Page 92
Signal Strength
Page 93
Device Placement
VPN
o Sets up a secure, encrypted connection from software on a
device, through a VPN concentrator, to an external, private
network
SSL VPN (Secure Sockets Layer VPN)
o Uses common SSL protocol (TCP/443)
o Almost no firewall issues
o No big VPN clients, usually client-to-site communication
o It will authenticate users
o Can be run from a browser or from a light VPN client across many
different operating systems
PPTP (Point to Point Tunneling Protocol)
o Only creates the connection/tunnel that an encrypted connection
uses
o Does not encrypt any information
Page 94
Page 95
Remote Access
Page 96
When you log in, a hash of the password (MD5 or SHA) is stored
locally on the computer and this hash is compared with an
identical hash on the server
o If both the hashes match, you are authenticated
Kerberos
Page 97
Page 98
IEEE
o
o
o
o
o
CHAP
Page 99
Page 100
Wardriving
o Combines WiFi monitoring and GPS
o Describes the situation where people drive around and logging
for access points
o Allows one to gather a huge amount of intel in a short period of
time
o You can combine all this data into a geographic view
Warchalking
o In the early days people drew symbols on the sidewalk to
indicate the state of the WAP
WEP cracking
o IV (Initialization Vectors) are an extra bit of data thrown into a
packet to change things around
Changes every time data is sent
o With 802.11 WEP, the IV is passed along with the encrypted data
o A 64-bit key has a 40-bit key and a 24-bit IV
o Plaintext and the CRC (checks for integrity) are XORd with the IV and the
WEP (encrypted with RC4) into Cyphertext (with the IV)
16,777,216 possible RC4 cypher streams for the IV, which
is all that you need to reverse this process
o Everybody has the same key in WEP
No key management
o Some IVs dont properly provide good encryption
o Bad guys will inject frames to intentionally duplicate IVs
More duplicate IVs makes for easier key identification
WPA cracking
o WPA is cryptographically stronger that WEP
o WPA2-Enterprise keys constantly change
o WPA2-Personal has a PSK (Pre-Shared Key)
Venerable to brute-force and dictionary attacks
Page 101
Attacks
Page 103
Mitigation Techniques
Page 104
Hardware firewalls
o Filters traffic by port number
o Work at OSI Layer 4
Some can filter through OSI Layer 7
o Can encrypt traffic into/out of the network
o Can proxy traffic
o Most firewalls can be layer 3 devices (routers)
Software firewalls
o Personal firewalls
o Included in many operation systems
o Stops unauthorized network access
Stateful firewall
Blocks traffic by application
o Windows Firewall is a popular software-based firewall
Firewall Rules
Performs NAT, but also modifies the port numbers along with
the IP address
The NAT Conversion Table within the firewall keeps track of the
original and modified IP addresses and port number
Static NAT
o Inbound traffic to public IP addresses get NATed over a particular
port to a specified web server
Vulnerability Scanners
Page 106
Make sure you have the latest signatures before you do your scanning
The scan can inform you if there is lack of security controls,
misconfigurations, and real vulnerabilities
Methods
Honeypots are a security tool that tries to trick the bad guys
into performing their tricks so you can later use this
knowledge to prevent intrusion
The bad guys are probably a machine
Honeypots are single-use/single-system traps
Honeynets use more than more than one honeypot on a network
Page 107