it-careers: CompTIA_Network_Plus

1. Media and Topology i. 1.1.0 Topologies ii. 1.2.0 IEEE 802 Project Subcommitees iii. 1.3.0, Network Media iv. 1.4.0 Media Connectors v. 1.5.0 Network Components 2. Protocols and Standards i. 2.1.0. OSI Model ii. 2.2.0 Network Protocols iii. 2.3.0 TCP/IP Protocols & Well known ports 3. Network Implementation i. 3.1.0 Operating Systems 4. Network Support i. 4.1.0 Network Commands ii. 4.2.0 Network Tools iii. 4.3.0 Troubleshooting

Media and Topology

1.1.0 Topologies

Topology topology phys ical layout of components on a network

Star/hierarchical s tar topology is s calable and eas y to troubles hoot bus requires les s hardware and cabling than other topologies dis advantage of us ing a bus topology on a 100 us er network - Prone to cable faults

mes h ring wireles s

mos t fault tolerant and has the mos t redundancy FDDI and Token Ring us e the s ame media acces s method acces s point = connects computers with wireles s adapters to a network

1.2.0 IEEE 802 Project Subcommitees

802.X Phys ical Cable

802.1 802.2 802.3 802.3u 802.4 802.5 802.6 802.7 802.8 802.9 802.10 802.11a 802.11b 802.12

LAN/MAN Management and Media Acces s Control LLC- Logical Link Control Ethernet & CSMA/CD Fas t Ethernet Token Bus Token Ring MAN - Metropolitan Area Network Broadband Fiber Optic LAN/MAN Integrated Services LAN Interface Security/Data Encryption 54mbs Wireles s 11mbs Wireles s Demand Priority Acces s Method

802.11x Wireles s Standards 802.11 802.11a 802.11b 802.11g 802.1x Authentication framework for wireles s LANs Us er to be authenticated by a central authority Us es Extens ible Authentication Protocol (EAP, RFC 2284) Wireles s Wireles s Wireles s Wireles s 1/2mbs 54mbs 11mbs 54mbs 2.4 MHz band 5 GHz band 2.4 GHz band 2.4 GHz band

NOTES: 802.5 - defines the MAC layer 4 TOKEN RING NETWORK ( think of the 5 olympic rings ) DSSS = Direct Sequence Spread Spectrum UTP is mos t s us ceptible to cros s -talk media acces s method is us ed for an IEEE 802.5 network = token pas s ing All Ethernet(including Gigabit) us es 802.3 and all ethernet us es CSMA/CD the mos t common IEEE s tandards 802.2 802.3 802.5

1.3.0, Network Media

Network Media-Cables Coaxial thinnet *RG58 thicknet *RG8 or RG11

Twis ted pair Fiber

STP (s hilded twis ted pair) UTP (uns hilded twis ted pair)

UTP (uns hilded twis ted pair) catagories EIA/TIA = Electonics Indus try As s oc/Telecommunication Indus try As s oc Cat-1 Cat-2 Cat-3 Cat-4 Cat-5 Cat-6 Cat-7 telephone 4mbs EIA/TIA 586 10Bas e-T or 100Bas e-T4 16mbs Token-Ring or 100Bas e-T4 100Bas e-TX or 1000Bas e-T 165mbs 1000mbs Giganet

Fiber phys ical elements core = glas s or plas tic cladding = different glas s or plas tic reflects to core jacket = protects from elements broadband = multiple channel bas eband = s ingle channels SC or ST between 10Mbps *200,000Mbps

trans mition methods NIC connector s peeds

Cable Standards 10Bas e-2 10Bas e-5 10Bas e-T BNC BNC RJ45 RG-58 RG-58 Cat-3 200 meters 500 meters 100 meters us es T-connectors us es T-connectors 4 twis ted pairs s ame as 100Bas e-TX but 100Bas e-TX requires Cat5 10Bas e-FL 100Bas e-T4 SC/ST RJ45 Fiber Cat-3 2000m (full-duplex) 100 meters us es all four pairs for fas t ethernet over older Cat-3 and Cat-4 100Bas e-VG RJ45 Cat-3 10 meters 4 twis ted pairs VG = Voice Grade 100Bas e-TX RJ45 Cat-5 100 meters us es two pairs of a Cat-5

100Bas e-FX

SC/ST

Fiber

412m (Half-Duplex) 2000m (full-duplex)

1000Bas e-T 1000Bas e-CX

RJ45 9pinD 8pin-ANSI Fiber

Cat-5 Twinax

100 meters 25 meters

us es all four pairs of wires on a Cat5 "C" = Copper Wire

1000Bas e-LX

SC/ST

Fiber

550m (multimode) 5000m (s inglemode)

1000Bas e-SX

SC/ST

Fiber

260 meters

NOTES: "T" always means Twis ted pair 100 meters max dis tance RJ-45 connector "F" always means Fiber number before Bas e always indicates mbs there is no 1000Bas e-TX, jus t like there's no 100Bas e-T. It's 10Bas e-T, 100Bas e-TX and 1000Bas eT. Us ually if it ends in X, then it's fiber 1000Bas e-TX is the exception 1000Bas e-CX DOES NOT USE RJ-45 connectors !! 1000Bas e-CX us es either a 9 pin D-s ub or an 8-pin ANSI fiber channel s tyle connector maximum length of a Gigabit Ethernet s egment us ing multimode fiber optic cable is 550 meters

1.3.0 Network Media-Wireles s Wireles s Devices s pread s pectrum = defacto s tandard DHSS = direct s equence s pread s pectrum wideband FHSS = frequency hoping s pread s pectrum narrowband changes frequency in known pattern can deploy more than one channedl at the s ame time WLAN operational modes ad-hoc peer-to-peer infras tucture need acces s point

