Skrpunes Network+ Notes

Based on the CBT Nuggets Network+ Video Series Author: Skrpune, ProProfs.com
Table of Contents
1. Network Topologies Part 1 ............................................................................................................................................... 2 2. Network Topologies Part 2 ............................................................................................................................................... 3 3. Media Connectors & Cabling............................................................................................................................................ 5 4. Network Devices & Components Part 1 ........................................................................................................................... 7 5. Network Devices & Components Part 2 ........................................................................................................................... 8 6. OSI Model ...................................................................................................................................................................... 10 7. Media Access Control .................................................................................................................................................... 11 8. IP Addressing ................................................................................................................................................................. 12 9. Network Layer Protocols ................................................................................................................................................ 13 10. TCP/IP Suite of Protocols & Services........................................................................................................................... 15 11. TCP/UDP Protocols & Services ................................................................................................................................... 17 12. Additional Network Protocols & Services ..................................................................................................................... 18 13. WAN Technologies ...................................................................................................................................................... 20 14. Wireless Technologies ................................................................................................................................................. 22 15. Internet Access Technologies ...................................................................................................................................... 23 16. Remote Access Protocols & Services .......................................................................................................................... 24 17. Server Remote Connectivity & Configuration ............................................................................................................... 25 18. Security Protocols ........................................................................................................................................................ 26 19. Authentication Protocols............................................................................................................................................... 28 20. Network Operating Systems......................................................................................................................................... 30 21. Client Workstation Connectivity .................................................................................................................................... 31 22. Firewalls & Proxy Services ........................................................................................................................................... 33 23. VLANs .......................................................................................................................................................................... 35 24. Intranets & Extranets .................................................................................................................................................... 36 25. Anti-Virus Protection..................................................................................................................................................... 37 26. Fault Tolerance & Disaster Recovery ........................................................................................................................... 38 27. Troubleshooting Strategies .......................................................................................................................................... 40 28. Troubleshooting Utilities ............................................................................................................................................... 42 29. Physical Network Troubleshooting ............................................................................................................................... 43 30. Troubleshooting in Client/Server Environments ........................................................................................................... 44

1. Network Topologies Part I

Physical & Logical Topologies - Bus Topology need terminator on each end of backbone o Physical Bus physical arrangement in a series, not used much anymore o Logical Bus i.e., hub in a physical star acting as the logical bus

HUB PHYSICAL BUS LOGICAL BUS STAR TOPOLOGY

Star Topology o Physical Star hub or switch at the center of the star o Logical Star i.e., switch o Used in LAN / WAN Shared Ethernet bus if hub RING TOPOLOGY Switch does dynamic bridge Maximize bandwidth via transparent braiding Ring Topology o Physical Ring physical closed loop o FDDI = both physical & logical ring o Token Ring = physical star, but logically a ring to pass token from node to node BUT each node must be attached to a hub/concentrator or a MSAU / MAU (multistation access unit) MeshTopology o AKA, Frame Relay, ATM o Partial Mesh = used where need most redundancy or bandwidth
ISP

IEEE 802.2 / LLC - LLC = Logic Link Control o Maps to Data Link Layer 2 of OSI Model - What does LLC do?? o Manages data link connections, works with physical medium o Addressing reads MAC addresses o SAPs service access points o Performs sequencing of data packets as they are moved around network o In a nutshellprovides basic networking between devices

MESH TOPOLOGY

PARTIAL MESH

OSI LAYERS 7 APPLICATION 6 PRESENTATION 5 SESSION 4 TRANSPORT 3 NETWORK 2 DATA LINK 1 PHYSICAL

IEEE 802.3 / ETHERNET (CSMA/CD) - Dominant LAN Technology = ~85%!!! - CSMA/CD = Carrier Sense Multiple Access/Collision Detection o FIRST, before sending, polls the channel to see if another node is transmitting o If not carrier is senses, then it transmits o If have a collision (i.e., 2 signals at once), will retry to send after a wait period o Puts limits to number of machines that can access network before collision increase & network gets too crowded - Collision Domain logical network segment where data packets can collide with each other o NOTE: Switches create smaller collision domains than hubs & reduce congestion - 10BaseT / 10Mbps Ethernet developed by DEC + Intel + Xerox Ethernet Types / Speeds (Using CSMA/CD) - Half-Duplex Switching cannot send & receive at same time 10 Mbps 10BaseT o I.e., walkie-talkie 100 Mbps Fast Ethernet - Full-Duplexed Switching can send & receive; two-way transmission 1000 Mbps / 1 Gbps Gigabit Ethernet o I.e., telephone 10000 Mbps / 10 Gbps 10 Gigabit Ethernet - Advantages of using Ethernet o Easy to manage, maintain, implement o Flexible o Widely supported - Terminology / Components o DTE = Data Terminal Equipment source or destination of data (laptop, PC, Server, Printer) o DCE = Data Communication Equipment receive & forward frames on LAN network or to other LANs (Switch, Hub, Router, Modem)

2. Network Topologies Part II

CSMA/CA - CSMA/CA = Carrier Sense Multiple Access/Collision Avoidance o Node signals its intent to transmit prevents other devices from sending, hence avoiding collision! o Used in Apple Talk / Local Talk o CA algorithm by which channel time on ring is reserved to avoid collision Use RTS Request To Send (jam signal of sorts) wait to receive OK MSAU If another node tries to send a frame & sees a jam signal, will stop & retry later o CSMA/CA is principle median access method for 802.11 & WLANs too Need collision avoidance on 802.11 & WLANs because wireless uses half duplex radio signals 802.5 / TOKEN RING - Uses CSMA/CA - Created by IBM, still their main LAN technology - 802.5 IEEE Standard, modeled after IBMs token ring - Uses Physical Star, Logical Ring MSAU o All nodes attached to MSAU MultiStation Access Unit) o MSAU performs the token passing inside the device - Speeds of 4.16 Mbps & 16 Mbps - Baseband transmission uses full transmission range for one signal (as opposed to Broadband/DSL/Cable) o Other Baseband Transmissions HSTR (High Speed Token Ring - 100 Mbps, 16 Mbps, 4 Mbps); 802.5t, 802.5u, 802.5v, etc. - Token Passing Access Method o Move a small frame (00110110), broken up by fields, etc. o If node gets a token & had no data to send, just sends the token along to next device on logical ring o If node has data to send, i.e. to printer, will grab the frame & alter a 0 or 1 & will append the info it wants to transmit (adds its own stuff) ***While the data frame circles the ring, no token can be on the network, unless using Early Token Release Early Token Release allows release while a frame transmission is being finished, i.e., put in qeue so can grab the token ASAP Used in never implementations Unless ETR being used, all nodes have to wait delays the sending but NO COLLISIONS! o Frame circles ring until reaches destination OR until gets dropped by original sending station - Token Rings are Deterministic o Deterministic = possible to calculate max. time passed before any station is capable of transmitting because knows size/factors/etc. to complete current task o Great for applications, where you need to know the extend of network delay o Uses complex priority mechanism can assign higher priority for servers, etc. Priority field & Reservation field (can use to shield from lower priority users) FDDI: Fiber Distributed Data Interface Primary Ring - FDDI Characteristics/Terminology: o 100 Mbps; Fiber Optic (MAN, WAN) o Baseband; physical ring of trees; logical ring Secondary Ring o Dual Ring; traffic on each ring is counter-rotating Primary usually default for signal use Secondary backup If one ring fails, the other doubles back onto itself & converts into one/single (token) ring; if there is a failure in the remaining ring, it breaks down into WAN independent rings o ANSI American National Standards Institute o Great for distributed application model o Often used for backbone o CDDI also in use now too Copper Distributed Data Interface o 100 Mbps, using twisted pair copper o SAS Single Attachment/Attached Station (i.e., regular PC/laptops, etc.) Connected to only to one / Primary ring via concentrator (cant directly attach to ring) o DAS Dual Attachment/Attached Station (i.e., server, devices w/2 network attachments) Connected to both rings o SAC Single Attachment/Attached Concentrator Connected only to Primary ring (through a tree) o DAC Dual Attachment/Attached Concentrator Connects to both Primary & Secondary rings: HIGHLY fault tolerant Provides connection for additional stations & concentrators; Is the root of a tree - FDDI Fault Tolerance Methods = Dual Rings & Dual Homing (can made a server/device into a DAS for more fault tolerance) - TRT: Token Rotation Time amount of time it takes token to travel around network - THT: Token Holding time amount of time a station can hold the token

NOTE: Can use two (2) DACs for redundancy

DAC

DAC DAS DAC

Application & File Servers

SAS

SAS

Routers, Switches, Multi-Layer Switches

3. Media Connectors & Cabling

CABLE STANDARDS 10BaseT 10Base-FL 100BaseT 802.3 LANs 802.3 802.3u 10Mbps 10Mbps 100Mbps 100BaseTX 100BaseT4 100BaseFX 1000Mbps (1Gbps) 1000Mbps (1Gbps) 1000Mbps (1Gbps) 10Gbps 10Gbps 10Gbps Baseband one Ethernet signal using full bandwidth (no multiplexing) Link between concentrator & end user station (workstation/server or router/switch) Fast Ethernet Based on CSMA/CD Predominant 2 pair high quality TP 4 pair regular quality TP wires 2 MMF fiber optic cables 2 pair 150 STP 2 MMF short wave laser 2MMF/SMF long wave laser Twisted Pair (UTP & TP) Fiber Optic Twisted Pair OR Fiber Optic Twisted Pair (Cat5 UTP/STP) Twisted Pair Fiber Optic Twisted Pair (STP) Fiber Optic (MMF) Fiber Optic (MMF & SMF) Fiber Optic Fiber Optic 33-300 m length Up to 10km max cable length Up to 40km max cable length 330 / 100m max segment length

100BaseT Cabling Schemes:

1000Base-CX 1000Base-SX 1000Base-LX 10GBase-SR 10GBase-LR 10GBase-ER

Gigabit Ethernet

802.3ae

Backbone, MAN, etc. MAN, etc.

