http://www.studynotes.

net/

1-1 Media and Topologies

Posted February 22nd, 2007 by admin

Network+ Study Guide

1.1 Recognize the following logical or physical network topologies given a

schematic diagram or description:

> Ethernet Networks

In the diagram below you will see two ethernet configurations. On the
left the computers are connected together with a single cable coming
from the router/switch, this is called a bus or thin ethernet
configuration.
In bus topologies, all computers are connected to a single cable or
"trunk or backbone", by a transceiver either directly or by using a
short drop cable. All ends of the cable must be terminated, that is
plugged into a device such as a computer or terminator. Most bus
topologies use coax cables.
The number of computers on a bus network will affect network
performance, since only one computer at a time can send data, the
more computers you have on the network the more computers there
will be waiting send data. A line break at any point along the trunk
cable will result in total network failure.
Computers on a bus only listen for data being sent they do not move
data from one computer to the next, this is called passive topology.
On the right side of the diagram each computer connects directly to
the router/switch. this is how most ethernets are configured today. In
this topology management of the network is made much easier (such
as adding and removing devices), because of the central point.
However because it is centralized more cable is required. If one
computer fails the network will continue to function.
If computers are connected in a row, along a single cable this is called
a bus topology, if they branch out from a single junction or hub this is
known as a star topology. When computers are connected to a cable
that forms a continuous loop this is called a ring topology.
Star Topology

Star networks are one of the most common computer network topologies. In its
simplest form, a star network consists of one central switch, hub or computer
which acts as a router to transmit messages. If the central node is passive, the
originating node must be able to tolerate the reception of an echo of its own
transmission, delayed by the two-way transmission time (i.e. to and from the
central node) plus any delay generated in the central node. An active star
network has an active central node that usually has the means to prevent echo-
related problems.
The star topology reduces the chance of network failure by connecting all of the
systems to a central node. When applied to a bus-based network, this central
hub rebroadcasts all transmissions received from any peripheral node to all
peripheral nodes on the network, sometimes including the originating node. All
peripheral nodes may thus communicate with all others by transmitting to, and
receiving from, the central node only. The failure of a transmission line linking
any peripheral node to the central node will result in the isolation of that
peripheral node from all others, but the rest of the systems will be unaffected.
Advantages of a Star Network

• Good performance.
• Easy to set up and to expand.
• Any non-centralised failure will have very little effect on the network,
whereas on a ring network it would all fail with one fault.
• Easy to detect faults
• Data Packets are sent quickly as they do not have to travel through any
 unnecessary nodes.

Disadvantages of a Star Network

• Expensive to install
• Extra hardware required
• If the host computer fails the entire system is affected.
Hierarchical Topology (also known as Tree)

The type of network topology in which a central 'root' node (the top level of the
hierarchy) is connected to one or more other nodes that are one level lower in
the hierarchy (i.e., the second level) with a point-to-point link between each of
the second level nodes and the top level central 'root' node, while each of the
second level nodes that are connected to the top level central 'root' node will
also have one or more other nodes that are one level lower in the hierarchy
(i.e., the third level) connected to it, also with a point-to-point link, the top level
central 'root' node being the only node that has no other node above it in the
hierarchy – the hierarchy of the tree is symmetrical, each node in the network
having a specific fixed number, f, of nodes connected to it at the next lower
level in the hierarchy, the number, f, being referred to as the 'branching factor'
of the hierarchical tree.
Notes:
1.) A network that is based upon the physical hierarchical topology must have
at least three levels in the hierarchy of the tree, since a network with a central
'root' node and only one hierarchical level below it would exhibit the physical
topology of a star.
2.) A network that is based upon the physical hierarchical topology and with a
branching factor of 1 would be classified as a physical linear topology.
3.) The branching factor, f, is independent of the total number of nodes in the
network and, therefore, if the nodes in the network require ports for connection
to other nodes the total number of ports per node may be kept low even though
the total number of nodes is large – this makes the effect of the cost of adding
ports to each node totally dependent upon the branching factor and may
therefore be kept as low as required without any effect upon the total number of
nodes that are possible.
4.) The total number of point-to-point links in a network that is based upon the
physical hierarchical topology will be one less that the total number of nodes in
the network.
5.) If the nodes in a network that is based upon the physical hierarchical
topology are required to perform any processing upon the data that is
transmitted between nodes in the network, the nodes that are at higher levels in
the hierarchy will be required to perform more processing operations on behalf
of other nodes than the nodes that are lower in the hierarchy.

Bus Topology
In bus topologies, all computers are connected to a single cable or "trunk or
backbone", by a transceiver either directly or by using a short drop cable. All
ends of the cable must be terminated, that is plugged into a device such as a
computer or terminator. Most bus topologies use coax cables.
The number of computers on a bus network will affect network performance,
since only one computer at a time can send data, the more computers you
have on the network the more computers there will be waiting send data. A line
break at any point along the trunk cable will result in total network failure.
Computers on a bus only listen for data being sent they do not move data from
one computer to the next, this is called passive topology.
Advantages

• Easy to implement and extend

• Requires less cable length than a star topology
• Well suited for temporary or small networks not requiring high
speeds(quick setup)
• Initially less expensive than other topologies

Disadvantages

• Difficult to administer/troubleshoot.
• Limited cable length and number of stations.
• If there is a problem with the cable, the entire network goes down.
• Maintenance costs may be higher in the long run.
• Performance degrades as additional computers are added or on heavy
traffic.
• Low security (all computers on the bus can see all data transmissions).
• Proper termination is required.(loop must be in closed path).
• If one node fails, the whole network will shut down.
• If many computers are attached, the amount of data flowing causes the
network to slow down.

MeshTopology
A Mesh topology Provides each device with a point-to-point connection to every
other device in the network. These are most commonly used in WAN's, which
connect networks over telecommunication links. Mesh topologies use routers to
determine the best path.
Mesh networks provide redundancy, in the event of a link failure, meshed
networks enable data to be routed through any other site connected to the
network. Because each device has a point-to-point connection to every other
device, mesh topologies are the most expensive and difficult to maintain.
Mesh networks differ from other networks in that the component parts can all
connect to each other via multiple hops, and they generally are not mobile.
Mobile ad-hoc networking (MANET), featured in many consumer devices, is a
subsection of mesh networking.
Mesh networks are self-healing: the network can still operate even when a
node breaks down or a connection goes bad. As a result, a very reliable
network is formed. This concept is applicable to wireless networks, wired
networks, and software interaction.
There are three distinct generations of wireless mesh architectures. In the first
generation one radio provides both backhaul (packet relaying) and client
services (access to a laptop). In the second generation, one radio relayed
packets over multiple hops while another provided client access. This
significantly improved backhaul bandwidth and latency. Third generation
wireless mesh products use two or more radios for the backhaul for higher
bandwidth and low latency. Third generation mesh products are replacing
previous generation products as more demanding applications like voice and
video need to be relayed wirelessly over many hops of the mesh network.
Ring

In a ring topology network computers are connected by a single loop of cable,

the data signals travel around the loop in one direction, passing through each
computer. Ring topology is an active topology because each computer repeats
(boosts) the signal before passing it on to the next computer.
One method of transmitting data around a ring is called token passing. The
token is passed from computer to computer until it gets to a computer that has
data to send.
If there is a line break, or if you are adding or removing a device anywhere in
the ring this will bring down the network. In an effort to provide a solution to this
problem, some network implementations (such as FDDI) support the use of a
double-ring. If the primary ring breaks, or a device fails, the secondary ring can
be used as a backup.
Advantages

• Data is quickly transferred without a ‘bottle neck’

• The transmission of data is relatively simple as packets travel in one
direction only.
• Adding additional nodes has very little impact on bandwidth
• It prevents network collisions because of the media access method or
 architecture required.

Disadvantages

• Because all stations are wired together, to add a station you must shut
down the network temporarily.
• It is difficult to troubleshoot the ring.
• Data packets must pass through every computer between the sender
and recipient Therefore this makes it slower.
• If any of the nodes fail then the ring is broken and data cannot be
transmitted successfully.

Wireless
A wireless network consists of wireless NICs and access points. NICs
come in different models including PC Card, ISA, PCI, etc. Access
points act as wireless hubs to link multiple wireless NICs into a single
subnet. Access points also have at least one fixed Ethernet port to
allow the wireless network to be bridged to a traditional wired Ethernet
network, such as the organization’s network infrastructure. Wireless
and wired devices can coexist on the same network.

1-2 Media and Topologies

Posted February 22nd, 2007 by admin

1.2 Specify the main features of 802.2 (Logical Link Control), 802.3
(Ethernet), 802.5 (token ring), 802.11 (wireless), and FDDI (Fiber
Distributed Data Interface) networking technologies, including:
> 802.3 (Ethernet) Carrier Sense Multiple Access with Collision
Detection (CSMA/CD) LAN Ethernet
Access method

• CSMA/CA (Carrier Sense Multiple Access/Collision Avoidance)

• CSMA/CD (Carrier Sense Multiple Access / Collision Detection)

A type of media access control. With CSMA/CD, a computer listens to

the network to determine whether another computer is transmitting a
data frame. If no other computer is transmitting, the computer can
then send its data. While the computer is listening for a data signal,
that would be the carrier sense part. Multiple access means, there are
multiple computers trying to access or send data on the network at the
same time. Collision detection indicates that the computers are also
listening for collisions, if two computers try to send data at the same
time and a collision occurs, they must wait a random period of time
before transmitting again.
Designatio Supported Media Maximum Transfer Topology
n Segment Speed
Length
10Base-5 Coaxial 500m 10Mbps Bus
10Base-2 ThinCoaxial (RG- 185m 10Mbps Bus
58 A/U)
10Base-T Category3 or 100m 10Mbps Star,using either
above unshielded simple repeater
twisted-pair (UTP) hubs or Ethernet
switches
1Base-5 Category3 UTP, 100m 1Mbps Star,using simple
or above repeater hubs
10Broad-36 Coaxial(RG-58 3600m 10Mbps Bus(often only
A/U CATV type) point-to-point)
10Base-FL Fiber-optic- two 2000m (full- 10Mbps Star(often only
strands of duplex) point-to-point)
multimode
62.5/125 fiber
100Base-TX Category5 UTP 100m 100Mbps Star,using either
 simple repeater
hubs or Ethernet
switches
100Base-FX Fiber-optic- two 412 meters 100 Mbps Star(often only
strands of (Half- (200 Mb/s point-to-point)
multimode Duplex) full-duplex
62.5/125 fiber 2000 m (full- mode)
duplex)
1000Base- Fiber-optic- two 260m 1Gbps Star,using buffered
SX strands of distributor hub (or
multimode point-to-point)
62.5/125 fiber
1000Base- Fiber-optic- two 440m 1Gbps Star,using buffered
LX strands of (multimode) distributor hub (or
multimode 5000 m point-to-point)
62.5/125 fiber or (singlemode
monomode fiber )
1000Base- Twinax,150-Ohm- 25m 1Gbps Star(or point-to-
CX balanced, point)
shielded, specialty
cable
1000Base-T Category5 100m 1Gbps Star

> 802.5 (token ring)

The IEEE 802.5 Token Ring standards define services for the OSI
physical layer and the MAC sublayer of the data link layer. Token Ring
computers are situated on a continuous network loop. A Token Ring
controls access to the network by passing a token, from one computer
to the next. Before they can transmit data they must wait for a free
token, thus token passing does not allow two or more computers to
begin transmitting at the same time.
Media MAC Signal Spee Topologie Maximum
Method Propagation d s Connections
Method
Twisted- Tokenpassin Forwardedfrom 4Mbp Ring 255nodes per
pair(variou g device to s segment
s types) device (or port Star-using
to port on a 16 Token Ring
hub) in a Mbps repeater
 closed loop hubs

> 802.11b (wireless)

802.11b is a wireless Ethernet technology operating at 11MB. 802.11b
devices use Direct Sequence Spread Spectrum (DSSS) radio
technology operating in the 2.4GHz frequency band.
An 802.11b wireless network consists of wireless NICs and access
points. Access points act as wireless hubs to link multiple wireless NICs
into a single subnet. Access points also have at least one fixed
Ethernet port to allow the wireless network to be bridged to a
traditional wired Ethernet network.. Wireless and wired devices can
coexist on the same network.
802.11b devices can communicate across a maximum range of 50-300
feet from each other.
> FDDI networking technologies
Fiber Distributed Data Interface, shares many of the same features as
token ring, such as a token passing, and the continuous network loop
configuration. But FDDI has better fault tolerance because of its use of
a dual, counter-rotating ring that enables the ring to reconfigure itself
in case of a link failure. FDDI also has higher transfer speeds, 100
Mbps for FDDI, compared to 4 - 16 Mbps for Token Ring.
Unlike Token Ring, which uses a star topology, FDDI uses a physical
ring. Each device in the ring attaches to the adjacent device using a
two stranded fiber optic cable. Data travels in one direction on the
outer strand and in the other direction on the inner strand. When all
devices attached to the dual ring are functioning properly, data travels
on only one ring. FDDI transmits data on the second ring only in the
event of a link failure.
Medi MAC Signal Propagation Spee Topologie Maximum
a Metho Method d s Connections
d
Fiber- Token Forwardedfrom device to 100 Double 500 nodes
optic passin device (or port to port on a Mbps ringStar
g hub) in a closed loop
1-3 Media and Topologies

Posted February 22nd, 2007 by admin

1.3 Specify the characteristics (For example: speed,length, topology, and

cable type) of the following cable standards:

Cable Type Maximum Max. Speed Topology

Length

10Base-T Category 3 or 100 m 10 Mbps Star, using

above either simple
unshielded repeater hubs
twisted-pair or Ethernet
(UTP) switches

10BASE-FL Fiber-optic Segment may Fiber optic link

be up to 2,000 segments a
meters in star topology
length if only
10BASE-FL
equipment is
used on the
segment.

100Base- Category 5 100 m 100 Mbps Star, using

TX UTP either simple
repeater hubs
or Ethernet
switches

100Base- Fiber-optic 412 meters 100 Mbps Star (often only

FX (Half-Duplex) (200 Mb/s full- point-to-point)
2000 m (full- duplex mode)
duplex)

1000Base- Fiber-optic 440 m 1 Gbps Star, using

LX (multimode) buffered
5000 m distributor hub
(singlemode) (or point-to-
point)

1000Base- Category 5 100 m 1 Gbps Star

T

100BASE-
TX

1000BASE- Copper cable maximum of 1 Gbps Obsolete

CX (balanced 25m per standard for
shielded segment 1GB Ethernet
twisted pair). over short
distances.
Succeeded
by 1000BASE-
T

10GBASE- unshielded 100m A standard Proposal for

T twisted pair proposed 10GBASE-T
cables by the IEEE calls will use
Category 5e or 802 committee the
Category 6 or to provide 10 conventional
Category Gigabit/second RJ-45 used for
7 cables. ethernet
Augmented LANs.
Category 6 IEEE P802.3an
cable is being (10GBASE-T)
developed Task Force
which will to
reduce
crosstalk
between the
cables

10 GBASE- multimode fiber From 30m up 10 Gbps

SR Two strands of to 300 meters
62.5/125 depending on
(30m)or 50/125 the type and
(300m) micron quality of
core fiber cable the multimode
fiber.

10 GBASE- single-mode 10 kilometers 10 Gbps

LR fiber

10 GBASE- Fiber optic 40 kilometers 10 Gbps

ER cable
1-4 Media and Topologies

Posted February 22nd, 2007 by admin

1.4 Recognize the following media connectors and describe their uses:

> RJ-11 (Registered Jack)

Standard telephone cable connectors, RJ-11 has 4 wires (and RJ-12
has 6 wires).

Pinout of the 1-Wire plug RJ-11 Pin Signal Name

that connects to the 1 VCC (5 volts regulated)

socket 2 Power Ground

on a TINI E20 Revision C 3 One Wire Data

board,
4 One Wire Ground
or a 9097U adapter. 5 No Connect
6 V+ (unregulated DC)
> RJ-45 (Registered Jack)

RJ-45 The "RJ" stands for Registered Jack. These connectors are used
with 10-100BaseT cables, and resemble telephone RJ-11 connectors,
but are larger. They are connected to the cable by crimping.
Used for Ethernet cable connectors, where usually 8 pins (4 pairs) are
used, e.g., a male-to-male cable to connect a cable or ADSL modem to
the computer Ethernet network card. Applications include other
networking services such as ISDN and T1.