1.4.0 Media Connectors

Media Connectors RJ11 RJ45 AUI BNC ST although SC are the mos t popular, ST connectors can be us ed with gigabit ethernet too ST us es a twis t-type attachment mechanis m ST(fiber): Straight Tip. (This common connector is a twis t type. eas y way to remember ST=s tick and twis t. SC= s tick and click SC = A pus h-s tyle connector that us es fiber. SC(fiber): Subs criber Connector is s quare w/ a tab. It jus t pus hes on. eas y way to remember ST=s tick and twis t. SC= s tick and click RJ-11 connector connects a v.90 modem to the telephone network 1000Bas e-CX DOES NOT USE RJ-45 connectors !! 1000Bas e-CX us es either a 9 pin D-s ub or an 8-pin ANSI fiber channel s tyle connector connector connects an external trans ceiver to a NIC

SC

1.5.0 Network Components

Network Devices -Phys ical Layer Hubs Repeaters Cables NIC

NOTES: Phys ical layer Data Link Layer acces s point 16550 UART chip Hubs , Repeaters , Cables , NIC Bridges , Switches , NICs connects computers with wireles s adapters to a network needed to provide a modem connection of 115200 bps mos t computers today have 16550 UART chips for both of their s erial ports thes e s erial ports can run as fas t as 256 Kbps

trans ceivers gateway

can convert media types (?) trans lates protocols

HUBS hub connects multiple computers to create a s ingle logical network s egment active hub boos ts s ignal s trength a pas s ive hub is limited to s upporting dis tances of les s than 30 meters (100 feet) Ethernet hub directs the data packet to all hos ts on the LAN s egment Token Ring hub (MAU) will only regenerate the s ignal to the next device in line

NICS NICs work at both the phys ical and datalink layer You have replaced a NIC in a works tation connected to a Token Ring network, but the works tation cannot communicate with the s erver. What is the mos t likely caus e of this problem? The NIC is s et for the wrong s peed.** (?)

SWITCHES s witches and bridges and maybe NICs work at the data link layer a s witch can replace a hub, not a mau, or trans ciever, or repeater a s witch mus t be able to read the MAC addres s of each frame it receives . This information allows s witches to repeat incoming data frames only to the computer or computers to which a frame is addres s ed. This s peeds up the network and reduces conges tion.

BRIDGES us ed to join two network s egments together allows computers on either s egment to acces s res ources on the other. can als o be us ed to divide large networks into s maller s egments . can als o connect networks that run at different s peeds , different topologies , or different protocols cannot, join an Ethernet s egment with a Token Ring s egment, becaus e thes e us e different networking s tandards . operate at MAC s ublayer of the Data Link layer Bridges read the MAC header of each frame to determine on which s ide of the bridge the des tination device is located, the bridge then repeats the trans mis s ion to the s egment where the device is located.

ROUTER us ed to connect networks of different types , s uch as thos e us ing different topologies and protocols operates at the netwok layer can s witch and route packets acros s multiple networks determine the bes t path for s ending data. can be us ed to s egment a large network, and to connect local area s egments to a s ingle network backbone that us es a different phys ical layer and data link layer s tandard can als o be us ed to connect LAN's to a WAN's .

BROUTERS operates in the Network layer and the Data Link layer act like a BRidge for non-routable protocols (NetBEUI) and as Routers for routable protocols

(TCP/IP) can be us ed to connect 2 netbeiu nets and a tcp/ip+netbeiu net, and keep net s egmented connects network s egments and allows full bandwidth on all ports combination bridge, and router in one device. more cos t effective as both the bridge and router are combined together

GATEWAYS us ed to connect networks us ing different protocols operate at the network(?) layer of the OSI model. In order to communicate with a hos t on another network, an IP hos t mus t be configured with a route to the des tination network. If a configuration route is not found, the hos t us es the gateway (default IP router) to trans mit the traffic to the des tination hos t. default t gateway is where the IP s ends packets that are des tined for remote networks . If no default gateway is s pecified, communication is limited to the local network. Gateways receive data from a network us ing one type of protocol s tack, removes that protocol s tack and repackages it with the protocol s tack that the other network can us e configure default gateway to allow nodes on one local network to communicate with nodes on another network the default gateway for a computer is us ually the addres s of the router functions provided by a default gateway Provides a route for packets with des tinations outs ide the local s ubnet. "Your default gateway does not belong to one of the configured interfaces ." run ipconfig The default gateway has been mis configured. The default gateway s etting is an IP configuration s etting. if a client needs to s end a packet that is not on the client's s ubnet, the packet goes to the default gateway

CSU/DSUs combines the functionality of a channel s ervice unit (CSU) and a data s ervice unit (DSU) us ed to connect a LAN to a WAN, and they take care of all the trans lation required to convert a data s tream between thes e two methods of communication. DSU provides all the hands haking and error correction required to maintain a connection acros s a wide area link, s imilar to a modem DSU will accept a s erial data s tream from a device on the LAN and trans late this into a us eable data s tream for the digital WAN network. It will als o take care of converting any inbound data s treams from the WAN back to a s erial communication. CSU is s imilar to a DSU except it does not have the ability to provide hands haking or error correction. It is s trictly an interface between the LAN and the WAN and relies on s ome other device to provide hands haking and error correction.

MAUs Q. us ers connected to the new MAU can communicate with each other but not with us ers on the original MAU:

A. Connect the ring in port to the ring out port on each MAU. if us ing two MAUs , the ring in port of one MAU s hould be connected to the ring out port of the other MAU. Q. new MAU. Us ers are not able to connect to the LAN. The network analyzer s hows connectivity from the NICs to the RJ-45 plugged into the MAU. The mos t likely caus e? A. The ring in and ring out are mis configured between MAUs .

