POSSIBLE CAUSES OF LAN TRAFFIC CONGESTION

TOO MANY HOSTS IN A BROADCAST DOMAIN

BROADCAST STORMS (FAULTY ETHERNET DEVICE(S)
BROADCASTING OUT OF CONTROL)
MULTICASTING
LOW BANDWITH
COLLISION DOMAIN
ON AN ETHERNET NETWORK, IT IS A NETWORK COLLECTION OF
DEVICES THAT SHARE THE SAME CSMA/CD REGION. COLLISIONS
OCCUR FREQUENTLY AND WHEN THAT HAPPENS, ALL DEVICES
STOP TRANSMITTING AND GENERATE A RANDOM WAIT TIME
BEFORE TRYING TO SEND THEIR DATA AGAIN
BROADCAST DOMAIN
A SEGMENT OF THE ETHERNET NETWORK IN WHICH ALL
DEVICES LISTEN TO BROADCAST TRAFFIC
HUBS
 ETHERNET DEVICES THAT ALLOW CONNECTIVITY AMONGST
HOSTS IN A NETWORK. ALL HOSTS SHARE THE SAME
BROADCAST AND COLLISION DOMAINS. THEY USE LAYER 2 MAC
ADDRESSES TO ACHIEVE THIS.
SWITCHES
 SWITCHES ARE LAYER 2 DEVICES THAT SEGMENT NETWORKS
INTO MULTIPLE COLLISION DOMAINS, ONE ON EACH PORT.
GREATLY IMPROVES NETWORK PERFORMANCE BECAUSE
COLLISIONS NO LONGER OCCUR AT ALL.

DEVICES CONNECTED TO IT STILL SHARE THE SAME BROADCAST

DOMAIN.
ROUTERS
ROUTERS ARE LAYER 3 DEVICES THAT USE LAYER 3 IP ADDRESSES
AND BREAK BROADCAST DOMAINS AS WELL AS COLLISION
DOMAINS.

ROUTERS PROVIDE PACKET SWITCHING, PACKET FILTERING,

INTERNETWORK COMMUNICATION AND PATH SELECTION (BY
MEANS OF ROUTING TABLES)

ALSO KNOWN AS LAYER 3 SWITCHES

THE OSI MODEL
 APPLICATION
PRESENTATION
SESSION
TRANSPORT
NETWORK
DATA LINK
PHYSICAL
APPLICATION LAYER
PROVIDES NETWORK-RELATED SERVICES TO PROGRAMS THAT
REQUIRE NETWORK ACCESS AND ARE USED DIRECTLY BY THE
USER (IE, FTP, EMAIL CLIENTS, ETC).

INDENTIFIES AND ESTABLISHES THE AVAILABILITY OF THE

INTENDED COMMUNICATION PARTNER AND DETERMINES
WHETHER SUFFICIENT RESOURCES FOR THE INTENDED
COMMUNICATION EXIST.
PRESENTATION LAYER
 PRESENTS DATA TO THE APPLICATION LAYER AND ITS
RESPONSIBLE FOR DATA TRANSLATION AND CODE
FORMATTING.

IT ENSURES THAT THE APPLICATION LAYER OF ONE SYSTEM

UNDERSTANDS THE DATA SENT BY THE APPLICATION LAYER OF
ANOTHER SYSTEM.

PROVIDES DATA COMPRESSION, DECOMPRESSION, ENCRYPTION

AND DECRYPTION AS WELL.
SESSION LAYER
RESPONSIBLE FOR SETTING UP, MANAGING AND THEN TEARING
DOWN SESSIONS BETWEEN PRESENTATION LAYER ENTITIES.

PROVIDES DIALOG CONTROL BETWEEN DEVICES OR NODES.

CORRDINATES COMMUNICATIONS BETWEEN SYSTEMS BY

KEEPING DIFFERENT APPLICATIONS DATA SEPARATE.

OFFERS SIMPLEX, HALF DUPLEX AND FULL DUPLEX MODES.