UTP Twisted pair cabling with no additional shielding Usually includes 4 pairs of wires in a common sheath Typicall 100 Ohm Category 3, 4, 5, 5e, 6 (&7) cables from TIA/EIA 568-A standard 10Base T; 100BaseTX; 100BaseT2 = 2 wire pairs 100BaseT4; 1000BaseT = 4 wire pairs

STP 150 Ohm IBM cabling system for Token Ring Twisted pairs wrapped individually in a foil shield & w/outer braided wires (further reduces crosstalk & EMI) Originally IBM cable types 1, 2, 6, 8, 9 supported token ring up to 16 Mhz Can be used in Ethernet: 10BaseT, 100BaseTX, 100BaseT-2 using special impedence matching transformers Better performance BUT a lot of effort: monitoring, maintenance, $$$$$ Newer types = STP-A: 1A, 2A, 6A, 9A support FDDI up to 100Mhz Type 1 is heavy black cable associated with IBM cabling system

Characteristics of BOTH:

Between 1-3 twists per inch Two insulated copper wires twisted together = 1 pair
RJ-45 -Ethernet LANs -Cat5, Cat5e, Cat6 -Wider than RJ-11 -Up to 8 wires -Typically w/UTP -Telephony, Token Ring, ISDN, 10BaseT, 100BaseT4 F-Type -Coax ST -Fiber Optic -Straight Tip (can twist on/off) SC -Fiber Optic -Square tip MTRJ -Fiber Optic FiberLC -Fiber Optic -Connects MMF & SMF -Usu. used for MMF - Local, LAN connections

CONNECTORS

RJ-11 -Registered Jack 11 -Global standard -4 copper wires -Phone/fax/modem -Cat3 -Historically used for LAN

UTP

Cat3

100Mbps (16Mhz)

Voice/Data transmission 4 UTP RJ-11

Cat5

100Mbps max (100Mhz)

Cat5e Cat6

1Gbps / 1000Mbps (350Mhz)

STP

Patch cables at PC, workstation, etc High grade Type 1 cable 1994-replaced with 5e 4 UTP; 100m max distance; RJ-45 Gigabit ethernet BUT also backwards compatible RJ-45 Better performance; Higher signal/noise ratio Overall better reliability For future enhancement in data rate & application usage RJ-45 Shielding reduces EMI & crosstalk Use IDC/UDC connectors, also RJ-45

ISDN T1 / 1.54 Mbps 1-BaseT; 100BaseT4 Token Ring 4Mbps POTS (plain old telephone system) 10BaseT 100BaseT4 100BaseTX FDDI, ATM 1000BaseT 155Mbps ATM 10BaseT Fast Ethernet Gigabit Ethernet 10BaseT 100BaseT-2 100BaseTX FDDI

COAX

RG8

10Mbps

RG58

10Mbps

FIBER OPTIC

SMF

2.5 Gbps

MMF

2.5 Gbps

OTHERS:

IEEE 1394/ Firewire USB Universal Serial Bus

ThickNet 10Base5 No hub needed AUI connector & VampTap Economical; good shielding; not too flexible ThinNet 10Base2 No hub needed BNC connector Economical; good shielding; not too flexible Single Mode Fiber Connectors: Only transmit light in one fundamental mode/path ST (straight tip) & SC (square) Very small core diameter MTRJ Transmits over longer distance than MMF FiberLC (usu. MMF; local/LAN Supports very high bandwidth connections) Multi Mode Fiber Connectors: Light travels in multiple modes/paths within the wire ST (straight tip) & SC (square) Larger center core / thicker than SMF MTRJ Used for relatively short distance, i.e., LANs & Campus FiberLC (usu. MMF; local/LAN networking connections) Used for data transfer from peripherals to PC Connects peripheral devices for high speed data transfer; also used for USB NICs
Physical Layer Name N/A 10Base5 10Base2 N/A 10 Base-T 10 Base-T 10 Base-T 100 Base-T4 100 Base-TX 10 Base-T 100 Base-T4 100 Base-TX 1000 Base-T 10 Base-T 100 Base-T4 100 Base-TX 1000 Base-T 10-Base-F 10 Base-F Speed 10 Mbps 10 Mbps 10/100 Mbps 16 Mbps 10/100 Mbps 10/100/1000 Mbps 10/100/1000 Mbps Max Length (M) N/A 50 (drop) 500 (backbone) 185 N/A 100 100 100 100 Links & Segments 100/segment 30/segment 1 per link/drop 1 per link/drop 1 per link/drop(-T) Notes Satellite TV Thicker wire; used in some networks
Small bus topology

Cable Type COAXIAL RG-6 RG-8 (AUI) RG-58 (BNC) RG-59 CAT3 UTP CAT4 UTP CAT5

Common Name Satellite TV Thicknet Thinnet Cable TV Fast Ethernet Fast Ethernet Fast Ethernet Gigabit Ethernet

UTP (Unshielded Twisted Pair) - general UTP & STP note: cancels out interference by twisting the wires. The # after CAT is code for how many twists per foot. - RJ-45

Phone/data; 3-4 TPF 5-6 TPF 3-4 TPI More reliable IGBPS network .

CAT5e

CAT6

Gigabit Ethernet

100

CAT 7 STP (Shielded Twisted Pair) (IDC/UDC) FIBER SMF (ST/SC) Single-Mode MMF Multi-Mode
* TPF = twists per foot of cable * 10 Base-T, 100 Base-TX, 100 Base-T2 use 2 wire pairs

2.5 Gbps 2.5 Gbps

2000 2000

1 per link/drop 1 per link/drop

Has 2 added wire pairs

Need for Star-Token Network .

* TPI = twists per inch of cable * 100 Base-T4, 1000 Base-T use 4 wire pairs

* All CAT cable can be used for Token Ring.

Connectors

BNC - Bayonet Naur Connector - connects to network card or T-connector - Coax

RJ-45 - UTP/STP - 8 total wires - RJ-11 has 4

AUI - Attachment Unit Inferface - 15 pin socket connector

ST/SC - ST (straight tip) - SC (square one) - Fiber

IDC/UDC - very expensive - copper jacket & wires/pairs wrapped - IBM-type/ Universal Data Connector - Twisted Pair

Other connector bits

T-Connector - intermediary connector - Coax

Vamp Tap - thicknet coax cable - pierces to contact copper core

Terminator - stops signal so no echo - can use with T-Connector

Coax (hash marks = shielding)

Twisted Pair

10BaseFL Fiber Optic

4. Network Devices & Components Part I

Network Interfaces: o PCMCIA o PCI Card o NIC (Network Interface Card) NIC has circuitry & software to support encoding & decoding frames o Switches/Hubs o Logical Bus i.e., hub in a physical star acting as the logical bus NICs o Operate on OSI Layers 1 & 2 o Have circuitry & software to support encoding & decoding frames Hubs & Repeaters o Layer ONE Devices o HUBS usually used in smaller offices or in home networks Use logical bus topology in a physical star topology HUB CSMA/CD is handled by the hub On small/workgroup hubs, last port (uplink) allows link to other hubs o Types of Hubs Passive Hub doesnt amplify any electrical signals Active Hub amplifies the signal Intelligent Hub active hub plus some added features, i.e., stackable; software for SNMP, WAN, etc. o Repeater Amplifies the signal: reshapes wave forms & extends the LAN segments Usually used for office buildings, i.e., extending the LAN beyond usual length constraints to reach other floors, etc. Concentrator multi-port repeater o NOTE: all notes/hosts connected via repeaters & hubs are all on the same: Network Collision Domain Broadcast Domain Bridges connects & subdivides LANs o Uses a process to learn about devices on the network to streamline future communications via a MAC address table: Host A sends packet, which is framed with data Frame has ID for node of origin and destination = MAC Address The packet is broadcast throughout the network Bridge forward traffic out to all nodes Bridge checks Host As MAC Address & adds it to its MAC table
B

BRIDGE
A

Switches = multi-port bridges o Switches optimize the collision domain (whereas routers optimize the broadcast domain) Use software & hardware to create full duplex non-collision domain to communicate uber-fast. o Multi-layer switch Operates as a Switch at Layer 2 Operates as a Router at Layer 3 o Examples of some commands at a Switch interface, i.e., like that of Cisco Catalyst 3550 Show version = display switch info Config terminal = allows for configuration of the terminal SWITCH ? = lists available commands within the switchs configuration interface

5. Network Devices & Components Part II

Physical & Logical Topologies - Routers o Similar to bridges, but added functionality o Can be computer or system/device OR software ROUTER o Usually transfer data between networks using same protocols o Connects 2 networks LANs, WAN, MAN, or LAN-to-ISP (via destination IP addressing) Looks at packets & then routes the packet o Usage: Internet, small-big businesses, homes, o Layer 3 of OSI Model o Create/maintain table of available routs so can forward the packets most efficiently Best routes change due to traffic, down routers, etc. NOTE: can enter C:\> route print to see route table o Can use command line interface OR protocols (RIP, OSPF, BGP) to onfigure & dynamically get/set info RIP = Routing Information Profocol; RIP v.2 = latest OSPF = Open Shortest Path First BGP = Border Gateway Protocol All Protocols use different set of calculations/algorithms to choose best route via criteria/metrics/parameters o To access command line interface for router: Via Console port Telnet in Secure Shell to get terminal emulation NOTE: can usu. access router/switch/hub/firewall/VPN concentrator via web-based interface BUT uses HTTP (not secure) o Sample of command line interface / administration interface for a router: (UNIX, LINUX based) CISCO3660# show version CIOS CISCO3660# config terminal CISCO3660# ? shows all available commands Gateways o Device/application that passes data between networks of similar function but maybe different medium or implementation I.e., wireless to local LAN or ISP o Functions at all different OSI Model layers BUT a router can be considered a Layer 3 Gateway, where a mail gateway (i.e., server) is a Layer 7/Application Gateway (i.e., between email systems) o A Gateway can: Use protocol translators Do impedence matching Do rate conversions Fault isolation Signal translation all in order to provide communication/interoperability between disparate systems (AOL & Prodigy are gateways of sorts) Transceiver (AKA, Media Converter or Media Adapter) o Transmits AND Receives Full Duplex device o Usually used on routers for different cable connections: AUIDV15 = older AUI RJ45 = newer GBIC = Gigabit interface converter Converts light stream of fiber optic cable into the electronic signals used on NIC Allows one (1) GB port to support full range of media, from copper to 100km SMF ISDN Adapters CSU / DSU o ISDN = Integrated Services Digital Network o Digital method of moving voice/data; older tech.; newer have adapter built into Cisco card in the Switch; If using phone/older need adapter Modems o Modulator Demodulator: Use dialup through an ISP Modulate outgoing from digital to analog to travel on POTS Demodulates incoming from analog to digital for PC o Internal: 14.4Kbps (16,000Bps) 56 Kbps o External: 128Kbps 256 Kbps or higher

Firewall o Firewall hardware device/software application that functions in a network environment to prevent some communications that are explicitly forbidden by a corporate security policy o Goals/Characteristics: Can be Hardware or Software running on a Server or Both Prevents spread, provides security & controls traffic between different types of security zones Will have varying levels of trust to control connectivity & packet flow between the different zones Goal is to prevent hackers & unauthorized people from accessing your private network Firewall examines all packets/messages inbound & outbound from the network o Physical Firewall One interface connected to internal organization has to be the MOST secure interface One interface to the Public May have more going to other security zones (like a Host or DMZ)

VPN Concentrators o VPN Concentrator used to create virtual private networks using a fleet of protocols to encrypt & decrypt traffic to terminated end points o Can also use software solutions running on servers or can be integrated into routers sitting at perimeter of your network I.e., Cisco allows you to have firewall & VPN capabilities & intrusion detection services tooall built into the OS of the Router or the Multi-Layer Switch device. o VPN Concentrator administration:Can use Unix-based command line interface (like with Routers & Gateways) OR via web interface Unix-based command line interface (like with Routers & Gateways) some are in a menu system similar to FDISK or BIOS Via web interface easier to work with web-based menu NOTE: if managing multiple hubs/routers/VPN Concentrators, use a third party management system, i.e., Computer Associates Manage users, groups; tunnels; IPtunnels SSL, secure shell, web VPN HTTP to access some let you use HTTPS

6. OSI MODEL
OSI = Open System Interconnection - Global networking framework standard - Control is passed through 7 layers, Most layers exist in all communication systems - Layers can be combined i.e., Microsoft combines several top layers, i.e., app/presentation/session + transport + network + data-link/physical Application Layer - Provides file, print, message services. - Protocols for service usage & advertisement. - Window for users & applications to access network services. Presentation - Provides data translation typically part of OS. - Converts inbound & outbound data from one format to another. - Also handles syntax, compression & encryption. Session - Establishes communication sessions between network devices. - Handles dialog control & coordinates sessions and connections, i.e., decides whether duplex, half-duplex, etc. OSI LAYERS Transport - Ensures data deliverability & reliability & priority. - Maintains data integrity. - Makes sure that packets are ordered & that there is no loss/duplication. - Responsible for routing & forwarding data packets. - Controls packet on basis of network state, priority, & quality of service, etc. - Provides error-free transmission of data frames. - Sends frames from network to physical layer. - Converts raw bits into frames & vice-versa. - Packages & transmits bits on the physical media. *Includes encoding & functions at the mechanical and electrical level.

