notes from Mike Meyers

NIC

network interface card - PCs connect to a switch, hub or router through a NIC NIC can be wired (connect to it with RJ45) or wireless

netstat

network statistics netstat displays the active connections for your system and statistics for TCP/IP netstat -n will show it with port numbers netstat -a will display all the open ports in your stystem, whether they have connections on them or not right now. netstat -na will show the port numbers rather than names netstat -b will show you who is making the connections, shows the executable for every connection netstat -o will show you all the processes running with the PID which you can check in your task manager and see what program that is netstat -r (route print) shows you the local routing table

port triggering

opens a network to accept other port numbers from incoming connections. useful for applications that send on one port but receive on another port, i.e. ftp sends reuqests out on port 21 but recieves responses from port 20

port range forwarding

opens a range of ports to a server behind a NAT router

DHCP options

options - configure default gateway, dns info DHCP info is often configured in windows server 2012 in bigger networks or from a SOHO router in smaller networks If DHCP server is set up once you plug a client computer in you should get the DHCP info immediately, every modern OS has DHCP enabled by default options in order of authority: reserved client class scope server

ping

pinging an IP address will test the connectivity between you and the machine for that IP address as long as it is reachable, will send packets

route redistribution

places the routes learned from one routing domain, i.e. BGP into another routing domain, i.e. OSPF A solution used to translate routing information between routers configured to use different routing protocols

port numbers

port numbers are unique to applications on the internet, i.e. port 80 is used for web pages ports 0-1023 are Well Known Ports when added to a packet port numbers advise which application the info should be going, include both a source and destination port every time you send out a TCP packet it will have a destination port number (set by the type of application you're using) and a source port number generated by the client, these are ephemeral (short-lived) #'s that are always between 1024 and 65,535

NTP

network time protocol, runs on port 123

SNMP versions

3 different versions: SNMPv1 - has no encryption but a lot of devices still use this, limited command set compared to later versions SNMPv2 - has encryption (but is weak) and expanded command set SNMPv3 - has TLS encryption (much stronger) An NMS is backward compatible in that it can 'speak' the different versions depending on what version a managed device uses

MAC address

48 bits 12 hexadecimal characters and is 6 groups of 2 first 3 groups of two are issues to the manufacture last 3 groups is the unique identifier every NIC in existence has a unique MAC address NIC will look at an incoming frame if the MAC address for the recipient matches its own, it knows it is for him and will strip away the extra info and send the data to the application, will keep the senders MAC address in cache, if not for him will just discard it

structured cabling troubleshooting

9/10 times structured cable issues will be at the workstation verify the link lights, verify both at the switch and the workstation go into device manger and double check the network card is working, enabled etc check the patch cable, and wall jack/face place can be subject to a lot of damage, these are the most common things to fail in structured cabling

special IP addresses

APIPA - always start with 169.254 loopback - 127.0.0.0/8 this network is reserved for loopback, used with ping to very your NIC is working okay private IP addresses: class A - 10.0.0.0/8 class B- 172.16.0.0/16 - 172.31.0.0/16 class C - 192.168.0.0/24 - 192.168.255.255/24 computers using private IP addresses can access the internet (through NAT) but you cannot access a computer that's using a private IP address private addresses - internal network communication public addresses - used for communicating on the internet both types are routable but private addresses are not routed on the internet

TCP/IP Model

Application - everything related to the application itself, TCP/IP model looks at applications as applications, the OSI model does not (session, presentation, and appliation layers) Transport - disassembly and reassembly of data Internet - IP addresses, routers (network layer) Network Interface - cables, MAC address, NICs, most things hardware (physical, data link layers)

OSI Model

Application - the 'smarts' in applications that make them network aware, takes a look at the destination port number to know where to send the data.... deals with data Presentation - used to be used to convert data into a format that applications could read (not super relevant anymore).... deals with data Session - refers to the connection between two systems, i.e. server and client assigns logical numbers to each session called ports..... deals with data Transport - disassembly and assembly of data so it can get to destination in good order.... deals with TCP segments Network - logical addressing, IP addressing, routers used here.... deals with packets or datagrams Data Link - anything that works with a MAC address; NIC, switches, bridges.... deals with frames Physical - cables, hubs, repeaters..... deals with bits as an Ethernet frame enters a NIC the MAC address and everything else are included in it, at each layer info like the MAC addresses, IP addresses are stripped from the frame as it is no longer needed when moving from application to physical layer the data is encapsulated and de-encapsulated when going from physical to application layer

STP (spanning tree protocol)

Bridge loop - happens when you connect three switches together in a loop fashion, can bring your whole network down STP (spanning tree protocol) - uses 802.1d prevents these bridge loops, most switches have this built in, switches will talk to each other and will shut off one of the ports to stop the loop RSTP - uses 802.1w is a new version of STP, RSTP can reconverge with other switches in 3 seconds, where STP was about 50 seconds STP can prevent broadcast storms, these happen when a network is flooded with broadcast traffic switches and ports should be assigned specific roles root bridge - switch in charge of the network root port - the ports that are active and are pointing at or are closest to the root bridge designated port - the ports facing away from the root bridge, (root bridge only has designated ports) non-designated port - not busy, will pass STP traffic but doesn't pass any actual data (logically this port is shut off) and since no data is passed through this port no 'loop' occurs if for some reason the root port goes down the non-designated port will then fill in for it poison reverse can also be used to prevent routing loops