TRANSPORT LAYER
 SEGMENTS AND REASSEMBLES DATA FROM UPPER LAYER
APPLICATIONS INTO A DATA STREAM.

PROVIDES END TO END DATA TRANSPORT SERVICES AND CAN

ESTABLISH A LOGICAL CONNECTION BETWEEN THE SENDING
AND DESTINATION HOSTS ON AN INTERNETWORK.

PROVIDES FLOW CONTROL.

FLOW CONTROL
PREVENTS A SENDING HOST ON ONE SIDE OF THE CONNECTION
FROM OVERFLOWING THE BUFFERS IN THE RECEIVING HOST, AN
EVENT THAT COULD RESULT IN LOST DATA.

BY USING FLOW CONTROL, THE RECEIVING SYSTEM CONTROLS

THE AMOUNT OF DATA SENT BY THE SENDER.

TYPES OF FLOW CONTROL ARE WINDOWING, BUFFERING AND

CONGESTION AVOIDANCE (BY USING AKNOWLEDGEMENTS)
CONNECTION - ORIENTED VS CONNECTIONLESS
COMMUNICATION
CONNECTION-ORIENTED COMMUNICATIONS CREATE VIRTUAL
LINK SESSIONS BETWEEN DEVICES OR NODES AND THE DATA
TRANSMISSION IS CONTROLLED WITH SEQUENCING,
AKNOWLEDGEMENTS AND FLOW CONTROL (TCP, HTTP, FTP).

IN CONNECTIONLESS COMMUNICATIONS, THE RECEIVING

SYSTEM DOES NOT AKNOWLEDGE RECEIVING THE DATA AND A
SESSION IS NOT CREATED BETWEEN NODES (TFTP, UDP, DHCP).
NETWORK LAYER
 MANAGES DEVICE ADDRESSING, TRACKS THE LOCATION OF
DEVICES ON THE NETWORK, AND DETERMINES THE BEST WAY
TO MOVE DATA, EVEN TO DEVICES THAT ARE NOT LOCALLY
ATTACHED BY MEANS OF INTERNETWORK ROUTING SERVICES.

ENCAPSULATES LAYER 2 FRAMES INTO LAYER 3 PACKETS THAT

ARE ROUTABLE. ROUTERS WORK AT THIS LAYER.

THEY DONT FORWARD BROADCASTS. THEY USE LOGICAL

ADDRESSES. THEY CONTROL SECURITY BY MEANS OF ACCESS
LISTS.
DATA LINK
 PROVIDES PHYSICAL TRANSMISSION OF THE DATA AND
HANDLES ERROR NOTIFICATION, NETWORK TOPOLOGY AND
FLOW CONTROL.

USES HARDWARE ADDRESSES (MAC) AND TRANSLATES DATA

FROM THE NETWORK LAYER INTO BITS TO BE SENT IN THE
PHYSICIAL LAYER.

SWITCHES AND BRIDGES WORK AT THE DATA LINK LAYER.

PHYSICAL LAYER
 SPECIFIES THE ELECTRICAL, MECHANICAL, PROCEDURAL, AND
FUNCTIONAL REQUIREMENTS FOR ACTIVATING, MAINTAINING
AND DEACTIVATING A PHYSICAL LINK BETWEEN END SYSTEMS.

HUBS AND REPEATERS WORK AT THE PHYSICAL LAYER.

THE CISCO THREE-LAYER HIERARCHICAL MODEL
 THE CORE LAYER (BACKBONE) SWITCHES TRAFFIC AS FAST AS
POSSIBLE.

THE DISTRIBUTION LAYER (ROUTING). ALSO KNOWN AS

WORKGROUP LAYER, IS THE COMMUNICATION POINT BETWEEN
THE CORE AND ACCESS LAYERS. PROVIDES ROUTING, FILTERING
AND WAN ACCESS.

THE ACCESS LAYER (SWITCHING). CONTROLS USER AND

WORKGROUP ACCESS TO INTERNETWORK RESOURCES. OFTEN
REFERRED TO AS THE DESKTOP LAYER.
THE DoD TCP/IP MODEL
PROCESS / APPLICATION

HOST-TO-HOST

INTERNET

NETWORK ACCESS
TELNET
PROCESS/APPLICATION LAYER PROTOCOL THAT PROVIDES
TERMINAL EMULATION.