1.5.0 Network Devices -Data Link Layer Data Link devices work with MAC addres s es A NIC works at both phys ical and data link layer Bridge/Switch Modes s tore-and-forward 1. packet is firs t gathered and s tored in its entirety 2. s witch then begins to trans mit it on the outbound link cut-through 1. s witch s tarts to trans mit the front of the packet 2. back of the packet continues to arrive

Bridges Help prevent broadcas t s torms STP (Spanning Tree Protocol) des ignates the s tate of each interface on a bridge Forwarding - all packages recieved and forwarded Blocking - only s tatus of other bridge mes s ages pas s

1.5.0 Network Devices -Network Layer Routers : 3 methodologies 1. s tatic routing s tatic routing info table does not exchange info with other routers 2. dis tance vector routing dynamic routing info table us es RIP (Routing Information Protocol) routing path bas ed on dis tance, number of hops maxium hops = 15 3. link s tate routing dynamic routing info table maintains a copy of every other routers LSP LSP (Link State Protocol) OSPF (Open Shortes t Path Firs t) routhing algorithm, s ucces s or to RIP

Protocols and Standards

2.1.0. OSI Model

Encaps ulating Data TCP/IP Model is us ed PDU names are us ed Going Down the s tack: Data->Segments ->Packets ->Frames ->Bits DSPFB = do s ome people forget bus ines s ? BFPSD = Bondage Fiends Prentend Something Dirty

Application Layer Think common, well known, apps telnet, FTP, SMTP, HTTP, SSL PDU = data Application layer 3 bas ic s ervices to applications ins ures needed s es s ion res ources matches app to appropriate communication protocol/s ervice s yncronizes data trans mittion

Pres entation Layer Think: Data Formats & Changing Pres entation layer is the only layer that actually changes data ASCII, EBCDIC, GIJ, JPEG, encryption PDU = data Pres entataion Layer Services data encryption data compres s ion data formating data convers ion Data Convers ion ASCII EBCDIC encryption A/V Convers ion MPEG AVI Graphics Convers ion GIFF JPEG TIFF

Ses s ion Layer Think: Data Ses s ion RPC, Z IP, SCP, SQL, NFS, X-Windows , ASP PDU = data Ses s ion layer is res pons ible for es tablis hing, maintaining, and terminating a connection called a 's es s ion" Ses s ion = a s eries of connection-oriented trans mis s ions between two network nodes opens manages , and clos es convers ations between two computers

Trans port Layer Think: Segment Sequencing Remember T in TCP TCP, SPX, NBP, UDP, ARP, RARP PDU = Segment res pons ible for s equencing adds a s equence number s o that the original trans mis s ion order can be recons tructed ens ures packets are delivered error free, in s equence, and without los s es each s ys tem us es the other s ys tem's s equence numbers in the ACK field of it's own mes s age repackages mes s ages for more efficient trans mis s ion over the network

Network Layer Think: Routing Packets IP, ICMP, IPX, BGP, OSPF, RIP, NetBEUI PDU = packet TTL - Time to Live a network level protocol that expires a mes s age after a certain amount of time prevent a frame from bouncing around forever routes data packets acros s network s egments trans lates logical addres s es and names into phys ical addres s es Router, Brouter

Data Link Layer Think: MAC Frames Frame Relay, LAPB, PPP PDU = frame MAC layer & LLC layer LLC Flow Control Software XON/XOFF Hardware RTS/CTS LLC Error Detection CRC = Cyclic Redundancy Tes t dis as s embles data into frames (and as s embles them from frames ) res pons ible for dividng data into frames s o it can be s ent acros s a network trans mits frames of data from computer to computer on the s ame network s egment. Switch, Bridge, and Brouter

Phys ical Layer Think: Bits of rudimentry hardware Ethernet, Token Ring, HSSI, 802.3 PDU = bit places the s ignal on the cable defines cabling and connections trans mits data over the phys ical media Repeaters , Hubs , Trans ceivers , Amplifiers

MAC Addres s 48 bits two parts divided evenly manufacturer ID

s erial number ARP - finds MAC addres s from IP addres s RARP - finds IP addres s from MAC addres s

2.2.0 Network Protocols

Routable Protocols TCP/IP * SPX/IPX * Appletalk * DECnet Banyan Vines Xerox Network Sys tem (XNS)

* = know for net+

Non-routable Protocols NetBEUI * DLC LAT DRP MOP

* = know for net+

TCP/IP TCP/IP mus t be ins talled to acces s the Internet TCP/IP duplicate s tatic IP addres s es won't work TCP/IP if HW is okay, and tcp/ip is ins talled, and IP range is correct, and netmas k is okay, but s till won't work IP is a duplicate to one already in us e. TCP/IP and IPX/SPX can both us e RIP for routing TCP/IP and IPX/SPX utilize a vector dis tance protocol to maintain routing table information

IPX/SPX IPX is made up of two parts : MAC addres s , Network addres s TCP/IP and IPX/SPX can both us e RIP for routing TCP/IP and IPX/SPX utilize a vector dis tance protocol to maintain routing table information

NETBEUI NetBios Extended Us er Interface. enhanced vers ion of the NetBIOS protocol NetBIOS is us ed by network operating s ys tems s uch as LAN Manager, LAN Server, Windows for Workgroups , Windows 95 and Windows NT Netbeui was originally des igned by IBM for their Lan Manager s erver and later extended by Micros oft and Novell netbeui is not routable to improve performance on an exclus ively NetBEUI netork, you can add a bridge. A gateway or router will not work netbeui is not routable by default. it is typically us ed with bus topology(older networks ) and s o are bridges (which are not ip bas ed) you cannot add a router or a gateway to a NetBEUI network s ince NetBEUI is non-routable s o it wouldn't cros s the router or the gateway.