25 Pair Color Code Chart

RJ-45 Wiring (EIA/TIA-568B)
Pin Pair Wire Color Pins
white/or
1 2 1
ange
2 2 2 orange
white/gr
3 3 1
een
4 1 2 blue
5 1 1 white/bl
ue
 6 3 2 green
white/br
7 4 1
own

8 4 2 brown

> F-Type

The F connector is a type of RF connector commonly used for cable

and universally for satellite television. They are also used for the cable
TV connection in DOCSIS cable modems, usually with RG-6 tri-shield
cable. The F connector is inexpensive, yet has good performance up to
1 GHz. One reason for its low cost is that it uses the center wire of the
coaxial cable as the pin of the male connector. The male connector
body is typically crimped onto the exposed outer braid. Female
connectors have a 3/8-32 thread. Most male connectors have a
matching threaded connecting ring, though push-on versions are also
available.
> ST (Straight Tip) and SC (Subscriber Connector or Standard
Connector)
Fiber network segments always require two fiber cables: one for
transmitting data, and one for receiving. Each end of a fiber cable is
fitted with a plug that can be inserted into a network adapter, hub, or
switch. In the North America, most cables use a square SC connector
(Subscriber Connector or Standard Connector) that slides and locks
into place when inserted into a node or connected to another fiber
cable, Europeans use a round ST connector (Straight Tip) instead.
 SC connector (Subscriber Connector or Standard Connector)

ST connector (Straight Tip)

Both connectors offer the same features as far as distance and
reliability, Connectors of different types can communicate with the use
of adapters or couplers, but it is best to choose one type of connector
and stick with it over your entire network.
> IEEE 1394 (FireWire)

Is a personal computer (and digital audio/video) serial bus interface

standard, offering high-speed communications and isochronous real-
time data services. FireWire can be considered a successor technology
to the obsolescent SCSI Parallel Interface. Up to 63 devices can be
daisy-chained to one FireWire port.
IEEE 1394 connectors are used to connect FireWire devices such as
host controllers, adapters, hard drives, hubs, repeaters, and card
readers. FireWire, a registered trademark of Apple Computer, is a
communications protocol for the transmission of data, video, and audio
over a single cable at very high bit rates. IEEE 1394 is an interface
standard adopted by the Institute of Electrical and Electronics
Engineers (IEEE) for digital data transfers at 400 Mbps. The popularity
of IEEE 1394 is due in part to its use of a bus-powered architecture
that does not require peripherals to supply their own power. Products
that support the IEEE 1394 standard adhere to its specifications, but
often use proprietary trade names. For example, Sony uses the term
iLink to describe its FireWire products. iLink is a registered trademark
of the Sony Corporation.
There are two basic types of IEEE 1394 connectors: four-pin and six-
pin. Four-pin or four-position FireWire connectors are used with digital
video camcorders and other devices that have a small footprint and do
not require external power. By contrast, six-pin or six-position
connectors are used with personal computers (PCs), rewritable
compact disc rewritable drives (CDRWs), external hard drives, digital
audio stations, and other larger, more durable FireWire devices that
use external power. Four-pin connectors are rectangular, 1/4” by 1/8”
devices in which one of the longer sides is indented. Six-pin
connectors are rectangular, 1/2” by 3/16” devices in which one of the
smaller sides is rounded. Four-pin and six-pin IEEE 1394 connectors
are either straight or right-angled.
> Fiber LC (Local Connector)

These connectors are used for single-mode and multimode fiber-optic

cables. FC connectors offer extremely precise positioning of the fiber-
optic cable with respect to the transmitter's optical source emitter and
the receiver's optical detector. FC connectors feature a position
locatable notch and a threaded receptacle.
> MT-RJ (Mechanical Transfer Registered Jack)
MT-RJ connectors are used with single-mode and multimode fiber-optic
cables. The MT-RJ connectors are constructed with a plastic housing
and provide for accurate alignment via their metal guide pins and
plastic ferrules.
Used for Gigabit ethernet. To connect to modules with MT-RJ
interfaces, use multimode fiber-optic cables.
> USB (Universal Serial Bus)
Universal Serial Bus, or USB, is a computer standard designed to
eliminate the guesswork in connecting peripherals to a PC. It is
expected to replace serial and parallel ports. A single USB port can be
used to connect up to 127 peripheral devices, such as mice, modems,
keyboards, digital camera's, printers, scanners, MP3 players and many
more. USB also supports Plug-and-Play installation and hot plugging.

• USB 1.1 standard supports data transfer rates of 12 Mbps.

• USB 2.0 (Also referred to as Hi-Speed USB) specification defines
a new High-speed transfer rate of 480 Mb/sec.

USB 2.0 is fully compatible with USB 1.1 and uses the same cables and
connectors.
USB has with two connector types. The first is Type A (on the right),
This connector connects to the PC's USB port.
The Type B (on the left) connector and is for connecting to the
relevant peripheral.
Where as the type A connector is truly standard, the Type B connector
could be changed in size etc. with individual peripherals meaning they
require there own unique cables.
> Coaxial Connectors
BNC connector for coaxial cables. These are either
soldered, or crimped to the end of the cable.

BNC T connector, which joins the network card to the

network cable.

BNC barrel connector, used to connect two cables together.

It is better to use one continuous length of cable, as these
connectors weaken the signal strength.

A thicknet network connection uses a 15 pin

attachment unit interface (AUI) to connect the 15 pin
DB 15 connector on the back of the network adapter
card to an external transceiver (shown left). The
transceiver for thicknet Ethernet includes a vampire
tap (shown on top of the transceiver) which pierces
the thicknet cable to make the network connection. From the transceiver
to the network card a drop cable is attached.
1-5 Media and Topologies

Posted February 22nd, 2007 by admin

1.5 Recognize the following media types and describe their uses:

> Category 3 cable, commonly known as Cat-3, is an unshielded

twisted pair (UTP) cable designed to reliably carry data up to 10
Mbit/s, with a possible bandwidth of 16 MHz. It is part of a family of
copper cabling standards defined jointly by the Electronic Industries
Alliance and the Telecommunications Industry Association. Category 3
was a popular cabling format among computer network administrators
in the early 1990s, but has since been almost entirely replaced by the
very similar Cat-5 standard, which offers higher top speeds.

> Category 5 cable, commonly known as Cat 5, is an unshielded

twisted pair type cable designed for high signal integrity. The actual
standard defines specific electrical properties of the wire, but it is most
commonly known as being rated for its Ethernet capability of 100
Mbit/s. Its specific standard designation is EIA/TIA-568. Cat 5 cable
typically has three twists per inch of each twisted pair of 24 gauge
copper wires within the cable. The twisting of the cable reduces
electrical interference and crosstalk. Another important characteristic
is that the wires are insulated with a plastic (FEP) that has low
dispersion, that is, the dielectric constant of the plastic does not
depend greatly on frequency. Special attention also has to be paid to
minimizing impedance mismatches at connection points.
Cat 5 cables are often used in structured cabling for computer
networks such as Fast Ethernet, although they are also used to carry
many other signals such as basic voice services, token ring, and ATM
(at up to 155 Mbit/s, over short distances).
> RJ-45 electrical connectors are nearly always used for connecting
category 5 cable. Generally solid core cable is used for connecting
between the wall socket and the socket in the patch panel whilst
stranded cable is used for the patch leads between hub/switch and
patch panel socket and between wall port and computer. However it is
possible to put plugs onto solid core cable and some installations save
on the cost of patch panels and/or wall ports by putting plugs directly
onto the fixed category 5 wiring and plugging them straight into the
computers and/or hub/switches.
> Cat 5e cable is an enhanced version of Cat 5 for use with
1000BASE-T (gigabit) networks, or for long-distance 100 Base-T links
(350 m, compared with 100 m for Cat 5). It must meet the EIA/TIA
568A-5 specification. Virtually all cables sold as Cat 5 are actually Cat
5e. The markings on the cable itself reveal the exact type.
> Category - 6 cable, (ANSI/TIA/EIA-568-B.2-1) A cable standard
for Gigabit Ethernet and other interconnect that is backward
compatible with Category 5 cable, Cat-5e and Cat-3. Cat-6 features
more stringent specifications for crosstalk and system noise. The cable
standard is suitable for 10BASE-T / 100BASE-TX and 1000BASE-T
(Gigabit Ethernet) connections.
The cable contains four twisted copper wire pairs, just like earlier
copper cable standards, although each twisted pair is made up of
slightly larger 23 gauge copper wire as opposed to Cat 5's 24 gauge
wire. When used as a patch cable, Cat-6 is normally terminated in RJ-
45 electrical connectors. If components of the various cable standards
are intermixed, the performance of the signal path will be limited to
that of the lowest category. The distance without losing data is 220 m.
> Category 7 cable (CAT7), (ISO/IEC 11801:2002 category 7/class
F), is a cable standard for Ultra Fast Ethernet and other interconnect
technologies that can be made to be backwards compatible with
traditional CAT5 and CAT6 Ethernet cable. CAT7 features even more
stringent specifications for crosstalk and system noise than CAT6. To
achieve this, shielding has been added for individual wire pairs and the
cable as a whole.
The CAT7 cable standard has been created to allow 10-gigabit
Ethernet over 100 m of copper cabling. The cable contains four twisted
copper wire pairs, just like the earlier standards. CAT7 can be
terminated in RJ-45 compatible GG45 electrical connectors which
incorporate the RJ-45 standard, and a new type of connection to
enable a smoother migration to the new standard. When combined
with GG-45 connectors, CAT7 cable is rated for transmission
frequencies of up to 600 MHz.
Also being considered is a non-RJ-45-compatible standard developed
by Siemon which forgoes compatibility in exchange for performance,
and doubles the transmission frequencies of RJ-45.[1] The TERA
interface is the only non-RJ category 7/class F industry-standard
connector recognized within ISO/IEC 11801 Ed. 2.0.
> UTP (Unshielded Twisted Pair)
UTP is the most commonly used type of networking cable. UTP cables
are often called "ethernet cables" after Ethernet, the most common
data networking standard that utilizes UTP cables, although not the
most reliable.
In contrast to FTP and STP cabling, UTP cable is not surrounded by any
shielding. It is the primary wire type for telephone usage and is very
common for computer networking, especially in patch cables or
temporary network connections due to the high flexibility of the cables.
> STP (Shielded Twisted Pair)
This cable has a conductive braided or foil casing for each pair and
theoretically offers very good protection from interference and
crosstalk. It was commonly used for token ring networks. Shielded
Twisted Pair is rarely used due to the fact that the potential
performance increase over UTP is not worth the much greater cost of
STP.
> Coaxial cable

Coaxial cable is an electrical cable consisting of a round conducting

wire, surrounded by an insulating spacer, surrounded by a cylindrical
conducting sheath, and usually surrounded by a final insulating layer.
The cable is designed to carry a high-frequency or broadband signal,
as a high-frequency transmission line. Because the electromagnetic
field carrying the signal exists (ideally) only in the space between the
inner and outer conductors, it cannot interfere with or suffer
interference from external electromagnetic fields.
They used to be common for implementing computer networks, in
particular Ethernet, but twisted pair cables have replaced them in most
applications.
> SMF (Single Mode Fiber) optic cable
Single-mode optical fiber is an optical fiber in which only the lowest
order bound mode can propagate at the wavelength of interest. Single
mode fibers are best at retaining the fidelity of each light pulse over
longer distances and exhibit no dispersion caused by multiple spatial
modes; thus more information can be transmitted per unit time giving
single mode fibers a higher bandwidth in comparison with multi-mode
fibers. A typical single mode optical fiber has a core radius of 5-10
micrometers and a cladding radius of 120 micrometers. Currently, data
rates of up to 10 Gigabits/second are possible at distances of over 60
km with commercially available transceivers.
Equipment for Single mode fiber is more expensive than equipment for
Multi-mode optical fiber, but the single mode fiber itself is usually
cheaper in bulk.
> MMF (Multimode Fiber) optic cable
Multi-mode optical fiber (multimode fiber or MM fiber) is a type of
optical fiber mostly used for communication over shorter distances,
e.g. within a building. It can carry 1 Gbit/s for typical building
distances; the actual maximum speed (given the right electronics)
depends upon the distance. It is easier to connect to than single-mode
optical fiber, but its limit on speed x distance is lower. Multi-mode fiber
has a larger center core than single-mode fiber, which allows it to
support more than one propagation mode, or path within the fiber.
The equipment used for communications over multi-mode optical fiber
is less expensive than that for single-mode optical fiber. Typical
transmission speeds/distances limits are 100 Mbit/s up to 2 km
(100BASE-FX), 1 Gbit/s for distances up to 500-600 meters
(1000BASE-LX, 1000BASE-SX), and 10 Gbit/s for distances up to 300
meters (10GBASE-SR).
1-6 Media and Topologies

Posted February 22nd, 2007 by admin

1.6 Identify the purposes, features and functions of the following network
components:

> Hubs
A hub or concentrator is a device used to connect all of the computers
on a star or ring network. A hub, is nothing more than a box with a
series of cable connectors in it. Hubs are available in a variety of sizes,
from four- and five-port devices designed for home and small business
networks to large rack-mounted units with up to 24 ports or more.
Installing a single hub is simply a matter of connecting it to a power
source and plugging in cables connected to the network interface
adapters in your computers. However, it's important for a network
technician to understand what goes on inside a hub.
Like network interface adapters, hubs are associated with specific
data-link layer protocols. Ethernet hubs are the most common,
because Ethernet is the most popular data-link layer protocol, but
Token Ring MAUs are hubs too, and other protocols, such as the Fiber
Distributed Data Interface (FDDI) also use hubs.

Small
Stackable hubs Hub

Ethernet Hubs: An Ethernet hub is also called a multiport repeater. A

repeater is a device that amplifies a signal as it passes through it, to
counteract the effects of attenuation. If, for example, you have a thin
Ethernet network with a cable segment longer than the prescribed
maximum of 185 meters, you can install a repeater at some point in
the segment to strengthen the signals and increase the maximum
segment length. This type of repeater only has two BNC connectors,
and is rarely seen these days. The hubs used on UTP Ethernet
networks are repeaters as well, but they can have many RJ45 ports
instead of just two BNC connectors.
When data enters the hub through any of its ports, the hub amplifies
the signal and transmits it out through all of the other ports. This
enables a star network to have a shared medium, even though each
computer has its own separate cable. The hub relays every packet
transmitted by any computer on the network to all of the other
computers, and also amplifies the signals. The maximum segment
length for a UTP cable on an Ethernet network is 100 meters. A
segment is defined as the distance between two communicating
computers. However, because the hub also functions as a repeater,
each of the cables connecting a computer to a hub port can be up to
100 meters long, allowing a segment length of up to 200 meters when
one hub is inserted in the network.
> Switches
Switches are a special type of hub that offers an additional layer of
intelligence to basic, physical-layer repeater hubs. A switch must be
able to read the MAC address of each frame it receives. This
information allows switches to repeat incoming data frames only to the
computer or computers to which a frame is addressed. This speeds up
the network and reduces congestion.
Switches operate at both the physical layer and the data link layer of
the OSI Model.
> Bridges
A bridge is used to join two network segments together, it allows
computers on either segment to access resources on the other. They
can also be used to divide large networks into smaller segments.
Bridges have all the features of repeaters, but can have more nodes,
and since the network is divided, there is fewer computers competing
for resources on each segment thus improving network performance.
Bridges can also connect networks that run at different speeds,
different topologies, or different protocols. But they cannot, join an
Ethernet segment with a Token Ring segment, because these use
different networking standards.
Bridges operate at both the Physical Layer and the MAC sublayer of
the Data Link layer. Bridges read the MAC header of each frame to
determine on which side of the bridge the destination device is
located, the bridge then repeats the transmission to the segment
where the device is located.
> Routers
Are networking devices used to extend or segment networks by
forwarding packets from one logical network to another. Routers are
most often used in large internetworks that use the TCP/IP protocol
suite and for connecting TCP/IP hosts and local area networks (LANs)
to the Internet using dedicated leased lines.

Routers work at the network layer (layer 3) of the Open Systems

Interconnection (OSI) reference model for networking to move packets
between networks using their logical addresses (which, in the case of
TCP/IP, are the IP addresses of destination hosts on the network).
Because routers operate at a higher OSI level than bridges do, they
have better packet-routing and filtering capabilities and greater
processing power, which results in routers costing more than bridges.
Routers contain internal tables of information called routing tables that
keep track of all known network addresses and possible paths
throughout the internetwork, along with the cost of reaching each
network. Routers route packets based on the available paths and their
costs, thus taking advantage of redundant paths that can exist in a
mesh topology network. Because routers use destination network
addresses of packets, they work only if the configured network
protocol is a routable protocol such as TCP/IP or IPX/SPX. This is
different from bridges, which are protocol independent.
Static routers: These must have their routing tables configured
manually with all network addresses and paths in the internetwork.
Dynamic routers: These automatically create their routing tables by
listening to network traffic.
You can use routers, to segment a large network, and to connect local
area segments to a single network backbone that uses a different
physical layer and data link layer standard. They can also be used to
connect LAN's to a WAN's.
> Gateways
A gateway is a device used to connect networks using different
protocols. Gateways operate at the network layer of the OSI model.
In order to communicate with a host on another network, an IP host
must be configured with a route to the destination network. If a
configuration route is not found, the host uses the gateway (default IP
router) to transmit the traffic to the destination host. The default t
gateway is where the IP sends packets that are destined for remote
networks. If no default gateway is specified, communication is limited
to the local network.
Gateways receive data from a network using one type of protocol
stack, removes that protocol stack and repackages it with the protocol
stack that the other network can use.
Examples

• E-mail gateways—for example, a gateway that receives Simple

Mail Transfer Protocol (SMTP) e-mail, translates it into a
standard X.400 format, and forwards it to its destination
• Gateway Service for NetWare (GSNW), which enables a machine
running Microsoft Windows NT Server or Windows 2000 Server
to be a gateway for Windows clients so that they can access file
and print resources on a NetWare server
• Gateways between a Systems Network Architecture (SNA) host
and computers on a TCP/IP network, such as the one provided
by Microsoft SNA Server
• A packet assembler/disassembler (PAD) that provides
connectivity between a local area network (LAN) and an X.25
packet-switching network

> CSU / DSU (Channel Service Unit / Data Service Unit)

A CSU/DSU is a device that combines the functionality of a channel
service unit (CSU) and a data service unit (DSU). These devices are
used to connect a LAN to a WAN, and they take care of all the
translation required to convert a data stream between these two
methods of communication.
A DSU provides all the handshaking and error correction required to
maintain a connection across a wide area link, similar to a modem.
The DSU will accept a serial data stream from a device on the LAN and
translate this into a useable data stream for the digital WAN network.
It will also take care of converting any inbound data streams from the
WAN back to a serial communication.
A CSU is similar to a DSU except it does not have the ability to provide
handshaking or error correction. It is strictly an interface between the
LAN and the WAN and relies on some other device to provide
handshaking and error correction.
> NICs (Network Interface Card)
Network Interface Card, or NIC is a hardware card installed in a
computer so it can communicate on a network. The network adapter
provides one or more ports for the network cable to connect to, and it
transmits and receives data onto the network cable.