Network Data link

Physical

7. MAC Addressing
*Note: layers 2-4 are where most networking type folks do their work Data Link / OSI Layer 2 o OSI Layer 2 = Data Link = TWO parts: LLC AND MAC, subdivided by IEEE into two layers - Reliable data transmission over various media (wireless, fiber, etc.) - Defines: o Physical addressing separate from network address; physical address defines how physical network devices are addressed o Topology how the network devices are physically connected, i.e., ring, star o Error notification alert/send message to upper layer protocols (3 & 4 & up) that theres been a transmission error o Frame sequencing putting in proper order o Flow control moderates data transmission rate so receiving network/device wont get overwhelmed w/more data than can handle at any given time. - IEEE subdivided data link into the two layersLLC & MAC - LLC = Logical Link Control o Manages communications between network devices on network over a single network link. o Supports both connectionless & connection-oriented upper-layer protocols o Defined by 802.3 fields in Layer 2 frames o Provides interface between MAC Sub-layer & Upper Layers - MAC Sub-Layer Management Functions: o To manage protocol access to underlying physical medium of the network o Controls node access to physical medium and is protocol-specific o Both MACs must support the same transmission rate to functionotherwise need intermediary device like router to provide translation o Encapsulates data into frames & starts frame transmission/recovery. - MAC Addressing (i.e., data link addressing) o Used to identify nodes/devices implementing IEEE MAC addresses on the data link layer o Must be unique for each LAN interface, i.e., NIC o 48-bit address, expressed as 12 hexadecimal digits, i.e.: 00-40-CA-47-C4-BF OR 0090.bf1f.e000 OR 0040.ca19.c776, etc. o To FIND MAC address, go to C: prompt & enter IPCONFIG /ALL find the Ethernet NIC Physical address o BIA = burned in address, burned into ROM & then stored in RAM o First 6 digits (24 bits) = OUI organizationally unique identifier. o Last 6 digits (24 bits) = Vendor Assigned, i.e., serial number assigned by the vendor - Address Resolution Protocol (ARP) o Method used in TCP/IP suite to map IP addresses to physical addresses in order to forward data/frames o Sending workstation checks its MAC Address Table (in NETWORK B this case an ARP table) HUB ROUTER o If nothing there for the desired destination address, sends out a broadcast hey, where are you?! o The desired destination hears the call, it compares its matching IP address to the message & responds with its MAC Address o IF going beyond your local network, forwards ARP request to its default gateway/next hop router (usually a Router or a multi-honed Server with 2 NICs) on same network. Gateway/Router forwards packets until gets to right network with router that has the MAC address of destinationif not, will send out its own broadcast to find the MAC address on its local network. - Basic Ethernet Frame Format o When datagrams come down OSI stack to Network (Layer 3), IP header is wrapped around that datagram & it becomes a packet o That packet gets passed down to Data Link Layer 2 & that information becomes encapsulated & becomes a frame - MTU = Maximum Transmission Unit = for Ethernet frame it is 1500 bytes Transmission order: left-to-right, bit serial FCS error detection coverage FCS generation span PRE 7 SFD 1 DA 6 SA 6
Length/Type
- PRE = Preamble; notifies receiving nodes that a frame is coming down the pipe; to synchronize reception of those frames on physical media on the incoming bit stream of the receiving device - SFD = Start of Frame Delimiter (also SOF); ends w/ two consecutive ON (1) bits to signify that next bit = left-most bit in the left-most byte of the destination address (i.e., hark!, destination address is next!) - DA = Destination Address; 6 bytes / 48 bits in hex format = MAC address - SA = Source Address; 6 bytes / 48 bits NOTE: SA & DA will change as moves thru network, but data will contain info about orig. IP addresses of the original SA & DA - Length/Type = # of MAC client data bytes in data field OR frame type ID - Data = the actual data, of course! - Pad - FSC = Frame Check Sequence; 4 bytes; contains CRC (cyclical redundancy check created by sending a MAC frame & seeing if its still the same after sendingif see problems, then can have the frame resent)

Data

Pad

FCS 4

46-1500

(Field length in bytes)

8. IP Addressing
IP Address = field in the IP header thats added to data as its moved around the network o Each field fits 32 bits source address & destination address o Four octets of 8 bits: 128 64 32 16 8 4 2 1 128 position = high order bit 1 position = low order bit o Each position is 2 to the nth power: 7 6 5 4 3 2 1 0 o Add all numbers of octet = 255 BUT have 256 values (0-255) Binary conversion to Base 10/Decimal: o Add up the position/bits where there is a value of 1, i.e. 11000000 = 128 + 64 = 192 1010100 = 128 + 32 + 8 = 168 01100101 = 64 + 32 + 4 + 1= 101 00101101 = 32 + 8 + 4 + 5 = 45 SO 11000000.1010100.01100101.00101101 = 192.168.101.45 NOTE: each IP address is two parts: o Network o The Location on the network Subnet Mask o Non-zero (1 = ON) bits tell us what parts are reserved for the Network address o Zeros (0 = OFF) bits tell us what parts are reserved for the host address Class A o First octet represents the networks; remaining three octets (24 bits) are for the hosts (224 hosts!) o 255.0.0.0 = Subnet Mask Address 1st Octet Octets for Number of Hosts per Class B Class Range Network Networks Network o Two octets for hosts = 16 bits for hosts A 1-127 1 126 16,777,214 o 255.255.0.0 = Subnet Mask B 128-191 2 16,384 65,534 Class C C 192-223 3 2,097,152 254 o First three octets for network = 24 bits for network D 224-239 o ONLY last octet for hosts = 8 bits E 240-247 o 255.255.255.0 = Subnet Mask NOTE: 127.0.0.1 used as loopback address for testing NOTE: do not count: D used for multicasting o XX.XX.XX.0 this is the network address (on a Class C) E used for experimental purposes o XX.XX.XX.255 this is the BROADCAST address o SO your possible number of hosts ALWAYS excludes these two addresses/values per network Private/Reserved Address Ranges o NOT recognized on the internet, info will be dropped PRIVATE/RESERVED ADDRESSES (by class) o Used commonly for examples or testing or training A 10.0.0.0 to 10.255.255.255 o RFC (request for comment) 1918 = docs used for reserved address standards o Corporations use reserved addresses internally via NAT (Network Address B 172.16.0.0 to 17.31.255.255 Translation) to extend the number of addresses available via IPv4 SO many C 192.168.0.0 to 192.168.255.255 companies can use the same network addresses behind their firewall, as long as have a PUBLIC IP address on the Firewall/on the other side Subnetworks & Subnetting o Create smaller broadcast domains within one large broadcast domain o Adjust Subnet Mask by partitioning bits between subnetworks & hosts, i.e.: -Class C usually 255.255.255.0 BUT if change to 255.255.255.192 THEN: first 2 bits of last octets are used for subnetworks & can use last 6bits for hosts CIDR = Classless Inter-Domain Routing o Assumes entire 32-bit address for usageno more classes! Put a forward slash (/) at end followed by # bits being used for the network o 192.168.101.45/24 o Number of available hosts = 2^n 2, where N is the number of bits being used for the host Main three ways to dole out IP addresses & subnet masks o Static directly assign by hand using software/GUI o Dynamic use DHCP to assign IP addresses automatically within a certain scope of addresses o APIPA (RFC 3330) Automatic Private IP Addressing assigns a temporary IP address in the range 169.254.0.1 169.254.255.254 (NOT publicly usable but some PCs/programs need an address to function in a Peer to Peer network & get your DHCP going) IP Version 6 (IPNG or IPv6) o Expands address space, security & quality of service over IPV4 more fields, space, bits o Governed by Internet Task Force (IETF) o Address space is 128 bits expressed in hexadecimal o ~340 UNDECILLION (?!) addresses total; IPV4 ~ 4 billion total o EXAMPLE: 3ff3:0501:0008:0000:0260:97ff:fe40:efab (For more info see http://www.pcsupportadvisor.com/nasample/c0655.pdf )

9. Network Layer Protocols

Network Layer 3 Protocols (other than TCP/IP): o AppleTalk o NetBEUI o IPX/SPX NetBEUI NetBIOS Extended User Interface o Really in Layer 4 not routable o Used w/Microsoft & IBM (NT, LAN Manager, WIN for Workgroups, Win 95, Win 98, Workgroup add-on for DOS, OS/2) o Minimal configuration needed, rapid data transfer; needs computer name & workgroup/domain name (NetBIOS) o Not used very much today, mostly obsolete o To access/set up in Win 95: Network Applet > Configuration tab > add NetBEUI Protocol > Add > Microsoft > BetBEUI > Reboot > Check bindings tab need TCP/IP & NetBEUI bound to the NIC **Make sure File & Printer Sharing is on all PCs & turn OFF TCP/IP bindings for File/Print Share & Client for Microsoft Networks AppleTalk o Developed early 80s for Mac systems o Early distributed client/server networking solutions for file & printer sharingrequires little user input/interaction o Two versions: AppleTalk Phase 1 & 22 is the one discussed here o 4 Key components: Nodes computer, router, server, printer Sockets unique addressable locations on a node; logical point where upper layer datagram delivery protocols (DDPs socket clients) & services work together and interact. Networks single logical cable to multiple nodes Zones logical group of nodes/networks defined by administrator during network setup. Do NOT need to be physically contiguous
Zone B 2 Network 1 5 4 3