Appletalk Appletalk is routable Z ONES s eperate Appletalk netorks into logical groups of computers RTMP is ued by Appletalk for routing. AARP protocol links addres s es to phys ical addres s es in Appletalk

Protocols MISC DLC, NetBEUI ,and IPX/SPX have nothing to do with connecting to the internet to communicate: the client and the s erver mus t us e the s ame protocol TCP/IP and IPX/SPX can both us e RIP for routing three typical functions of the client in the client/s erver environment It formats a reques t for data It dis plays data res ults to the us er It pres ents an interface to the us er

SNMP SNMP collects network management information SNMP is us ed by Network Management applications to monitor network devices remotely

DNS Q. you have s et up filtering on your DSL router. You are now unable to acces s Internet s ites by their Domain Names , though you can acces s them by their IP addres s es . What is the mos t likely caus e of the problem? A. Your DSL router is blocking port 53 three things you need to s pecify on a works tation for DNS res olution 1. Domain name 2. Hos t name 3. IP addres s of the DNS s erver email from me@mymail.com to them@theirmail.au: domain names res olved in following order:

1. mymail.com 2. .com 3. .au 4. theirmail.au outgoing mail s tarts at the "child domain" mymail.com where DNS would res olve the parent domain .com and then to deliver the mail to the des tination a lookup would s tart at the au top level domain and then go down (res olve) to the theirmail.au s econd level domain. if you s witch from a s tatic IP s ys tem, to a DNS s ys tem, you may need to delete the HOSTS file Q. Network adminis trator plans on adding DNS to the network and moving s erver res ources to a new s erver farm with new addres s es . Prior to this addition, HOSTS files are us ed to get to res ources by hos t name. A1. Us ers will be able to connect if a DNS is enabled on the s erver and the HOSTS file is deleted. or A2. Us ers will be able to connect if a DNS is enabled on the works tation and the HOSTS file is deleted.

WINS WINS Windows Internet Naming Service WINS s erver provides NetBIOS name to IP addres s res olution us es a dis tributed databas e that is automatically updated LMHOST LMHOST file for WINS is like HOSTS file for DNS local hos ts file us ed by Micros oft Wins Clients s uch as Micros oft Windows 98 or Windows NT provides mappings of IP addres s es to NT computer names (NetBIOS) names generally located in either root Windows directory or the Windows Sys tem32drivers etc directory called "lmhos t.s am". procedure to enable WINS on W9X 1. Open TCP/IP properties 2. Find the WINS Configuration tab at the top of the window and click it. 3. Click the Enable WINS Res olution button. Note: there is no DNS configuration available if us ing WINS To configure TCP/IP to us e WINS the following s ettings on your PC mus t be s et properly Primary WINS Server Enable WINS Res olution

HTTPS Q. You have enforced HTTPS acces s to your Web s erver. After you make this change, your Web s erver is no longer acces s ible from the Internet, but can s till be acces s ed by your internal network us ers : A. Your Internet router is blocking port 443.

PPTP

to implement s ecurity authentication and encryption to a private network: you can us e TCP/IP and PPTP PPTP tunnels PPP over an IP network to create a network connection s ecurity authentication and encryption to a Netware s erver on a private network can require: PPTP & TCP/IP PPTP as a remote acces s s trategy can provide Full WAN connectivity - connect different LANs to achieve WAN connectivity Secure connection - PPTP us es s ecure tunneling through the WAN media Acces s via ISP - PPTP connectivity can be implemented through Internet

IP_Addres s ing_& _Subnets an IP addres s 0.0.0.0 indicates an IP configuration problem, s uch as the DHCP s erver cannot be reached ipconfig command line utility can be us ed to change the IP configuration parameters . know network clas s es and defaut netmas ks A 172.17.0.0/16 network us es a 16-bit network mas k which is expres s ed as 255.255.0.0. /16 indicates 16 network bits , or "1s ". Q. two us ers can't connect and you know it's not a HW is s ue A. Duplicate IP addres s es have been as s igned. s tatic routing method requires the mos t adminis trative overhead des tination addres s = header field is us ed to route datagrams dynamic IP routing can incorporate RIP Hos t on IP networks , is any device with a logical addres s x.x.x.255 is a broadcas t addres s , and can not be a valid IP addres s for a hos t Public networks us e public addres s es . Thes e mus t be acquired through IANA. IANA = Internet As s igned Numbers Authority central coordinator for the as s ignment of unique parameter values for Internet protocols . thes e include internet addres s es , domain names , protocol numbers , port numbers , and many others . IP s ubnets s ubnetting configures the network to treat network and node number differently An IP router connects two s ubnetworks . Each s ubnetwork behaves as if it were independent. Routing between nodes on different s ubnets is trans parent to the us ers . three characteris tics of a public network 1. IP hos ts are directly acces s ible from the Internet. 2. Network IP addres s es are expos ed to the Internet. 3. ???? Subnetting is the proces s of changing the configuration of a network clas s s o that it treats the network and node number differently CIDR = Clas s les s Inter-Domain Routing CIDR allows one IP addres s to des ignate many unique IP addres s es within a network. IPv6 us es a 128-bit addres s , allowing for 2^128 total IP addres s es , as oppos ed to IPv4's 2^32 IPv4 A, B, and C clas s es of IP addres s es and their default s ubnet mas k numbers des tination addres s is us ed to rount datagrams . Not s ource addres s , or MAC addres s , or port

IP Addres s Clas s es - determined by leftmos t 4 bits of 1s t octet Clas s A: 0_ _ _ leftmos t bit which hold a value of 128 is zero 255 - 128 = 127 range: 001 - 127

s o highes t value of 1s t octect is Clas s B: _0 _ _ s econd bit which hold a value of 64 is zero s o high value of 1s t octect is Clas s C: _ _ 0_ third bit which hold a value of 32 is zero s o high value of 1s t octect is Clas s C: _ _ _ 0 forth bit which hold a value of 16 is zero s o high value of 1s t octect is Note: leftmos t 4 bits are res erved, as are two more bits Clas s A: Clas s B: Clas s C: 255.0.0.0 255.255.0.0 255.255.255.0 nets = 2^04 - hos ts nets = 2^12 - hos ts nets = 2^20 - hos ts (2^24)-2 (2^16)-2 (2^08)-2 16,777,216 65,536 254 255 - 16 = 239 range: 224 239 255 - 32 = 223 range: 192 - 223 255 - 64 = 191 range: 128 - 191