Switch backbone

Can have different speeds running on the same network, may have a backbone running 10 gigabit ethernet that connects to other switches that are running 1 gigabit ethernet. GBICs - (gigabit interface converter) interchangable devices that can move in and out of switches and allow you to 'talk' to backbone or other switches GBICs and SFP (small formfactor pluggable) are standards for hot pluggable transciever these can be used to connect fiber or copper cable to a device and can allow flexibility for devices to support different cabling types GBICs and SFPs used on modular switches and routers so you don't have to replace a whole switch or router if connections/ports go bad

DNS process

DNS allows a web browser to communicate with a web server, the browser needs the web servers IP address so it can open the web page. DNS servers make this happen. Need to query the DNS server to get the web servers IP address (browser/client does not do this) 1) browser/client has it's own DNS server it queries (ipconfig /all will show your DNS server settings) 2) your DNS server will then utilize it's 'root hints' (root server IP addresses) list of root DNS servers and pick one of them. 3) Root server will then send your DNS server info for getting to a .com server (or the applicable TLD) 4) once your DNS server has this info he goes to the .com server and asks for the IP address to dell.com for example 5) .com server then sends the IP address for dell.com to your DNS server 6) your DNS server then goes to dell.com and asks for the IP address for www.dell.com (remember the www part is actually one computer/server) 7) dell.com then gets your DNS server the IP address for www.dell.com 8) your DNS server will then deliver the IP address for www.dell.com to your computer/browser 9) your computer and DNS server will then store the IP info (DNS cache) for later use this is why it may be good to flush the DNS cache from time to time because this IP info for the site you're trying to access could change We can set up our computers to use different DNS servers (DNS servers go down frequently), generally supplied by your ISP but you can use Google's DNS servers 8.8.8.8 which may be faster than your own ISP's

DDNS

Dynamic DNS allows you to take IP addresses that change (IP address on WAN side of router, which is often obtained via DHCP from the ISP). DDNS works by having a client on the NATed network go out on internet and find a DDNS service. The DDNS company will then grab the WAN IP address of your router and will place it onto a domain of your choosing. You can then set port forwarding in your router configuration and have the traffic sent to the desired client by using clients we can talk to dynamic DNS servers which will automatically update and the Dynamic DNS servers will always have the right IP addresses

Major communications in SNMP

Get - the standard query used in SNMP, NMS sends a Get to a managed device, which then sends a Response Set - used to set a variable in an agents MIB Trap - set up on managed devices and used when waiting for a query won't work, i.e. printer starts to overheat. A way for managed device to let NMS know right away something is wrong Walk - a big batch of Gets

subnet mast and default gateway

If sending data from outside a local network, onto a TCP/IP network will need a subnet mask and default gateway subnet mask - only job is to tell the system to send the data locally or out onto the router default gateway - the IP address of the router on your local network everyone on the same broadcast domain has to have the same subnet mask and one default gateway per subnet/VLAN/broadcast domain

IP addresses

MAC addresses are used for physical addressing IP addresses are used for logical addressing IP adresses not fixed to a NIC we tie MAC addresses to IP addresses with a router IP packets sit within frames and the frame adds the source and destination IP addresses to get from one network to another, once the frame gets to the router it strips away the frame info, the routing table will then advise where to send the packet to, packets are always encapsulated in some kind of frame IPv4 is required to have subnet mask

MDF, IDF, demarc, U

MDF - primary distribution frame, generally where you demarc is IDF - intermediate distribution frame, you'll have these on other floors in your building, connecting back to the MDF demarc - separates the property of the phone/cable company to what is yours customer premises equipment - when you lease a line the CPE remains the property of the service provider. The point on your premises with CPE is the demarcation point the demarc is often at an NIU (network interface unit) - a physical join in wiring CPE loopback - CPE loopback jack can be put on the line for testing. The loopback routes the signal at demarc back along the line and allows the ISP to determine which side of the demarc the issue lies demarc extension - if you can't bring your network to the demarc you can 'extend' the demarc to your network, often done in leased buildings U - a standardized height for components in a rack, 1 U = 1 3/4 inch

dynamic NAT

Makes it so you could utilize two public IP addresses for a particular router, but you have many devices on your network, this essentially allows any two devices at one time to communicate out onto the internet downside is obvious, you have a fixed # and if more devices want to get out they are out of luck

VPN protocols

PPTP - VPN access for remote clients operates across PPP connections and data is encrypted and encapsulated inside PPP packets L2TP is an extension of PPTP SSL VPN - browser based VPN access IPsec - uses 3 protocols to create a security framework for our VPNs IKE (internet key exchange) - negotiation of security parameters ESP (encapsulating security payload) - encrypting, authenticating, and securing of data AH (authentication header) - authenticating and securing of data GRE - generic routing encapsulation used with PPTP or IPsec to create VPNs Cisco protocol

coaxial cable

RG-6 - still used in cable modems/tv, runs at 75 ohm, uses a F-connector that screws in RG-8 - runs at 50 ohms impedence RG-58 - runs at 50 ohm impedence, uses a BNC connector (used in original coaxial Ethernet networks 'thinnet' use to use a T-connector that would connect to the NIC and then the other 2 ends would run to other NICs (there were no switches), or use a terminator