Zone C Zone A

o Non-Extended AppleTalk network Physical network segment that is assigned only a single network number (1-1024) (10-bit; 2^10) Each node # has to be unique for that network No more than one zone configured on it o Extended AppleTalk network Networks can extend beyond the zone, or multiple networks in one zone
Accounting Zone 103.10

100.51

Network 100

100.11

100.101 100.15

Non-Extended AppleTalk Network

Purchasing Zone 100.101

100.3

101.1

101.93 100.15 10212 101.12 102.49

Extended AppleTalk Network

o Local Talk Has media access dependencies on lower layer protocols, i.e., Ethernet, FDDI, Token Ring. Four main media access protocols: Ether Talk Token Talk FDDI Talk Local Talk

Local Talk is a proprietary (Data Link) Layer 2 implementation cheap & efficient for small LANs Usually built into MAC products Uses twisted pair cabling, in a bus topology 300m segment limits; 32 nodes Routers (intermediate devices) can be used for a star topology o LLAP LocalTalk Link Access Protocol Media access protocol Communicates between LocalTalk & upper layer protocols Delivers frames between nodes, guarantees error-free delivery, and performs best effort delivery o AppleTalk addresses = 48 bits NETWORK (16 bits) NODE (16 Bits) SOCKET (16 Bits) 1-65536 Unique random # Unique to each NIC/interface 100 11 50 Using example above, AppleTalk address can be expressed as: 100.11.50 OR 100.11, Socket 50 Dynamically doled out when attached to network: provisional network layer address is handed out (kinda like APIPA) in the range of 65280-65534 Node = random #, unique though Socket = individual to each NIC/network interface/connection o ZIP = Zone Informational Protocol Used to communicate with router; supplies node with Node Number for the network Router replies to node with valid range for network Node selects a valid network numberthen broadcasts to be sure its untaken If another node responds, process starts all over againif not, then the node keeps the node number o AARP AppleTalk Address Resolution Protocol Layer 3 protocol Associates network address with nodes/services/sockets taking place on the network o RTMP Routing Table Maintenance Protocol Layer 4/Transport Layer protocol Based on RIP to establish routing tables using a hop count metric Hop Count = # devices to go through to get to another node Creates/maintains tables on intermediate devices using AppleTalk Stores entries for any network a packet has the potential of reaching Information is periodically exchanged by routers to ensure up to date Novell Netware IPX/SPX o Netware = Novells NOS o Combination of Layer 3 & 4 o Netware comes from XNS (Xeroxs Networking System, 70s 80s)
Transport Network Data Link Physical Ethernet IEEE 802.3 Token Ring IEEE 802.5 FDDI ARCnet PPP SPX

IPX

o IPX = Internetwork Packet Exchange (parallels to IP) Novells original Layer 3 protocol Uses IPX RIP (not TCPs RIP incompatible) or NLSP (Netware Link State Protocol) Network address must be unique Address expressed in Hexadecimal format of Network Number + node number, 80 bits total NETWORK (32 bits) MAC ADDRESS (48 Bits) 00000001 1c.0f1e.8d7a.a36c o SPX = Sequenced Packet Exchange (parallels to TCP) Less important to IPX than TCP is to IP o Encapsulation wrap upper layer protocol info into frames, so can support different protocols/environments
Ethernet_802.3 Added info/ bits at front so can operate in different environments 802.3 Ethernet_802.2 802.3 Ethernet_II Ethernet Ethernet_SNAP 802.3 802.2 LLC SNAP IPX IPX 802.2 LLC IPX IPX DATA

10. TCP/IP Suite of Protocols & Services

TCP/IP = Transmission Control Protocol, over Internet Protocol o Standardized processes for communication o Open nature, so different OSs can use TCP/IP to talk WAN, LAN, MAN, Mac, PC, Linux o Developed by DOD in the 70s, came from ARPAnet TCP o Main, most common L4 (Transport Layer) protocol o Basis of most internet services o Connect & exchange data streams o Guaranteed delivery, packet assembly & reassembly, detection & retransmission of lost packets o Connection-oriented o Documented in RFC (Request For Comment) 793 UDP = User Datagram Protocol o Communication protocol for L3, L4 (mainly), L5 (Network, Transport, Session layers, respectively) o Connectionless no guaranteed reliability o Applications using UDP must perform reliability, error checking, etc. functions themselves o UDP is stateless with no acknowledgements o Used for DNS queries & multimedia/streaming video o Documented in RFC 768 FTP = File Transfer Protocol o Standard file exchange protocol for IP networks o anonymous FTP is common practice o Used to upload web pages to server & download files & applications NOTE: when go to download.com, etc., youre using FTP to download filesmay not SEE it, but going on behind scenes o Documented in RFC 959 o Common FTP programs: WSFTP, CuteFTPcan also run FTP from c:\> ftp help o Common commands: get, mget, put, mput o Uses TCP Ports 20 & 21(one port for data & one port for control info) TFTP = Trivial File Transfer Protocol o Used UDP (instead of TCP like FTP); simpler o Documented in RFC 1350 o Operates on Port 69 (sockets) o Used for starting diskless workstations & downloading applications & small files; can reboot servers, download files to router/switch, etc. o No passwords or directory trees SMTP = Simple Mail Transport Protocol o Defacto email transmission standard o Server to server email transport (use POP3/IMAP4 to download email) o Standard listof commands documented in RFC 2821: *MAIL, RCPT, DATA, RSET, VRFY, EXPN, HELP, NOOP, QUIT o Allows PC/Server to act as email post office o Popular SMTP server = Microsoft Exchange 2000/2003 o Default = TCP port 25 o Setting up SMTP in Outlook Express: Tools > Accounts > Click on desired email account > Properties > Servers tab set the SMTP server settings for email here Can also perform: Import/Export/Set Order of email accounts; Remove; Add POP3 Post Office Protocol, version 3 o Standard protocol for retrieving email from mail server o Good for dialup with permanent connection o Client computer performs all management locally o Password authentication is clear text; uses TCP Port 110 (no encryption, not too secure) IMAP4 = Internet Message Access Protocol o Originally created by/for Stanford University o Remote mailbox access protocol o Allows for selective downloading o Includes more features, like searching o Supports public folders o TCP Port 143 HTTP = Hypertext Transfer Protocol o Default is TCP Port 80 o Handles pages on the internet/www o Uses hypertext (HTML) for browning o Used for document retrieval between servers & web client o HTTP:// is a uniform resource locator, or URL

o Uses clear text, not secure HTTPS = HTTP-Secure, or HTTP over SSL o HTTPS:// is shown in the browser AND a graphical padlock as well o Secure connection o Uses TCP Port 443 (SSL Port) o TLS = Transfer Layer Security newer version, may replace SSL TELNET = Protocol AND a Program o C:\> telnet OR telnet blah.com >Username; >Password telnet /? lists switches available: -a, -t, -e, -f, -l, port o Unsecure, uses clear text o Terminal emulation allows you to log on to other computes on the internet, assuming you have access to run programs & commands o Uses TCP Port 23 SSH = Secure Shell o Uses TCP Port 22 o Develped by SSH Communications Security o Offers strong authentication & encryption, used for: Remote log in, running commands, moving files, etc. Replaces TELNET, RLOGIN, RSH, RCP, RDIST o PutTY = free telnet/SSH client ARP = Address Resolution Protocol o Used in TCP/IP usually Layer 2/3 (Data Link & Network Layers, respectively) o Dynamically (or manually) binds IP addresses to hardware (MAC) addresses o Broadcasts on network segment ONLY learns about local area & adds info to ARP cache To show interface address, MAC, & type (static vs dynamic): C:\> ARP - a NNTP = Network News Transport Protocol o Client/server protocol; handles usenet & newsgroup postings o NNTP readers included in all browsers (with most email programs too, even Outlook Express) o Newsreaders = separate NNTP clients (not part of an email program or browser, standalone program)

11. TCP/UDP Protocols & Services

TCP characteristics: o Stream data transfers (sequence #s) Sequences bytes with a forwarding acknowledgement # (FA #) tells destination I expect to receive this byte # next o Reliable communication o Efficient flow control (communicates the highest sequence #) o Full-duplex communication o Multiplexing services several simultaneous upper layer services TCP Three-Way Handshake o Client initiates link by sending initial sequence # & setting the SYN bit (X) Synchronization bit = set to 1 o Server receives the SYN, records the sequence #, and replies with a SYN-ACK (X + 1) o Client adds its own sequence # (FA): acknowledges all bytes sent by server and indicates what byte it expects next so that data transfer can commence TCP Packet Components Source Port Source Port o Source Port TCP PACKET Sequence # o Destination Port indicates type of communication 32 bits each row I.e., 23 for SMTP ; 53 for DNS ; 119 for NNTP Acknowledgement # = 160 bits o Sequence # - number assigned to first byte of data in = 20 bytes Data ReFlags Window message Offset served o Acknowledgement # - contains Sequence # of next byte of data the sender of the TCP packet is expecting to receive Checksum Urgent Pointer o Data Offset - # of 32 bit words in TCP header tells where fields start & end Option ( + Padding) o Reserve for future use o Flags carries control info, i.e., SYN, ACK, FIN (indicates final communication) Data (Variable size) o Window sliding window Can designate size of senders receive windows buffer space available for incoming data Performs Flow Control o Checksum can use to indicate whether the packet is damaged/has errors/needs retransmission o Urgent Pointer points to first urgent data byte in the packet, if there is any urgent data o Option (+ Padding) o Data received from Layers 7, 6, 5 (Application, Presentation, Session) UDP Source Port Destination Port o Connectionless L4 (Transport Layer) protocol UDP 16 bits 1-65535 o Ports differentiate applications/services Packet o No reliability, no flow control, no error recovery Length Checksum o Uses less overhead / fewer bytes than TCP o Used by SNMP, DNS, TFTP (port 69) 20 FTP o Packet contains FOUR fields only Source Port 16 bits 21 FTP Destination Port 22 SSH 1-1023 = Well Known 23 TELNET 1024-49151 25 SMTP 49152-65535 = free to be used by anyone 53 DNS *For more info, see iana.org/assignments/port-numbers 69 TFTP Length TOTAL, including data 80 HTTP Checksum optional, depends on application 110 POP3 119 NNTP 123 NTP 143 IMAP4 443 HTTPS