Remote_Acces s - dial-up Q. if dialed in to a network and able to s end and receive email but not able to connect to the s erver: A. dial-up connection protocols are not configured properly Q. if you can't dial in to a novell s erver A. dial-up connection protocols are not configured properly Q. can't get a dial tone from your modem in a hotel room A. modem does not s upport digital phone lines . the following are features of PSTN Eas e of configuration Inexpens ive cos t Readily available

Remote_Acces s - dial-up - SLIP v PPP a V.90 modem, and *not* an ISDN adapter connects a computer to an *analog* data s ervice provided by the local telephone company SLIP is a legacy dial up protocol thats needs s cripts for IP configuration which your ISP has more than likley not provided if you can dial-up, but can not login with SLIP, us e PPP SLIP does not provide addres s ing packet type identification error detection/correction compres s ion mechanis ms SLIP requires that the device on each end known the other's addres s

Remote_Acces s - Security

L2TP - Layer 2 Tunneling Protocol A protocol us ed for tunneling PPP s es s ions over different networks . able to encaps ulate s tandard PPP by means of variety of media IPSec - us ed to encrypt IP traffic Kerberos us ed for authentication ticket bas ed multi-platform default authentication for W2K SSL - us ed for s ecure HTTP PPTP - adds s ecurity to PPP

PPTP as a remote acces s s trategy can provide Full WAN connectivity Secure connection Acces s via ISP connect different LANs to achieve WAN connectivity PPTP us e s ecure tunneling through the WAN media PPTP connectivity can be implemented through Internet

Remote_Acces s - T1, ISDN & DSL us e T1 for 1.5 megabits per s econd (Mbps ) connection to the Internet Q. DSL us er is able to connect to CO but not able to connect to the Internet: A. the ISP connection to the DSL acces s multiplexer is down ISDN ISDN adapter connects a computer to a digital data s ervice provided by the local telephone company 2 types of channels B "Bearer" and D "Delta" each B-channel operates at 64 kbs and is meant to carry us er data; each D-channel operates at 16 kbs or 64 kbs and is meant to carry control and s ignaling information, 2 types of ISDN s ervice: Bas ic Rate Interface (BRI) & PRI BRI s ervice offers two 64kbs B-channels and one 16kbs D-channel (2B+D) PRI s ervice offers 23 64kbs B-channels and one 64kbs D-channel (23B+D)

Remote_Acces s - WAN Q. The WAN connection is provided by the Local Exchange Carrier (LEC). The LEC is able to loop and tes t good to the Network Interface (NI), but not to the CSU/DSU. What can caus e the LEC to not loop the CSU/DSU? A. A bad cable pair form the CSU/DSU to the NI.

2.3.0 TCP/IP Protocols & Well known ports

IP

the s tandard for data packet delivery over the Internet. a network layer protocol that provides network addres s ing for identifying s enders and receivers . defines how data packets can be routed acros s the network to their des tinations . Routers forward each packet acros s the Internet bas ed on its des tination IP addres s . each device attached to the Internet or any IP network mus t have a unique IP addres s .

TCP can be validated by s ucces s fully us ing FTP provides a reliable, s equenced communication s tream for network communication.

TCP Too Careful Protocol flow control reliable conection oriented hand s haking error correction high overhead FTP, telnet

UDP Uns ure Data Protocol no flow control no reliabiliy not conection oriented no hand s haking no error correction les s overhead, fas ter than TCP NFS, SNMP, DNS, TFTP

Connection Oriented Protocol us ed by TCP and frame relay virtual circut high overhead error recovery three-way hands hake 1. negotiate 2. authorize 3. pos itive acknowledge

Connectionles s Protocol us ed by UDP and frame relay no virtual circut les s overhead, fas ter no error recovery no hands haking

TCP/IP Error Handling detection recovery correction done mos tly at Layer 2 with CRCs and checks ums retrans mit, done with connection oriented at Layer 4 not done at layer 4, error is recoverd, not corrected

detection methods parity checks um CRC time-out

Port # 20 21 22 23 25

Port Name FTP FTP SSH Telnet SMTP

Notes connection-oriented connection-oriented

connection oriented connectionles s depending on what point in the proces s you're at.

49 53 67 68 69 80 88 110 119 143 161 389 443 1701 Notes : Div by 5 20 to 25 End in 3 End in 9

TACACS DNS BOOTP? BOOTP? TFTP HTTP Kerberos POP3 NNTP IMAP SNMP LDAP HTTPS L2TP Connectionles s Connectionles s *on exam*

FTP, SMTP, HTTP, POP3 FTP, SSH, Telnet, SMTP Telnet, DNS, IMAP, HTTPS TACACS, TFTP, NNTP, LDAP

Network Implementation

3.1.0 Operating Systems

3.0_Network_Implementation-UNIX to configure eth0 on UNIX/Linux for outs ide WAN: s et gateway and netmas k (run ifup eth0?) Unix us es TCP/IP and Netware 3.11 us es IPX/SPX. Only the newer vers ions of Netware us e TCP/IP. Windows 2000 (Linux?) natively us es domain s ervers (?) two benefits does s tarting Samba on a UNIX/LINUX s erver provide? (Choos e two)

