Day 1 - Networks, Cables, OSI, and TCP Models
Flow control
If the receiving system is being sent more information than it can process, it will ask the sending system to stop for a short time.
Switches
Switches use Content Addressable Memory (CAM) have the ability to remember which device is plugged into which port.
TCP
TCP is one of the main protocols in TCP/IP networks. Whereas the IP protocol deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and also guarantees that packets will be delivered in the same order in which they were sent.Three-way handshake, windowing,
Transmission Control Protocol (TCP)
TCP operates at the Transport Layer of the OSI model. It provides a connection-oriented service for reliable transfer of data between network devices. TCP also provides flow control, sequencing, windowing, and error detection.
Acknowledgements
When a certain amount of segments is received, the fact that they all arrived safely and in the correct order needs to be communicated to the sending system. All of this is agreed upon during a process known as a three-way handshake. This is where you send a packet to establish the session. This first packet is called a synchronise (SYN) packet. Then the remote device responds with a synchronise acknowledgement (SYN-ACK) packet. The session is established in the third phase when an acknowledgement (ACK) packet is sent. This is all done via the TCP service.
Mesh
When downtime is not an option, a mesh topology can be considered. Full-mesh networks provide a connection to each device from every other device. This solution is often used with WAN connections.
what is trunking?
trunking passes multi-VLAN information between switches places VLAN information into each frame layer 2 feature
what is native VLAN?
trunks send tagged VLAN information. native VLAN sending if you need to send something untagged you can use this for management protocol i.e. telnet, SSH A native vlan is an untagged vlan
how can you identify ip address classes?
you can identify classes by looking at the first 3 letters i.e. 172.30.100.30 is a class B address because 172 is in-between 128 and 191
What are two features of ARP?
1.If a host is ready to send a packet to a local destination device and it has the IP address but not the MAC address of the destination, it generates an ARP broadcast. 2.If a device receiving an ARP request has the destination IPv4 address, it responds with an ARP reply.
What are two potential network problems that can result from ARP operation? (Choose two.)
1.On large networks with low bandwidth, multiple ARP broadcasts could cause data communication delays. 2.Network attackers could manipulate MAC address and IP address mappings in ARP messages with the intent of intercepting network traffic.
what is 128 + 64
192
name some common TCP ports
21 - FTP 22 - SSH 23 - TELNET 25 - SMTP 53 - DNS SERVER 80 - HTTP 110 - POP3 443 - HTTPS ▪ FTP Data - 20 ▪ FTP Control - 21 ▪ SSH - 22 Telnet - 23 ▪ SMTP - 25 ▪ DNS - 53 (also uses UDP) ▪ HTTP - 80 ▪ POP3 - 110 ▪ NNTP - 119 ▪ NTP - 123 ▪ TLS/ SSL - 443
what is 192 + 32
224
TCP/ IP, or DoD, Model
5 - Application [Telnet/ FTP/ DNS/ RIP/ HTTP] 4 - Application [Telnet/ FTP/ DNS/ RIP] 3 - Transport/ Host-to-Host [UDP/ TCP/ ICMP] 2 - Internet or Internetwork [IPSec/ IP] 1 - Link/ Network Interface [Frame Relay/ Ethernet/ ATM]
name some common UDP ports
53 - DNS client 69 - TFTP
OSI Troubleshooting
...Using a layered approach can be very effective when you're troubleshooting your network. The only decision from this point onwards is to determine which way you want to use the OSI stack - top-down, bottom-up, or divide-and-conquer method, which involves focusing on sections of the network in turn. I recommend using the bottom-up method at the beginning so you don't waste time looking at applications when the cause can often be found at the lower layers, such as loose or broken cables or incorrect IP addressing. As you gain more experience, using the divide-and-conquer method will probably be faster, depending on the symptoms. If you start at the bottom layer and work your way up, you would do something like this: Layer 1 - Are all the cables inserted into the ports correctly, or have they come loose? Are the cable ends bent or worn out? If cables are the problem, you will usually see an amber light showing on the device when it should be green. Has somebody forgotten to add the correct speed to the interface? Has the speed of the Ethernet port been set correctly? Has the interface been opened for use by the network administrator? Layer 2 - Has the correct protocol been applied to the interface so it agrees with the other side, such as Ethernet/ PPP/ HDLC, etc.? Layer 3 - Is the interface using the correct IP address and subnet mask? Layer 4 - Is the correct routing protocol being used, and is the correct network being advertised from the router? You will see how to apply these steps as you complete the labs in this book. Experts may argue that some Layer 4 issues are at Layer 3, some Layer 2 issues are actually at Layer 1, and so on. I prefer to focus on the fact that we are applying a layered troubleshooting method rather than debating about whether the correct issue is at the correct layer.