12. Additional Network Protocols & Services

NETWORK AWARE FILE SYSTEMS:
NFS (Network File System) Unix/Linux o o o o o o o o o o o o o o o o o o Makes remote directories & files available locally NFS mounted file system is transparent & is independent of platform, OS, or architecture Designed by Sun Microsystems VFS interface over TCP/IP Part of open network computing (ONC) Determines sharing of data & applications Transparent to user via GUI Non-apple networks have to use AFP in order to access data on AppleTalk Servers File sharing for legacy Windows (NetBIOS) & DOS Used for network aware OSs Network protocol applied to files, serial ports, printers, etc. In Win 2000/2003, replaced by CIFS (Common Internet File System) Naming service for Naming service for NetBIOS computer names WINS is to NetBIOS as DNS is to IP Addresses Rather than using broadcasts, uses centralized database of computer names & services better efficiency, less network traffic WINS died out basically with Windows 2003 WINS Client tells its Server its name at startup NOTE: can set the computer name in XP via: Network Connections > LAN > Right-Click > Properties > General Tab > TCP/IP > Properties > Advanced > General Tab > Advanced > WINS tab (tabs are IP Settings & DNS & WINS & Options) LM HOSTS = LAN Manager Hosts Resolve IP addresses to computer names Used for static addressing WINS also handy for remote connections/branches Workstation A checks cache for remote computer name If not in cache, checks with WINS Server If not there, then checks LMHOSTS Next, HOSTS-DNS Allows clients/servers to access active directory database (central repository for all objects [users, groups, computers, and servers] in a Windows 2000/2003 domain) Based on X.500 directory standard, more elaborate Established by the IETF LDAP v2 & v3 supported by active directory Database that maps domain name to IP address Top Level Domains: .COM, .EDU, .NET, .GOV, .MIL, .INT, .ORG Icann.org/tlds/ - for full/updated listing of TLDs

AFP: AppleTalk File Protocol

SMB: Server Message Block

WINS: Windows Internet Naming Service

LDAP Lightweight Directory Access Protocol

DNS Domain Name System

o o o o o o

WINS:
ISP
LAPTOP USER

DNS:
SWITCH
DNS SERVER

ROUTER

ISP

DNS Client
BRANCH OFFICE

Workstation A
WINS SERVER

ROOT
SOHO .COM .EDU .NET

DNS Domain Name System Sample scenario for student user at college, wanting to visit www.website.com from their college dorm room: 1. User sends Query > College> .EDU> Root > .COM 2. College > .COM > Website 3. College > Website > College > User Return message of: The IP Address is xxx.xxx.xxx.xxx 4. TCP/IP Communication from User > www.website.com via the IP Address

WEBSITE

COLLEGE

2
Mail www

User

TCP/IP Communication

1 The IP Address is xxx.xxx.xxx.xxx

DHCP Dynamic Host Configuration Protocol

o Configure dynamically at Host startup o TCP/IP stack initializes, contacts DHCP Server to get IP address, etc. o Usually have many logical servers, but one physical server or one group of physical servers

WINS Server

Mail Server

SWITCH

ROUTER

ISP

DNS Client

Directory Server

DNS Server

DHCP Server

o DHCP Lease process: 4 1. Workstation/Client broadcasts a DHCP Discover Packet 3 2. DHCP Server(s) return a DHCP Offer 2 SWITCH - If dont have a DHCP Server for each LAN, router can be ISP configured to forward broadcast to a selected DHCP Server 1 on a remote network or on another segment. DHCP SERVER - DHCP Lease terms may be minutes, days, etc. - If a servers offer doesnt get selected, it releases its offered ROUTER address for other Clients to use DNS 3. Client receives DHCP offer(s) & selects onesends a DHCP Client Request Packet to the selected DHCP Server 4. DHCP Server returns a DHCP ACK (yes) /NACK (no) NOTE: Server may do ARP first to see if the address requested is taken before returning an ACK/NACK response. If Client receives ACK, the lease maintenance is the Clients responsibility 5a. Client sends a DHCP request (prior to expiration of current lease in order to renew) OR 5b. Client sends a DHCP release (to release/finish lease prior to expiry date) to DHCP Server so can be used by other Clients If Client receives NACK, Client sends out another DHCP Discover Packet o Non-renewed leases are released for other Clients to use
SNMP Simple Network Management Protocol o o o o o o o o o o o o o o o o o o o o o o o o o o o o Manages networked devices, i.e., hubs, switches & routers RFC 1157 Monitors/controls via PDUs Protocol Data Units Devices run agents, or software used to gather info regarding performance, etc. Information is stored in an MIB Management Information Base SNMP v3 is the most current & most secure (as of the 2005 CBT Nuggets video) IP Masquerading source/destination addresses translated as pass thrurouter, firewall, proxy Allows many internal (private) hosts to access the internet (public) via single/couple addresses Internal addresses scheme is protected Overcomes the constraints of depleted IP address space with IP v4 (Privately) uses RFC 1918 addresses, Class A/B/C RFC792 used for error packets, control packets, informational packets for IP PING & TRACERT use ICMP Reports to sender if something has gone wrong in transmission/if packets not delivered Valuable for doing diagnostics & troubleshooting Standard for IP multicasting on the internet Helps keep established home membership in a group Keeps local routers up to date on members as hosts join/leave RFC 2236 = IGMP v3 LPD is Berkeley Printing system Provides network print services & spooling Uses TCP/IP to establish links between network printers & Clients/Workstations Developed for BSD Unix LDP is installed on printer/printer serverLPR is installed on Client device/Workstation Used especially on enterprise networks Assures time synchronization for TCP/IP networks References to radio & atomic clocks on internet Synchronizes distributed clocks to milliseconds Linux has free program NTPD or NTPDaemon available via freeware

NAT Network Address Translation

ICMP Internet Control Message Protocol

IGMP Internet Group Multicast Protocol

LPR (LPD) Line Printer Remote

NTP Network Time Protocol

13. WAN Technologies

Wide Area Network = data communication network over a broad geographic area, not confined to direct/local networks o Usually in bottom 3 layers of the OSI Physical & Data Link & Network
BRANCH #1

Central Site / HQ

VPN Concentrator

ROUTER
BRANCH #2

Point to Point WAN o Solitary, pre-configured, dedicated path between customer & remote network o Usually consist of leased lines, with wire pairs being dedicated communication paths o More expensive, and price based on needed bandwidth & distance o Largely replaced by Frame Relay Circuitry Switching WAN o Data connections are active only when needed, otherwise are shut down (i.e., like telephone call) o One type is ISDN o DCE = Data Communication/Circuit Equipment I.e., CSU/DSU = Channel Service Unit / Data Service Unit (essentially, a modem) Carrier Network o DTE = Data Terminal Equipment
SWITCH

SOHO

DCE Customer

SWITCH

WAN

SWITCH

DCE Customer

SWITCH

Packet Switched WAN Customer o Most popular o Individuals can share resources of common carriers and reap a better cost benefit o Packet Switching multiplexes data into smaller packets so can take separate paths across carrier network to destination (i.e., insert multiplexers at the DCE locations of the above diagram) o Carrier uses Virtual Circuits through network (cloud in diagram) o Types of Packet Switched WANs: ATM asynchronous transfer mode Frame Relay SMDS switched multimegabit data services X.25 o Virtual Circuit logical link/connection created within a shared infrastructure network between two (2) networked devices o SVC - Switched Virtual Circuits created dynamically: 1. Establish circuit 2. Transfer data 3. Terminate circuit o PVC Permanent Virtual Circuits decrease bandwidth use for establishing communication circuit; need constant data flow Need constant data flow, since often used for used for file transfer, web access, email transfer More expensive $$$$$$ Frame Relay o Hi performance, flexible WAN protocol o Uses packet switching technology o Hosts can dynamically share medium AND bandwidth from the cloud o Layer 2 (Data Link) Suite o More efficient & better performance than X.25 o Uses DLCI for Layer 2 addressing DLCI = Data Link Connection Identifier ISDN Integrated Services Digital Network o Offered through regional telephone carriers o Circuit switching WAN

DCE

o Digitizes voice, data, graphics, music, etc. over existing copper phone lines o Digital telephony & data transfer o ISDN uses several devices / reference points DCE for ISDN = CSU/DSU, Channel Service Unit / Data Service Unit, which acts as interface between provider/carrier switches & DTE (Data Terminal Equipment - PC/Telephone/Server/Router) DCE can also be multiplexer, translators TA Terminal Adapter NT1 Network Termination 1 ; NT2 Network Termination 2
@PHONE CO. S TEL NT2 T NT1 U LT V ET

S TEL TA NT2

T NT1

U LT

V ET

DTE Data Terminal Equipment: PC, Tel, etc.

o Two (2) main types: ISDN BRI & ISDN PRI IDSN BRI Basic Rate Interface o 2B + 1D Channel = 2 (64 Kbps) + 1(16 Kbps control/signal info) = 128 Kbps User Data D Channel MAY be used for data as well ISDN PRI Primary Rate Interface o 23B (64 Kbps) + 1 D (64 Kbps, data OR control info) = 1.544 Mbps = T1 line!! Can get fractional, using only SOME channels to bring down cost/speed to whatever is needed Above calcs only for USA/Canada/Japan UK/Australia have 30 B channels, with up to 2.048 Mbps FDDI Fiber Distributed Data Interface o Used for hi-speed LAN backbone & WANs like MAN, government WANs, etc. o Dual ring over fiber o SMF & MMF CDDI = over copper o Has 4 specifications: MAC defines medium access, frames, addresses, errors PHY physical layer specifications encoding, clocking, framing PMD physical medium dependent SMT station management configuration of stations, concentrations, servers, end user devices WAN Carriers OC Standard Transmission Rate o T1 DS1 = 1.544 Mbps ISDN PRI OC-1 51.85 Mbps E1 European = 2.048 Mbps OC-3 155.52 Mbps o T3 - E3 leased line connections; voice, data, etc. OC-12 622.08 Mbps 45 Mbps = 28 T1 channels OC-24 1.244 Gbps o OCX optical carrier for SONET OC-48 2.488 Gbps OC1 OC192 optical transmission, uses fiber optic lines OC-192 9.952 Gbps X.25 o ITU-T (International Telecummunications Unions Telecomm.) Global WAN Standard o Works with many connected systems o Used in packet switched networks of carriers/telecommunications companies o born in 1970s when need arose for a WAN standard o X.25 defines DTE, DCE & PSE o Also usees PAD (Packet Assembler / Disassembler) devices o Maps to layers 1, 2, 3 of OSI (Physical & Data Link & Network) o PSE Packet Switching Exchange cloud/matrix o PAD used when DTE device too simple to fully implement X.25 Use PAD between DTE & DCE
DTE PAD DCE

14. Wireless Technologies

Wireless Summary: o Lots of wireless solutions available o Lots of devices provide wireless options/connectivity o Benefits to wireless Extend your technology portfolio Goes where wiring (cable/fiber) cant go fewer physical limitations to installation & less impact/cleanup Can be cheaper & more rapidly deployed than wired networkideal for small office /temp WLAN while wait on LAN installation Extends existing broadband & high-speed solutions/connections Great alternative when geographically challenged or when need to be mobile o Uses Phones, laptops, home networks, video game controllers, garage door openers, etc.

PC

ETHERNET HUB OR SWITCH

WAP (Bridge)

WIRELESS ROUTER

Hub OR Switch OR DSL/Cable Modem

PC

Typical Office Wireless Environment

Typical Home Wireless Environment

Who Defines Wireless??