Wireless Network
Interface Card
 Network Interface
Card
Every networked computer must also have a network adapter driver,
which controls the network adapter. Each network adapter driver is
configured to run with a certain type of network adapter.
A networked computer must also have one or more protocol drivers
(sometimes called a transport protocol or just a protocol). The protocol
driver works between the upper-level network software and the
network adapter to package data to be sent on the network.
In most cases, for two computers to communicate on a network, they
must use identical protocols. Sometimes, a computer is configured to
use multiple protocols. In this case, two computers need only one
protocol in common to communicate. For example, a computer running
File and Printer Sharing for Microsoft Networks that uses both NetBEUI
and TCP/IP can communicate with computers using only NetBEUI or
TCP/IP.
> ISDN (Integrated Services Digital Network) adapters
Integrated Services Digital Network adapters can be used to send
voice, data, audio, or video over standard telephone cabling. ISDN
adapters must be connected directly to a digital telephone network.
ISDN adapters are not actually modems, since they neither modulate
nor demodulate the digital ISDN signal.
Like standard modems, ISDN adapters are available both as internal
devices that connect directly to a computer's expansion bus and as
external devices that connect to one of a computer's serial or parallel
ports. ISDN can provide data throughput rates from 56 Kbps to 1.544
Mbps (using a T1 carrier service).
ISDN hardware requires a NT (network termination) device, which
converts network data signals into the signaling protocols used by
ISDN. Some times, the NT interface is included, or integrated, with
ISDN adapters and ISDN-compatible routers. In other cases, an NT
device separate from the adapter or router must be implemented.
ISDN works at the physical, data link, network, and transport layers of
the OSI Model.
> WAPs (Wireless Access Point)
A wireless network adapter card with a transceiver sometimes called
an access point, broadcasts and receives signals to and from the
surrounding computers and passes back and forth between the
wireless computers and the cabled network.
Access points act as wireless hubs to link multiple wireless NICs into a
single subnet. Access points also have at least one fixed Ethernet port
to allow the wireless network to be bridged to a traditional wired
Ethernet network..
> Modems
A modem is a device that makes it possible for computers to
communicate over telephone lines. The word modem comes from
Modulate and Demodulate. Because standard telephone lines use
analog signals, and computers digital signals, a sending modem must
modulate its digital signals into analog signals. The computers modem
on the receiving end must then demodulate the analog signals into
digital signals.
Modems can be external, connected to the computers serial port by an
RS-232 cable or internal in one of the computers expansion slots.
Modems connect to the phone line using standard telephone RJ-11
connectors.
> Transceivers (media converters)
Transceiver short for transmitter-receiver, a device that both transmits
and receives analog or digital signals. The term is used most
frequently to describe the component in local-area networks (LANs)
that actually applies signals onto the network wire and detects signals
passing through the wire. For many LANs, the transceiver is built into
the network interface card (NIC). Some types of networks, however,
require an external transceiver.
In Ethernet networks, a transceiver is also called a Medium Access Unit
(MAU).
Media converters interconnect different cable types twisted pair, fiber,
and Thin or thick coax, within an existing network. They are often used
to connect newer 100-Mbps, Gigabit Ethernet, or ATM equipment to
existing networks, which are generally 10BASE-T, 100BASE-T, or a
mixture of both. They can also be used in pairs to insert a fiber
segment into copper networks to increase cabling distances and
enhance immunity to electromagnetic interference (EMI).
> Firewalls
In computing, a firewall is a piece of hardware and/or software which
functions in a networked environment to prevent some
communications forbidden by the security policy, analogous to the
function of firewalls in building construction.
A firewall has the basic task of controlling traffic between different
zones of trust. Typical zones of trust include the Internet (a zone with
no trust) and an internal network (a zone with high trust). The
ultimate goal is to provide controlled connectivity between zones of
differing trust levels through the enforcement of a security policy and
connectivity model based on the least privilege principle.
There are three basic types of firewalls depending on:

• whether the communication is being done between a single node

and the network, or between two or more networks
• whether the communication is intercepted at the network layer,
or at the application layer
• whether the communication state is being tracked at the firewall
or not

With regard to the scope of filtered communication there exist:

 • personal firewalls, a software application which normally filters
traffic entering or leaving a single computer through the
Internet.
• network firewalls, normally running on a dedicated network
device or computer positioned on the boundary of two or more
networks or DMZs (demilitarized zones). Such a firewall filters all
traffic entering or leaving the connected networks.

The latter definition corresponds to the conventional, traditional

meaning of "firewall" in networking.
In reference to the layers where the traffic can be intercepted,
three main categories of firewalls exist:

• network layer firewalls An example would be iptables.

• application layer firewalls An example would be TCP Wrapper.
• application firewalls An example would be restricting ftp services
through /etc/ftpaccess file

These network-layer and application-layer types of firewall may

overlap, even though the personal firewall does not serve a network;
indeed, single systems have implemented both together.
There's also the notion of application firewalls which are sometimes
used during wide area network (WAN) networking on the world-wide
web and govern the system software. An extended description would
place them lower than application layer firewalls, indeed at the
Operating System layer, and could alternately be called operating
system firewalls.
Lastly, depending on whether the firewalls track packet states,
two additional categories of firewalls exist:

• stateful firewalls
• stateless firewalls

Network layer firewalls

Network layer firewalls operate at a (relatively low) level of the TCP/IP
protocol stack as IP-packet filters, not allowing packets to pass
through the firewall unless they match the rules. The firewall
administrator may define the rules; or default built-in rules may apply
(as in some inflexible firewall systems).
A more permissive setup could allow any packet to pass the filter as
long as it does not match one or more "negative-rules", or "deny
rules". Today network firewalls are built into most computer operating
system and network appliances.
Modern firewalls can filter traffic based on many packet attributes like
source IP address, source port, destination IP address or port,
destination service like WWW or FTP. They can filter based on
protocols, TTL values, netblock of originator, domain name of the
source, and many other attributes.
Application-layer firewalls
Application-layer firewalls work on the application level of the TCP/IP
stack (i.e., all browser traffic, or all telnet or ftp traffic), and may
intercept all packets traveling to or from an application. They block
other packets (usually dropping them without acknowledgement to the
sender). In principle, application firewalls can prevent all unwanted
outside traffic from reaching protected machines.
By inspecting all packets for improper content, firewalls can even
prevent the spread of the likes of viruses. In practice, however, this
becomes so complex and so difficult to attempt (given the variety of
applications and the diversity of content each may allow in its packet
traffic) that comprehensive firewall design does not generally attempt
this approach.
> Proxies
A proxy device (running either on dedicated hardware or as software
on a general-purpose machine) may act as a firewall by responding to
input packets (connection requests, for example) in the manner of an
application, whilst blocking other packets.
Proxies make tampering with an internal system from the external
network more difficult, and misuse of one internal system would not
necessarily cause a security breach exploitable from outside the
firewall (as long as the application proxy remains intact and properly
configured). Conversely, intruders may hijack a publicly-reachable
system and use it as a proxy for their own purposes; the proxy then
masquerades as that system to other internal machines. While use of
internal address spaces enhances security, crackers may still employ
methods such as IP spoofing to attempt to pass packets to a target
network.
1-7 Media and Topologies

Posted February 22nd, 2007 by admin

1.7 Specify the general characteristics (For example: carrier speed,

frequency, transmission type and topology) of the following wireless
technologies:

> Infrared
Infrared (IR) radiation is electromagnetic radiation of a wavelength
longer than that of visible light, but shorter than that of microwave
radiation. The name means "below red" (from the Latin infra, "below"),
red being the color of visible light of longest wavelength.
> Bluetooth
Is an industrial specification for wireless personal area networks
(PANs). Bluetooth provides a way to connect and exchange
information between devices like personal digital assistants (PDAs),
mobile phones, laptops, PCs, printers and digital cameras via a secure,
low-cost, globally available short range radio frequency.
802.11 802.11x Infrared Bluetooth

Speed 500 802.11a > 115.2 1.2 > 720 Kbps

Kbps 54 Mbps Kbps 2.0 > 2.1 Mbps

802.11b >
11 Mbps

802.11g >
54 Mbps

Frequency Radio Radio Wave Light Radio Wave

Wave 802.11a > 5 Wave 2.45 GHz. In order to
GHz avoid interfering with
other protocols which
802.11b > use the 2.45 GHz
2.4 GHz band, the Bluetooth
protocol divides the
802.11g > band into 79 channels
2.4 GHz (each 1 MHz wide)
and changes channels
 up to 1600 times per
second.

Transmissio FHSS DSSS and Light FHSS

n OFDM (modulate
d,
switched
on and off,
to encode
the data.)

Topology Variou Various Various Various

s

FHSS Frequency-hopping spread spectrum is a spread-spectrum

method of transmitting radio signals by rapidly switching a carrier
among many frequency channels, using a pseudorandom sequence
known to both transmitter and receiver.
Spread-spectrum transmission offers these advantages over a fixed-
frequency transmission:

• Highly resistant to noise and interference.

• Signals are difficult to intercept. A Frequency-Hop spread-
spectrum signal sounds like a momentary noise burst or simply
an increase in the background noise for short Frequency-Hop
codes on any narrowband receiver except a Frequency-Hop
spread-spectrum receiver using the exact same channel
sequence as was used by the transmitter.
• Transmissions can share a frequency band with many types of
conventional transmissions with minimal interference. As a
result, bandwidth can be utilized more efficiently.

DSSS direct-sequence spread spectrum is a modulation technique

where the transmitted signal takes up more bandwidth than the
information signal that is being modulated, which is the reason that it
is called spread spectrum.
Comparison of DSSS and Frequency Hopped SS
DSSS
 • Flexible support of variable data rates
• High capacity is possible with enhancements (interference
cancellation, adaptive antenna, etc.)
• Suffers from near-far effect

FHSS

• Suitable for ad hoc networks (no near-far problem)

• Robust to interference
• Limited data rate

OFDM Orthogonal frequency-division multiplexing, also called discrete

multitone modulation (DMT), is a transmission technique based upon
the idea of frequency-division multiplexing (FDM).

• Used in some wireless LAN applications, including WiMAX and

IEEE 802.11a/g
• Used in many communications systems such as: ADSL, Wireless
LAN, Digital audio broadcasting.
1-8 Media and Topologies

Posted February 22nd, 2007 by admin

1.8 Identify factors which affect the range and speed of wireless service
(For example: interference, antenna type and environmental factors).

> 802.11g
Suffers from the same interference as 802.11b in the already crowded
2.4 GHz range. Devices operating in this range include microwave
ovens, Bluetooth devices, and cordless telephones.
Since the 2.4 GHz band is heavily used, using the 5 GHz band gives
802.11a the advantage of less interference. However, this high carrier
frequency also brings disadvantages. It restricts the use of 802.11a to
almost line of sight, necessitating the use of more access points; it
also means that 802.11a cannot penetrate as far as 802.11b since it is
absorbed more readily, other things (such as power) being equal.
> 802.11a
Transmits radio signals in the frequency range above 5 GHz. This
range is "regulated," meaning that 802.11a gear utilizes frequencies
not used by other commercial wireless products like cordless phones.
In contrast, 802.11b utilizes frequencies in the unregulated 2.4 GHz
range and encounters much more radio interference from other
devices.
> IEEE 802.11a / IEEE 802.11h
This is also a physical layer enhancement. IEEE 802.11a provides
significantly higher performance than 802.11b, at 54 Mbps. Unlike
802.11b, the 802.11a standard operates within the frequency range of
5.47 to 5.725 GHz and is not subject to the same interference from
other commercial electronic products. This higher frequency band
allows significantly higher speeds of communication over the 2.4 GHz
range.
802.11g APs are backward compatible with 802.11b APs. This
backward compatibility with 802.11b is handled through the MAC
layer, not the physical layer. On the negative side, because 802.11g
operates at the same frequency as 802.11b, it is subject to the same
interferences from electronic devices such as cordless phones. Since
the standard’s approval in June 2003, 802.11g products are gaining
momentum and will most likely become as widespread as 802.11b
products. Table II-1 displays basic 802.11b/a/g characteristics.
The common range of operation for 802.11b is 150 feet for a floor
divided into individual offices by concrete or sheet-rock, about 300 feet
in semi-open indoor spaces such as offices partitioned into individual
workspaces, and about 1000 feet in large open indoor areas.
Disadvantages of 802.11b include interference from electronic
products such as cordless phones and microwave ovens.
Range
The layout of your building can reduce the range.

• A lot of concrete walls can reduce your range.

• The size of the antenna and the placement greatly affect the
range of their signals
• The weather and amount of water vapor in the air can affect
your signals strength

Speed

• The layout of your building can reduce the speed

• The size of the antenna and its signal can affect your speed
• The weather and amount of water vapor can weaken the signal
and affect your speed
2-1 Protocols and Standards

Posted February 27th, 2007 by admin

2.1 Identify a MAC (Media Access Control) address and its parts.

Every device on the network must have a unique MAC address to

ensure proper receiving and transmission of data. The MAC address is
a device's actual physical address, which is usually designated by the
manufacturer of the device
Medium Access Control sublayer Operations The purpose of the MAC
sublayer is to determine when each frame should be passed on to the
physical layer to be transmitted as a data signal over the network. The
MAC sublayer governs which devices have permission to transmit data
over the network and when. There are four basic methods for
controlling access to the network, polling, contention, token passing,
and switching.
The data link layer is divided into two sublayers: The Media Access
Control (MAC) layer and the Logical Link Control (LLC) layer. The MAC
sublayer controls how a computer on the network gains access to the
data and permission to transmit it. The LLC layer controls frame
synchronization, flow control and error checking.

2.2 Identify the seven layers of the OSI (Open Systems Interconnect) model
and their functions.

APPLICATION Gives user applications access to network. This

layer represents the services, that directly support
layer 7 the user applications such as software for file
 transfers, database access, and E-mail

PRESENTATION The presentation layer, usually part of an operating

system, converts incoming and outgoing data from
layer 6 one presentation format to another. Presentation
layer services include data encryption and text
compression.

SESSION Opens manages, and closes conversations between

two computers. It performs name recognition and the
layer 5 functions such as security, needed to allow two
applications to communicate over the network, also
provides error handling.

TRANSPORT This layer provides transparent transfer of data

between end systems, or hosts, and is responsible
layer 4 for end-to-end error recovery and flow control. It
ensures complete data transfer.
Sequences data packets, and requests
retransmission of missing packets. It also
repackages messages for more efficient
transmission over the network.

NETWORK Establishes, maintains and terminates network

connections. Routes data packets across network
layer 3 segments. Translates logical addresses and names
into physical addresses.

DATA LINK Transmits frames of data from computer to computer

on the same network segment. Ensures the reliability
layer 2 of the physical link established at layer 1. Standards
define how data frames are recognized and provide
the necessary flow control and error handling at the
frame set.
The data link layer is divided into two sublayers: The
Media Access Control (MAC) layer and the Logical
Link Control (LLC) layer. The MAC sublayer controls
how a computer on the network gains access to the
data and permission to transmit it. The LLC layer
controls frame synchronization, flow control and
error checking.

PHYSICAL The Physical layer defines all the electrical and

 physical specifications for devices. This includes the
layer 1 layout of pins, voltages, and cable specifications.
Hubs, repeaters and network adapters are physical-
layer devices.
Defines cabling and connections. Transmits data
over the physical media.

2.3 Identify the OSI (Open Systems Interconnect) layers at which the
following network components operate:

> Hubs, Switches, Bridges, Routers, NICs (Network Interface

Card), WAPs (Wireless Access Point)
APPLICATION • DHCP
• DNS
layer 7 • FTP
• HTTP
• IMAP4
• IRC
• NNTP
• XMPP
• MIME
• POP3
• SIP
• SMTP
• SNMP
• SSH
• TELNET
• BGP
• RPC
• RTP
• RTCP
• TLS/SSL
• SDP
• SOAP
• L2TP

• PPTP

PRESENTATION • AFP, AppleShare File Protocol

• GIF
layer 6 • ICA Citrix Systems Core Protocol
• JPEG, Joint Photographic Experts Group
 • LPP, Lightweight Presentation Protocol
• NCP, NetWare Core Protocol
• NDR, Network Data Representation
• PNG, Portable Network Graphics
• TIFF, Tagged Image File Format
• XDR, eXternal Data Representation

• X.25 PAD, Packet

Assembler/Disassembler Protocol

SESSION • ADSP, AppleTalk Data Stream Protocol

• ASP, AppleTalk Session Protocol
layer 5 • H.245, Call Control Protocol for
Multimedia Communication
• iSNS, Internet Storage Name Service
• L2F, Layer 2 Forwarding Protocol
• L2TP, Layer 2 Tunneling Protocol
• NetBIOS, Network Basic Input Output
System
• PAP, Printer Access Protocol
• PPTP, Point-to-Point Tunneling Protocol
• RPC, Remote Procedure Call Protocol
• RTP, Real-time Transport Protocol
• RTCP, Real-time Transport Control
Protocol
• SMPP, Short Message Peer-to-Peer
• SCP, Secure Copy Protocol
• SSH, Secure Shell

• ZIP, Zone Information Protocol

TRANSPORT • AEP, AppleTalk Echo Protocol

• ATP, AppleTalk Transaction Protocol
layer 4 • CUDP, Cyclic UDP
• DCCP, Datagram Congestion Control
Protocol
• FCP, Fiber Channel Protocol
• FCIP, Fiber Channel over TCP/IP
• IL, IL Protocol
• iSCSI, Internet Small Computer System
Interface
• NBP, Name Binding Protocol
• NetBEUI, NetBIOS Extended User
Interface
 • SPX, Sequenced Packet Exchange
• RTMP, Routing Table Maintenance
Protocol
• SCTP, Stream Control Transmission
Protocol
• SCSI, Small Computer System Interface
• TCP, Transmission Control Protocol

• UDP, User Datagram Protocol

NETWORK Routers - Switches - Bridges

layer 3 • IP/IPv6, Internet Protocol

o DVMRP, Distance Vector Multicast
Routing Protocol
o ICMP, Internet Control Message
Protocol
o IGMP, Internet Group Multicast
Protocol
o PIM-SM, Protocol Independent
Multicast Sparse Mode
o PIM-DM, Protocol Independent
Multicast Dense Mode
• IPSec, Internet Protocol Security
• IPX, Internetwork Packet Exchange
o RIP, Routing Information Protocol
o NLSP, NetWare Link State
Protocol
• X.25, Packet Level Protocol
o X.75, Packet Switched Signaling
Between Public Networks

• DDP, Datagram Delivery Protocol

DATA LINK • ARCnet
• ATM
layer 2 • Cisco Discovery Protocol (CDP)
• Controller Area Network (CAN)
• Econet
• Ethernet
• Fiber Distributed Data Interface (FDDI)
• Frame Relay
• High-Level Data Link Control (HDLC)
• IEEE 802.2 (provides LLC functions to
IEEE 802 MAC layers)
• IEEE 802.11 wireless LAN
• LocalTalk
• Multiprotocol Label Switching (MPLS)
• Point-to-Point Protocol (PPP)
• Serial Line Internet Protocol (SLIP
• StarLan

• Token ring

PHYSICAL Network adapters - Repeaters - Ethernet hubs -

Modems - Wireless 802.11x
layer 1
• xDSL
• IRDA physical layer
• USB physical layer
• Firewire
• EIA RS-232, EIA-422, EIA-423, RS-449,
RS-485
• ITU Recommendations: see ITU-T
• DSL
• ISDN
• T1 and other T-carrier links, and E1 and
other E-carrier links
• 10BASE-T, 10BASE2, 10BASE5,
100BASE-TX, 100BASE-FX, 100BASE-T,
1000BASE-T, 1000BASE-SX and other
varieties of the Ethernet physical layer
• Wireless 802.11x
• SONET/SDH
• GSM radio interface
• Bluetooth physical layer

• IEEE 802.11x Wi-Fi physical layers

2.4 Differentiate between the following network protocols in terms of
routing, addressing schemes, interoperability and naming
conventions:

> TCP/IP
Transmission Control Protocol, A connection based Internet
protocol responsible for breaking data into packets, which the IP
protocol sends over the network. IP is located at the TCP/IP Internet
layer which corresponds to the network layer of the OSI Model. IP is
responsible for routing packets by their IP address.
IP is a connectionless protocol. which means, IP does not establish a
connection between source and destination before transmitting data,
thus packet delivery is not guaranteed by IP. Instead, this must be
provided by TCP. TCP is a connection based protocol and, is designed
to guarantee delivery by monitoring the connection between source
and destination before data is transmitted. TCP places packets in
sequential order and requires acknowledgment from the receiving
node that they arrived properly before any new data is sent.