Email protocols

SMTP - TCP port 25 POP3 - TCP port 110 (will copy messages down to your computer) IMAP4 - TCP port 143 (emails are web based) these services are not encrypted protocols email servers need to be set up to either be POP3 or IMAP4 for sending email, the email client will need to know this to retrieve email, common for for email servers to be both the sending (SMTP) and receiving (POP3, IMAP4) server

fiber optic cable connectors

ST connector - punch in and twist it, is round and has a straight tip, typically used for single mode connections SC connector - punch in and pull out, these are square FC connector - similar to ST but tip is shorter and screws in like a F-connector in cable modems LC connector - a high density conenctor, a little connector and has a clasp like in RJ-45 cables MT-RJ connector - a high density connector, two fibers are terminated in one connector fiber cables must be clean before attaching connectors

arp and ping use what communications protocol

UDP

TCP & UDP

TCP ensures packets arrive in good working order include a sequencing number - allows you to reassemble everything properly acknowledgement - when data comes in recipient can acknowledge it was received, or detect if it was lost TCP/IP will add an ACK (3 way handshake) to the ethernet frame to make sure data arrives in full. 1) Client sends a SYN to server 2) server responds with a SYN/ACK 3) client sends an ACK to server to complete process, 1) client will send a FIN 2) server responds with a FIN/ACK 3) clients sends an ACK UDP is similar but one major difference, it is connectionless Turn a TCP segment into a UDP datagram by changing ACK and segment portion into checksum and length the checksum verifies the length of data UDP isn't concerned about all the data arriving perfectly, to UDP speed is more important than reliability

http, https

TCP port 80 TCP port 443 uses TLS to make the encryption works, or SSL which is older

Telnet/SSH

Telnet - TCP port 23, enables you to access a remote computer, uses username/password no file transfer and no GUI, just gives you a command prompt common when connecting to a local switch or router (not commonly used over internet since it's in the clear) arguably the oldest application on the internet SSH - Secure Shell, TCP port 22, a secure version of Telnet a key is used by SSH to encrypt all the traffic common when connecting to a far away switch or router since it's encrypted PuTTy is a popular Telnet/SSH client rlogon - TCP port 513, long obsolete way of remotely accessing computer, no password, no encryption

UTP/STP

UTP - #1 kind of cable used in networking usually 4 pairs of twisted pair the more twists per inch allows cable to handle a faster signal Cat 3 - runs at 16 MHz used on Mbps networks Cat 5 - runs at 100 Mhz, used on 100 Mbps networks Cat 5e - runs at 100 Mhz, used on 100 Mbps networks but up to 1 Gbps Cat 6 - run at 1 Gbps, up to 10 Gbps but at reduced length Cat 6a - can run at 10 Gbps at full 100 meters STP - used in networks where there's a lot of 'noise', the aluminum shielding prevents EMI Fire ratings PVC - is not fire rated at all riser - designed to run between floors (elevator shafts) and buildings, provides some protection plenum rated - doesn't emit toxic fumes when burned

VPN concentrators

VPN concentrators - replaced access concentrators used for modem connections aggregate tunnelled IPSec connections (if you have many sales reps around the country and they need to access the network, can take all those connections and aggregate into one connection, can handle a lot more concurrent connections than a regular VPN

net command

a great tool if you want to know what is happening with your local network from the command line net view: shows you what computers your system can see within it's own workgroup net user: shows you who 'you' are, right now, on the network, useful if you forget what/who you logged in as on the computer net use: used for mapping a drive, which assigns a drive letter to a particular shared folder net share: allows you to share folder net accounts: shows you how your accounts are set up. i.e. how often password needs to be changed net start/stop: allows you to stop and start services from the command line be

dynamic routing

a big function of routing is to handle dynamic problems with routes to reroute traffic on the fly to the customers that need it rather than having to go in and manually change routing tables as IP address info changes can employ dynamic routing and bring routers into convergence (where all router tables reflect all routes) with each other static routing will take precedence over dynamic routing If a router has more than one way to get somewhere it will use a metric to determine which route to take. In earlier days of routing this was based on the hop count. Metrics now take into consideration several factors: MTU - maximum transmission unit, refers to how much data a particular frame can haul, Ethernet MTUs are 1500 bytes but if going into a DSL network for example the MTUs would have to be chopped up into smaller sizes, which then increases the amount of traffic on the network Bandwidth - Cost - Latency - how long does it take a route to react to what I want to do, i.e. satellite has very high latency

route summarization/route aggregation

a routing table entry representing two or more routing table entries reduces routing updates exchanged and the size of routing tables If you have a denver region and san francisco region rather than advertising all your routers to the denver region you could 'aggregate' the all the routes to just a few

6to4

a way to migrate from IPv4 to IPv6. This allows the IPv6 packets out there to be transmitted over an IPv4 network Teredo and Meredo - two types of transition tunneling technology, allows tunneling of IPv6 packets over IPv4 networks even if network is using NAT, Miredo is an open source version