The s erver acces s Print s erver acces s

33.0_Network_Implementation-Netware NDS = Novell Directory Services NDS was included in Netware 4.xx which came out in 1993 which protocols are s upported by: Netware 3.11, Netware 4.11, Netware 5? Unix us es TCP/IP and Netware 3.11 us es IPX/SPX. Only the newer vers ions of Netware us e TCP/IP. three s teps are neces s ary to authenticate a W98 client to Novell 5 s erver: 1. Configure the tree, 2. Configure the context, 3. Ins tall the Novell Netware client when connecting a Windows 98 works tation to an exis ting Novell Netware 5.1 s erver three s teps are neces s ary to authenticate to the s erver 1. Configure the tree 2. Ins tall the Novell Netware client 3. Ins tall File and Printer Sharing for Netware Networks . Client Support Netware 5 comes with Novell Client s oftware for three client platforms : DOS and Windows 3.1x, Windows 95/98, and Windows NT. File Services Netware offers two choices of mutually compatible file s ervices : NSS = Novell Storage Services traditional Netware File Sys tem gathers all unpartitioned free s pace that exis ts on all the hard drives connected to your s erver together with any unus ed s pace in Netware volumes , and places it into a s torage pool create NSS volumes from this s torage pool during s erver ins tallation or later through NWCONFIG. NDPS = Novell Dis tributed Print Services default and preferred print s ys tem in Netware s upports IP-bas ed as well as IPX-bas ed printing. Netware 3 added TCP/IP s upport at the s erver and an IPX-to-TCP/IP gateway for Internet connectivity. Starting with Netware 4, there was better s upport for TCP/IP. Netware 5 and higher allows IPX to be replaced by TCP/IP and fully s upports TCP/IP.

3.0_Network_Implementation-Windows Windows 2000 (Linux?) natively us es domain s ervers (?) unders tand us er lever s ecurity ve s hare level s ecurity. centrally adminis trated? Permis s ions are as s igned to res ources ? client s oftware required on Windows 95/98 to brows e an NDS tree = Novell Client for Windows or Micros oft Client for Novell Netware know procedure to ins tall dial-up s ervices (RAS) on NT/2K when you add a DNS s erver to net that was jus t us ing HOSTS, the DNS s erver will replace the hos ts files . The old hos ts file s hould be deleted. us e the # s ymbol to put comments in a hos t file works tation configured to us e NetBEUI is moved to another s egment and won't connect: works tation is us ing a non-routable protocol. no s uch thing as a "printer domain"

lmos ts provides NetBIOS name to IP addres s res olution A us er is able to acces s the Internet and departmental drives , but is unable to s ee the home directory. You verify that the us er directory is located at the appropriate s erver location. What is the mos t probable caus e? The us er is not logged in to the domain? or The directory location has been unmapped in the us er's profile? APIPA = Automatic Private IP Addres s ing (169.254.x.x). This is a property of win98 and win2000/XP, NOT win95 or winNT4. If you can't get an IP addres s from a DHCP s erver (or unable to contact a DHCP s erver), you will be given the IP addres s of 169.254.x.x and a s ubnet mas k of 255.255.0.0 Network Monitor allows you to monitor the whole network. NBTSTAT, NETSTAT only gives the s pecific ports and where are they connected in ONE PC. 4 permis s ions types are available in a Windows NT environment = Lis t, Read, Write, Change In Win2k its Modify, in NT its Change. Settup RAS for NT My Computer -> Control Panel -> Network -> Services -> Add -> Remote Acces s Service NOTE: No dial-up anything - that's for clients Have to us e Network It's a s ervice, not a protocol PERMISSIONS & SECURITY: us er level s ecurity - the network adminis trator can decide which res ources are made available to other us ers on the network us er level acces s is more res trictive than s hare level acces s us er level acces s you s et the us ers account to acces s a limited amount of network res ources whenever the us ers need to acces s a res ource they us e their pas s word to s ign in/log on If the us ers do not have rights to us e that res ource the us ers are denied acces s s hare Level acces s you as s ign each network res ource a pas s word any network us er who knows the pas s word can acces s that res ource s hare level s ecurity is not as flexible as us er level s ecurity and does not provide as much protection Q. if a member of a group who has the correct permis s ions to print, can't print. And all other us ers of the s ame group can print A. us er acces s permis s ions are s et wrong us er acces s permis s ions over-ride group permis s ions EFS = The Encrypting File Sys tem (EFS) provides the core file encryption technology us ed to s tore encrypted files on NTFS file s ys tem volumes . Once you encrypt a file or folder, you work with the encrypted file or folder jus t as you do with any other files and folders . Encryption is trans parent to the us er that encrypted the file. You encrypt or decrypt a folder or file by s etting the encryption property for folders and files jus t as you s et any other attribute You can als o encrypt or decrypt a file or folder us ing the command-line function cipher. Only files and folders on NTFS volumes can be encrypted. you cannot encrypt files or folders that are compres s ed. You cannot s hare encrypted files . Encrypted files can become decrypted if you copy or move the file to a volume that is not an NTFS volume. Us e cutting and pas ting to move files into an encrypted folder. If you us e a drag-and-drop operation to move the files , they will not automatically be encrypted in the new folder. Sys tem files cannot be encrypted. Encrypting a folder or file does not protect agains t deletion.

Procedure to enable WINS on W9X 1. Open TCP/IP properties 2. Find the WINS Configuration tab at the top of the window and click it. 3. Click the Enable WINS Res olution button.

Note: there is no DNS configuration available if us ing WINS

3.0_Network_Implementation-VLANs Virtual Local Area Network a group of ports that behaves as an independent s witch. machines located in the s ame phys ical area are not neces s arily on the s ame LAN broadcas t domain. implement VLANs to implement two s eparate networks on one s witch to s et up two nets that don't communicate with each other on the s ame s witch, configure VLANs . can be implemented us ing s ophis ticated s witches . Individual works tations are connected to s witch ports and it is the job of the ports to create the broadcas t domain.