TCP/IP model
 Application layer
DHCP - DNS - FTP - HTTP - IMAP4 - IRC - NNTP - XMPP - MIME -
POP3 - SIP - SMTP - SNMP - SSH - TELNET - BGP - RPC - RTP -
RTCP - TLS/SSL - SDP - SOAP - L2TP - PPTP
Transport layer
This layer deals with opening and maintaining connections, ensuring that
packets are in fact received. This is where flow-control and connection
protocols exist, such as: TCP - UDP - DCCP - SCTP - GTP
Network layer
IP (IPv4 - IPv6) - ARP - RARP - ICMP - IGMP - RSVP - IPSec
Data link layer
ATM - DTM - Ethernet - FDDI - Frame Relay - GPRS - PPP
Physical layer
Ethernet physical layer - ISDN - Modems - PLC - RS232 - SONET/SDH -
G.709 - Wi-Fi
> IPX/SPX
Internetwork Packet Exchange/Sequenced Packet Exchange
developed by Novell and is used primarily on networks that use the
Novell NetWare network operating system. The IPX and SPX protocols
provide services similar to those offered by IP and TCP. Like IP, IPX is
a connectionless network layer protocol. SPX runs on top of IPX at the
transport layer and, like TCP, provides connection oriented,
guaranteed delivery.
IPX nodes do not have to be configured with a unique node identifier;
instead, they copy the MAC address of the network interface card into
the IPX node address field. The IPX header contains information about
which transport layer protocol receives a particular packet. With IPX,
this information is contained in the destination socket field. Servers
have pre specified destination socket numbers, so workstations always
know what value to use to send information to the server. In contrast,
these workstations assign source socket numbers dynamically for their
own protocols outside the server socket number's range.
IPX routing protocols require each logical network to have a different
network number in order to forward IPX packets correctly. But, unlike
IP, with IPX only servers and routers must be configured with a
network number. New network stations first use dynamic Routing
Information Protocol (RIP) routing packets to learn network
topography and configuration from servers and routers and then
configure themselves accordingly.
Because IPX is a connectionless protocol, NetWare servers are unable
to tell if a station's connection to the server is currently active. To
avoid reserving resources for inactive users, the NetWare server sends
a watchdog packet to a client after a predetermined length of
inactivity. The packet asks if the client is still connected and, if the
client does not respond, the server terminates the connection.
SPX is connection oriented and, thus, does not require the use of
watchdog packets. However, network devices will keep an SPX session
open by sending keep alive packets to verify the connection.
> NetBEUI
NetBIOS Enhanced User Interface was designed as a small, efficient
protocol for use in department-sized LANs of 20-200 computers that
do not need to be routed to other subnets. NetBEUI is used almost
exclusively on small, non-routed networks.
As an extension of NetBIOS, NetBEUI is not routable, therefore
networks supporting NetBEUI must be connected with bridges, rather
than routers, like NetBIOS, the NetBEUI interface must be adapted to
routable protocols like TCP/IP for communication over WANs.
> AppleTalk
AppleTalk is a LAN architecture built into all Apple Macintosh
computers. While AppleTalk is a proprietary network, many companies
now market AppleTalk based products, including Novell and Microsoft.
Similarly, designed to be link layer independent, AppleTalk supports
Apple's LocalTalk cabling scheme, but also runs over Ethernet
(EtherTalk), Token Ring (TokenTalk), and Fiber Distributed Data
Interface, or FDDI (FDDITalk).
AppleTalk node addresses are assigned dynamically to ensure minimal
network administration overhead. When a node running AppleTalk
starts up, it generates a random network layer protocol address and
then sends out a broadcast to determine whether that particular
address is already in use. If it is, the node with the conflicting address
responds and the broadcasting node selects a new address and
repeats the inquiry process.
2-2 Protocols and Standards

Posted February 27th, 2007 by admin

2.5 Identify the components and structure of IP (Internet Protocol)

addresses (IPv4, IPv6) and the required setting for connections
across the Internet.

An IP is a 32-bit number comprised of a host number and a network

prefix, both of which are used to uniquely identify each node within a
network. A shortage of available IP addresses has prompted the
creation of an addressing scheme known as Classless Inter-Domain
Routing (CIDR). Among other capabilities, CIDR allows one IP address
to designate many unique IP addresses within a network. In addition,
the current version of the IP address, IPv4, is being upgraded to IPv6.
The latter uses a 128-bit address, allowing for 2128 total IP addresses,
as opposed to IPv4's 232.
> Internet Protocol version 4
Is the fourth iteration of the Internet Protocol (IP) and it is the first
version of the protocol to be widely deployed. IPv4 is the dominant
network layer protocol on the Internet and apart from IPv6 it is the
only protocol used on the Internet.
IPv4 is a data-oriented protocol to be used on a packet switched
internetwork (e.g., Ethernet). It is a best effort protocol in that it
doesn't guarantee delivery. It doesn't make any guarantees on the
correctness of the data; it may result in duplicated packets and/or
packets out-of-order.
> Internet Protocol version 6 (IPv6)
A network layer protocol for packet-switched internetworks. It is
designated as the successor of IPv4, the current version of the
Internet Protocol, for general use on the Internet.
The main improvement brought by IPv6 (Internet Protocol version 6)
is the increase in the number of addresses available for networked
devices, allowing, for example, each mobile phone and mobile
electronic device to have its own address. IPv4 supports 232 (about
4.3 billion) addresses, which is inadequate for giving even one address
to every living person, let alone supporting embedded and portable
devices. IPv6, however, supports 2128 addresses; this is
approximately 5×1028 addresses for each of the roughly 6.5 billion
people alive today.
2.6 Identify classful IP (Internet Protocol) ranges and their subnet masks
(For example: Class A, B and C).

Systems that have interfaces to more than one network require a

unique IP address for each network interface. The first part of an
Internet address identifies the network on which the host resides,
while the second part identifies the particular host on the given
network. This creates the two-level addressing hierarchy.
The leading portion of each IP address identifies the network prefix. All
hosts on a given network share the same network prefix but must
have a unique host number. Similarly, any two hosts on different
networks must have different network prefixes but may have the same
host number.
Address Class Decimal Notation Ranges

Class A 1.xxx.xxx.xxx through 126.xxx.xxx.xxx

Class B 128.0.xxx.xxx through 191.255.xxx.xxx
Class C 192.0.0.xxx through 223.255.255.xxx

The “xxx” represents the host number field of the address that is
assigned by the local network administrator.
Class A - addresses are intended for very large networks and can
address up to 16,777,216 (224) hosts per network. The first digits of a
Class A addresses will be a number between 1 and 126, the network
ID start bit is 0 and default subnet mask is 255.0.0.0
Class B - addresses are intended for moderate sized networks and can
address up to 65,536 (216) hosts per network. The first digits of a
Class B address will be a number between 128 and 191, the network
ID start bit is 10 and the default subnet mask is 255. 255.0.0
Class C - intended for small networks and can address only up to 254
(28-2) hosts per network. The first digits of a Class C address will be a
number between 192 and 223, the network ID start bit is 110 and
their default subnet mask is 255. 255. 255.0
Basic Class A, B, and C Network Address's

Class A Class B Class C

Router A Router B Router C

10.10.0.0 128.28.0.0 192.28.0.0

Switch Switch Switch

10.10.0.1 128.28.0.1 192.28.0.1

10.10.0.2 128.28.0.2 192.28.0.2

2.7 Identify the purpose of subnetting.

A subnet mask is used to mask a portion of the IP address, so that

TCP/IP can tell the difference between the network ID and the host ID.
TCP/IP uses the subnet mask to determine whether the destination is
on a local or remote network.
Advantages of subnetting a network include the following:

• Reducing network congestion by limiting the range of broadcasts

using routers
• Enabling different networking architectures to be joined

2.8 Identify the differences between private and public network addressing
schemes.

> Public IP Addresses

For a computer to be visible on the Internet, it must be reachable
through a public IP address. The IANA assigns ranges of public IP
addresses to organizations that can then assign IP addresses within
those ranges to individual computers. This prevents multiple
computers from having the same IP address.
The public IP address can be assigned through a Dynamic Host
Configuration Protocol (DHCP) server, configured manually, or
provided by an Internet service provider (ISP).
> Authorized Private IP Addresses
The IANA has reserved a certain number of IP addresses that are
never used on the global Internet. These private IP addresses are used
for networks that do not want to directly connect to the Internet but
nevertheless require IP connectivity. For example, a user wanting to
connect multiple Windows based computers in a home network can
use the Automatic Private IP Addressing (APIPA) feature to allow each
computer to automatically assign itself a private IP address. The user
does not need to configure an IP address for each computer, nor is a
DHCP server needed.
Computers on a network using authorized private IP addressing can
connect to the Internet through the use of another computer with
either proxy or network address translator (NAT) capabilities.
> Unauthorized Private IP Addresses
It is possible, when there is an absolute certainty that your network
will never access the Internet, to assign to a node a 32-bit
unauthorized private IP address of your choosing. Keep in mind that if
any Internet connectivity is ever established with any node on your
network, these unauthorized private IP addresses could generate
significant problems that would require you to immediately change the
IP address of every node that you had assigned in this manner.

2.9 Identify and differentiate between the following IP (Internet Protocol)

addressing methods:

> Static / Dynamic

An IP network is somewhat similar to the telephone network in that
you have to have the phone number to reach a destination. The big
difference is that IP addresses are often temporary (dynamic).
Each device in an IP network is either assigned a permanent address
(static) by the network administrator or is assigned a temporary
address (dynamic) via DHCP software. Routers, firewalls and proxy
servers use static addresses as do most servers and printers that
serve multiple users. Client machines may use static or dynamic IP
addresses. The IP address assigned to your service by your cable or
DSL Internet provider is typically dynamic IP. In routers and operating
systems, the default configuration for clients is dynamic IP.
> Self-assigned (APIPA (Automatic Private Internet Protocol
Addressing))
Automatic Private IP Addressing (APIPA) is a feature of Windows-
based operating systems (included in Windows 98, ME, 2000, and XP)
that enables a computer to automatically assign itself an IP address
when there is no Dynamic Host Configuration Protocol (DHCP) server
available to perform that function.
Using APIPA, a Windows based client assigns itself an IP address from
a range reserved for authorized private class B network addresses
(169.254.0.1 through 169.254.255.254), with a subnet mask of
255.255.0.0. A computer with an authorized private address cannot
directly communicate with hosts outside its subnet, including Internet
hosts. APIPA is most suitable for small, single-subnet networks, such
as a home or small office. APIPA is enabled by default if no DHCP
servers are available on the network.
Note APIPA assigns only an IP address and subnet mask; it does not
assign a default gateway, nor does it assign the IP addresses of DNS
or WINS servers. Use APIPA only on a single-subnet network that
contains no routers. If your small office or home office network is
connected to the Internet or a private intranet, do not use APIPA.

2.10 Define the purpose, function and use of the following protocols used
in the TCP / IP (Transmission Control Protocol / Internet Protocol)
suite:

> TCP (Transmission Control Protocol)

Transmission Control Protocol, A connection based Internet protocol
responsible for breaking data into packets, which the IP protocol sends
over the network. IP is located at the TCP/IP Internet layer which
corresponds to the network layer of the OSI Model. IP is responsible
for routing packets by their IP address.
IP is a connectionless protocol. which means, IP does not establish a
connection between source and destination before transmitting data,
thus packet delivery is not guaranteed by IP. Instead, this must be
provided by TCP. TCP is a connection based protocol and, is designed
to guarantee delivery by monitoring the connection between source
and destination before data is transmitted. TCP places packets in
sequential order and requires acknowledgment from the receiving
node that they arrived properly before any new data is sent.
> UDP (User Datagram Protocol)
User Datagram Protocol runs on top of IP and is used as an alternative
to TCP. UDP does not, however, provide any error checking for
guaranteeing packet delivery. Because UDP is not as complex as TCP,
it is also faster. It is often used for broadcast messages and for
streaming audio and video. UDP is a connectionless transport protocol.
All upper layer applications that use TCP or UDP have a port number
that identifies the application. This enables the port number to identify
the type of service that one TCP system is requesting from another.
Some commonly used ports
Port Number Service
80 HTTP
21 FTP
110 POP3
25 SMTP
23 Telnet
> FTP (File Transfer Protocol)
An Internet standard application-level TCP/IP protocol that can be
used for transferring files between hosts on a TCP/IP internetwork.
File Transfer Protocol (FTP) is one of the earliest Internet protocols,
and is still used for uploading and downloading files between clients
and servers. An FTP client is an application that can issue FTP
commands to an FTP server, while an FTP server is a service or
daemon running on a server that responds to FTP commands from a
client. FTP commands can be used to change directories, change
transfer modes between binary and ASCII, upload files, and download
files.
> SFTP (Secure File Transfer Protocol)
SSH File Transfer Protocol or SFTP is a network protocol that provides
file transfer and manipulation functionality over any reliable data
stream. It is typically used with the SSH-2 protocol to provide secure
file transfer, but is intended to be usable with other protocols as well.
The sftp program provides an interactive interface similar to that of
traditional FTP clients.
> TFTP (Trivial File Transfer Protocol)
Trivial File Transfer Protocol is a file transfer protocol that transfers
files to and from a remote computer running the TFTP service. TFTP
was designed with less functions than FTP.
> SMTP (Simple Mail Transfer Protocol)
Simple Mail Transfer Protocol, is used to transfer messages between
two remote computers. It is used on the Internet, and is part of the
TCP/IP protocol stack.
> HTTP (Hypertext Transfer Protocol)
Hypertext Transfer Protocol is the underlying protocol for the World
Wide Web. HTTP defines how all resources on the web are transferred
and what action web servers and browsers should take in response to
commands.
HTTP is a "stateless" protocol, meaning each command is executed
independently, without any knowledge of the commands that came
before it.
> HTTPS (Hypertext Transfer Protocol Secure)
The secure hypertext transfer protocol is a communications protocol
designed to transfer encrypted information between computers over
the World Wide Web. HTTPS is HTTP using a Secure Socket Layer
(SSL). A secure socket layer is an encryption protocol invoked on a
Web server that uses HTTPS. Most implementations of the HTTPS
protocol involve online purchasing or the exchange of private
information. Accessing a secure server often requires some sort of
registration, login, or purchase. The successful use of the HTTPS
protocol requires a secure server to handle the request.
> POP3 / IMAP4 (Post Office Protocol version 3 / Internet
Message Access Protocol version 4)
Post Office Protocol, used to retrieve e-mail from a mail server. Most
e-mail applications use the POP protocol, although some use the newer
IMAP (Internet Message Access Protocol).
This older POP2 requires SMTP to send messages. While POP3, can be
used with or without SMTP.
> Telnet
Short for Telecommunication Network, a virtual terminal protocol
allowing a user logged on to one TCP/IP host to access other hosts on
the network.
> SSH (Secure Shell)
Secure Shell or SSH is a set of standards and an associated network
protocol that allows establishing a secure channel between a local and
a remote computer. It uses public-key cryptography to authenticate
the remote computer and (optionally) to allow the remote computer to
authenticate the user. SSH provides confidentiality and integrity of
data exchanged between the two computers using encryption and
message authentication codes (MACs). SSH is typically used to log into
a remote machine and execute commands, but it also supports
tunneling, forwarding arbitrary TCP ports and X11 connections; it can
transfer files using the associated SFTP or SCP protocols. An SSH
server, by default, listens on the standard TCP port 22.
> ICMP (Internet Control Message Protocol)
Internet Control Message Protocol is a maintenance protocol in the
TCP/IP suite, required in every TCP/IP implementation, that allows two
nodes on an IP network to share IP status and error information. ICMP
is used by the ping utility to determine the readability of a remote
system.
> ARP / RARP (Address Resolution Protocol / Reverse Address
Resolution Protocol)
Address Resolution Protocol, is a TCP/IP protocol used to convert an IP
address into a physical address, such as an Ethernet address. A host
wishing to obtain a physical address broadcasts an ARP request onto
the TCP/IP network. The host on the network that has the IP address
in the request then replies with its physical hardware address.
> NTP (Network Time Protocol)
The Network Time Protocol is used to synchronize the time of a
computer client or server to another server or reference time source,
such as a radio or satellite receiver or modem. It provides accuracy's
typically within a millisecond on LANs and up to a few tens of
milliseconds on WANs.
> SNMP
Simple Network Management Protocol, is a TCP/IP protocol for
monitoring networks and network components. SNMP uses small utility
programs called agents to monitor behavior and traffic on the network,
in order to gather statistical data.
These agents can be loaded onto managed devices such as hubs,
NIC's, servers, routers, and bridges. The gathered data is stored in a
MIB (management information base).
To collect the information in a usable form, a management program
console polls these agents and downloads the information from their
MIB's, which then can be displayed as graphs, charts and sent to a
database program to be analyzed.
> NNTP (Network News Transport Protocol)
The Network News Transfer Protocol or NNTP is an Internet application
protocol used primarily for reading and posting Usenet articles, as well
as transferring news among news servers.
> SCP (Secure Copy Protocol)
Secure Copy or SCP is a means of securely transferring computer files
between a local and a remote host or between two remote hosts, using
the Secure Shell (SSH) protocol.
The protocol itself does not provide authentication and security; it
expects the underlying protocol, SSH, to secure this.
The SCP protocol implements file transfers only. It does so by
connecting to the host using SSH and there executes an SCP server
(scp). The SCP server program is typically the very same program as
the SCP client.
> LDAP (Lightweight Directory Access Protocol)
Lightweight Directory Access Protocol, or LDAP, is a networking
protocol for querying and modifying directory services running over
TCP/IP.
A directory is a set of information with similar attributes organized in a
logical and hierarchical manner. The most common example is the
telephone directory, which consists of a series of names organized
alphabetically, with an address and phone number attached.
An LDAP directory often reflects various political, geographic, and/or
organizational boundaries, depending on the model chosen. LDAP
deployments today tend to use Domain Name System (DNS) names
for structuring the topmost levels of the hierarchy. Deeper inside the
directory might appear entries representing people, organizational
units, printers, documents, groups of people or anything else which
represents a given tree entry.
> IGMP (Internet Group Multicast Protocol)
The Internet Group Management Protocol is a communications protocol
used to manage the membership of Internet Protocol multicast groups.
IGMP is used by IP hosts and adjacent multicast routers to establish
multicast group memberships. It is an integral part of the IP multicast
specification, like ICMP for unicast connections. IGMP can be used for
online video and gaming, and allows more efficient use of resources
when supporting these uses.
> LPR (Line Printer Remote)
The Line Printer Daemon protocol/Line Printer Remote protocol (or
LPD, LPR) also known as the Berkeley printing system, is a set of
programs that provide printer spooling and network print server
functionality for Unix-like systems. The most common implementations
of LPD are the official BSD UNIX operating system and the LPRng
project. The Common Unix Printing System (or CUPS), which is more
common on modern Linux distributions, borrows heavily from LPD.
A printer that supports LPD/LPR is sometimes referred to as a "TCP/IP
printer" (TCP/IP is used to establish connections between printers and
workstations on a network), although that term seems equally
applicable to a printer that supports CUPS.
2-3 Protocols and Standards

Posted February 27th, 2007 by admin

2.11 Define the function of TCP / UDP (Transmission Control Protocol /

User Datagram Protocol) ports.