110 block

about the only time we use RJ45 crimps is for patch cables, pretty much every other time we're using a punchdown tool 110 blocks have a Cat rating like everything else in networking, Cat 5e, Cat 6 etc. and this Cat rating should match across the board patch panels do the splitting for you, you'll notice the order is different on the panel when compared to the 568B or A standard distance from the 'punch' to last twist should be about 1/2 an inch

diagnosing and fixing common DHCP errors

all errors pretty much manifest in the same way; you'll open a web browser and because you don't have the correct IP address, default gateway, or DNS you won't be able to get on the internet If DHCP is not working you can do ipconfig and check your IP address, if it is a 169.254 address it is from APIPA (a fallback if your system cannot find a DHCP server) can still talk to computer on your network but cannot get on the internet with APIPA. need to check if there is a layer 1 disconnect, are you plugged into your switch, is your switch plugged into the DHCP server, if that looks good may be a issue with the DHCP server itself: 1) make sure it shows on your broadcast domain 2) make sure it is properly configured, i.e. pool of IP addresses rogue DHCP server - two DHCP servers on the same broadcast domain will compete with each other, regularly happens on a wireless network, wireless routers often have DHCP servers built in and once connected will start trying to assign IP addresses, if you don't recognize your IP address/network ID when doing an ipconfig and it is not 169.254 it is likely from a rogue DHCP server

port address translation (PAT)(regular NAT)

allows you to have lots of devices accessing the internet without using legitimate IP addresses. a router will replace the private IP address of the node with it's own public/legitimate IP address NAT is almost always turned on by default on home routers, on enterprise type routers it's almost never turned on

port mirroring

allows you to listen in on a port another computer may be plugged into and have it send you all the traffic whether it is going in or out of the switch and send a copy over to your computer, so allows you to remotely monitor the data of another switch port or even an entire VLAN this is configured by providing a source port and a destination port in the switch IOS

port bonding

allows you to take multiple ports on a switch and combine to become one higher speed port, you do this by making a group and then assigning ind. switch ports to that group. The group is called a port channel uses LACP (link aggregation control protocol) for trunking protocol. need ports set to either active, active or active, passive. passive, passive won't work

access control lists

almost always going to be some form of authentication and authorization when it comes to access control lists authentication - what does it take for you to get into the system authorization - once in the system, defines what you can do in there mandatory access control - uses labels for resources. the label defines what you can or cannot do with a particular resource discretionary access control - provides access like read, write, owner etc of a resource role based access control - place users into specific groups, the group is given access to particular resources that grants them access ACLs allow or deny traffic based on IP and port in this way they are similar to firewalls, can put ACLs on specific interfaces in our router and before passing traffic will go through ACL and see if there's any matches Blacklist ACLs will implicity allow traffic and then deny anything on the blacklist Whitelist ACLs are an implicit deny but allow traffic that's on the whitelist

loopback plug

an RJ-45 that connects pin 1 to pin 3 and pin 2 to pin 6 to test a NICs ability to send and receive

ARP spoofing

an attacker can pretend to be a host or router/gateway and when client sends out ARP request it gets a reply back from the attacking computer spoofing the MAC address the client is looking for ARP cache poisoning - uses fake ARP messages to redirect traffic to an attackers machine

testing a horizonal run

an issue in the horizontal run of cable is very rare but best way to test it would be to use a TDR, horizontal run should be no more than 90 m

tone generator and a tone probe

can be used when you have a wall outlet and you are not sure where the corresponding connection is in the equipment room tone generator creates the signal for the probe, probe then translates the signal into an audible tone when it gets close to the connection the generator is plugged into

CSMA/CD

carrier sense multiple access/collision detection on a bus topology the carrier sense refers to the fact that a node on a network will listen to hear if any other node is 'talking'. multiple access refers to multiple computers On these bus topologies we'd put terminating resistors on the ends so the signal couldn't bounce back collision detection refers to two computers could not talk at one time, would back off if a collision happened and then retry after a random amount of time CSMA/CD was common on 10Base5 (1st gen cabling for Ethernet) and 10Base2 (used BNC and Tee connectors) networks, 10Base2 could handle up to 30 devices per segment

TIA standards

define standards like how each individual connection is wired, EIA-TIA 568A and 568B GSBB - green surrounds the blue in B OSBA - orange surrounds the blue in A either standard can be used but shouldn't have both standards on the same cable, unless you're wanting to create a crossover cable

dynamic routing protocol methods

distance vector - routers send their entire routing table to their neighboring routers and then determine the best routes disadvantage is distance vector uses hop count RIP (routing information protocol) EIGRP link state - more modern and has improvements over distance vector. Will periodically ping neighboring routers and if they detect differences they'll then update their routing table and advertise this to neighboring routers OSPF (open shortest path first) IS-IS is also a link state routing protocol link state gets routers back into convergence much faster than distance vector

DNS

domain name system is made up of a lot of computers all over the world who's job it is to resolve IP addresses based off of FQDN (fully qualified domain names) top level domain names - .com .edu .org individual host names - left side of URL, www is actually the name of one ind. computer within the the totalsem.com domain (the web server). If trying to access an FTP server could do ftp.totalsem.com, or mail.totalsem.com (name of the host can be anything but these names are used because of conventional wisdom, this is what's expected for these services) secondary domain - (totalsem in this example) under the top level domains are millions of secondary domains DNS servers - do two things: respond to DNS queries and create DNS queries total length of FQDN cannot be more than 256 characters and total of 127 'names'