3.0_Network_Implementation-Network_Attached_Storage (NAS) computing-s torage devices that can be acces s ed over a computer network rather than directly being connected to the computer (via a computer bus ). enables multiple us ers to s hare the s ame s torage s pace at once often minimis es overhead by centrally managing hard dis ks . the file s ys tem located in a Network Attached Storage (NAS) s ys tem is located at the s torage device. two drive technologies us ed by Network Attached Storage (NAS) = IDE, SCSI two application protocols us ed by Network Attached Storage (NAS) = NFS, SMB NFS (Network File Sys tem) allows client view, update, or s tore files on a remote computer as though the files were on the us er's local hard drive. SMB (Server Mes s age Block) allows a Windows client to acces s , create, and update files on a remote s erver. SMB als o allows the s ame client to acces s other res ources s uch as printers and mail s lots . SMB protocol can be us ed over TCP/IP or other network protocols s uch as IPX and NetBEUI

3.0_Network_Implementation-FAULT_TOLERENCE benefit of fault tolerance = elimination of a s ingle point of failure three methods to achieve fault tolerance Mirrored s ervers RAID dis k s torage Uninterruptible power s upply

RAID 0 RAID 1 RAID 1+0 (AKA, RAID 10) RAID 2 RAID 3 RAID 4 RAID 5 RAID 6 RAID 7 RAID 53

2 drives (but is not redundant) 2 drives 4 drives NA 3 drives 3 drives 3 drives 3 drives NA 5 drives

3.0_Network_Implementation-DISASTER_RECOVER goal of dis as ter recovery is to recover the pertinent s oftware applications and data to continue bus ines s three methods to implement dis as ter recovery Tape backup remote hot s ite Off-s ite data archive

Backup s trategies Full Backs up all data. Takes the longes t to backup, but fas tes t to res tore. Clears archive bit on all backed-up files .

Incremental Only backs up files added or changed s ince las t backup. Quick to back up, but res tore requires multiple tapes (las t full backup tape plus all incremental tapes s ince the las t full backup. When restoring incremental, always take care to restore the correct order, oldest to newest.). Clears archive bit on all backed-up files .

Differential Only backs up files s ince las t FULL backup. Each backup takes a little longer, but res tore requires only two tapes (mos t recent full backup and mos t recent differential backup). Does not clear archive bit.

NEVER MIX INCREMENTAL AND DIFFERENTIAL!

3.0_Network_Implementation-FIREWALLS firewalls help ens ure that the network is s afe from outs ide influence firewall protects an internal private network from the Internet by filtering TCP/IP traffic bas ed upon three parts of a TCP/IP packet Port number Source IP addres s Des tination IP addres s s ecurity function of a firewall Res tricts unauthorized us ers from acces s ing s ens itive data three bas ic technologies are us ed with firewalls proxy s ervers packet filtering Network Addres s Trans lation Proxy s ervers functions like firewalls . Firewalls filters packets . Firewalls performs Network Addres s Trans lation. Firewalls do not perform dynamic routing.

3.0_Network_Implementation-PROXY us e s o that only one IP is vis ible when us ers connect to the Internet proxy s erver performs three proces s es Enhances s ecurity and adminis trative control. Acts as an intermediary between an application and the Internet. Acts as an intermediary between a works tation us er and the Intern can improve performance if many us ers acces s the s ame line, and acces s the s ame web-s ite primary purpos e of a proxy s erver acts as a type of firewall that manages packet s equence and origin to reduce the chance of hackers hijacking communication s es s ions (?) a proxy s erver is a kind of buffer between your computer and the Internet res ources you are acces s ing. The data you reques t come to the proxy firs t, and only then it trans mits the data to you. It acts like in s ome ways as a firewall and can be us ed to protect the local network behind it. three s ervices a proxy s erver provideS Cached client files Cached web pages Cached DNS information

Network Support

4.1.0 Network Commands

Command OS(es ) Dis cription arp WIN & UNIX

arp -a: s hows both MAC and IP addres s es # arp Address HWtype HWaddress Flags Mask router ether 00:30:BD:C2:64:7E C # arp -a router (192.168.2.1) at 00:30:BD:C2:64:7E [ether] on eth0

Iface eth0

ifconfig

UNIX

s how/configure network interface parameters # ifconfig eth0 Link encap:Ethernet HWaddr 00:E0:4C:85:56:90 inet addr:192.168.2.71 Bcast:255.255.255.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:10879 errors:0 dropped:0 overruns:0 frame:0 TX packets:11691 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:8251497 (7.8 MiB) TX bytes:2309842 (2.2 MiB) Interrupt:11 Base address:0xec00 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:69 errors:0 dropped:0 overruns:0 frame:0 TX packets:69 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:4645 (4.5 KiB) TX bytes:4645 (4.5 KiB)

ipconfig nbts tat nets tat

WIN WIN WIN & UNIX

s how all current TCP/IP network configuration values refres h DHCP & DNS s ettings s how NetBIOS over TCP/IP (NetBT) protocol s tatis tics nbts tat -r: can be us ed to verify that a WINS s erver is res olving hos ts names s how all open ports and network connections s how current TCP/IP network connections and protocol s tatis tics s how contents of various network-related data s tructures nets tat -i lis ts s tatis tics for each interface. nets tat -a: s how the s tate of *all* s ockets nets tat -r: dis plays all routing tables nets tat -s : s how per-protocol s tatis tics

# netstat Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node Path unix 10 [ ] DGRAM 1211 /dev/log unix 3 [ ] STREAM CONNECTED 44112 /tmp/.X11-unix/X0

unix

[ ]

STREAM

CONNECTED

44111

# netstat -i Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR eth0 1500 0 10881 0 0 0 lo 16436 0 69 0 0 0 # netstat -r Kernel IP routing table Destination Gateway 192.168.2.0 * default router