ALLOWS A USER ON A REMOTE CLIENT MACHINE (TELNET

CLIENT) TO ACCESS THE RESOURCES OF ANOTHER MACHINE
(TELNET SERVER)
FTP
FILE TRANSFER PROTOCOL IS A PROCESS/APPLICATION LAYER
PROTOCOL THAT ALLOWS THE TRANSFER OF FILES BETWEEN
ANY TWO MACHINES USING IT.

LIMITED TO THE MANAGEMENT OF FOLDERS AND FILES, IT

CANNOT EXECUTE REMOTE FILES AS PROGRAMS.
TFTP
 TRIVIAL FILE TRANSFER PROTOCOL IS A CONNECTIONLESS
APPLICATION/PROCESS LAYER PROTOCOL THAT WORKS AS THE
STRIPPED-DOWN VERSION OF FTP.

IT DOES NOT HAVE THE FULL CAPABILITIES OF FTP BUT IT

WORKS MUCH FASTER, PROVIDES NO AUTHENTICATION, USES
SMALLER BLOCKS OF DATA THAN FTP AND ITS NOT SECURED.

RARELY USED DUE TO THE SECURITY RISKS.

NFS
 NETWORK FILE SYSTEM IS A PROCESS/APPLICATION LAYER
PROTOCOL THAT SPECIALIZES IN FILE SHARING BETWEEN USERS
EVEN IF THEY ARE WORKING IN DIFFERENT ENVIRONMENTS.

FOR EXAMPLE, THIS PROTOCOL CAN STORE WINDOWS FILES IN

RAM AND ALLOW UNIX USERS TO ACCESS THEM
TRANSPARENTLY.
SMTP
 SIMPLE MAIL TRANSFER PROTOCOL IS AN
APPLICATION/PROCESS PROTOCOL THAT SPOOLS EMAIL
MESSAGES IN AN EMAIL SERVER AND THEN SENDS THE
MESSAGES TO EMAIL CLIENTS.

SMTP IS USED TO SEND MAIL, WHILE POP3 IS USED TO RECEIVE

IT.
LPD
LINE PRINTER DAEMON IS AN APPLICATION/PROCESS PROTOCOL
DESIGNED FOR PRINTER SHARING.

IT ALLOWS PRINT JOBS TO BE SPOOLED AND SENT TO TCP/IP

CAPABLE PRINTERS.
SNMP
 THE SIMPLE NETWORK MANAGEMENT PROTOCOL IS AN
APPLICATION/PROCESS PROTOCOL THAT COLLECTS AND
MANAGES NETWORK INFORMATION.

IT GATHERS DATA BY POLLING THE DEVICES ON THE NETWORK

FROM A MANAGEMENT STATION AT FIXED RANDOM
INTERVALS.

WHEN ALL IS WELL, SNMP RECEIVES A BASELINE. WHEN

ABERRATIONS OCCUR, AGENTS REPORT THEM AS TRAPS TO
THE MANAGEMENT STATION.
DNS
 DOMAIN NAME SERVICE RESOLVES HOST NAMES (OR FULLY
QUALIFIED DOMAIN NAMES) TO IP ADDRESSES.

COMMON INDICATORS OF DNS PROBLEMS MANIFEST WHEN A HOST

CAN BE REACHED BY IP ADDRESS BUT NOT BY HOST NAME.
DHCP / BootP
 DYNAMIC HOST CONTROL PROTOCOL ASSIGNS IP ADDRESSES TO
HOSTS. BootP DOES THE SAME BUT IT REQUIRES IP ADDRESSES TO BE
ENTERED MANUALLY.