DHCP reservations

dynamic allocation - a common method used by DHCP servers for assigning IP info >>> server has a large pool of IP addresses to assign out and addresses are then reclaimed and marked available after a lease timer ends automatic allocation - the DHCP server doesn't automatically give away the IP address when a device leaves the network. Automatic allocation makes it so that if you do leave and then come back you will most likely get the same IP address you had before. static allocation - statically or manually configuring an IP address to a specific device based on the MAC address list that the DHCP server has >>> also called IP reservation, address reservation, static DHCP assignment or static DHCP

dynamic routing protocol EGP

dynamic routing protocols are also broken down into two categories: exterior gateway protocol - when communicating outside an AS (one ISP to another) you'll use EGP Border Gateway Protocol is the only EGP and is considered the cornerstone of the internet BGP communication is done through AS# not IP address BGP has aspects of both distance vector and link state routing protocols router networks carry data from LAN to LAN throughout the internet BGP breaks up the entire internet into approximately 20,000 autonomous systems, these are groups of one or more router networks under the control of a single entity, i.e. ISP, government organization, university, AS's have direct or indirect control of all the routers, networks, subnets, within their AS IGPs are commonly used inside of AS's

dynamic routing protocol IGP

dynamic routing protocols are also broken down into two categories: interior gateway protocols - RIP (routing information protocol) - is an IGP distance vector protocol, uses hop count as metric, so will take shorter path, RIP is old, has a max hop count of 15 takes a while to get convergence with RIP, RIPv1 only works with default class A,B,C networks, RIPv2 could handle CIDR and has security built in OSPF(open shortest path first) - #1 IGP and is a link state protocol. Begin sending link state advertisements the moment they're connected together a downside is OSPF uses a designated router and each router is configured to be in a particular Area ID, once they know their Area ID they begin talking to each other and 'elect' one to be the designated router and another to be the backup designated router. they then start communicating to each other networks they are attached to rather than sending out entire routing table like in RIP, this allows convergence to happen in seconds and works very well with BGP EIGRP (enhanced interior gateway routing protocol) - Cisco proprietary split horizon is a technique used for preventing routing loops

DHCP/BootP

dynamically allocate IP addresses 4 steps: DORA discovery - client sends a broadcast to udp/67 which will go out to all devices on the subnet offer - server sends a broadcast to udp/68 request - client sends another broadcast back to server saying this is the IP I would like to use acknowledge - server marks the IP as being owned by that client/workstation BootP used in Linux each broadcast domain must have only 1 DHCP server and has to be part of that broadcast domain DHCP relay - a DHCP server needs to be in the broadcast domain the one exception is you can use DHCP relay, this allows you to access the DHCP server if you know it's IP address, the router will then act as the DHCP relay and when it hears requests will forward to the DHCP server scope - a single contiguous pool of IP addresses is called a scope >>> generally will have one DHCP server handling IP addresses on several different subnets >>> scope properties will consist of IP address range, subnet mask, lease duration lease duration -

EAP

extensible authentication protocol - provides flexibility, is a framework for authentication which has many methods; EAP-TLS, LEAP, EAP-MD5 is not a protocol but defines a message format EAP is commonly used in wireless and point to point networks a burst of data between a requester and a server and the EAP determines what you can do... pre shared key, PEAP

fiber optic cable polishing

fiber optic polishing - must do this before putting on the connectors PC - polish connector is regular polishing, flat at the top UPC - ultra polished connector, rounded at the top this allow it to propagate light better than PC APC - angle polished connector, the best kind of polishing, very little light loss

firewall/IDS/IPS

firewalls filter, IDS notifies, IPS acts to stop IDS examines network traffic and compares it against signatures for known attacks if it senses an attack can communicate this to network management consoles advantages: does not disrupt packet flow, works with copies of packets, whereas an IPS examines the actual packets IPS is similar to IDS but also acts to stop the attack, can redirect the traffic to a honeypot or close off the port etc advantages: responds immediately and stops the malicious traffic. And works with other network devices like firewall to stop attacks

gigabit Ethernet standards

four gigabit Ethernet standards on net+: 1000BaseCX - copper standard but used a coaxial cable called twinax, 25 meters from node to switch, old and weird 1000BaseSX - (short range) multimode fiber, 500 meters from node to switch 1000BaseLX - (long range) single mode fiber, 5 km from node to switch 1000BaseT - Cat6 UTP copper, 100 meters from node to switch 10 gigabit Ethernet standards on net+: 10GBaseT - Cat 6 (up to 55 m) or Cat 6a which is 100 meters from node to switch 10GBaseSR - (short range) multimode 26 m to 400 m from node to switch 10GBaseLR - (long range) uses 1310 nm (nanometer) single mode fiber, 10 km from node to switch 10GBaseER - (extended range) uses 1550 nm (nanometer) single mode fiber, 40 km from node to switch equivalent SW, LW and EW standards same standards as above but used on SONET networks

wireshark

free packet analyzer, need to know what it is for net+ packet/protocol analyzers aka packet sniffers can display, capture and save packet information going across a network in promiscuous mode they can read packets intended for other devices

frame

generated and destroyed inside the NIC frames are packetized data frames are 1500 bytes use the MAC address to know where to send the data Jumbo Frames - bigger than 1500 bytes and can be as big as 9000 bytes

packet flow monitoring

gives an overview of traffic going across a network a 'flow' is a conversation between 2 nodes packet flow monitoring helps you know who the top talker and top listener on your network are: top talker - node on a network that sends the most packets top listener - node on a network that receives the most packets

ipconfig

gives you the info for all the network adapters you have available on your system ipconfig /all - will show you the MAC address ifconfig - used on linux systems

DNS records

host record (A or AAAA) - the most important DNS record. When configuring you enter a name for the record, the domain name, and IP address. This record is what actually resolves the FQDNs to IP addresses. AAAA is for IPv6 addresses CNAME record - this is for aliases, if someone is trying to get to your file server at server1.fred.local but they only type in server.fred.local it will take them to server1.fred.local MX record - mail exchange, this is for mail servers, DNS is used for delivering email with most email servers if an MX record is not found an A record will be used instead SRV record - define the location of various servers