TX-OK TX-ERR TX-DRP TX-OVR Flg 11691 0 0 0 BMRU 69 0 0 0 LRU

Genmask 255.255.255.0 0.0.0.0

Flags U UG

MSS Window 0 0 0 0

irtt Iface 0 eth0 0 eth0

# netstat -s Ip: 11018 total packets received 0 forwarded 0 incoming packets discarded 10604 incoming packets delivered 11722 requests sent out Icmp: 118 ICMP messages received . . . . ns lookup WIN & UNIX find the IP addres s or hos tname of a machine # nslookup yahoo.com Server: 192.168.2.1 Address: 192.168.2.1#53 Non-authoritative answer: Name: yahoo.com Address: 216.109.112.135 Name: yahoo.com Address: 66.94.234.13 ping WIN & UNIX ping -t will ping continuous ly # ping google.com PING google.com (216.239.37.99) 56(84) bytes of data. 64 bytes from 216.239.37.99: icmp_seq=1 ttl=236 time=216 ms 64 bytes from 216.239.37.99: icmp_seq=2 ttl=236 time=222 ms rarp route tracert WIN & UNIX WIN & UNIX WIN s hows a network packet being s ent and received and the amount of hops required for that packet to get to its des tination traceroute UNIX network debugging utility attempts to trace the path a packet takes through the network like Window's tracert output #traceroute groklaw.net traceroute to groklaw.net (152.2.210.81), 30 hops max, 38 byte packets 1 router (192.168.2.1) 1.220 ms 1.235 ms 1.139 ms 2 * * * 3 68.86.105.17 (68.86.105.17) 49.044 ms 15.145 ms 36.509 ms revers e arp dis plays the routing table us e to manually configure the routes in the routing table

whois

WIN & UNIX

internet us er name directory s ervice s earches for the pers on, login, handle, or organization find the IP addres s that your ISP temporarily as s igns to you

winipcfg

WIN 9X/ME

4.2.0 Network Tools

Tool Wire Crimper

Function A hand tool us ed primarily to attach terminations to different types of network cables in a proces s known as "crimping." This involves a s queezing pres s ure to force the end in place on the cable. This differs from punching down, in which you pus h the conductor into metal teeth.

Media Large as network hand tools go, this tes ts network media to be s ure it meets Tes ter/Certifier manufacturer's requirements . Punch Down Tool Tone Generator Optical Tes ter Digital Volt Meter Time Domain Reflectometer (TDR) Os cillos cope Protocol Analyzer Power Monitor Advanced Cable Tes ter Loopback Adapter Terminator Logs fluctuations in power s ources . Can analyze network traffic and locate exces s ive collis ions . Can tes t a NIC card that's not attached to the network. It als o can s imulate network protocols in a computer where no NIC is ins talled. creates an electrical s ignal on a wire, s o the wire can be located in a wiring clos es t A hand-held device that meas ures optical parameters . Us ed to determine if cables are faulty or to tes t power s upply voltage. Determines the dis tance to a break in a cable.

A device that can meas ure s ignal voltage per unit of time.

4.3.0 Troubleshooting

Comptia guidelines for troubles hooting a network 1. Es tablis h the s ymptoms 2. Identify the affected area. 3. Es tablis h what has changed.

4. 5. 6. 7. 8. 9. 10.

Es tablis h the probable caus e of the problem. Formulate a s olution. Implement a s olution. Tes t the s olution. Recognize potential effects of the s olution of the s olution. Document the problem and s olution. Give feedback to the us ers .

TROUBLESHOOTING Newly ins talled AVS and RAID, s ys tems cras h everywhere Check the anti-virus vendor for s ys tem patches or s ervice packs .

WAN us ers can't acces s local printer

Find out if the problem is eas y to duplicate, and if the problem is is olated to the us er's works tation

You dis cover a dead port, and s witch to another pos t

Log in and try to trans fer a file *before* you replace the device.

You can't ping the loopback addres s

The s erver's NIC has failed

Net connection won't work when the lights are on

Cabling s ys tem is faulty

In DHCP you can't make manual changes to machines in a locked area

expect the error mes s age: "IP addres s conflicts "

A us er complains that he can't log onto a s erver

As k a us er on the s ame s egment to try and connect As k a us er on a remote s egment to try and connect Try and ping the s erver

You have ins talled a PCI 100Bas eT network card into a Windows 95 works tation. The works tation cannot s ee any of the other computers on the network. All other works tations on the network are operating normally. You have examined the configuration s ettings of the network card. The patch cable has pas s ed all tes ts , but the works tation s till cannot s ee the network. What additional troubles hooting method would now be us eful?

External hardware loopback

A loopback Connector device redirects the outgoing s ignals from the device right back into it.

After you plug in your loopback device on the NIC, run the diagnos tic program and it trans mits a s eries of s ignals out through the adapter.

HDD & Backup Differential tape backup does not clear the archive attribute A volume is a contiguous s pace that can be from a collection of different drives A volume provides maxium s pace on a s eries of drives "Mirroring" us es RAID level-1 a full backup can be combined with a differential backup three connectors that can be us ed with external SCSI interfaces DB-25 Female Centronics -50 High dens ity 68-pin

Mis c prior to any new network implementation, two procedures need to be implemented Compile documentation Determine needs and expectations us ed with digital s ignatures Certificate authority As ymmetric algorithm hos ts us ed to res olve a hos t name on a UNIX s erver? broadband us es FDM (Frequency Divis ion Multiplexing) bas eband us es TDM (Time Divis ion Multiplexing)?(?) PASSWORDS to make your pas s word policy more s ecure, make s cheduled changes regularly two are good pas s word practices Change pas s words every 90 days . Maintain minimum pas s word length.