Gratuitous Address Resolution Protocol (GARP)
A normal host will always send out a GARP request after the link goes up or the interface is enabled. Gratuitous in this case means a request/ reply that is not normally needed according to the ARP RFC specification but could be used in some cases.GARP reply is one to which no request has been made (if you see a GARP reply, that means another computer on the network has the same IP address as you have).
Point-to-Point
A point-to-point link is simply one in which one device has one connection to another device. You could add a secondary link connecting each device but if the device itself fails, then you lose all connectivity.
Ring
A ring topology is used by token ring networks and Fiber Distributed Data Interface (FDDI) networks, both of which went out of use several years ago.
what does a switch do?
A switch brings devices into a local area network and allows them to communicate
What is ARP ?
Address Resolution Protocol, a network layer protocol used to convert an IP address into a physical address (called a DLC or Data Link Control Address) divided into two sub-layers they are, Logical Link Control (LLC) Layer. Media Access Control (MAC) Layer). A host wishing to obtain a physical address broadcasts an ARP request onto the TCP/IP network.
Which statement describes a characteristic of cloud computing? A business can connect directly to the Internet without the use of an ISP. Devices can connect to the Internet through existing electrical wiring. Investment in new infrastructure is required in order to access the cloud. Applications can be accessed over the Internet through a subscription.
Applications can be accessed over the Internet through a subscription.
what is CDP?
CDP - discovery protocol - lets you see all cisco devices around you
Converged Network
Coexistence of telephone, video and data communication within a single network.
What is a cam table?
Content addressable memory, Switch CAM tables are storage locations that contain lists of known MAC addresses on physical ports, as well as their VLAN parameters.
Dynamic Host Configuration Protocol (DHCP):
DHCP allows you to assign IP address to the host computers on your network dynamically. In the absence of DHCP, each computer on a network needs to be assigned a unique IP address manually. The manual assignment of IP addresses become a pain when a computer moves to a different network segment in a large network and needs to be assigned a different IP address. The DHCP assigns the IP address to a computer as soon as it is switched on. When a DHCP client is switched on it sends a broadcast request (DISCOVER packet) to the DHCP server.
what is DHCP relay/cenralized services
DHCP relay/cenralized services - takes a broadcast message if its a DHCP request and packages it as unicast
Common UDP port numbers
DNS - port 53 TFTP - port 69 SNMP - port 161/ 162
Domain Name Service (DNS)
DNS resolves Fully Qualified Domain Name (FQDN) or host names to its IP address. It allows you to access websites by typing their user friendly names instead of remembering their IP address and typing it in a browser to access that website. The use of DNS allows you to change the IP address of a website as often as you want because it allows you to use domain names instead of IP address.
What is a characteristic of circuit-switched networks?
If all circuits are busy, a new call cannot be placed.
Hub-and-Spoke
Due to the cost of equipment and WAN connections and bandwidth, companies often use a hub-and-spoke design. A powerful router is in the centre (hub), usually at a company's HQ, while the spokes represent remote offices, which require less powerful routers. There are obviously issues with this type of topology; however, it is still widely used.
Layer 1 Physoical
Encodes and transmits data bits + Electric signals + Radio signals Popular Protocols- FDDI, Ethernet Protocol Data Unit- Bit (0, 1) Devices that operate in this layer= Hub, Repeater
1 of the primary functions of data encapsulation is error detection, what does this involve?
Error detection: Each Ethernet frame contains a trailer with a cyclic redundancy check (CRC) of the frame contents. After reception of a frame, the receiving node creates a CRC to compare to the one in the frame. If these two CRC calculations match, the frame can be trusted to have been received without error.
Bridges
Examined the source ports and MAC addresses of frames in order to build a table and make forwarding decisions.
File Transfer Protocol (FTP)
FTP operates at the Application Layer and is responsible for reliably transporting data across a remote link. Because it has to be reliable, FTP uses TCP for data transfer. FTP uses ports 20 and 21.
Layer 4 Transport
Flow control (Buffering, Windowing, Congestion Avoidance) helps prevent the loss of segments on the network and the need for retransmission. Popular Protocols- TCP (Connection-Oriented, reliable) + UDP (Connectionless, unreliable) Protocol Data Unit- Segment Devices that operate in this layer = None
Frame Check Sequence
Frame check sequence (FCS) refers to the extra bits and characters added to data packets for error detection and control.
what are the three primary functions of data encapsulation?