> Transmission Control Protocol

A connection based Internet protocol responsible for breaking data into
packets, which the IP protocol sends over the network. IP is located at
the TCP/IP Internet layer which corresponds to the network layer of
the OSI Model. IP is responsible for routing packets by their IP
address.
> User Datagram Protocol
Runs on top of IP and is used as an alternative to TCP. UDP does not,
however, provide any error checking for guaranteeing packet delivery.
Because UDP is not as complex as TCP, it is also faster. It is often used
for broadcast messages and for streaming audio and video. UDP is a
connectionless transport protocol.

2.12 Identify the well-known ports associated with the following commonly
used services and protocols:

Protocol Common Port

FTP (File Transfer Protocol) 20, 21

SSH (Secure Shell) 22

Telnet 23

SMTP (Simple Mail Transfer Protocol) 25

DNS (Domain Name Service) 53

TFTP (Trivial File Transfer Protocol) 69

HTTP (Hypertext Transfer Protocol) 80

POP3 (Post Office Protocol version 3) 110

NNTP (Network News Transport Protocol) 119

NTP (Network Time Protocol) 123

IMAP4 (Internet Message Access Protocol

143
version 4)

HTTPS (Hypertext Transfer Protocol Secure) 443

2.13 Identify the purpose of network services and protocols:

> DNS (Domain Name Service)

DNS name resolution is used on the Internet to map friendly names to
IP addresses, and vice versa. For example instead of trying to
remember an IP address composed of numbers, such as 198.46.8.34
you could with the DNS type HTTP://www.microsoft.com.
In Microsoft Windows 2000, Microsoft Windows Server™ 2003, and
Microsoft Windows XP environments, DNS is the default name
resolution method.
> NAT
(Network Address Translation)
Network Address Translation is a process that lets an entire network
connect to a PPP server and appear as a single IP address, thus
helping to conceal IP addresses from external hackers and to alleviate
address space shortage.
> ICS (Internet Connection Sharing)
You can choose one computer to share an Internet connection with the
rest of the computers on your home or small office network. This
computer is called the Internet Connection Sharing (ICS) host
computer.
To determine which computer should be your ICS host computer, use
the following guidelines:

• The computer must be one that you can leave on at all times so
that other computers on the network can access the Internet. If
the computer is turned off, the connection to the Internet will
not be available.
• If one computer has a DSL or cable modem, use that computer
as the ICS host computer.
• If you plan to use a shared printer for your network, the printer
should be installed on the ICS host computer.

> WINS (Windows Internet Name Service)

While DNS resolves host names to IP addresses, WINS resolves
NetBIOS names to IP addresses. Windows Internet Name Service
provides a dynamic database of IP address to NetBIOS name
resolution mappings.
WINS, determines the IP address associated with a particular network
computer. This is called name resolution. WINS supports network
client and server computers running Windows.
WINS uses a distributed database that is automatically updated with
the names of computers currently available and the IP address
assigned to each one.
DNS is an alternative for name resolution suitable for network
computers with fixed IP addresses.
> SNMP (Simple Network Management Protocol)
Simple Network Management Protocol, is a TCP/IP protocol for
monitoring networks and network components. SNMP uses small utility
programs called agents to monitor behavior and traffic on the network,
in order to gather statistical data.
These agents can be loaded onto managed devices such as hubs,
NIC's, servers, routers, and bridges. The gathered data is stored in a
MIB (management information base).
To collect the information in a usable form, a management program
console polls these agents and downloads the information from their
MIB's, which then can be displayed as graphs, charts and sent to a
database program to be analyzed.
> NFS (Network File System)
Network File System (NFS) is a distributed file system that allows
users to access files and directories located on remote computers and
treat those files and directories as if they were local.
> Zeroconf (Zero configuration)
Zero Configuration Networking is a set of techniques that automatically
create a usable IP network without configuration or special servers.
This allows unknowledgeable users to connect computers, networked
printers, and other items together and expect them to work
automatically. Without Zeroconf or something similar, a knowledgeable
user must either set up special servers, like DHCP and DNS, or set up
each computer's network settings manualy.
Zeroconf currently solves three problems :

• Choose numeric network addresses for networked items

• Figure out which computer has a certain name
• Figure out where to get services, like printing.

> SMB (Server Message Block)

A file-sharing protocol designed to allow networked computers to
transparently access files that reside on remote systems over a variety
of networks. The SMB protocol defines a series of commands that pass
information between computers. SMB uses four message types:
session control, file, printer, and message. It is mainly used by
Microsoft Windows equipped computers.
SMB works through a client-server approach, where a client makes
specific requests and the server responds accordingly. One section of
the SMB protocol is specifically for filesystem access, such that clients
may make requests to a file server. The SMB protocol was optimised
for local subnet usage, but one could use it to access different subnets
across the Internet on which MS Windows file-and-print sharing
exploits usually focus.
Client computers may have their own hard disks, which are not
publicly shared, yet also want access to the shared file systems and
printers on the server, and it is for this primary purpose that SMB is
best known and most heavily used.
> AFP (Apple File Protocol)
The file sharing protocol used in an AppleTalk network. In order for
non-Apple networks to access data in an AppleShare server, their
protocols must translate into the AFP language.
AFP versions 3.0 and greater rely exclusively on TCP/IP (port 548 or
427) for establishing communication, supporting AppleTalk only as a
service discovery protocol. The AFP 2.x family supports both TCP/IP
and AppleTalk for communication and service discovery.
> LPD (Line Printer Daemon) and Samba).
LPD is the primary UNIX printing protocol used to submit jobs to the
printer. The LPR component initiates commands such as "print waiting
jobs," "receive job," and "send queue state," and the LPD component
in the print server responds to them.
The most common implementations of LPD are in the official BSD
UNIX operating system and the LPRng project. The Common Unix
Printing System (or CUPS), which is more common on modern Linux
distributions, borrows heavily from LPD.
Unix and Mac OS X Servers use the Open Source SAMBA to provide
Windows users with Server Message Block (SMB) file sharing.
2.14 Identify the basic characteristics (For example: speed, capacity and
media) of the following WAN (Wide Area Networks) technologies:

> Packet switching

Packet switching offers more efficient use of a telecommunication
provider's network bandwidth. With packet switching, the switching
mechanisms on the network route each data packet from switch to
switch individually over the network using the best-available path. Any
one physical link in a packet-switched network can carry packets from
many different senders and for many different destinations. Where as
in a circuit switched connection, the bandwidth is dedicated to one
sender and receiver only.
> Circuit switching
With circuit switching, data travels over a fixed path that is established
at the beginning of the connection and remains open until the
connection is terminated. A telephone call is an example of a circuit
switched link. When you dial a number the telecommunication
provider, establishes an open circuit between your phone and the
phone of the person you are calling. No other calls can be placed over
this circuit until you hang up.
> ISDN (Integrated Services Digital Network)
Integrated Services Digital Network adapters can be used to send
voice, data, audio, or video over standard telephone cabling. ISDN
adapters must be connected directly to a digital telephone network.
ISDN adapters are not actually modems, since they neither modulate
nor demodulate the digital ISDN signal.
Like standard modems, ISDN adapters are available both as internal
devices that connect directly to a computer's expansion bus and as
external devices that connect to one of a computer's serial or parallel
ports. ISDN can provide data throughput rates from 56 Kbps to 1.544
Mbps using a T1 service.
ISDN hardware requires a NT (network termination) device, which
converts network data signals into the signaling protocols used by
ISDN. Some times, the NT interface is included, or integrated, with
ISDN adapters and ISDN-compatible routers. In other cases, an NT
device separate from the adapter or router must be implemented.
ISDN works at the physical, data link, network, and transport layers of
the OSI Model.
> FDDI (Fiber Distributed Data Interface)
Fiber Distributed Data Interface, shares many of the same features as
token ring, such as a token passing, and the continuous network loop
configuration. But FDDI has better fault tolerance because of its use of
a dual, counter-rotating ring that enables the ring to reconfigure itself
in case of a link failure. FDDI also has higher transfer speeds, 100
Mbps for FDDI, compared to 4 - 16 Mbps for Token Ring.
Unlike Token Ring, which uses a star topology, FDDI uses a physical
ring. Each device in the ring attaches to the adjacent device using a
two stranded fiber optic cable. Data travels in one direction on the
outer strand and in the other direction on the inner strand. When all
devices attached to the dual ring are functioning properly, data travels
on only one ring. FDDI transmits data on the second ring only in the
event of a link failure.
Medi MAC Signal Spee Topologie Maximum
a Metho Propagation d s Connections
d Method

Fiber- Token Forwarded from 100 Double ring 500 nodes

optic passing device to device Mbps Star
(or port to port
on a hub) in a
closed loop

> T1 (T Carrier level 1)

A 1.544 Mbps point to point dedicated, digital circuit provided by the
telephone companies. T1 lines are widely used for private networks as
well as interconnections between an organizations LAN and the telco.
A T1 line uses two pairs of wire one to transmit, and one to receive.
and time division multiplexing (TDM) to interleave 24 64-Kbps voice or
data channels. The standard T1 frame is 193 bits long, which holds 24
8-bit voice samples and one synchronization bit with 8,000 frames
transmitted per second. T1 is not restricted to digital voice or to 64
Kbps data streams. Channels may be combined and the total 1.544
Mbps capacity can be broken up as required.
> T3 (T Carrier level 3)
A T3 line is a super high-speed connection capable of transmitting data
at a rate of 45 Mbps. A T3 line represents a bandwidth equal to about
672 regular voice-grade telephone lines, which is wide enough to
transmit real time video, and very large databases over a busy
network. A T3 line is typically installed as a major networking artery
for large corporations, universities with high-volume network traffic
and for the backbones of the major Internet service providers.
> OCx (Optical Carrier)
Optical Carrier,
designations are used to specify the speed of fiber optic networks that
conforms to the SONET standard.
Level Speed
51.85
OC-1
Mbps
155.52
OC-3
Mbps
622.08
OC-12
Mbps
1.244
OC-24
Gbps
2.488
OC-48
Gbps
> X.25
An X.25 network transmits data with a packet-switching protocol,
bypassing noisy telephone lines. This protocol relies on an elaborate
worldwide network of packet-forwarding nodes that can participate in
delivering an X.25 packet to its designated address.
Network Connections supports X.25 by using packet
assemblers/disassemblers (PADs) and X.25 cards. You can also use a
modem and special dial-up X.25 carriers (such as Sprintnet and
Infonet) in place of a PAD or X.25 smart card on your computer.
Remote access clients running Windows XP Professional or Windows
2000 Server or later can use either an X.25 card or dial in to an X.25
PAD to create connections. To accept incoming connections on a
computer using X.25 running Windows XP Professional or Windows
2000 Server or later, you must use an X.25 card.

2.15 Identify the basic characteristics of the following internet access

technologies:

> xDSL (Digital Subscriber Line)

xDSL is a term referring to a variety of new Digital Subscriber Line
technologies. Some of these varieties are asymmetric with different
data rates in the downstream and upstream directions. Others are
symmetric. Downstream speeds range from 384 Kbps (or "SDSL") to
1.5-8 Mbps (or "ADSL").
Asymmetric Digital Subscriber Line (ADSL) A high-bandwidth
digital transmission technology that uses existing phone lines and also
allows voice transmissions over the same lines. Most of the traffic is
transmitted downstream to the user, generally at rates of 512 Kbps to
about 6 Mbps.
> Broadband Cable (Cable modem)
Cable modems use a broadband connection to the Internet through
cable television infrastructure. These modems use frequencies that do
not interfere with television transmission.
> POTS / PSTN (Plain Old Telephone Service / Public Switched
Telephone Network)
POTS / PSTN use modem's, which is a device that makes it possible
for computers to communicate over telephone lines. The word modem
comes from Modulate and Demodulate. Because standard telephone
lines use analog signals, and computers digital signals, a sending
modem must modulate its digital signals into analog signals. The
computers modem on the receiving end must then demodulate the
analog signals into digital signals.
Modems can be external, connected to the computers serial port by an
RS-232 cable or internal in one of the computers expansion slots.
Modems connect to the phone line using standard telephone RJ-11
connectors.
> Wireless
A wireless network consists of wireless NICs and access points. NICs
come in different models including PC Card, ISA, PCI, etc. Access
points act as wireless hubs to link multiple wireless NICs into a single
subnet. Access points also have at least one fixed Ethernet port to
allow the wireless network to be bridged to a traditional wired Ethernet
network, such as the organization’s network infrastructure. Wireless
and wired devices can coexist on the same network.

• WLAN (Wireless Local Area Network) A group of computers

and associated devices that communicate with each other
wirelessly.
• WPA (Wi-Fi Protected Access) A security protocol for wireless
networks that builds on the basic foundations of WEP. It secures
wireless data transmission by using a key similar to WEP, but the
added strength of WPA is that the key changes dynamically. The
changing key makes it much more difficult for a hacker to learn
the key and gain access to the network.
• WPA2 (Wi-Fi Protected Access 2) WPA2 is the second
generation of WPA security and provides a stronger encryption
mechanism through Advanced Encryption Standard (AES), which
is a requirement for some government users.
• WPA-Personal A version of WPA that uses long and constantly
changing encryption keys to make them difficult to decode.
• WPA-Enterprise A version of WPA that uses the same dynamic
keys as WPA-Personal and also requires each wireless device to
be authorized according to a master list held in a special
authentication server.
2-4 Protocols and Standards

Posted February 27th, 2007 by admin

2.16 Define the function of the following remote access protocols and
services:

> RAS (Remote Access Service)

Remote Access Service A service that provides remote networking for
telecommuters, mobile workers, and system administrators who
monitor and manage servers at multiple branch offices. Users with
RAS can dial in to remotely access their networks for services such as
file and printer sharing, electronic mail, scheduling, and SQL database
access.
> PPP (Point-to-Point Protocol)
An industry standard suite of protocols for the use of point-to-point
links to transport multiprotocol datagrams.
Point to point Protocol facilitates Internet connections over serial lines,
including modem connections. PPP software requires only a destination
address usually a phone number for modem connections and a user
login in order to negotiate a complete configuration for each session.
PPP support enables computers to dial in to remote networks through
any server that complies with the PPP standard. PPP also enables
remote access clients to use any combination of IPX, TCP/IP, NetBEUI,
and AppleTalk. Remote access clients running Windows NT and
Windows 2000, Windows 98, and Windows 95 can use any
combination of TCP/IP, IPX, and NetBEUI and programs written to the
Windows Sockets, NetBIOS, or IPX interface. Microsoft remote access
clients do not support the use of the AppleTalk protocol over a remote
access connection.
PPP connection sequence
When you connect to a remote computer, PPP negotiation
accomplishes the following:

• Framing rules are established between the remote computer and

server. This allows continued communication (frame transfer) to
occur.
• The remote access server then authenticates the remote user by
using the PPP authentication protocols (MS-CHAP, EAP, CHAP,
SPAP, PAP). The protocols that are invoked depend on the
security configurations of the remote client and server.
• Once authenticated, if callback is enabled, the remote access
server hangs up and calls the remote access client.
• The Network Control Protocols (NCPs) enable and configure the
remote client for the desired LAN protocols.

> SLIP (Serial Line Internet Protocol)

An older industry standard that is part of Windows remote access
client to ensure interoperability with other remote access software.
> PPPoE (Point-to-Point Protocol over Ethernet)
A specification for connecting users on an Ethernet network to the
Internet through a broadband connection, such as a single DSL line,
wireless device, or cable modem. Using PPPoE and a broadband
modem, LAN users can gain individual authenticated access to high-
speed data networks. By combining Ethernet and Point-to-Point
Protocol (PPP), PPPoE provides an efficient way to create a separate
connection for each user to a remote server.
> PPTP (Point-to-Point Tunneling Protocol)
Networking technology that supports multiprotocol virtual private
networks (VPNs), enabling remote users to access corporate networks
securely across the Internet or other networks by dialing into an
Internet service provider (ISP) or by connecting directly to the
Internet. The Point-to-Point Tunneling Protocol (PPTP) tunnels, or
encapsulates, IP, IPX, or NetBEUI traffic inside of IP packets. This
means that users can remotely run applications that are dependent
upon particular network protocols.
> VPN (Virtual Private Network)
Virtual private network A remote LAN that can be accessed through
the Internet by using PPTP (see above)
> RDP (Remote Desktop Protocol)
Remote Desktop Protocol (RDP) is a multi-channel protocol that allows
a user to connect to a computer running Microsoft Terminal Services.
Clients exist for most versions of Windows (including handheld
versions), and other operating systems such as Linux, FreeBSD,
Solaris Operating System and Mac OS X. The server listens by default
on TCP port 3389.