DHCP SERVERS PROVIDE HOSTS WITH IP ADDRESSES, SUBNET MASKS,

DOMAIN NAMES, DEFAULT GATEWAYS, DNS AND WINS
INFORMATION.
TCP
 TRANSMISSION CONTROL PROTOCOL IS A HOST-TO-HOST PROTOCOL
THAT TAKES LARGE BLOCKS OF INFORMATION FROM AN APPLICATION
AND BREAKS THEM INTO SEGMENTS. IT NUMBERS AND SEQUENCES
EACH SEGMENT SO THE DESTINATION TCP/IP STACK CAN PUT THEM
BACK TOGHETER.

TCP IS A FULL-DUPLEX, CONNECTION ORIENTED, RELIABLE AND

ACCURATE PROTOCOL. COSTLY IN TERMS OF NETWORK OVERHEAD.
UDP
USER DATAGRAM PROTOCOL IS A HOST-TO-HOST PROTOCOL SIMILAR
TO TCP BUT AS A THIN VERSION OF IT. DOESNT TAKE AS MUCH
BANDWITH AS TCP BUT DOES SO AT THE COST OF BEING
CONNECTIONLESS AND UNRELIABLE.
COMMON TCP AND UPD PORTS
 TCP UDP
TELNET 23 SNMP 161
SMTP 25 TFTP 69
HTTP 80 DNS 53
FTP 21
DNS 53
HTTPS 443
ARP
 ADDRESS RESOLUTION PROTOCOL

FINDS THE MAC ADDRESS OF A HOST FROM A KNOWN IP

ADDRESS BY SENDING OUT A BROADCAST.
RARP
 REVERSE ADDRESS RESOLUTION PROTOCOL

DISKLESS NODES USE RARP TO RESOLVE IP ADDRESS FROM A

KNOWN MAC ADDRESS. THE CLIENT SENDS A REQUEST TO A
RARP SERVER, WHICH RESPONDS WITH THE IP.
Proxy ARP
 PROXY ADDRESS RESOLUTION PROTOCOL

ALLOWS HOSTS TO REACH REMOTE SUBNETS IF THE DEFAULT

GATEWAY GOES DOWN. THE DOWNSIDE IS THAT IT
SIGNIFICANTLY INCREASES NETWORK TRAFFIC
CLASS A NETWORK RANGE
00000000 = 0

01111111 = 127
CLASS B NETWORK RANGE
10000000 = 128

10111111 = 191
CLASS C NETWORK RANGE
11000000 = 192

11011111 = 223
PRIVATE IP RANGES
CLASS A 10.0.0.0 THROUGH 10.255.255.255

CLASS B 172.16.0.0 THROUGH 172.31.255.255

CLASS C 192.168.0.0 THROUGH 192.168.255.255

COMMAND THAT ACTIVATES PRIVILEGED EXEC MODE
 Router>enable

Router#

(the # means you are in privileged mode)

ACTIVATES ROUTER GLOBAL CONFIGURATION MODE
Router>enable

Router#config

Router(config)#
ACCESS ROUTER INTERFACE CONFIGURATION MODE
Router>enable

Router#config

Router(config)#interface fastEthernet 0/0

Router(config-if)#
CONFIGURES ROUTING PROTOCOLS
Router>enable

Router#config

Router(config)#router rip

Router(config-router)#version 2

Router(config-router)#
User EXEC mode
CLI MODE LIMITED TO BASIC MONITORING COMMANDS
Privileged EXEC mode
CLI MODE THAT PROVIDES ACCESS TO ALL OTHER ROUTER
COMMANDS
GLOBAL CONFIGURATION MODE
COMMANDS THAT AFFECT THE ENTIRE SYSTEM

Router(config)#
SPECIFIC CONFIGURATION MODES
COMMANDS THAT AFFECT INTERFACES OR PROCESSES ONLY

Router(config-if)#
SETUP MODE
INTERACTIVE CONFIGURATION DIALOG INTENDED FOR NON-
CISCO TRAINED USERS
EDITS ROUTER LOCAL HOSTNAME
Router>enable

Router#config

Router(config)#hostname Atlanta

Atlanta(config)#
SETS ENABLE PASSWORDS

(PROTECTED EXEC MODE)

Router(config)#enable password password

Types of passwords available:

last-resort

password

secret

use-tacacs
SETS AUXILIARY PORT PASSWORD
Router(config)#

Router(config)#line aux 0

Router(config-line)#password aux

Router(config-line)#login
LEASED LINES
Otherwise known as point to point or dedicated connections. It
is a pre-established WAN path provided by the ISP and uses
synchronous serial lines up to 45 Mbps.