IEEE IETF WECA ITU Institute of Electrical and Electronics Engineers Internet Engineering Task Force Wireless Ethernet Compatibility Alliance International Telecommunications Union WWANs WMANs WLANs WPANs - Wireless Wide Area Networks - 2G Second Generation - campus, govt, etc. - can be used as backup to wired - home/office/airport - Use Radio or Peer to Peer (Infrared) - Wireless Personal Area Network - ad hoc / mobile devices - POS=personal operating space of ~10m - IEEE 802.15 - Bluetooth & Infrared

IEEE 802.11 Standards 802.11A Adds to the original 802.11 WLAN specifications up to 54 Mbps bandwidth @ 5GHz radio band Not frequently used even though faster than 802.11b Not compatible with 802.11a or 802.11g

802.11B Most popular WLAN spec (hotspots) Up to 11Mbps, w/fallback to 5.5, 2, 1 Mbps Transfer rates dependent on distance to WAP & # of other users Uses 2.4 GHz radio band/frequency Not compatible with 802.11a

802.11G Gaining in popularity (although N) Compatible with 802.11b, NOT 802.11a Up to 54Mbps w/fallbacks 2.4 GHz radio band/frequency Developed as higher speed technology when communicating with other 802.11g devices

WPAN Communication Methods: Infrared & Bluetooth Comparison Infrared Uses infrared light to carry data Needs hardware & software to function/communicate Governed by IrDA (Infrared Data Association) Laptops, printers, PDAs, phones, headsets Can also use USB port adapter ~ same rate as parallet port up to ~4Mbps Line of site range of ~18 if obstructed, bye-bye signal

Bluetooth Specification for short-range wireless Cell phones, pagers, PDAscan get a 3-in-1 phone to sync with desktop/laptop Bluetooth headsets VERY popular; keyboard/mouse, etc. Very popular for WPAN communication

Spread Spectrum method used to modulate data into manageable bits to get sent via wireless communication o Transmitted in bandwidth that is considerably greater than the frequency content of the original data DSSS: Direct Sequence Spread Spectrum FHSS: Frequency Hopping Spread Spectrum DS-CDMA: Direct Sequence Code-Division Multiple Access FH-CDMA: Frequency Hopping Code-Dvsn Multiple Access Stream divided into smaller chunks, which are assigned to frequency Repeated rapid swapping of frequencies/channels during channels across the spectrum transmission process, coordinated between sender & receiver Better performance than FHSS but more susceptible to interference Originally used to thwart electronic eavesdropping/jamming 802.11 a/b/g use DSSS (OFDM [Orthogonal Frequency-Division Used with original 802.11 standard Multiplexing] used for 802.11a/g higher & Broadband speeds) Used by Bluetooth

15. Internet Access Technologies

-

Dial-Up via PSTN & POTS POTS PC MODEM o POTS = Plain Old Telephone System o PSTN = Public Switched Tel. Network o V-Series V8 - V29 (9600 baud rate per second) baud rate = # times per second the carrier signal is changed V32, V34, V90 (56,000 baud rate) V110 asynchronous DTE can use ISDN (128,000 bps) o Advantages to & Features of Dial-Up Economical; great for backup to cable/DSL Flexible; easy to set up ad hoc connection 33,600 bps = V34 on POTS ISDN basic rate interface (BRI 2B + 1D channel) = 64 x 2 = 128 kbps DSL Digital Subscriber Line o Modem technology; uses existing twisted pair phone lines for high bandwidth data transfer o Mostly home usage, but some usage in small businesses o xDSL = different flavors of DSL ADSL, SDSL, HDSL, HDSL-2, G.HDSL, IDSL, VDSL o Dedicated; P2P access; over copper on local loop (last mile need to be ~ <1 mile from customer to a telco central office) o ADSL = Asymmetric DSL faster download than upload always on great for internet intranets, streaming video, remote access, etc. ADSL modems usu. offer various speeds/capacities 1.5 or 2.0 Mbps 8Mbps (or higher now) downstream speeds ADSL modems operate with IP & ATM (asynchronous transfer mode) o Other DSL options: SDSL equal upload & download transfer rates HDSL 2 pair of T1 = 784 k per pair HDSL-2 emerging alternative over single pair G.HDSL multi-rate version of HDSL-2 IDSL ISDN DSL, single pair @ 128 Kbps VDSL High-speed over short distance on existing copper lines Broadband Cable o CATV operators had to compete with DSL & Direct Satellite in the 1990s o Key operators (big cable companies like Time Warner, etc.) joined to form MCSN for IP solutions o Introduced DOCSIS 1.0 Standard (Data Over Cable Service Interface Specification) with assorted cable modems (Cable Labs) o Use either all coax OR hybrid-fiber-coax
Head End CMTS
HYBRID FIBER-COAX Customer Premises

PSTN /

ALL COAX
Cable Modem PC

Satellite Access o Use satellite in geostationary (GEO) orbit as a relay from vendor to customer o 2-way access through special satellite modem sending requests through satellite dish to satellite ~22,000 miles above equator o Usu. asymmetric slower than DSL, with some latency problems (i.e., not great for internet gaming or other interactive web access) o Need satellite dish & modem (external or internal)

16. Remote Access Protocols & Services

SLIP Serial Line Internet Protocol: access remote networks using serial ports & modems for internet connectivity o Defined in RFC 1055; mostly replaced by PPP o Packet-based protocol; for IP only o Was ONCE the most popular encapsulation protocol for remote access, but no more o Can use telephone serial line & DCE / DTE modem to browse internet, FTP, etc. o Downside have to know your IP address & that of your destination PC youre trying to remote control PPP Point to Point Protocol o Better engineered & feature-rich o Doesnt require IP addresses to be configured before link established o Offers advantages over SLIP configuration is easier, and have: o Multiprotocol support IP, IPX, DECnet, AppleTalk o 3 Main Components of PPP: HDLC to frame datagrams (from upper layers) over serial links LCP for layer 2 connection management (the horse in the Lord of the Token Rings saga) NCP for multiprotocol support (the guy on the horse in the Lord of the Token Rings saga) o PPP Operation Standard for assigning & managing IP addresses Asynchronous (i.e., email) & synchronous (i.e., IM) encapsulation Protocol multiplexing can run many protocols at once in one organization/LAN/WAN Offers easy link setup, configuration, testing, error detection, compression o PPP overall process: 1. Modem sends LCP (link control protocol) frames to receiver 2. Sends NCP (network control protocol) frames, i.e., AppleTalk, IP, etc. 3. Continues until cancellation, or until inactivity timer goes off, or connection otherwise disconnected o Cables used: RS 232 (EIA/TIA 232) & RS 422 (EIA/TIA 422) PPPoE Point to Point Protocol over Ethernet o Connects many users & hosts on Ethernet segment to remote site via common CPE (customer premises equipment) o Encapsulates PPP frames in Ethernet frames o Used by cable modems & DSL (usu. SOHO application) o Authentication, encryption & compression o Always on service; RFC 2516 RAS Remote Access Service (now use RRAS Routing & Remote Access) o Windows NT 4.0 service for remote networking through dial-up connectivity from remote users/LANs o Uses modem dial-up, X.25, or WAN link o Works with networking protocols, i.e. NetBEUI, IPX, TCP/IP o Client needs RAS client software OR 3rd party PPP application; Server runs the RAS service o In XP, can set new dial-up RAS connection up via: Start > All Programs > Accessories > Communications > New Connection Wizard > Connect to network at my workplace (also have choice to set up Internet Connection & Set up Home/small office network & Setup an advanced connection) > Dial-Up > Company Name > Phone Number VOILA! RDP Remote Desktop Protocol o Introduced in Windows NT 4.0; remote connectivity protocol used by Linux & Microsoft (Terminal Services) o RDP Server listens on TCP Port 3389 o RDP 5.1 comes with Windows XP (Remote Desktop Connection) o Provides remote display & input ability, audio, file/port/printer redirection, clipboard sharing, encryption o Access in XP via: Start > All Programs > Accessories > Communications > Remote Desktop Connections > Options button > General / Display / Local Resources / Programs / Experience = different tabs for setting up the connection(s) o Can use RDP to connect to user PCs for remote troubleshooting o NOTE: can use Terminal Server/Services instead ICS Internet Connection Sharing o Used in home networks & SOHO o Microsoft feature allows LAN hosts to share a single internet connection & a single IP address o Uses DHCP & NAT services (IP masquerading) o Works with all popular internet connection technologies DSL, cable, ISDN, satellite, dial-up o Other products out there i.e. WinGate & WinProxy turn your PC into a gateway/proxy server via software o To set up, need to set up on all LAN connections: Control Panel > Network Connections > LAN > Right-click > Properties > select TCP/IP > Properties > MUST ensure that Obtain IP address automatically is checked! also should go to Advanced Tab > Internet Connection Sharing > ensure allow other network users to connect through this computers internet connection is checked in order to share

17. Server Remote Connectivity Configuration

Perimeter (edge)

Corporate Network Switch Firewall Perimeter Router

ISP

MultiLayer Switch OR Hi-End Router

NLB

Remote Access Server in DMZ, running RAS, NAT, Auth. VPN Windows 2000/2003 Unix/Linux-based (Mac OS X too) EXAMPLE 1

NOTE: this network interface must be FAST. Either: - Etherchannel (~100Mbps) - Fiber channel (FDDI Ring)

L3 Switch or Router (VLAN)

Perimeter (edge)

Corporate Network
Router + Built-in Firewall

ISP

MultiLayer Switch OR Hi-End Router EXAMPLE 2 smaller/simpler solution: using Router + Built-In Firewall here, in place of Perimeter Router. Can also use Multi-Honed Linux Server with Firewall

Perimeter (edge)

Corporate Network
ROUTER

ISP

MultiLayer Switch OR Hi-End Router EXAMPLE 3 more expensive solution, using second Multi-Layer Switch or High End Router & integrated Firewall

o RAS = modular solution can add whatever modules you need to do business o NLB = Network Load Balancing solution use 2+ servers, act as 1 logical server o Dual Homing = 2 NICs on one machine often = one Public, one Private (NAT); covered in RFC 1918 o DMZ = demilitarized zone own/separate security zone NOS Remote Access Services o Dial-up Services (dial on demand, DOD ISDN, telco/POTS) o Radius authentication & authorization Password + (Biometrics; Pin; Digital Certificate; Smart card; Token; Thumbprint) o Virtual private networking secure links (L2TP, PPP, IPsec, SSLVPN) between 2 different networks o Accounting & reporting services when, how long, disconnect time, etc. o Modular add-in services to NOSs can activate individual features across most OSs Popular NOS Solutions o Novell Netware Open Enterprise Server (SuSE) o Sun Solaris Secure Shell (replaced IPSec VPN standard) o Mac OS X (Unix-based component) o Linux (Red Hat, Debian, Mandrake) o Windows 2000/2003 RRAS / IAS RRAS = Routing & Remote Access Service uses OSPF, RIPv2 IAS = Internet Authentication Service Microsoft version of Radius for authentication & authorization & accounting (AAA) Client Connectivity via one of two methods: o Integrated remote access program (i.e., Internet Connect on Mac OS X) NOTE: Need security layer operating above this o Integrated VPN client OR- 3rd party solution, i.e. Cisco VPN Client secure tunnel for a VPN