• Version 4.0 was introduced with Terminal Services in Windows

NT 4.0 Server, Terminal Server Edition.
• Version 5.0, introduced with Windows 2000 Server, added
support for a number of features, including printing to local
printers, and aimed to improve network bandwidth usage.
• Version 5.1, introduced with Windows XP Professional, included
support for 24-bit color and sound.
• Version 5.2, introduced with Windows Server 2003, included
support for console mode connections, a session directory, and
local resource mapping.
• Version, 6.0, introduced with Windows Vista and Windows Server
includes a significant number of new features, most notably
being able to remotely access a single application instead of the
entire desktop, and support for 32 bit color.
2.17 Identify the following security protocols and describe their purpose
and function:

> IPSec (Internet Protocol Security)

Is a set of protocols used to support secure exchange of packets at the
IP layer.
IPsec supports two encryption modes: Transport and Tunnel.
Transport mode encrypts only the data portion of each packet, but
leaves the header untouched. The more secure Tunnel mode encrypts
both the header and the data portion.
For IPsec to work, the sending and receiving devices must share a
public key. This is accomplished through a protocol known as Internet
Security Association and Key Management Protocol/Oakley, which
allows the receiver to obtain a public key and authenticate the sender
using digital certificates.
IPsec protocols operate at the network layer, layer 3 of the OSI model.
Other Internet security protocols in widespread use, such as SSL and
TLS, operate from the transport layer up (OSI layers 4 - 7). This
makes IPsec more flexible, as it can be used for protecting both TCP
and UDP based protocols
> L2TP (Layer 2 Tunneling Protocol)
Layer 2 Tunneling Protocol is a tunneling protocol used to support
virtual private networks VPNs. L2TP is an extension to the PPP protocol
that enables ISPs to operate Virtual Private Networks. L2TP combines
the best features of two other tunneling protocols: PPTP from Microsoft
and L2F from Cisco Systems.
> SSL (Secure Sockets Layer)
Secure Sockets Layer is a protocol that supplies secure data
communication through data encryption and decryption. SSL enables
communications privacy over networks by using a combination of
public key, and bulk data encryption.
> WEP (Wired Equivalent Privacy)
Wired Equivalent Privacy is a scheme that is part of the IEEE
802.11 wireless networking standard to secure IEEE 802.11 wireless
networks. Because a wireless network broadcasts messages using
radio, it is particularly susceptible to eavesdropping.
WEP was intended to provide comparable confidentiality to a
traditional wired network and thus it does not protect users of the
network from each other.
> WPA (Wi-Fi Protected Access)
A security protocol for wireless networks that builds on the basic
foundations of WEP. It secures wireless data transmission by using a
key similar to WEP, but the added strength of WPA is that the key
changes dynamically. The changing key makes it much more difficult
for a hacker to learn the key and gain access to the network.
WPA2 (Wi-Fi Protected Access 2) WPA2 is the second generation of
WPA security and provides a stronger encryption mechanism through
Advanced Encryption Standard (AES), which is a requirement for some
government users.
> 802.11x
IEEE 802.11 also known by the brand Wi-Fi, denotes a set of Wireless
LAN/WLAN standards developed by working group 11 of the IEEE
LAN/MAN Standards Committee (IEEE 802). The term 802.11x is also
used to denote this set of standards and is not to be mistaken for any
one of its elements. There is no single 802.11x standard.
Data
Op. Data
Protoco Release Rate Range Range
Frequenc Rate
l Date (Max (Indoor) (Outdoor)
y (Typ)
)

5.15-
5.35/5.47- 25 54
~25
802.11a 1999 5.725/5.72 Mbit/ Mbit/ ~75 meters
meters
5-5.875 s s
GHz

6.5 11
2.4-2.5 ~35
802.11b 1999 Mbit/ Mbit/ ~100 meters
GHz meters
s s

25 54
2.4-2.5 ~25
802.11g 2003 Mbit/ Mbit/ ~75 meters
GHz meters
s s

802.11n 2007 2.4 GHz or 200 540 ~50 ~125 meters

 5 GHz Mbit/ Mbit/
meters
bands s s

2.18 Identify authentication protocols:

> CHAP (Challenge Handshake Authentication Protocol)

Challenge Handshake Authentication Protocol is a challenge-response
authentication protocol that uses the industry-standard Message
Digest 5 (MD5) hashing scheme to encrypt the response. CHAP is used
by various vendors of network access servers and clients.
> MS-CHAP (Microsoft Challenge Handshake Authentication
Protocol)
MS-CHAP Microsoft Challenge Handshake Authentication Protocol. MS-
CHAP is a nonreversible, encrypted password authentication protocol.
The challenge handshake process works as follows:

• The remote access server or the IAS server sends a challenge to

the remote access client that consists of a session identifier and
an arbitrary challenge string.
• The remote access client sends a response that contains the user
name and a nonreversible encryption of the challenge string, the
session identifier, and the password.
• The authenticator checks the response and, if valid, the user's
credentials are authenticated.

> PAP (Password Authentication

Protocol)
Password Authentication Protocol uses plaintext passwords and is the
least sophisticated authentication protocol. It is typically negotiated if
the remote access client and remote access server cannot negotiate a
more secure form of validation.
> RADIUS (Remote Authentication Dial-In User Service)
Is an AAA (authentication, authorization and accounting) protocol for
applications such as network access or IP mobility. It is intended to
work in both local and roaming situations.
Some ISPs (commonly modem, DSL, or wireless 802.11 services)
require you to enter a username and password in order to connect on
to the Internet. Before access to the network is granted, this
information is passed to a Network Access Server (NAS) device over
the Point-to-Point Protocol (PPP), then to a RADIUS server over the
RADIUS protocol. The RADIUS server checks that the information is
correct using authentication schemes like PAP, CHAP or EAP. If
accepted, the server will then authorize access to the ISP system and
select an IP address.
RADIUS is also widely used by VoIP service providers.
> Kerberos and EAP (Extensible
Authentication Protocol)).
An authentication system, Kerberos is designed to enable two parties
to exchange private information across an open network. It works by
assigning a unique key, called a ticket, to each user that logs on to the
network. The ticket is then embedded in messages to identify the
sender of the message.
Extensible Authentication Protocol, or EAP, is a universal
authentication framework frequently used in wireless networks and
Point-to-Point connections. Although the EAP protocol is not limited to
wireless LANs and can be used for wired LAN authentication, it is most
often used in wireless LANs. Recently, the WPA and WPA2 standard
has officially adopted five EAP types as its official authentication
mechanisms.

3-1 Network Implementation

Posted February 27th, 2007 by admin

3.1 Identify the basic capabilities (For example: client support,

interoperability, authentication, file and print services, application
support and security) of the following server operating systems to
access network resources:

> UNIX / Linux

The UNIX operating systems are built around the TCP/IP protocols, and
while all have certain similarities, they vary greatly in their capabilities.
This is due to the variations in the additional software included with
the operating system and the commercial (or non-commercial) nature
of the various products. Some UNIX variants are commercial products
marketed by large software companies, such as Hewlett Packard, Sun
Microsystems, and IBM. Others are developed and maintained as part
of the open source movement, in which volunteer programmers work
on the software in their spare time, usually communicating with their
colleagues over the Internet, and freely releasing their work to the
public domain. There are many different UNIX operating systems that
you can download from the Internet free of charge, such as FreeBSD,
NetBSD, and various forms of Linux.
UNIX is primarily an application server platform, and is typically
associated with Internet services, such as Web, FTP, and e-mail
servers. As with Windows, UNIX systems can function as both servers
and clients at the same time.
Interoperability
Open source software such as SAMBA is used to provide Windows
users with Server Message Block (SMB) file sharing.
Authentication
Centralized login authentication
File and Print Services
Network File System (NFS) is a distributed file system that allows
users to access files and directories located on remote computers and
treat those files and directories as if they were local.
LPR/LPD is the primary UNIX printing protocol used to submit jobs to
the printer. The LPR component initiates commands such as "print
waiting jobs," "receive job," and "send queue state," and the LPD
component in the print server responds to them.
Security
With most Unix operating systems, the network services can be
individually controlled to increase security.
> MAC OS X Server
Client Support
TCP/IP file sharing with Macintosh clients using Network File System
(NFS), and File Transfer Apple File Protocol 3.0
Interoperability
Mac OS X Server uses the Open Source SAMBA to provide Windows
users with Server Message Block (SMB) file sharing. Network File
System (NFS) lets you make folders available to UNIX and Linux users.
File and Print Services
Mac OS X Server provides support for native Macintosh, Windows,
UNIX, and Linux file sharing. Protocols supported include:

• Apple file services (AFP 3.0) from any AppleShare client over
TCP/IP
• Windows (SMB/CIFS) file sharing using Samba
• Network File System (NFS) for UNIX and Linux file access
• Internet (FTP)

Built-in print services can spool files to any PostScript-capable printer

over TCP/IP, AppleTalk, or USB. Macintosh customers can use the LPR
support in Print Center or the Desktop Printer utility to connect to a
shared printer. Windows users can use their native SMB/CIFS protocol
to connect to a shared printer.
Print services for OS X Server
Macintosh and UNIX (LPR/LPD)
Windows (SMB/CIFS)
Security

• Multiple-user architecture and user-level access privileges.

• Secure Sockets Layer (SSL) support provides encrypted and
authenticated client/server communications.
• Secure Shell (SSH) provides encryption and authentication for
secure remote administration.
• Kerberos support for centralized login authentication.

> Netware
NetWare 5
Client Support
NetWare 5 comes with Novell Client software for three client
platforms: DOS and Windows 3.1x, Windows 95/98, and Windows NT.
Interoperability
You can set the Novell Clients for Windows 95/98 and Windows NT to
work with one of three network protocol options: IP only, IP and IPX,
or IPX only.
Authentication
Centralized login authentication
File and Print Services
File Services NetWare offers two choices of mutually compatible file
services: Novell Storage Services (NSS) and the traditional NetWare
File System. Both kinds of file services let you store, organize,
manage, access, and retrieve data on the network.
NSS gathers all unpartitioned free space that exists on all the hard
drives connected to your server, together with any unused space in
NetWare volumes, and places it into a storage pool. You create NSS
volumes from this storage pool during server installation or later
through NWCONFIG.
Novell Distributed Print Services (NDPS) is the default and preferred
print system in NetWare. NDPS supports IP-based as well as IPX-
based printing.
Security
Novell has support for a public key infrastructure built into NetWare 5
using a public certificate, developed by RSA Security.
> Windows
Windows 2000 Server:
Client Support
Windows 3.x, Windows 95, Windows 98, and Windows NT Workstation
4.0.
Interoperability
Windows 2000 Server supports UNIX, Novell NetWare, Windows NT
Server 4.0, and Macintosh.
Authentication
Successful user authentication in a Windows 2000 computing
environment consists of two separate processes: interactive logon,
which confirms the user's identification to either a domain account or a
local computer, and network authentication, which confirms the user's
identification to any network service that the user attempts to access.
Types of authentication that Windows 2000 supports are:
Kerberos V5 is used with either a password or a smart card for
interactive logon. It is also the default method of network
authentication for services.The Kerberos V5 protocol verifies both the
identity of the user and network services.
Secure Socket Layer/Transport Layer Security (SSL/TLS)
authentication, is used when a user attempts to access a secure Web
server.
File and Print Services
You can add and maintain printers in Windows 2000 using the print
administration wizard, and you can add file shares using Active
Directory management tools. Windows 2000 also offers Distributed File
Services, which let you combine files on more than one server into a
single share.
Security
User-level security protects shared network resources by requiring that
a security provider authenticate a user’s request to access resources.
The domain controller , grants access to the shared resource by
verifying that the user name and password are the same as those on
the user account list stored on the network security provider. Because
the security provider maintains a network-wide list of user accounts
and passwords, each client computer does not have to store a list of
accounts.
Share-level security protects shared network resources on the
computer with individually assigned passwords. For example, you can
assign a password to a folder or a locally attached printer. If other
users want to access it, they need to type in the appropriate password.
If you do not assign a password to a shared resource, every user with
access to the network can access that resource.
> Appleshare IP (Internet Protocol)
Client Support
TCP/IP file sharing with Macintosh clients using Network File System
(NFS), and File Transfer Apple File Protocol 3.0.
Interoperability
Windows Server Message Block (SMB) file sharing.
File and Print Services
File Services:

• Apple Filing Protocol (AFP) over TCP/IP and AppleTalk

• Server Message Block (SMB) over TCP/IP
• File Transfer Protocol (FTP) over TCP/IP

Print Services:

• PAP (AppleTalk)
• LPR/LPD

Application Support

• HTTP
• Mail (SMTP, POP, IMAP and Authenticated Post Office Protocol
APOP)
• Mac CGI

3.2 Identify the basic capabilities needed for client workstations to connect
to and use network resources (For example: media, network
protocols and peer and server services)

see > Network Support Part 2

3.3 Identify the appropriate tool for a given wiring task (For example: wire
crimper, media tester / certifier, punch down tool or tone generator).

> Wire Crimper

A wire crimper is a tool that you use to attach media connectors to the
ends of cables. For instance, you use one type of wire crimper to
attach RJ-45 connectors on Unshielded Twisted Pair (UTP) cable, and
you use a different type of wire crimper to attach Bayonet Neill
Concelman (BNCs) to coaxial cabling.
> Wire Map Testers
A wire map tester is a device that is similar in principle to the tone
generator and locator, except that it tests all the wire connections in a
UTP cable at once. This device also consists of two parts, which you
connect to the opposite ends of a cable. The unit at one end transmits
signals over all the wires, which are detected by the unit at the other
end. A wire map tester can detect transposed wires, opens, and
shorts, just as a tone generator and locator can, but it does all the
tests simultaneously and provides you with a simple readout telling
you what's wrong
> Multifunction Cable Testers
Multifunction cable testers are handheld devices, that perform a
variety of tests on a cable connection and compare the results to
standard values that have been programmed into the unit. The result
is that these are devices that anyone can use. You simply connect the
unit to the cable, press a button, and the device comes up with a list
of pass or fail ratings for the individual tests.
Multifunction cable testers can test any of the following:

• Length The most common method for determining the length of

a cable is called time domain reflectometry (TDR), in which the
tester transmits a signal over the cable and measures how long
it takes for the signal's reflection to return. Using the nominal
velocity of propagation (NVP) for the cable, which is the speed at
which signals travel through the cable (supplied by the
manufacturer) you can compute the length of the cable. This
function also enables you to determine the location of a break in
a cable.
• Attenuation By comparing the strength of a signal at the far
end of a cable to its strength when transmitted, the tester
determines the cable's attenuation (measured in decibels).
• Near end crosstalk (NEXT) Testing for near end crosstalk is a
matter of transmitting a signal over one of a cable's wires and
then detecting the strength of the signal that bleeds over into
the other wires near the end of the cable where the transmitter
is located.
• Power sum NEXT (PSNEXT) This is a measurement of the
crosstalk generated when three of the four wire pairs are
carrying signals at one time. This test is intended for networks
 using technologies like Gigabit Ethernet, which transmit signals
over several wire pairs simultaneously.
• Equal level far end crosstalk (ELFEXT) This is a
measurement of the crosstalk at the opposite end of the cable
from the transmitter, corrected to account for the amount of
attenuation in the connection.
• Power sum ELFEXT (PSELFEXT) This is a measurement of the
crosstalk generated at the far end of the cable by three signal-
carrying wire pairs, corrected for attenuation.
• Propagation delay This indicates the amount of time required
for a signal to travel from one end of a cable to the other.
• Delay skew This is the difference between the lowest and the
highest propagation delay measurements for the wires in a
cable. Because the wire pairs inside a UTP cable are twisted at
different rates, their relative lengths can differ, and the delay
skew measurement quantifies that difference.
• Return loss This is a measurement of the accumulated signal
reflection caused by variations in the cable's impedance along its
length. These impedance variations are typically caused by
untwisting too much of the wire pairs when making connections.

> Tone Generator

One of the most basic ways to
identify and test a cable
connection is to use a tone
generator and locator cable tester.
The tone generator is a device
that you connect to a cable at one
end, and which transmits a signal
over the cable. The tone locator is
a separate device that has a
probe capable of detecting the
generator's signal, either by
touching it to the conductor in the
cable, or simply by touching it to
the insulation on the outside of the
cable. When the locator detects
the generator's signal, it emits an
audible tone. You can use this
 type of device to test an entire
cable, or to test the individual wire
connections inside a UTP cable.

Tone generators are most commonly used to identify the cable

belonging to a particular connection.
Example:
If you're performing an internal cable installation, and you forget to
label one of your cables, you can connect the tone generator at the
wall plate end and touch the probe to each of the cables at the patch
panel end until you find the one that produces a tone.
You can also use a tone generator and locator to test the individual
wire connections inside a UTP cable.

1. Connect the generator to a single wire or connector contact

using alligator clips
2. Then touch the locator to each wire or contact at the other end
of the cable.

Using this method, you can test for any major wiring faults that affect
internal UTP cable installations.
Example:

• If you fail to detect a signal on the contact to which you have the
generator connected at the other end, you have an open circuit.
• If you detect a signal on the wrong contact, you have punched
down the wires to the wrong contacts.
• If you detect a signal on two or more wires, you have a short.

Tone generator and locator Pros:

• Simple to use
• Most inexpensive type of cable tester
• Useful for troubleshooting a single cable connection.

Tone generator and locator Cons:

 • Testing each of the wires in a UTP cable individually is time
consuming
• You also need two people to use the equipment, one at the
generator end and one at the locator end (unless you don't mind
running back and forth from one end of your cable connections
to the other)

3.4 Given a remote connectivity scenario comprised of a protocol, an

authentication scheme, and physical connectivity, configure the
connection. Includes connection to the following servers:

see > Network Support Part 2

3.5 Identify the purpose, benefits and characteristics of using a firewall.

A firewall is used to prevent unauthorized access to or from a network.

They are frequently used to prevent unauthorized users from
accessing private networks connected to the Internet, especially
intranets. All messages entering or leaving the intranet pass through
the firewall, which examines each message and blocks those that do
not meet the specified security criteria.
Firewall techniques:

• Packet filter looks at each packet entering or leaving the network

and accepts or rejects it based on user-defined rules.
• Application gateway applies security mechanisms to specific
applications, such as FTP and Telnet servers.
• Circuit-level gateway applies security mechanisms when a TCP or
UDP connection is established. Once the connection has been
made, packets can flow between the hosts without further
checking.