HOSTS file

pre dates DNS, used to resolve FQDNs before DNS was developed but will take precedence over DNS file contains IP addresses and their names HOSTS file on windows: C: > windows > system32 > drivers > etc

routing metrics

if a router has 2 default routes it will use a metric to determine where to send it, the lower the metric # the higher a priority it is for the router hop count - the number of stops a packet takes before reaching its destination. Like TTL, this can prevent routing loops MTU - maximum transmission unit, refers to how much data a particular frame can haul, Ethernet MTUs are 1500 bytes but if going into a DSL network for example the MTUs would have to be chopped up into smaller sizes, which then increases the amount of traffic on the network Bandwidth - Cost - efficiency of a router Latency - how long does it take a route to react to what I want to do, i.e. satellite has very high latency Administrative Distance - used when there are two or more different routes to the same destination from two different routing protocols, will choose the lowest administrative distance SPB - shortest path bridging, provides a replacement for STP

windows name resolution

if a windows system is a member of a domain it will go to its domain controller, which is also its DNS server and everything is done through DNS. If not on a domain you would traditionally use NetBIOS (ports 137,138,139) for name resolution. But starting around Windows Vista a new protocol came online Link Local Multicast Name Resolution (LLMNR) uses UDP port 5355 LLMNR is a better name resolving service than netBIOS. if on windows 10 will use both NetBIOS and LLMNR and either can do the name resolution LLMNR is a protocol that allows hosts to do name resolution for hosts on the same local link every windows system has a 'registered name', these names are unique on a given network

ICMP & IGMP

internet control message protocol protocol used when not necessarily needing to send data but to verify status, or error reporting i.e. ping or arp are good examples of ICMP packet includes a (type) small message and a checksum to verify it ping and traceroute use ICMP ICMP and IGMP work at the Internet layer of TCP/IP model or Network layer of OSI model internet group management protocol packet includes type, checksum, group address (multicast address) and source address (IP address of server) multicast allows you to connect to servers using IP 224.anything. clients on a network wanting to watch a streaming video will connect to a server, and the video server instead of sending individual streams to each computer watching a video it will assign a multicast address and just that one address will come into the network and the clients with the necessary software listening on that multicast address will get the video. This basically provides a 2nd IP address to these clients while the video is running

switch

keeps track of the MAC addresses of the computers connected to it based on ports other computers won't even know a transmission happened, other computers could also be sending/receiving data at the same time and there would be no slowdown in bandwidth, as opposed to a hub that works in half duplex each port on a switch is its own collision domain, as opposed all ports on hub are one collision domain multilayer switch will work on both layer 2 (MAC addresses and layer 3 (IP addresses)

different DNS servers

linux/unix uses B1ND for DNS serving windows server - comes with Windows DNS server a website is not limited to just one DNS server, normally have primary DNS name servers and secondary DNS name servers, if one goes down others can take over common for one DNS server to represent several domains forward lookup zones - resolve FQDNs to IP addresses reverse lookup zones - resolve IP addresses to FQDNs SOA (start of authority) the primary name server for domain, or the authoritative name server below that there are name servers (NS) that provide quick FQDN to IP address resolution only one SOA in a forward lookup zone but can be lots of NS's for a domain

fiber optic cable

made up of a core (where the light goes), a cladding and a cable jacket two types: multimode - carries LED signals (usually orange) designed for shorter distance single mode - carries laser signals (usually yellow) designed for longer distance can't hook a multi-mode cable into a plug for single mode fiber optic cables are usually duplex, they have two connectors on the ends when running fiber on an ethernet network card have two connectors on each end, one for sending and one for receiving. In 10BaseT days only one would work at a time fiber connectors have two characteristic values: return loss or reflection - the loss of power in a signal that's going to be returned back attenuation or insertion loss - the loss of power in a signal that actually makes it to the other end the usable distance of fiber is given as the product of frequency and distance, i.e. 3.5 Ghz per km do not bend below the bend radius, can cause fractures in the cable and attenuation if no bend radius given assume 15 times the cable diameter

InterVLAN routing

makes it so that when connecting VLANs together via a switch you don't have to continually find more ports in routers to connect those VLANs this essentially virtualizes routing inside higher end switches so that you can create many VLANs with one switch

static NAT

makes it so you can associate anything that comes into your network from a specific IP address to go to a particular host. also called port forwarding

DNS troubleshooting

manifests itself by not being able to get onto the internet, in Chrome it will actually tell you the DNS lookup failed, in IE it will say something like attempting to resolve www.google.com in lower left corner If you can get to a webpage by typing in an IP address but not by it's DNS name than you have a DNS issue check for a misconfiguration with DNS server: network connections > properties > IPv4 ipconfig /flushdns - wipes the DNS cache, useful if your system is storing the old DNS info of a site that has moved locations. After running this command the system will then go out to the DNS server and obtain the new DNS information, can use Google DNS servers; 8.8.8.8

modal distortion

multimode fiber optic cable is susceptible to modal distortion - light travels in different modes and when light travels down the cable by the time it gets to the other end can be a little distorted