HDLC and PPP encapsulation is used on leased lines.

CIRCUIT SWITCHING
Cost effective WAN solution that only allows the transmission of
data once a end-to-end connection is established. Uses dial-up
modems or ISDN and its used for low bandwidth transfers. Uses
asynchronous serial connections.
PACKET SWITCHING
 WAN switching method that allows the sharing of bandwidth
with other companies to save money. It is designed to look like a
leased line but costs more like circuit switching. Will only work
when data is transmitted in bursts, not good for continuous
connections.

Frame Relay and X.25 are packet switching technologies with

speeds that range from 56Kbps to T3 (45Mbps).
HDLC
 High Level Data-Link Control

Data-link layer protocol that provides encapsulation for data

over synchronous serial links using frame characters and
checksums.

Point-to-point protocol used for leased lines, provides no

authentication.

CISCO proprietary protocol, will only work on CISCO equipment,

if non-CISCO equipment is used, configure PPP or Frame Relay.
PPP
 Point to Point Protocol

Data Link layer protocol that can be used either over

asynchronous (dial-up) or synchronous (ISDN) serial media.

Provides authentication, dynamic addressing and callback.

Open standard, can be used on both CISCO and non-CISCO

equipment.
FRAME RELAY
 Packet switched technology that is low-cost and provides
some degree of fault tolerance. The cost of switching is spread
to many customers but this means it can only be used for burst-
type transmissions.

Operates by using VIRTUAL CIRCUITS that appear to be a

constant connection between two remote sites but in reality,
the frames are dumped in the ISPs cloud. The virtual route
between the two sites is maintained as long as the customer
pays the ISP for it.
ROUTING PROTOCOLS
Used by routers to dynamically find all the networks in the
internetwork and to ensure that all routers have the same
routing table.

Routing protocols determine the path of a packet thru an

internetwork.

Examples are RIP, RIPv2, EIGRP and OSPF.

ROUTED PROTOCOLS
 Once all routers reach convergence, a ROUTED protocol then
can be used to send user data (packets) thru the established
enterprise.

Routed protocols are assigned to an interface and determine the

method of data delivery.

Examples are IP and IPv6.

STATIC ROUTING
 During normal operations, directly connected routers do not
need to be configured, they are detected immediately by their
neighbors. However, remote routers have to be specified by an
administrator. This is static routing. The admin configures the IP,
subnet mask and next-hop address.
DEFAULT ROUTING
 Default routing sends packets with a remote destination
network not in the routing table to the next-hop router. Should
only be used on stub networks, those with only one exit path out
of it. In other words, only networks that do not share any other
network interfaces with other networks in any given router.
Doing otherwise would create routing loops.

To configure a default route, use the 0.0.0.0 wildcard for the

network ip and the subnet mask:

Router(config)#ip route 0.0.0.0 0.0.0.0 10.1.11.1

DYNAMIC ROUTING
 In dynamic routing, protocols are used to find networks and
update routing tables on routers.

Requires little administration but increases CPU and bandwidth

demand.

Three classes of dynamic routing protocols exist: Distance

Vector, Link Sate and Hybrid.
DISTANCE-VECTOR
 Distance-vector protocols find the best path to a remote
network by judging distance. Each time a packet goes thru a
router, its called a HOP. The route with the least number of
hops to the network is determined to be the best route.

The vector indicates the direction to the remote network.

RIP and EIGRP are distance-vector routing protocols; they work

by sending their entire routing table to directly connected
networks.
LINK-STATE
 Distance-vector protocols, also called SHORTEST-PATH-FIRST,
keep three separate routing tables in every router. One keeps
track of directly attached neighbors, one determines the
topology of the entire internetwork and the last one is used as
the routing table.