Frame delimiting, Addressing, Error detection
Internet Control Message Protocol (ICMP)
ICMP is a protocol used to report problems or issues with IP packets (or datagrams) on a network. ICMP is a requirement for any vendor who wishes to use IP on their network. When a problem is experienced with an IP packet, the IP packet is destroyed and an ICMP message is generated and sent to the host that originated the packet.
Internet Protocol (IP)
IP operates at the Network Layer of the OSI model. It is connectionless and is responsible for transporting data over the network. IP addressing is a function of Internet Protocol. IP examines the Network Layer address of every packet and determines the best path for that packet to take to reach its destination.
Physical topology
Is how the network appears when you look at it
Logical topology
Is how the network sees itself.
What is a characteristic of a contention-based access method?
It is a nondeterministic method.
explain LLC
LLC - handles communication between upper and lower layers and takes control info to an ip packet, this is done in software The LLC sublayer takes the network protocol data, which is typically an IPv4 packet, and adds control information to help deliver the packet to the destination node. The LLC is used to communicate with the upper layers of the application, and transition the packet to the lower layers for delivery.
what is LLC?
LLC - handles communication between upper and lower layers and takes control info to an ip packet, this is done in software. The LLC sublayer takes the network protocol data, which is typically an IPv4 packet, and adds control information to help deliver the packet to the destination node. The LLC is used to communicate with the upper layers of the application, and transition the packet to the lower layers for delivery.
Presentation
Layer 6 Data representation, encryption & decryption Popular Protocols- Video (WMV, AVI...) Bitmap (JPG, BMP, PNG...) Audio (WAV, MP3, WMA...) Protocol Data Unit- Data
Network file system (NFS)
NFS allows two different types of file systems to share files and interoperate on different computers on a Local Area Network (LAN). NFS allows data stored on network servers to be accessed by different types of client computers on the LAN. NFS is a distributed file system that is used in both UNIX based systems and other operating systems such as Mac OS, MS Windows, IBM and AS/400. If you want to access UNIX files from a Windows system then NFS allows you to access UNIX files by temporarily storing those files in RAM. Even after having different file naming restrictions, both types of users can access the same files in a normal manner.
what is a PDU?
PDU (protocol data unit) - chunk of data i.e. segment, packet, frame
Layer 3 Network
Path determination, Source and Destination logical address Popular Protocols- IP, IPX, Apple talk Protocol Data Unit- Packet/Datagram 'Devices that operate in this layer = router
Layer 2 Data Link
Physical addresses Includes 2 layers: + Upper layer: Logical Link Control (LLC) + Lower layer: Media Access Control (MAC) Popular Protocols- LAN + WAN (HDLC, PPP, Frame Relay...) Protocol Data Unit - Frame Devices that operate in this layer= Switch , Bridge
Proxy ARP
Proxy ARP enables hosts on an Ethernet network to communicate with hosts on other subnets or networks If an ARP Broadcast reaches a router, it will not forward it (by default). Routers do not forward Broadcasts, but if they do know how to find the host (i.e., they have a route to it), they will send their own MAC address to the host. This process is called proxy ARP and it allows the host to send the data thinking it is going straight to the remote host. The router swaps the MAC address and then forwards the packet to the correct next hop.
Reverse Address Resolution Protocol (RARP)
RARP maps a MAC address to an IP address. Hosts such as diskless workstations (also known as thin clients) know their MAC address when they boot. They use RARP to discover their IP address from a server on the network.
what is the 3 way hand shake?
SYN - bit that says i would like to start talking to you SYN ACK - yes i will talk to you and i ACKnowledge that i received your message ACK - i received your SYN ACK
Advantages of VLANS
Security - Security of sensitive data are separated from the rest of the network Higher performance - Division of Layer 2 networks into multiple logical workgroups (broadcast domains) reduces unnecessary traffic on the network and boosts performance. Cost reduction - Cost savings result from less need for expensive network upgrades and more on this network.
Layer 5 Session
Set up, monitor and terminate connection session Popular Protocols- SQL, RPC, NETBIOS names... Protocol Data Unit- Data Devices that operate in this layer = None
What is SNMP
Simple Network Management Protocol (SNMP) is a popular protocol for network management. It is used for collecting information from, and configuring, network devices, such as servers, printers, hubs, switches, and routers on an Internet Protocol (IP) network.