nslookup

name server lookup used for querying a DNS server to make sure it is working or not, shows you default DNS server info if we can't reach the DNS server nslookup will not give much information, but can be used to troubleshoot internal DNS issues need to know the ouput of an nslookup command for net+ DIG (domain information groper) similar tool to nslookup ping is still a good tool for checking DNS, the ping has to resolve that FQDN to a domain name

nbtstat

net bios over TCP/IP status nbtstat is used to display statistics for protocols and connections with TCP/IP nbtstat -c shows the nbt cache of remote names and ip addresses nbtstat -s shows sessions of current connections. will show you who you're connected to right now need to know the output of nbtstat -c and -s for net+ nbtstat -R will clear the cache nbtstat -RR will rebroadcast all of your systems registered information nbtstat -n: every windows system has a registered name, this command will show what the computers registered name is nbtstat -a [system name] shows you the registered information for another computer nbtstat -r shows you statistics for what your system has been doing lately an old netbios tool that doesn't work very well with LLMNR

routers

primary function is to interconnect network IDs filter and forward based on IP address, use routing tables to know where to send routers have a method to query it's 'upstream router' or default route. The default route is used when the destination does not meet the criteria within the routing table. The default route will have the IP address of the router 'upstream' from it routers read the destination IP address and then change the MAC address (arp either the local network or the upstream router) depending on where the data needs to go routers don't care where a packet came from, only where it's going and they can use any network medium; DSL, cable etc. you can configure your routers web interface remotely router WAN connections are commonly DHCP clients by default if routes are missing from a routers routing table, then certain parts of the network will be inaccessible router ACL misconfiguration could prevent legitimate access or fail to prevent unauthorized access auditing/audit logs can help with this

port scanner

probe a remote machine to check for open ports typically a precursor to running attacks server/workstation etc., they're checking for 'open doors'

AAA services

provide authentication, authorization and accounting for remote connections, VPNs etc. RADIUS - 802.1x protocol for AAA used by VPNs, access points and other remote access type scenarios, used to authenticate before accessing WLAN client (supplicant) speaks to the authenticator who forwards requests on to the RADIUS server. uses UDP ports 1812, 1813 or 1645, 1646 TACACS+ - similar to radius but is Cisco proprietary and uses TCP port 49 also encrypts all info between client and server not just passwords like RADIUS Kerberos - handles authentication and authorization for wired networks. relies heavily on time stamps and components include an authentication server and ticket granting server. If outside a certain timeframe the ticket is no longer valid holds cryptographics keys for all users and services if these AAA services go down can use back door access as a workaround to login but could create a vulnerability, this should still authenticate against the device though

FTP

send out requests on port 21 but ftp servers respond back on port 20, this is where port triggering comes into play FTP is not encrypted everything sent in the clear, will need to use SFTP for encryption (uses SSL and TLS) anonymous account - necessary for doing file downloads, enable public access to ftp servers FTP clients - can use things like filezilla, ipswitch, web browsers, command prompt in command prompt the GET command downloads and the PUT command uploads TFTP - trivial ftp, a UDP protocol and runs on port 69, 'lightweight' version of FTP

VTP

trunking allows you to set certain switch ports to a particular VLAN and then on a 2nd switch set some ports to that same VLAN and they will communicate with each other but not other VLANs 802.1Q is a standard for trunking for one VLAN to communicate with another will need to use a router or interVLAN routing within the switch VTP advertisements are sent as multicast frames

SNMP

simple network management protocol is a tool for switches and routers mainly, to query their status, monitor them etc. from a single source Allows you to administer and manage network devices from a single source. These devices must have an agent which is software built in that enables it to do SNMP SNMP devices will listen on ports UDP 161 (unencrypted) and UDP 10161 (TLS encrypted), SNMP devices are referred to as 'managed devices' The other half of the equation are the systems that will be used to talk to these 'managed devices', this is called an SNMP manager. And the interface or software used to communicate to these devices is called a 'Network Management Station' (NMS). The SNMP manager will listen ports UPD 162 (unencrypted) and UDP 10162 (TLS encrypted) Management Information Base (MIB) is used to manage the communication between the managed devices and the SNMP manager/NMS. MIB is built into each managed device SNMP community - organization of managed devices, for example; all first floor switches... Read Only, Read Write - settings on a managed device, can set to read only or to read, write

Types of VPN: site to site, host to site, host to host

site to site - tunnel data between LANs over the internet, a VPN concentrator is required at each site host to site - used for user remote access software required on host site has a VPN gateway or concentrator depending on # of connections to site host to host - tunnel traffic from one host to another

straight through and crossover cable

straight through - same on both end crossover - 568A on one end and 568B on the other, sends go to receives and receives to sends, use for connecting two switches (or other like devices) uplink port - a port on a switch that has the cross in it already, so you could plug a straight through cable into it to connect two switches most switches nowadays use auto sensing ports when you plug into them, so using a crossover today doesn't make a lot of sense, should be able to use straight through and it will automatically work

IPv6

subnet mask is always /64, back half comes from MAC address, MAC address is only 48 bits and the back half is 64 bits so an extra 16 bits are added in the middle, this is called EUI-64 (extended unique identifier). EUI allows a host to automatically assign itself a unique 64 bit IPv6 interface identifier without manual configuration or DHCP, does this by referencing the already unique 48 bit MAC address and reformatting that value to match the EUI-64 specification IPv6 supports unicast, multicast and anycast (anycast has basically replaced broadcast) anycast is a 1 to nearest communication where broadcast was a one to all comm compression - drop off any leading 0's can drop contiguous 0's one time in an address, replace with ::

symmetric encryption

symmetric encryption: in order to encrypt data need two things: an algorithm and a key value take clear text and in order to encrypt it you generate a key, put key into the algorithm and run the clear text through it, this gives you cyphertext to decrypt: with symmetric encryption you take your key put into algorithm and then run the cyphertext through it and you get clear text an algorithm that uses the same key to both encrypt and decrypt is symmetric encryption