18. Security Protocols

VPNs Virtual Private Networks o Generic term for a private/encrypted connection over a public network between 2 terminating points of 2+ private networks; wide area network over public lines o Terminating Points = router/concentrator; mobile users; remote access sites o Cost effective cheap access to public network without the need for expensive leased line connections (i.e., T1)
Mobile User (DSL, ISDN, analog cable)

Telecommuter

Central Site / HQ

VPN Concentrator

ROUTER
Remote Access Site

Remote Access Site

VPN TUNNEL

o Categories of VPNs: Remote Access VPN for the telecommuter/mobile user Access through their own ISP to terminating site on other side of the tunnel Use VPN software on client side Site to Site VPN LAN to LAN VPN Extend to another corporate site via the internet to extend the LAN More permanent solution usually involves use of a hardware/software combo & data usually encrypted
BRANCH #1

Internet

Central Site / HQ BRANCH #2

SOHO Tunneling allows one network to send data using another networks connection o Encapsulates the network protocols used by the client within the packets carried by the second network embeds own network info in the TCP/IP packets For example, when sending gift via USPS, put in an outer packaging to protect it

VPN CONCENTRATOR

INTERNET

VPN Client (Mobile User)

Certicom PDA IPSecVPN Client

Hardware Client Software Client

VPN Concentrator

o Software Client = NetScreen; Cisco; etc allows administrators to set security policies for access (i.e., authentication, key exchange) Equivalent of PPP on steroids! Software clients used in situations with a couple of users hard to manage/implement/administrate with more than few users o Hardware Client used in larger settings remote office, many users Takes control away from end users, puts firmly into hands of administrators PPTP Point-to-Point Tunneling Protocol

o VPN Tunneling (encapsulation) protocol; uses encryption Documented in RFC 1999 o Included in NOSs; Microsoft uses for low cost secure remote access to corporate networks o Supports: TCP/IP; IPX/SPX; NetBEUI o Weaker security/confidentiality than IPSec L2TP Layer 2 Tunneling Protocol o IETF standard o Marriage of Microsofts PPTP & Ciscos L2F protocols o Based on IPSec; documented in RFC 2661 o Supports multiple protocols & NAT (Network Address Translation allows you to use private IP addresses & communicate over the internet) IPSec IP Security o Operates at Layer 3 (Network Layer of OSI Model) to encrypt & authenticate & manage keys for TCP/IP transmissions o Four Core IPSec Services: Confidentiality: encrypts data Date Integrity: no change to date in transit Authentication: verifies users & data origin; non-repudiation AntiReplay: ensures that each packet is unique o Authenticates in two phases: Key Management uses IKE (Internet Key Exchange) to manage keys; runs on UDP port 500. Determines which keys will be used by communicating nodes. Encryption two types available: 1. AH: Authentication Header only encrypts header, not data 2. ESP: Encapsulating Security Payload encrypts entire IP package/data payload for added security; DES, 3DES, AES o Most commonly run on routers or other VPN connectivity devices SSL Secure Sockets Layer o Encrypts data over internet o Uses Public Key Infrastructure (PKI) to encrypt data o Developed originally by Netscape, used widely by everyone now. o Main protocol for secure transactions between web browsers (end users) & servers o SSL3 offers: Privacy Authentication Message integrity o Indicated via: HTTPS + lock symbol (sometimes get a pop up too depending on web browser being used) o TCP port 443 (rather than HTTP port 80) o Establish unique SSL session each time client/server create SSL connection, created by the SSL handshake protocol. Client_hello & server_hello messages WEP Wired Equivalent Privacy o Uses keys to authenticate clients and to encrypt data in transit o Prevents eavesdropping & packet sniffing o Optional standard for 802.11 WLAN o All products must support same XX-bit of WEP (40 bit/64/128) o Flawed using the same key to encrypt & authenticate means if access one, access alltoo easy to break into, not very secure WPA WiFi Protected Access (created/endorsed by WiFi Alliance) o Meant be used with authentication server (Radius or Tacacs+) but doesnt need to be (can use WPA-Personal) o Can dynamically & rapidly change keys; uses stronger 48- or 128-bit keys o Improved data security & secure message authentication

19. Authentication Protocols

Authentication security mechanism, used to validate identity of a data channel OR user OR message OR service; ensures person/service is as advertised
Client

Server (Table)

PAP: Password Authentication Protocol o Most basic/elementary form of authentication compares credentials to table of name-password pairs o Used as basic authentication of http o RFC 1334 o NOT secure/encrypted over network or internet; info IS encrypted on server side:
2. Checked against encrypted info on server side 1. User name/password sent in CLEAR TEXT 3. Acknowledgement sent back from server

CHAP = Challenge Handshake Authentication Protocol o Verifies the identity of a client with a 3-way handshake CHAP agent sends key to client a shared, secret key is used to encrypt the User Name & Password CHAP sends challenges out at regular intervals to weed out intruders disguised as client RFC1994 originally didnt prevent unauthorized access (!); access was determined by the router and/or server o MSCHAP = Microsofts version of CHAP V.1 & V.2 used by Windows 2000 & 2003; prevents unauthorized access IAS, RRAS, RAS at Server; all these use active directory database to determine level of access granted to Client o Encrypts the data load using the shared secret key o HASH = one-way function o CHAP Process: 1. Link Established Link established between Server & Client SERVER 2. MD5 (Message Digest 5) CLIENT MD5 Message Digest 5 = take credential info & once apply one-way 3. If MD5 does NOT match, connection is terminated has to it, you will have a fixed link result or DIGESTwhich is sent back to the authenticator IF MATCHES: all OK, connection continuesbut IF DOES NOT MATCH, connection is terminated RADIUS = Remote Auth. Dial In User Service o AAA = Authentication & Authorization & Accounting for network access and IP mobile availability (see notes below in AAA section) o Credentials are passed to NAS (Network Authentication Server) via PPPthen forwarded to RADIUS Server (Cisco Access Control Services, or ACS) o Radius uses following schemes: PAP, CHAP, EAP o Valuable for recording authorization, accounting, billing with extensive protocols o OPEN Protocol can use own customized version for own purposes o Used by ISPs to measure bandwidth usage o DIAMETER = planned replacement for RADIUS TACAS+ = Terminal Access Controller Access Control System o Predecessor to Extended TACAS o Used for authentication & authorization in UNIX networks & Cisco infrastructures o Offers limited accounting o Totally new replacement use TACAS OR RADIUS, not both o Stores usernames & passwords; encrypts communications to the NAS; authorizes o Centralized management for remote sites AAA = Authentication & Authorization & Accounting o Authentication = ensuring youre who you say you are o Authorization = verifying what you have access to o Accounting = when you log in/out, how long you accessed what, etc good for billing & auditing services o NOTE: when network gets larger, good idea to get dedicated AAA Server o LDAP = Lightweight Directory Access Protocol

EAP = Extensible Authentication Procotol o Extensible can be modified & customized o Universal, open protocol o Used in P2P & Wireless Networks (WLANs) o WPA & WPA2 use 5 EAP types: LEAP EAP-TLS EAP-MD5 EAP-TTLS PEAP o Defined by RFC 2284 o Supports passwords, tokens, token cards (ATM cards), digital certificates, PKI, biometric methods, etc. i.e., its versatile! KERBEROS o IETF Auth. Standard, using centralized ticket-granting server o Clients need to rely on a third-party to perform authentication & authorization on TCP/IP system o Encrypted tickets are transmitted in lieu of usernames & passwords o Applications & OSs must be kerberized o Key Distribution Center Implements: SWITCH AS: Authentication Service TGS: Ticket-Granting Service o Usually have redundancy & security, and database with all KDC usernames & passwords o AD (Active Directory) o Slave Server can be used as backup
Kerberized Client A Kerberized Client B

20. Network Operating Systems

Unix Networking Services o Introduced TCP/IP & UUCP (Unix to Unix Copy Protocol) o BSD Berkeley Software Distributionled to: Free BSD, Net BSD, Open BSD, and DARWIN o AIX Advanced Interactive eXecute proprietary version, IBM o Sun Solaris Sun Microsystems Sun OS Open Windows; CDE. = GUIs o HP UX developed by HP in the late 80s Linux Networking Services o TCP/IP on Linux in 1992 (prior to that it was UUCP) o Net-4 version networking standard o Supports TCP/IP, IPX, AppleTalk, SLIP/PPP o Firewalls, NAT, accounting services, tunneling o Runs on Ethernet, token ring, FDDI, frame relay, ISDN, ATM o 200+ distributions: Mandrake, Debian, Suse (sp?) o Samba protocols used to talk to Windows-based machines Three ways to move files over internet: o NFS = Network File System Used to access network resources & file/print services (all of which appear LOCAL) Used by Unix & Linux, although independent of platform Redirects things over the network Client/Server suite using a virtual file system running on TCP/IP Developed by Sun Microsystems Trend is moving to CIFS Open Standard (Windows 2000, 2003) o FTP = File Transfer Protocol

File System Mountable as local drive Encrypted Passwords supported Optimized for modem dial-up connections Unicode file names supported Secure anonymous requests allowed NO extra software required for file transfer NO extra drivers required for Win 3.11 NO extra drivers required for Win 95 NO extra drivers required for Win NT NO extra drivers required for OS/ 2 NO extra drivers required for Unix Used for internet & LAN networks

CIFS YES YES YES YES YES YES YES YES YES YES YES YES

FTP NO NO NO NO YES NO n/a n/a n/a n/a n/a NO

NFS YES NO NO NO NO YES NO NO NO YES NO NO

o CIFS = Common Internet File System MAC OS/X Server (Tigernow moving to Leopard tho) o Uses AFP (Apple File Protocol) o Includes SMB & NFS to run on Mac OSX, Apple Share, Unix, Linux, Netware, Windows o Uses Unix core from BSD open source community o No proprietary technology is used Apache wb server, Sambe, Open LDAP, Kerberos o Fully supported with AFP over TCP/IP o Notes on MAC Stuffs: Mac-Finder allows you to browse the network. & dont need new software to connect MAC to Windows network LTLM2 LT Lan Manager 2 Netware (Now marketed as Suse Linux Enterprise Server) o Now open source o Uses TCP/IP o Interoperability is for migration o Netware versions add open source functionality o Moving away from NCP (NetWare Core Protocol) & IPX/SPX Now uses TCP/IP & CIFS o Marriage of: Netware technology & Suse Linux O/S Windows 2000/2003 NOS Windows 2000 Advanced Server o Control Panel Add/Remove Components can add Unix/Linux packages o IIS Internet Information Services o Control Panel | Administrative Tools DHCP can set scope/scope options time server, set router, name server, DNS/log servers DNS Forward & Reverse lookup zones database of information (resolves domain names to IP addresses & vice versa) IAS AAA (authentication, authorization, accounting) add clients, etc. Routing & Remote Access Server Terminal Services Manager 2000/2003 Lower Layer Services Provided: DHCP Routing & Remote Access IAS, IPSec Terminal Services IPv6, VPNs Wireless Networking Support Windows 2000/2003 NOS: Web Server / Web Application Server Remote Access / VPN Server (terminate VPN at Server side) DNS, DHCP, WINS Streaming Media Security Proxy Server IAS (Internet Authentication Server