Explain store and forward and cut through
Store-and-Forward: Store-and-Forward switching will wait until the entire frame has arrived prior to forwardingit. This method stores the entire frame in memory. Once the frameis in memory, the switch checks the destination address, sourceaddress, and the CRC. If no errors are present, the frame isforwarded to the appropriate port. This process ensures that thedestination network is not affected by corrupted or truncatedframes. Cut-Through: Cut-Through switching will beginforwarding the frame as soon as the destination address isidentified. The difference between this and Store-and-Forward isthat Store-and-Forward receives the whole frame before forwarding.Since frame errors cannot be detected by reading only thedestination address, Cut-Through may impact network performance byforwarding corrupted or truncated frames. These bad frames cancreate broadcast storms wherein several devices on the networkrespond to the corrupted frames simultaneouslyPure cut-through switching is only possible when the speed of the outgoing interface is equal to the incoming interface speed.
Trivial File Transfer Protocol (TFTP)
TFTP provides a connectionless transfer by using UDP port 69. TFTP can be difficult to use because you have to specify exactly the directory in which the file is located. To use TFTP, you need to have a client (the router, in your case) and a TFTP server, which could be arouter or a PC, or a server on the network (preferably on the same subnet). You need to have TFTP software on the server so the files can be pulled off it and forwarded on to the client. TFTP is used extensively on Cisco routers to back up configurations and upgrade the router.
What is Telnet
Telnet uses TCP (port 23) to allow a remote connection to network devices. Telnet is the only utility that can check all seven layers of the OSI model, so if you Telnet to an address, then all seven layers are working properly. If you can't Telnet to another device, it doesn't necessarily indicate a network problem. There could be a firewall or an access control list blocking the connection purposely, or Telnet may not be enabled on the device.
what is a sequence number? why is it used?
The 32-bit Sequence field specifies the sequence number used by EIGRP RTP to ensure orderly delivery of reliable packets.
What is DNS
The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It translates domain names, which can be easily memorized by humans, to the numerical IP addresses needed for the purpose of computer services and devices worldwide.
What is DHCP?
The Dynamic Host Configuration Protocol (DHCP) is a standardized network protocol used on Internet Protocol (IP) networks for dynamically distributing network configuration parameters, such as IP addresses for interfaces and services.
What is FTP
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files from one host to another host over a TCP-based network, such as the Internet. FTP is built on a client-server architecture and uses separate control and data connections between the client and the server.
What is HTTP
The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web. Hypertext is structured text that uses logical links (hyperlinks) between nodes containing text.
Explain VLANS
VLAN (Virtual Local Network) is a logically separate IP subnetwork which allow multiple IP networks and subnets to exist on the same-switched network.
The email application uses SMTP and POP3 protocols to send and receive messages to/from an email server and email client. When you send an email message, the email client that you use sends the message to the email server using SMTP protocol. The email server reads the domain name of the destination email server and then sends the message to that server. If the server with the specified domain does not exist then the message is returned back to the email client.
File Transfer between two accounts on two computers (FTP)
The file transfer application uses FTP protocol to transfer files between two computers. The FTP uses an FTP client computer and an FTP server to operate. The client initiates the FTP process by accepting the username and password and creates an FTP session
what is TCP windowing?
The official definition of the window size is "the amount of octets that can be transmitted without receiving an acknowledgement from the other side"
What are two functions of intermediary devices on a network? Examples of intermediary network devices are: Routers., Switches., Hubs.Wireless access points. Servers and Modems. Security Devices such as firewalls. These intermediary devices use IP address, in conjunction with information about the network interconnections, to determine best path that messages take through the network.
They direct data along alternate pathways when there is a link failure. They filter the flow of data, based on security settings.
Star
This is probably the most common topology you will encounter. Each network device is connected to a central hub or switch. If one of the cables to the devices fails, then only that device becomes disconnected.
Bus
This topology was created with the first Ethernet networks, where all devices had to be connected to a thick cable referred to as the backbone. If the backbone cable fails, then the network goes down. If a cable linking the deviceto the backbone cable fails, then only that device will lose connection.
Traceroute
Traceroute is a very widely used facility which can test network connectivity and is a handy tool for measurement and management. Traceroute follows the destination IP packets by sending UDP packets with a small maximum TTL field, and then listens for an ICMP time-exceeded response. As the Traceroute packet progresses, the records are displayed hop by hop. Each hop is measured three times. An asterisk [*] indicates that a hop has exceeded its time limit.