Network layer firewalls

Network layer firewalls operate at a low level of the TCP/IP protocol
stack as IP-packet filters, not allowing packets to pass through the
firewall unless they match the rules. The firewall administrator may
define the rules; or default built-in rules may apply.
Modern firewalls can filter traffic based on many packet attributes like:

• source IP address
• source port
• destination IP address or port
• destination service like WWW or FTP

They can also filter based on protocols, TTL values, netblock of

originator, domain name of the source, and many other attributes.
Application-layer firewalls
Application-layer firewalls work on the application level of the TCP/IP
stack (i.e., all browser traffic, or all telnet or ftp traffic), and may
intercept all packets traveling to or from an application. They block
other packets without acknowledgement to the sender. Application
firewalls can prevent all unwanted outside traffic from reaching
protected machines.

3.6 Identify the purpose, benefits and characteristics of using a proxy

service.

A proxy device that is running either on dedicated hardware or as

software may act as a firewall by responding to input packets in the
manner of an application, whilst blocking other packets.
The Proxy service sits between a client application, such as a web
browser, and a real server. When a client program makes a request,
the proxy server responds by translating the request and passing it to
the Internet. When a computer on the Internet responds, the proxy
server passes that response back to the client program on the
computer that made the request. The proxy server computer has two
network interfaces: one connected to the LAN and one connected to
the Internet.
The primary security features of Proxy Server are:

• It blocks inbound connections.

• LAN clients can initiate connections to Internet servers, but
Internet clients cannot initiate connections to LAN servers.
• It can restrict outbound connections.
3-2 Network Implementation

Posted February 27th, 2007 by admin

3.7 Given a connectivity scenario, determine the impact on network

functionality of a particular security implementation (For example:
port blocking / filtering, authentication and encryption).

> Port Blocking / Filtering

A network layer firewall works as a packet filter by deciding what
packets will pass the firewall according to rules defined by the
administrator. Filtering rules can act on the basis of source and
destination address and on ports, in addition to whatever higher-level
network protocols the packet contains. Network layer firewalls tend to
operate very fast, and transparently to users.
Network layer firewalls generally fall into two sub-categories, stateful
and stateless. Stateful firewalls hold some information on the state of
connections (for example: established or not, initiation, handshaking,
data or breaking down the connection) as part of their rules (e.g. only
hosts inside the firewall can establish connections on a certain port).
Stateless firewalls have packet-filtering capabilities but cannot make
more complex decisions on what stage communications between hosts
have reached. Stateless firewalls therefore offer less security.
Stateless firewalls somewhat resemble a router in their ability to filter
packets.
Any normal computer running an operating system which supports
packet filtering and routing can function as a network layer firewall.
Appropriate operating systems for such a configuration include Linux,
Solaris, BSDs or Windows Server.
> Authentication
The process of identifying an individual, usually based on a username
and password. In security systems, authentication is distinct from
authorization , which is the process of giving individuals access to
system objects based on their identity. Authentication merely ensures
that the individual is who he or she claims to be, but says nothing
about the access rights of the individual.
> Encryption
Encryption is part of a larger process of encoding and decoding
messages to keep information secure. This process, though commonly
called encryption, is more correctly called cryptography, is the use of
mathematical transformations to protect data.
Cryptography is primarily a software-based solution and, in most
cases, should not include significant hardware costs. It is a key tool in
protecting privacy as it allows only authorized parties to view the data.
Encryption is also used to ensure data integrity, as it protects data
from being modified or corrupted.

3.8 Identify the main characteristics of VLANs (Virtual Local Area

Networks).

A Virtual LAN is a group of devices on one or more LANs that are

configured using management software so that they can communicate
as if they were attached to the same LAN segment, when in fact they
are located on a number of different segments. Because VLANs are
based on logical instead of physical connections, they are more
flexible.
For a computer to communicate with devices on different LAN
segments other than the segment it is located on, requires the use of
a router. And as networks expand, more routers are needed to
separate users into broadcast and collision domains, and provide
connectivity to other LANs. Since routers add latency, this can result in
the delay of data transfer over the network.
Switches are used in VLANs to create the same division of the network
into separate broadcast domains, but without the latency problems of
a router.
Advantages to using VLANs:
Switched networks increase performance, by reducing the size of
collision domains. Users can be grouped into logical networks which
will increase performance by limiting broadcast traffic to users
performing similar functions or within individual workgroups. Less
traffic needs to be routed, causing the latency added by routers to be
reduced.
VLANs provide an easier way to modify logical groups in changing
environments. VLANs make large networks more manageable by
allowing centralized configuration of devices located in physically
different locations.
Software configurations can be made across machines with the
consolidation of a department’s resources into a single subnet. IP
addresses, subnet masks, and local network protocols will be more
consistent across the entire VLAN.
VLANs provide independence from the physical topology of the
network by allowing physically diverse workgroups to be logically
connected within a single broadcast domain.
A switched network delivers frames only to the intended recipients,
and broadcast frames only to other members of the VLAN. This allows
the network administrator to segment users requiring access to
sensitive information into separate VLANs from the rest of the general
user community regardless of physical location, thus enhancing
security.

3.9 Identify the main characteristics and purpose of extranets and

intranets.

> Extranets
An extranet is a private network that uses Internet protocols, network
connectivity, to securely share part of an organization's information or
operations with suppliers, vendors, partners, customers or other
businesses. An extranet can be viewed as part of a company's Intranet
that is extended to users outside the company normally over the
Internet.
An extranet requires security and privacy. These can include firewalls,
server management, the issuance and use of digital certificates or
similar means of user authentication, encryption of messages, and the
use of virtual private networks (VPNs) that tunnel through the public
network.
Advantages

• Extranets can improve organization productivity by automating

processes that were previously done manually.
• Extranets allow organization or project information to be viewed
at times convenient for business partners, customers,
employees, suppliers and other stake-holders.
• Information on an extranet can be updated, edited and changed
instantly. All authorised users therefore have immediate access
to the most up-to-date information.

Disadvantages

• Extranets can be expensive to implement and maintain within an

organisation
• Security of extranets can be a big concern when dealing with
valuable information.
• Extranets can reduce personal contact (face-to-face meetings)
with customers and business partners. This could cause a lack of
connections made between people and a company

> Intranet
Intranets differ from "Extranets" in that the former is generally
restricted to employees of the organization while extranets can
generally be accessed by customers, suppliers, or other approved
parties.
An intranet is a private computer network that uses Internet protocols,
network connectivity, to securely share part of an organization's
information or operations with its employees. Sometimes the term
refers only to the most visible service, the internal website. The same
concepts and technologies of the Internet such as clients and servers
running on the Internet protocol suite are used to build an intranet.
HTTP and other Internet protocols are commonly used as well,
especially FTP and e-mail.

3.10 Identify the purpose, benefits and characteristics of using antivirus

software.

Antivirus software consists of computer programs that attempt to

identify, thwart and eliminate computer viruses and other malicious
software.
Antivirus software typically uses two different techniques to
accomplish this:

• Examining files to look for known viruses matching definitions in

a virus dictionary
• Identifying suspicious behavior from any computer program
which might indicate infection. Such analysis may include data
captures, port monitoring and other methods.

Most commercial antivirus software uses both of these approaches,

with an emphasis on the virus dictionary approach.
Dictionary Approach: When the antivirus software looks at a file, it
refers to a dictionary of known viruses that the authors of the antivirus
software have identified. If a piece of code in the file matches any
virus identified in the dictionary, then the antivirus software can take
one of the following actions:

• attempt to repair the file by removing the virus itself from the
file
• quarantine the file
• delete the infected file.

Suspicious Behavior Approach: Unlike the dictionary approach, the

suspicious behavior approach therefore provides protection against
brand-new viruses that do not yet exist in any virus dictionaries. Most
antivirus software are not using this approach much today.
Using this approach the antivirus software:
 • Doesn't attempt to identify known viruses
• Monitors the behavior of all programs.
• If one program tries to write data to an executable program, the
antivirus software can flag this suspicious behavior
• alert a user and ask what to do.

Heuristic Analysis Approach:

• Antivirus software could try to emulate the beginning of the code

of each new executable that the system invokes before
transferring control to that executable.
• If the program seems to use self-modifying code or otherwise
appears as a virus, one could assume that a virus has infected
the executable. However, this method could result in a lot of
false positives.

3.11 Identify the purpose and characteristics of fault tolerance:

Fault tolerance is the ability of a system to continue functioning when

part of the system fails. Normally, fault tolerance is used in describing
disk subsystems, but it can also apply to other parts of the system or
the entire system. Fully fault-tolerant systems use redundant disk
controllers and power supplies as well as fault-tolerant disk
subsystems. You can also use an uninterruptible power supply (UPS)
to safeguard against local power failure.
Although the data is always available in a fault-tolerant system, you
still need to make backups that are stored offsite to protect the data
against disasters such as a fire.
> Network Redundancy
Service interruptions on a network are not always the result of a
computer or drive failure. Sometimes the network itself is to blame.
For this reason, many larger internetworks are designed with
redundant components that enable traffic to reach a given destination
in more than one way. If a network cable is cut or broken, or if a
router or switch fails, redundant equipment enables data to take
another path to its destination. There are several ways to provide
redundant paths. Typically, you have at least two routers or switches
connected to each network, so that the computers can use either one
as a gateway to the other segments.
Example, you can build a network with two backbones. Each
workstation can use either of the routers on its local segment as a
gateway. You can also use this arrangement to balance the traffic on
the two backbones by configuring half of the computers on each local
area network (LAN) to use one of the routers as its default gateway
and the other half to use the other router.
> Storage
A redundant array of independent disks (RAID) is an example of a
fault-tolerant storage device that uses data redundancy.
RAID
Redundant Array of Inexpensive (or Independent) Disks. A RAID array
is a collection of drives which collectively act as a single storage
system, which can tolerate the failure of a drive without losing data,
and which can operate independently of each other.
Level 0 referred to as striping, is not redundant. Data is split across
drives, resulting in higher data throughput. Since no redundant
information is stored, performance is very good, but the failure of any
disk in the array results in all data loss.
Level 1 referred to as mirroring with 2 hard drives. It provides
redundancy by duplicating all data from one drive on another drive.
Performance is better than a single drive, but if either drive fails, no
data is lost. This is a good entry-level redundant system, since only
two drives are required.
Level 2, which uses Hamming error correction codes, is intended for
use with drives which do not have built-in error detection. All SCSI
drives support built-in error detection, so this level is not needed if
using SCSI drives.
Level 3 stripes data at a byte level across several drives, with parity
stored on one drive. It is otherwise similar to level 4. Byte-level
striping requires hardware support for efficient use.
Level 4 stripes data at a block level across several drives, with parity
stored on one drive. The parity information allows recovery from the
failure of any single drive. Performance is very good for reads. Writes,
however, require that parity data be updated each time. This slows
small random writes, in particular, though large writes or sequential
writes are fairly fast.
Level 5 striping with distributed parity. Similar to level 4, but
distributes parity among the drives. No single disk is devoted to parity.
This can speed small writes in multiprocessing systems. Because parity
data must be distributed on each drive during reads, the performance
for reads tends to be considerably lower than a level 4 array.

3.12 Identify the purpose and characteristics of disaster recovery:

> Backup / restore

Offsite storage
A remote backup service, online backup service or managed backup
service is a service that provides users with an online system for
backing up and storing computer files. Managed backup providers are
companies that have the software and server space for storing files.
Hot and cold spares

• A hot spare disk is running, ready to start working in the case of

a failure.
• A cold spare disk is not running.

A hot spare is used as a failover mechanism to provide reliability in

system configurations. The hot spare is active and connected as part
of a working system. When a key component fails, the hot spare is
switched into operation.
Examples of hot spares are components such as networked printers,
and hard disks. The equipment is powered on, or considered "hot", but
not actively functioning in the system. In the case of a disk drive, data
is being mirrored so when the hot spare takes over, the system
continues to operate with minimal or no downtime.
Hot Spare Disk is a disk or group of disks used to automatically or
manually, replace a failing or failed disk in a RAID configuration. The
hot spare disk reduces the mean time to recovery (MTTR) for the RAID
redundancy group, thus reducing the probability of a second disk
failure and the resultant data loss that would occur in any singly
redundant RAID (e.g., RAID-1, RAID-5, RAID-10).
Hot, warm and cold sites
A backup site is a location where a business can easily relocate
following a disaster, such as fire, flood.
There are three types of backup sites, including cold sites, warm sites,
and hot sites. The differences between the types are determined by
the costs and effort required to implement each.
Hot Site is a duplicate of the original site of the business, with full
computer systems as well as near-complete backups of user data.
Following a disaster, the hot site exists so that the business can
relocate with minimal losses to normal operations. Ideally, a hot site
will be up and running within a matter of hours. This type of backup
site is the most expensive to operate.
Warm Site is a location where the business can relocate to after the
disaster that is already stocked with computer hardware similar to that
of the original site, but does not contain backed up copies of data and
information.
Cold Site is the most inexpensive type of backup site for a business to
operate. It does not include backed up copies of data and information
from the its original location, nor does it include hardware already set
up. The lack of hardware contributes to the minimal startup costs of
the cold site, but requires additional time following the disaster to
have the operation running at a capacity close to that prior to the
disaster.
4-1 Network Support

Posted February 27th, 2007 by admin

4.1 Given a troubleshooting scenario, select the appropriate network utility

from the following:

> Tracert / traceroute

Tracert: Determines the path taken to a destination by sending
Internet Control Message Protocol (ICMP) Echo Request messages to
the destination with incrementally increasing Time to Live (TTL) field
values. The path displayed is the list of near-side router interfaces of
the routers in the path between a source host and a destination. The
near-side interface is the interface of the router that is closest to the
sending host in the path. Used without parameters, tracert displays
help.
This diagnostic tool determines the path taken to a destination by
sending ICMP Echo Request messages with varying Time to Live (TTL)
values to the destination. Each router along the path is required to
decrement the TTL in an IP packet by at least 1 before forwarding it.
Effectively, the TTL is a maximum link counter. When the TTL on a
packet reaches 0, the router is expected to return an ICMP Time
Exceeded message to the source computer. Tracert determines the
path by sending the first Echo Request message with a TTL of 1 and
incrementing the TTL by 1 on each subsequent transmission until the
target responds or the maximum number of hops is reached. The
maximum number of hops is 30 by default and can be specified using
the -h parameter. The path is determined by examining the ICMP Time
Exceeded messages returned by intermediate routers and the Echo
Reply message returned by the destination. However, some routers do
not return Time Exceeded messages for packets with expired TTL
values and are invisible to the tracert command. In this case, a row of
asterisks (*) is displayed for that hop.
Examples:
To trace the path to the host named corp7.microsoft.com, type:
 • tracert corp7.microsoft.com

To trace the path to the host named corp7.microsoft.com and prevent

the resolution of each IP address to its name, type:

• tracert -d corp7.microsoft.com

To trace the path to the host named corp7.microsoft.com and use the
loose source route 10.12.0.1-10.29.3.1-10.1.44.1, type:

• tracert -j 10.12.0.1 10.29.3.1 10.1.44.1 corp7.microsoft.com

Syntax
tracert [-d] [-h MaximumHops] [-j HostList] [-w Timeout] [TargetName]
Parameters
-d Prevents tracert from attempting to resolve the IP addresses of
intermediate routers to their names. This can speed up the display of tracert
results.
-h MaximumHops Specifies the maximum number of hops in the path to
search for the target (destination). The default is 30 hops.
-j HostList Specifies that Echo Request messages use the Loose Source
Route option in the IP header with the set of intermediate destinations
specified in HostList. With loose source routing, successive intermediate
destinations can be separated by one or multiple routers. The maximum
number of addresses or names in the host list is 9. The HostList is a series
of IP addresses (in dotted decimal notation) separated by spaces.
-w Timeout Specifies the amount of time in milliseconds to wait for the ICMP
Time Exceeded or Echo Reply message corresponding to a given Echo
Request message to be received. If not received within the time-out, an
asterisk (*) is displayed. The default time-out is 4000 (4 seconds).

> ping
Verifies IP-level connectivity to another TCP/IP computer by sending
Internet Control Message Protocol (ICMP) Echo Request messages. The
receipt of corresponding Echo Reply messages are displayed, along
with round-trip times. Ping is the primary TCP/IP command used to
troubleshoot connectivity, reachability, and name resolution. Used
without parameters, ping displays help.
You can use ping to test both the computer name and the IP address
of the computer. If pinging the IP address is successful, but pinging
the computer name is not, you might have a name resolution problem.
In this case, ensure that the computer name you are specifying can be
resolved through the local Hosts file, by using Domain Name System
(DNS) queries, or through NetBIOS name resolution techniques.
To test a TCP/IP configuration by using the ping command:

1. To quickly obtain the TCP/IP configuration of a computer, open

Command Prompt, and then type ipconfig. From the display of
the ipconfig command, ensure that the network adapter for the
TCP/IP configuration you are testing is not in a Media
disconnected state.
2. At the command prompt, ping the loopback address by typing
ping 127.0.0.1
3. Ping the IP address of the computer.
4. Ping the IP address of the default gateway. If the ping command
fails, verify that the default gateway IP address is correct and
that the gateway (router) is operational.
5. Ping the IP address of a remote host (a host that is on a
different subnet). If the ping command fails, verify that the
remote host IP address is correct, that the remote host is
operational, and that all of the gateways (routers) between this
computer and the remote host are operational.
6. Ping the IP address of the DNS server. If the ping command
fails, verify that the DNS server IP address is correct, that the
DNS server is operational, and that all of the gateways (routers)
between this computer and the DNS server are operational.