VLAN

takes a broadcast domain and splits it into two or more VLANs, VLANs are also usually associated with a subnet managed switches allow you to do VLANs switches don't need IP addresses to do their job. but managed switches have IP addresses that enable the configuration and connection of VLANs, can also connect via the console port unmanaged switch - performs switching without any user intervention, can't control the functions of these switches Native VLAN - one VLAN in an 802.1Q trunk is known as a native VLAN, any additional VLANs receive a tag so that a switch knows which VLAN to send the data to

802.1X

the IEEE standard for PNAC (port-based network access control) it provides authentication for devices trying to attach to a network; i.e. RADIUS 802.1x security generates dynamic encryption keys The 802.1x security standard uses various authentication types based on the Extensible Authentication Protocol (EAP). These include the following: EAP-LEAP: Uses username and static password for authentication. EAP-TLS: Uses digital certificates for authentication. EAP-PEAP: Uses digital certificate, username, and static password or one-time passwords for authentication.

ARP

the command will display the IP to phsyical address translation a broadcast sent onto a network in order to obtain a MAC address resolves MAC addresses from IP addresses ARP cache will store this info for the future, can view ARP cache with arp -a command

Ethernet

the ethernet frame has pretty much stayed the same since the beginning (1980) a media converter allows you to convert a fiber run to UTP and this is made possible because the Ethernet frame doesn't change standard nomenclature: 100Base5 - Speed --- Base (one channel) or Broad (runs on different channels similar to cable) --- refers to the length of the cable (5 would mean 500 meters). Today this last value pretty much is always T, which means were running UTP with a switch in the middle 10BaseT - The daddy of Ethernet runs at 10 Mbps can have up to 100 meters between nodes and the switch max of 1024 nodes per switch designed to run on Cat 3 cable or better 100BaseT and 100BaseTX are the exact same standard 100 Mbps 1024 nodes per hub 100 meters from node to hub Cat5e or better cable 100BaseFX (100BaseF) is the fiber optic version of 100BaseTX 1024 nodes per hub multimode 2 km from node to hub

network ID

the part of a network where all the address is the same. If sending out an IP packet and the destination IP address has the same network portion of it's IP than we know that it is being sent locally and can just do a simple ARP to send the packet. The subnet mask will determine how much of the IP address needs to be the same in order to know if the packet should stay on the local network or is going out to the internet

web server

two competing web server software: Microsoft IIS (internet information service) Apache - which is open source net+ may ask, is there a web server running on a particular system? run command netstat -a and see if listed on port 80 more questions about web clients than web servers, with Internet Explorer being the main one, going to tools > internet options in IE is a common place to start troubleshooting in IE

unicast, broadcast, multicast, anycast

unicast - is addressed to a single device on the network, when the computer knows who to send the data to and includes the recipients MAC address multicast - a one to many type addressing more efficient use of the network uses a class D address anycast - one to nearest type of addressing, multiple devices share the same address (replaced broadcast addressing in IPv6) broadcast - is when a computer doesn't know who to send the data to, and it is sent to every device in the broadcast domain the broadcast does not leave the subnet sent to the IP address 255.255.255.255 the destination MAC address for broadcast is all F's

asymmetric encryption

use a public key and private key. the public key only encrypts and the private key only decrypts. when putting a public key into the algorithm the only thing it can do is encrypt the data and when putting the private key into it the only thing it can do is decrypt a private key and its associated public key is called a Key Pair public keys are distributed so others can send you encrypted data for two people to communicate they must exchange public keys, called a Key Exchange no one can do anything with a public key except encrypt something, no security risk, without the private key you can't do much with the public key

hash

verifies that data does not change hashes do not encrypt a hash algorithm creates a fixed-size hash value, doesn't matter how much text is run through it If you have a 1000 page document and you even change one letter from a lower case to a capital it will give you a completely different hash value MD5 and SHA-1 are common hash algorithms

prevent collisions

we can break up collision domains with switches and broadcast domains with routers

equipment room troubleshooting

when the network goes down for a lot of people there's probably something wrong in the equipment room. When a large device like a switch goes down, electricity may be a likely culprit, a voltmeter is good for testing this can use a voltage monitor, a device you plug in and you can watch the voltage over an extended period of time UPS's will usually solve any power related problems

wiremap, continuity, TDR, crosstalk

wiremap - will show you if all the wires are punched into the right place on each end of the cable (if you have split pairs or not) continuity - refers to whether the wires are even connected at all, or have a break TDR (time domain reflectometer) - will test for distance in a cable and can determine if there is a break and where it is, used with fiber as well crosstalk - interference between pairs on an individual cable, on a land line phone manifests as a crackling noise, when creating network cable installers will certify a run to make sure you are getting what you paid for, checking for crosstalk is one thing they'll look for signals from one wire interfere with signals on another gets its name from analog telephony where someone might hear another conversation when on the phone NEXT - near end crosstalk, found close to the connector FEXT - far end crosstalk, similar but at the far end of the cable