What is TFTP
Trivial File Transfer Protocol (TFTP) is a simple, lock-step, file transfer protocol which allows a client to get from or put a file onto a remote host. One of its primary uses is in the early stages of nodes booting from a Local Area Network. provides a connectionless transfer by using UDP port 69.
explain TCP AND UDP
UDP - is connectionless protocol. TCP - is connection-oriented protocol. uses a 3 way handshake and acknowledges delivery
Layer 7 Application
User interface Popular Protocols- HTTP, FTP, TFTP, Telnet, SNMP, DNS... Protocol Data Unit- Data Devices that operate in this layer= None
Physical versus Logical
When you can see the network equipment, you are looking at the physical topology. This can be misleading because, although the network appears to be wired in a star fashion, it could in fact be working logically as a ring.logically. It is a good idea to remember that the physical topology is what you can see and the logical topology is what the network can see (i.e., how the data flows).
Windowing
With windowing, each system agrees upon how much data is to be sent before an acknowledgment is required. This "window" opens and closes as data moves along in order to maintain a constant flow.
what is a broadcast domain
a broadcast domain refers to a group of devices on a specific network segment that hear all the broadcasts sent out on that specific network
what is a collision domain?
a network senario where one device sends a frame out on a physical network segment forcing every other device on the same segment to pay attention to it.this is bad because if two devices on a single physical segment just happen to transmit simultaneously, it will cause a collision and require these devices to retransmit
what is a trunk port?
a trunk port is carries all Vlans all the time it is apart of both red Vlan and blue Vlan A trunk is a point-to-point link between two network devices that carries more than one VLAN. With VLAN trunking, you can extend your configured VLAN across the entire network. it adds a label or "tag" to the header Trunk links provide VLAN identification for frames traveling between switches
Switches operate
by using the device's MAC addresses (known as Layer 2) and IP addresses (known as Layer 3), or they can perform more complex tasks, such as processing lists of permit/ deny traffic or protocols and port numbers (known as Layer 4), or a combination of all these layers and more.
define CSMA/CD
carrier sense multiple access with collision detection, helps devices share the bandwidth evenly while preventing two devices from transmitting simultaneously on the same network medium
describe the different classes of ip addresses
classes of addresses class A: 1 - 127 ] class B: 128 - 191 ]} 3 standard addresses A,B,C class C: 192 - 223 ] class D: 224 - 239 (multicast) class E: 240 - 254 (experimental)
difference between classless and classful?
classless - ip addressing i.e. using a class A sub mask with a class B IP address classful - using default sub mask i.e class A sub mask with class A Ip address
what are some features of IPV4?
connectionless - no connection is established before sending data packets best effort (unreliable) - no overhead is used to guarantee packet delivery media independent
what is contention based access?
contention based access - stations can transmit at any time, collisions exist, to resolve contention problems uses coma/cd
Simple Mail Transfer Protocol (SMTP)
defines how e-mails are sent to the e-mail server from the client. It uses TCP to ensure a reliable connection. SMTP e-mails are pulled off the SMTP server in different ways, and SMTP is used as an e-mail delivery service by most networks. POP3 is another popular way to do this.
define frame fowarding
frame forwarding - when a message is sent across a network everyone gets the message but unless it is addressed to them they discard it and the device that it is addresses to reads it
in what ways can networks be "grouped"
geographic - building 1, building 2 purpose - HR,management,sales,legal ownership - public,private
how does a switch work?
how a switch works is it uses the mac address to decide what ports to send traffic too it builds a mac address table and learns what traffic is coming from which ports
What is the purpose of the preamble in an Ethernet frame?
is used for timing synchronization
which layer does ethernet operate on?
layer 2/datalink
what does the mac sublayer involve?
mac - data encapsulation, addressing, done in hardware
User Datagram Protocol (UDP)
operates at the Transport Layer of the OSI model. It transports information between network devices but, unlike TCP, no connection is established first. UDP is connectionless, gives best-effort delivery, and gives no guarantee that the data will reach its destination. UDP is much like sending a letter with no return address. You know it was sent, but you never know if the letter got there.
what is quality of service?
quality of service says your more important than somebody else
What two criteria are used to help select network media?
the distance the media can successfully carry a signal the environment where the media is to be installed
Several notations represent the response of ping packets
▪ ! - One exclamation mark per response ▪ . - One period for each timeout ▪ U - Destination unreachable message ▪ N - Network unreachable message ▪ P - Protocol unreachable message ▪ Q - Source quench message ▪ M - Could not fragment ▪ ? - Unknown packet type
The three methods used to control data flow are as follows:
▪ Flow control- If the receiving system is being sent more information than it can process, it will ask the sending system to stop for a short time. ▪ Windowing- With windowing, each system agrees upon how much data is to be sent before an acknowledgment is required. ▪ Acknowledgements- When a certain amount of segments is received, the fact that they all arrived safely and in the correct order needs to be communicated to the sending system.