> arp
Displays and modifies entries in the Address Resolution Protocol (ARP)
cache, which contains one or more tables that are used to store IP
addresses and their resolved Ethernet or Token Ring physical
addresses. There is a separate table for each Ethernet or Token Ring
network adapter installed on your computer.
Syntax
 arp [-a [InetAddr] [-N IfaceAddr]] [-g [InetAddr] [-N IfaceAddr]] [-d InetAddr
[IfaceAddr]] [-s InetAddr EtherAddr [IfaceAddr]]
Parameters
-a [InetAddr] [-N IfaceAddr] Displays current ARP cache tables for all
interfaces. To display the ARP cache entry for a specific IP address, use arp
-a with the InetAddr parameter, where InetAddr is an IP address. To display
the ARP cache table for a specific interface, use the -N IfaceAddr parameter
where IfaceAddr is the IP address assigned to the interface. The -N
parameter is case-sensitive.
-g [InetAddr] [-N IfaceAddr] Identical to -a.
-d InetAddr [IfaceAddr] Deletes an entry with a specific IP address, where
InetAddr is the IP address. To delete an entry in a table for a specific
interface, use the IfaceAddr parameter where IfaceAddr is the IP address
assigned to the interface. To delete all entries, use the asterisk (*) wildcard
character in place of InetAddr.
-s InetAddr EtherAddr [IfaceAddr] Adds a static entry to the ARP cache that
resolves the IP address InetAddr to the physical address EtherAddr. To add
a static ARP cache entry to the table for a specific interface, use the
IfaceAddr parameter where IfaceAddr is an IP address assigned to the
interface.
Examples:
To display the ARP cache tables for all interfaces, type:

• arp -a

To display the ARP cache table for the interface that is assigned the IP
address 10.0.0.99, type:

• arp -a -N 10.0.0.99

To add a static ARP cache entry that resolves the IP address 10.0.0.80
to the physical address 00-AA-00-4F-2A-9C, type:

• arp -s 10.0.0.80 00-AA-00-4F-2A-9C

> netstat
Displays active TCP connections, ports on which the computer is
listening, Ethernet statistics, the IP routing table, IPv4 statistics (for
the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for the
IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols). Used
without parameters, netstat displays active TCP connections.
Netstat provides statistics for the following:

• Proto - The name of the protocol (TCP or UDP).

• Local Address - The IP address of the local computer and the
port number being used. The name of the local computer that
corresponds to the IP address and the name of the port is shown
unless the -n parameter is specified. If the port is not yet
established, the port number is shown as an asterisk (*).
• Foreign Address - The IP address and port number of the remote
computer to which the socket is connected. The names that
corresponds to the IP address and the port are shown unless the
-n parameter is specified. If the port is not yet established, the
port number is shown as an asterisk (*).

(state) Indicates the state of a TCP connection. The possible

states are as follows:

• CLOSE_WAIT
• CLOSED
• ESTABLISHED
• FIN_WAIT_1
• FIN_WAIT_2
• LAST_ACK
• LISTEN
• SYN_RECEIVED
• SYN_SEND
• TIMED_WAIT

Syntax
netstat [-a] [-e] [-n] [-o] [-p Protocol] [-r] [-s] [Interval]
Parameters
-a Displays all active TCP connections and the TCP and UDP ports on
which the computer is listening.
-e Displays Ethernet statistics, such as the number of bytes and packets
sent and received. This parameter can be combined with -s.
-n Displays active TCP connections, however, addresses and port numbers
are expressed numerically and no attempt is made to determine names.
-o Displays active TCP connections and includes the process ID (PID) for
 each connection. You can find the application based on the PID on the
Processes tab in Windows Task Manager. This parameter can be combined
with -a, -n, and -p.
-p Shows connections for the protocol specified by Protocol. In this case, the
Protocol can be tcp, udp, tcpv6, or udpv6. If this parameter is used with -s to
display statistics by protocol, Protocol can be tcp, udp, icmp, ip, tcpv6,
udpv6, icmpv6, or ipv6.
-s Displays statistics by protocol. By default, statistics are shown for the
TCP, UDP, ICMP, and IP protocols. If the IPv6 protocol for Windows XP is
installed, statistics are shown for the TCP over IPv6, UDP over IPv6,
ICMPv6, and IPv6 protocols. The -p parameter can be used to specify a set
of protocols.
-r Displays the contents of the IP routing table. This is equivalent to the route
print command.
Interval Redisplays the selected information every Interval seconds. Press
CTRL+C to stop the redisplay. If this parameter is omitted, netstat prints the
selected information only once.
/? - Displays help at the command prompt.
> nbtstat
Displays NetBIOS over TCP/IP (NetBT) protocol statistics, NetBIOS
name tables for both the local computer and remote computers, and
the NetBIOS name cache. Nbtstat allows a refresh of the NetBIOS
name cache and the names registered with Windows Internet Name
Service (WINS). Used without parameters, nbtstat displays help.
Nbtstat command-line parameters are case-sensitive.
Syntax
nbtstat [-a RemoteName] [-A IPAddress] [-c] [-n] [-r] [-R] [-RR] [-s] [-S]
[Interval]
Parameters
-a RemoteName Displays the NetBIOS name table of a remote computer,
where RemoteName is the NetBIOS computer name of the remote
computer. The NetBIOS name table is the list of NetBIOS names that
corresponds to NetBIOS applications running on that computer.
-A IPAddress Displays the NetBIOS name table of a remote computer,
specified by the IP address (in dotted decimal notation) of the remote
computer.
-c Displays the contents of the NetBIOS name cache, the table of NetBIOS
names and their resolved IP addresses.
-n Displays the NetBIOS name table of the local computer. The status of
Registered indicates that the name is registered either by broadcast or with
a WINS server.
-r Displays NetBIOS name resolution statistics. On a Windows XP computer
that is configured to use WINS, this parameter returns the number of names
 that have been resolved and registered using broadcast and WINS.
-R Purges the contents of the NetBIOS name cache and then reloads the
#PRE-tagged entries from the Lmhosts file.
-RR Releases and then refreshes NetBIOS names for the local computer
that is registered with WINS servers.
-s Displays NetBIOS client and server sessions, attempting to convert the
destination IP address to a name.
-S Displays NetBIOS client and server sessions, listing the remote
computers by destination IP address only.
Interval Redisplays selected statistics, pausing the number of seconds
specified in Interval between each display. Press CTRL+C to stop
redisplaying statistics. If this parameter is omitted, nbtstat prints the current
configuration information only once.
/? - Displays help at the command prompt.
> ipconfig
Displays all current TCP/IP network configuration values and refreshes
Dynamic Host Configuration Protocol (DHCP) and Domain Name
System (DNS) settings. Used without parameters, ipconfig displays the
IP address, subnet mask, and default gateway for all adapters.

• This command is most useful on computers that are configured

to obtain an IP address automatically. This enables users to
determine which TCP/IP configuration values have been
configured by DHCP, Automatic Private IP Addressing (APIPA), or
an alternate configuration.
• If the Adapter name contains any spaces, use quotation marks
around the adapter name (that is, "Adapter Name").
• For adapter names, ipconfig supports the use of the asterisk (*)
wildcard character to specify either adapters with names that
begin with a specified string or adapters with names that contain
a specified string.
• For example, Local* matches all adapters that start with the
string Local and *Con* matches all adapters that contain the
string Con.
Syntax
ipconfig [/all] [/renew [Adapter]] [/release [Adapter]] [/flushdns]
[/displaydns] [/registerdns] [/showclassid Adapter] [/setclassid Adapter
[ClassID]]
Parameters
/all Displays the full TCP/IP configuration for all adapters. Without this
parameter, ipconfig displays only the IP address, subnet mask, and default
gateway values for each adapter. Adapters can represent physical
interfaces, such as installed network adapters, or logical interfaces, such as
dial-up connections.
/renew [Adapter] Renews DHCP configuration for all adapters (if an adapter
is not specified) or for a specific adapter if the Adapter parameter is
included. This parameter is available only on computers with adapters that
are configured to obtain an IP address automatically. To specify an adapter
name, type the adapter name that appears when you use ipconfig without
parameters.
/release [Adapter] Sends a DHCPRELEASE message to the DHCP server
to release the current DHCP configuration and discard the IP address
configuration for either all adapters (if an adapter is not specified) or for a
specific adapter if the Adapter parameter is included. This parameter
disables TCP/IP for adapters configured to obtain an IP address
automatically. To specify an adapter name, type the adapter name that
appears when you use ipconfig without parameters.
/flushdns Flushes and resets the contents of the DNS client resolver cache.
During DNS troubleshooting, you can use this procedure to discard negative
cache entries from the cache, as well as any other entries that have been
added dynamically.
/displaydns Displays the contents of the DNS client resolver cache, which
includes both entries preloaded from the local Hosts file and any recently
obtained resource records for name queries resolved by the computer. The
DNS Client service uses this information to resolve frequently queried
names quickly, before querying its configured DNS servers.
/registerdns Initiates manual dynamic registration for the DNS names and
IP addresses that are configured at a computer. You can use this parameter
to troubleshoot a failed DNS name registration or resolve a dynamic update
problem between a client and the DNS server without rebooting the client
computer. The DNS settings in the advanced properties of the TCP/IP
protocol determine which names are registered in DNS.
/showclassid Adapter Displays the DHCP class ID for a specified adapter.
To see the DHCP class ID for all adapters, use the asterisk (*) wildcard
character in place of Adapter. This parameter is available only on computers
with adapters that are configured to obtain an IP address automatically.
/setclassid Adapter [ClassID] Configures the DHCP class ID for a specified
adapter. To set the DHCP class ID for all adapters, use the asterisk (*)
wildcard character in place of Adapter. This parameter is available only on
computers with adapters that are configured to obtain an IP address
 automatically. If a DHCP class ID is not specified, the current class ID is
removed.

Examples:
To display the basic TCP/IP configuration for all adapters, type:

• ipconfig
To display the full TCP/IP configuration for all adapters, type:

• ipconfig /all

To renew a DHCP-assigned IP address configuration for only the Local

Area Connection adapter, type:

• ipconfig /renew "Local Area Connection"

To flush the DNS resolver cache when troubleshooting DNS name

resolution problems, type:

• ipconfig /flushdns

To display the DHCP class ID for all adapters with names that start
with Local, type:

• ipconfig /showclassid Local

To set the DHCP class ID for the Local Area Connection adapter to
TEST, type:

• ipconfig /setclassid "Local Area Connection" TEST

> winipcfg
This utility allows users or adminstrators to see the current IP address
and other useful information about your network configuration.
You can reset one or more IP addresses. The Release or Renew
buttons allow you to release or renew one IP address. If you want to
release or renew all IP addresses click Release All or Renew All.
When one of these buttons is clicked, a new IP address is obtained
from either the DHCP service or from the computer assigning itself an
automatic private IP address.
To use the winipcfg utility:

1. Click Start, and then click Run and type winipcfg

2. Click More Info.
 3. To see the addresses of the DNS servers the computer is
configured to use, click the ellipsis (...) button to the right of
DNS Servers.
4. To see address information for your network adapter(s), select
an adapter from the list in Ethernet Adapter Information.

> nslookup
Nslookup (Name Server lookup) is a UNIX shell command to query
Internet domain name servers.
For example if you did an nslookup on studynotes.net these are some
of the results you could obtain.
note: the results you get will be different than those below because I
have changed hosts.
Query Hostname Real Hostname IP Address
Nameserver NS2.TERA-BYTE.COM ns2.tera-byte.com 216.234.161.12
Nameserver NS1.TERA-BYTE.COM raptor.tera-byte.com 216.234.161.11
Nameserver NS3.TERA-BYTE.COM ns3.tera-byte.com 204.209.56.2
Mailserver studynotes.net (pref = 5) studynotes.net 216.194.69.204
Webserver www.studynotes.net studynotes.net 216.194.69.204
FTP server ftp.studynotes.net studynotes.net 216.194.69.204
Definitions

• Nameserver: These are the servers that the internet uses to find
out more about the domain. Usually they are an ISP's computer.
• Mailserver: Where email is sent to.
• Webserver: The domains website.
• FTPserver: FTP is file transfer protocol, this server is where files
may be stored.
• Hostname: The name of the host as given by the domain.
• Real Hostname: This is hostname that you get by reverse
resolving the IP address, may be different to the given
hostname.
• IP Address: Unique four numbered identifier that is obtained by
resolving the hostname.
4.2 Given output from a network diagnostic utility (For
example: those utilities listed in objective 4.1), identify the
utility and interpret the output.
see > Network Support Part 2

4.3 Given a network scenario, interpret visual indicators (For example: link
LEDs (Light Emitting Diode) and collision LEDs (Light Emitting
Diode)) to determine the nature of a stated problem.

Power and Drive Lights

One sign that something has gone wrong on a network is when the
lights signaling that a piece of equipment is switched on and
operational are not lit. This could be caused by a power failure, a
tripped circuit breaker, or simply the electrical plug having fallen out of
the socket. However, it is also possible for the device to have
experienced a power supply failure, or for a drive light to be out
because a drive inside the computer has failed or become
disconnected.
Link Pulse Lights
Most Ethernet network interface adapters designed to use unshielded
twisted pair (UTP) cable have an LED on them, that is lit when the
adapter is connected to a functioning hub. The hub usually has an LED
for each port as well which enables you to tell from either end of the
cable whether the devices are connected.
Normal Link Pulse (NLP)
When you connect a UTP network card to a hub, you should find that
the link pulse lights on both devices are lit, as long as both are
switched on. When connected, they exchange signals to test the
connection. On 10BaseT and 10BaseFL equipment, the signal is called
a Normal Link Pulse (NLP). The NLP signals last for two milliseconds
and are repeated at intervals of 16.8 milliseconds. These signals occur
only when the network is not busy transmitting data. When the LEDs
at both ends of the connection are lit, this indicates that the NLP
signals generated by each device are reaching the other device.
If the LED lights on one device, but not on the other:

• There is a fault in the cable connection.

o It could be that the cable itself is faulty
o One of the devices' connectors is broken
o The cable is not properly seated into the jack at one or
both ends.

Try reseating the cable connectors into the jacks, or replace the cable
with one that you know is functioning properly, and then see if both
link pulse lights come on.
Fast Link Pulse (FLP)
Fast Ethernet equipment that supports multiple speeds uses Fast Link
Pulse (FLP) signals, which differ from NLP signals in that they include a
16-bit data packet that the devices use to auto-negotiate their
connection speed. The data packet contains a link code word that
consists of a selector field and a technology ability field. The devices
use these fields to advertise their capabilities, including the speeds
they can run at and whether they support full-duplex (that is,
simultaneous bi-directional) communications.
By examining the link code word supplied by the other device, the
network interface adapter and the hub both configure themselves to
use the best transmission mode that they have in common according
to the following priorities:

• 100BaseTX Full Duplex

• 100BaseT4
• 100BaseTX
• 10BaseT Full Duplex
• 10BaseT

FLP signals are fully compatible with the NLP signals that are used by
devices that cannot operate at multiple speeds.
It is important to understand that the link pulse LEDs are only an
indication that the network connection is wired properly. Just because
the LEDs are lit does not necessarily mean that the connection is
capable of carrying actual Ethernet traffic.
4-2 Network Support

Posted March 9th, 2007 by admin

Some sections of the network+ blueprint concern
installation/troubleshooting scenarios and, this is where I would like to
ask for input from you.
If you create your own scenario(s) please consider posting them here
to help others. Use the contact link on the top of this page to E-mail
me, and I will post them giving full credit to you.
Thanks.

The following scenario was send in by Ted

You are setting up a small office LAN. The office already has 12
windows 98 machines running off a netware 3.11 server. They need to
add more clients to the network add upgrade to a new faster server.
Their bugget will not allow for additional netware client licences, and
they want you to keep both costs and complexity at a minimum. They
ask you to set them up with a linux server. Once the the server is
installed and running, how do you setup the network to allow the client
computers to connect to the Linux server(choose all that apply)
Assume the windows clients were only setup to network with the
netware server

• a.Setup NFS on the linux server

• b.install services for Unix (sfu) on the windows machines
• c.install tcp/ip on the windows machines
• d.install WINE on the Linux server e.setup samba on the Linux
server

Answer: c,e
Explanation: The best way to connect windows clients to linux (or
other nixes) is samba. samba allows linux to use smb/cifs on which
windows file sharing is built. ( This is not the offical position of
microsoft, but on that later) With samba installed and properly
configured on the server, the windows clients will be able to connect to
the server tcp/ip properly configured.
Whereas NFS would do the job, it would require third party software to
work with the windows 98 clients and would not likely be transparent
to the end users. SFU is only included in windows 2000, not windows
98. Note that ( big surprise here) microsoft highly recommends the
NFS and SFU be used for windows 2000 networks. WINE is a windows
emulator and would not help for network connectivity.

The following scenario was send in by Ted

You are hired to replace a contractor on a large job. The contractor
wired a large building with cat 5 cabling, but failed to connect all of the
drops to the bank of switches. They also did not label anything. You
are now asked to setup a room with 4 jacks(RJ45) but only 3 of these
jack are hot. You realize that you need to find the other end of this
cable on the patch pannel and connect it to the proper switch. What
tool is the best to use to find the other end of the cable?

• a.optical tester
• b.protocol analyzer
• c.multimeter
• d.Tone generator

Answer: d The tone generator could be connected at the jack and the
probe used to find the other end
Explanation: An optical test would help to test fiberoptics but not cat
5 cable While a multimeter could, in theory be used, in most cases it is
impractical at best and usually impossible. A protocol analyzer would
be useless in this case. There is no traffic to analyze .

Thanks to Kristen for this example.

Example: Your network uses a star topology with 48 users and 3
hubs, one per department. Each hub handles 16 users. Three users in
one of the departments cannot access the network server. What
should you check first?
 • a) Network connections on the three users' computers
• b) Review logon procedures with the users
• c) The routing table in the router
• d) The departmental hub

Solution: The departmental hub

Explanation: A star configuration consists of a network hub with
several ports. Network cables spread out from it and connect to each
computer. A basic star has only one computer on each network cable
extending from the hub. When one hub goes down, each user
connected to that hub loses network access. When several users
connected through the same hub report problems, check the hub
before checking individual computers.
The routing table or logon procedures are unlikely to affect only three
users. Network connections on three users' computers would be
unlikely to fail at the same time.

The following scenario was send in by Ted

You are the network administrator for a small company with two
subnets in two locations: Main office and branch office. Julie is the
manager of the branch office. She reports that a new machine which
was just installed will not connect with resources in the main office,
but it can coonect with local machines. The networks are routed and
use standard class C private addresses. Main office is 192.168.1.0/24
branch is 192.168.2.0/24 The output of ipconfig look like this
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix .: Smallco.local

IP Address. . . . . . .: 192.168.2.16

Subnet Mask . . . . . .: 255.255.128.0

Default gateway . . . . .: 192.168.2.1

What is the problem?

• a.ip address
 • b.no DNS server is assigned
• c.subnet mask is wrong
• d.wrong default gateway

Answer: c Class C always has a mask of 255.255.255.0. As a result

the new machine thinks that the 192.168.1.0 network is on its subnet.
Explanation: There is no evidence to sugest that the problem is the ip
address. If there were a conflict you would gwt a 0.0.0.0 ip address
The symptoms could indicate a bad default gateway, but in this case,
the default gateway address is on the correct subnet. Usually the
router is assigned the fist usable address on the subnet, and that is
what we had.
DNS server information is not displayed by ipconfig by itself. You
would need to use ipconfig /all to see that