OSPF is a link-state protocol. It works by sending updates

containing the status of its own links to all other routers in the
network.
 HYBRID

(ROUTING PROTOCOLS)
Hybrid protocols use aspects of both distance-vector and link-
state, for example, EIGRP.
LAYER 2 SWITCH FUNCTIONS
 ADDRESS LEARNING

FORWARD/FILTER DECISIONS

LOOP AVOIDANCE
LAYER 2 ADDRESS LEARNING
 Layer 2 switches and bridges remember the source hardware
address of each frame received on an interface, and they enter
this information into a MAC database called a forward/filter
table
LAYER 2 FORWARD/FILTER DECISIONS
When a frame is received on an interface, the switch looks at the
destination hardware address and finds the exit interface in the
MAC database. The frame is only forwarded out the specified
destination port.
LAYER 2 LOOP AVOIDANCE
 If multiple connections between switches are created for
redundancy purposes, network loops can occur. Spanning Tree
Protocol (STP) is used to stop network loops while still
permitting redundancy.
APPLICATION-LAYER ATTACKS
 These security attacks zero-in on well-known security
vulnerabilities found on server software.

All the attacker needs to succeed is a user account with high

enough privileges.
AUTOROOTERS
 Hacker automatons called rootkits designed to probe,
scan and then capture data on strategically positioned
computers. The hacker then gains access to sensitive data.
BACKDOORS
 These are paths leading to a computer network. Thru simple
invasions or more elaborate Trojan horse code, hackers use
their implanted inroads into a specific host or network until
detected and stopped.
DoS AND DDoS
Denial of Service attacks are relatively easy to accomplish and
work by flooding a server with TCP SYN-ACK requests.

Distributed Denial of Service attacks use several independent

zombified computers to flood the target server until traffic is
reduced to a crawl.
IP SPOOFING
A hacker gains access to a network by posing as a trusted user
logging in with a trusted IP from the pool of valid network
addresses or external addresses.
MAN-IN-THE-MIDDLE ATTACKS
A hacker uses a sniffer to scan network traffic and capture
data packets at will.
NETWORK RECONNAISANCE
 Before breaking into a network, hackers gather all the
information they can about it, because the more they know
about a network the better they can compromise it. Tools used
are port scans, DNS queries and ping sweeps.
PACKET SNIFFERS
 Software tool that scans and sorts all network traffic passing
thru the computers segment. Passwords and usernames can be
obtained this way.
PASSWORD ATTACKS
 A hacker uses a specific method such as IP spoofing, packet
sniffing, Trojan horses, etc. to acquire valid passwords and then
pose as trusted users.
BRUTE FORCE ATTACKS
Software-oriented attack that employs a program installed on a
targeted network that tries to log in to some type of shared
resource until it succeeds and relays the found password to the
hacker.
PORT REDIRECTION ATTACKS
The hacker uses a compromised machine to get unauthorized
traffic to pass thru a firewall.
STATIC NAT
Designed to allow one-to-one mapping between local and
global addresses. Static NAT requires one public Internet IP
address for every host in the network.
DYNAMIC NAT
 Dynamic Network Address Translation gives you the ability to
map an unregistered IP address to a registered IP address from a
pool of registered IP addresses.

Similar to STATIC NAT because you still need one public Internet
IP address for every host in your network, however, the
addresses are assigned dynamically.
NAT OVERLOAD
The most popular type of NAT configuration. Overloading is a
form of dynamic NAT that maps multiple unregistered IP
addresses to a single registered IP address by using different
ports.

Also known as PORT ADDRESS TRANSLATION (PAT), you can

connect thousands of private users to the internet using only
one public IP address.
IEEE 802.11a
 Wireless standard
Runs in the 5 GHz spectrum
23 non-overlapping channels
Up to 54 Mbps
50 feet range
IEEE 802.11b
 Wireless standard
2.4 GHz spectrum
3 non-overlapping channels
Long distances
Up to 11 Mbps
IEEE 802.11g
 Wireless standard
2.4 GHz spectrum range
Up to 54 Mbps
100 feet range from WAP