21. Client Workstation Configuration & Connectivity

Structured Wiring & Cabling - Structured Wiring for SOHO or SMB LAN o Wiring Panels in Wiring Closet or Server Room o Patch Panels custom cut cable to reach patch panels (wall jacks), rather than direct drop of wiring to computers o Central Wiring Point can be switch, group of switches, punch down panel, patch panel, etc. o Crimping Tools: can get just for RJ-45 or can get with interchangeable modular dye for RJ-11, etc. Use cutter part/stripper blade to trim off the outer jacket/plastic casing & reveal twisted wire pairs inside Trim inner wires down to ~1/2 to prepare for insertion into RJ-45 connector Used to crimp the connector into place o Typical Ethernet Scenario:
Wall Jack

PC

Bulk Cable connects keystone to Patch Panel / CWP

Patch Panel -ORPunch-Down Block

Patch Cords used to connect panel to Central Switch

o General Procedure for preparing / installing a small office network: Cut cable to planned lengths from CWP to holes where wall plates are attached Run cables according to local building specifications Use crimping tools to strip cable: squeeze handle & keep the cable perpendicular to the tool blades; remove outer shielding to 11/2 exposure for insertion into punchdown blocks or keystone female jackstrim to for insertion into RJ-45 connector Use punchdown tool to set twisted wire pairs into place in keystone female jack or at patch panel or punchdown block o Guidelines: Always use more cable than necessary Test each part of a network as you install it (easier to keep track & replace right away if not functional) Stay at least 3 away from fluorescent light boxes & other electrical devices that may cause interference Cover cable with cable protector if it must be run across a floor Label both ends of each cable; keep a spreadsheet/record of the labeling scheme Use cable ties to keep cables bundled & neat & under control
Preparing & crimping Cat5 cabling:

Wiring Keystone Jacks:

Patch Panels: Rear & Front

WIRING DIAGRAM T568B (ATT) Color Code IDC Terminal White/Blue Pin 5 Blue Pin 4 White/Orange Pin 1 Orange Pin 2 White/Green Pin 3 Green Pin 6 White/Brown Pin 7 Brown Pin 8 RJ45 Jack Pin 5 Pin 4 Pin 1 Pin 2 Pin 3 Pin 6 Pin 7 Pin 8 Color Code T568A (EIA) IDC Terminal White/Blue Pin 5 Blue Pin 4 White/Green Pin 1 Green Pin 2 White/Orange Pin 3 Orange Pin 6 White/Brown Pin 7 Brown Pin 8 RJ45 Jack Pin 5 Pin 4 Pin 1 Pin 2 Pin 3 Pin 6 Pin 7 Pin 8

T568B/ATT White/Orange Orange White/Green Blue White/Blue Green White/Brown Brown

T568A/EIA White/Green Green White/Orange Blue White/Blue Orange White/Brown Brown

Network Interface Configuration - Workstation Network Interfaces: o PCI Network Interface Card usually 10/100 o USB converter dongle o PCMCIA card for laptop usually 10/100 LAN card Dongle extension to RJ-45 keystone OR Integrated/onboard dongle on the card itself OTHER TYPES: Wireless; Fiber Optic; Etc - Configuring the NIC o Lower Layer Configuration: GENERALLY can just plug in the network device & Plug-and-Play will take over, BUTenerally can just plus in the network device & Plug-and-Play will take over, but be sure to check device compatibility with your OS & download newest applicable device drivers if not included with the device Check Device Manager to be sure all is honky-dory o Upper Layer Configuration layer 3 & higher Network Connections | Right-Click on the Local Area Connection | Properties | General: Client for Microsoft Networks File & Printer Sharing for Microsoft Networks Internet Protocol (TCP/IP) | Properties | o Obtain IP Address Automatically o Use the following IP address: IP Address: 172.16.3.3 Subnet mask: 255.255.255.0 Default gateway: 172.16.3.2 o Obtain DNS server address automatically o Use the following DNS server addresses: Preferred DNS server: 172.16.3.2 (usually the default gateway) Alternate DNS server: o Advanced: IP Settings DNS WINS Options: TCP/IP Filtering (firewall essentially) Authentication Tab Enable IEEE 802.1x authentication for this network o Drop-down menu to select EAP Type & can set Properties Authenticate as computer when computer information is available Authenticate as guest when user or computer information is unavailable Advanced Tab Windows Firewall: Settings o General On (Can also check box to not allow any exceptions) Off (Not recommended unless have another firewall) o Exceptions o Advanced

22. Firewalls & Proxy Services

Overview of Firewalls Packet Filtering Proxy Services Stateful Packet Filtering

OVERVIEW OF FIREWALLS - Firewall represents system of hardware and/or combination of hardware & software that provides a service: controlling access between two or more (2+) networks or broadcast domains o Zones: Outside corporate network Inside corporate network DMZ = De-Militarized Zone: place for specialized devices with needs for specialized access/security
Outside Internet Inside PIX

DMZ Firewall Services o Packet Filtering Also known as ACLs (Access Control Lists) limit amount of data or traffic coming into network; permit or deny traffic based on info stored in the header fields TCP header & IP header Denies everything until you tell it to permit something inbound & outbound ACLs can get verrrrry long & hard to manage Malicious users can still discover what packets meet the firewall criteria & send out arbitrary traffic to hack MTU = maximum transmission unit: very small & fragmented under the IP protocol (for widespread usability, but not too good for security) Packets can still get through by being fragmented Not all services can be packet filtered

e0 Internet e2

e1

o Proxy Services Proxy server a firewall that examines packets at higher layers of OSI Model above Network Layer 3 (Transport Layer 4, Session Layer 5, Presentation Layer 6, Application Layer 7) acts as go extra layer of protection between inside Proxy Services & Policies: Negotiate state of session; Authentication; Authorize what apps are available, etc. AAA (Authenticate, Authorize, Accounting) Servers are examples of proxy services General definition of proxy services: control upper application layer & usage Caches web pages to reduce traffic & limits types of internet activity (prevent certain type of usage) Proxy server represents a single point of failure for application services, authentication, & authorization policy High degree of performance overhead Not a scalable solution only for smaller offices
PIX Internet

Proxy Server

o Stateful Packet Filtering method used by Cisco PIX & others; combo of other two Used by most top of line firewall appliances & software, including Cisco PIX Stores complete session state date in a Flow Table for TCP or UDP in RAM memory on server or router Contains info in the fields of packet headers Firewall generates a connection object in memory a logical object; for the life of the session Connection objects will be compared to flow table & allowed or modified or denied based on policies set by administrator for the different security zones created Functions on packet-by-packet basis OR- can operate on entire connection between two endpoints Performs better than other methods can do ACLs & Proxy Services as well Higher end firewalls have more memory, can handle more applications, etc. Cisco Private Internet Exchange (PIX) Firewalls o Security appliances built for security & reliable, robust performance o Create security zones via Adaptive Security Algorithm (ASA) o Engines to inspect traffic on Layers 4 7 o Provide user-based authentication, rather than having to use a RADIUS server

23. VLANs
LAN Switches o Higher port density than bridges for less money o Allows for fewer users/network segment (collision domain) o Increase avg. available bandwidth per user Micro-segmentation: can generate a private network segment with full access with full bandwidth & no collisions o Layer 2 LAN switch forwards on Layer 2 frame address (MAC Address) o Layer 3 LAN switch can use Layer 2 and/or Layer 3 addressing o LAN Switches similar to transparent bridges or multiport bridging VLANs Defined o VLAN = broadcast domain created inside a switched network o Broadcast domains are boundaries where broadcast frames end (generally) need router to communicate beyond broadcast domain o Switches can support one or more VLANs o Broadcasts from one VLAN never unless you have a router or a multilayer switch that can do the communicating between VLANs for you!! VLAN Advantages: o Broadcast domain segments provide better bandwidth utilization o Isolating users can enhance security for company/network o Flexible deployment/VLAN assignment; based on factors other than physical location i.e., can reallocate ports on switch to be part of different VLANs as needed o Use TRUNKING to connect switches together Switch Port Modes o Access Mode (most common) Switch port belongs to one and ONLY one VLAN Typically, attached to end user devices: server, laptop, printer, etc. o Trunk Mode Can communicate with multiple VLANs & can interconnect switches Multiplexes the traffic between switches carrying multiple VLAN VLAN-B location STILL need to go above Layer 2 & need a Layer 3 device (such as a router) to have hosts on different VLANs communicate; this ONLY works to have same-VLAN-hosts talking to each other via Trunks
VLAN-C
SWIT

VLAN-A VLAN-B
SWIT

Trunks connect VLANs A/B/C

SWIT

VLAN-C

Trunking Protocols o ISL: Inter-Switch Link, Commonly used by Cisco; Used to go above & beyond IEEE 802.1Q o Adds extra 0s & 1s to (encapsulates) frames in order to direct traffic to another part of VLANs Allow for physical expansion of VLANs o NOTE: this still only communicates within the same VLAN! Layer 3 (MultiLayer) Switching o Layer 2 Switch with added Layer 3 features Additional software features Manages broadcast/multicast traffic Routing Protocols and QOS (Quality of Service differentiate & control different types of traffic on network) Access List Security can filter & block based on Layer 3/4 protocols IP Fragmentation can connect different types of network topologies o Data flow can bypass routers Can be used for backbone of corporate network Beefed up version of b-router o Uses Store-And-Forward Switching Stores the entire frame, analyzes, and then sends out Differs from cut-through & fragment-free switchingStore-And-Forward largely used across the board now

24. Intranets & Extranets

INTRANETS o Definition: a LAN or a series of LANs connected via high bandwidth exclusively inside an organization for internal collaboration & productivity Use same TCP/IP protocols for intranet as for internet Set behind firewall to keep intranet safe from outside access Characteristics & Applications of Intranets: o Web-based collaboration & productivity tools o Document management (web folders, public folders) o CMS (content management systems) o Online Calendars o Group scheduling o Bulletin boards o IMing o Task/Project management, DSS (decision support systems used by management) o HR Management o Web/AV conferencing o Training, continuing education o Web data & raw data management o QOS & traffic separation for data, telephony, etc. Extranet: two or more intranets connected between & created by two different entities o Uses public internet to connect different intranets o Can use dedicated lease lines -OR- virtual private networking (VPNs) for connection between intranets VPN: can create tunnel via Point to Point tunneling protocol, Layer 2 Tunneling protocol, IP Sec o Great for communicating with: Strategic partners Key vendors Preferred customers Transitional mergers Transitional acquisition R&D partnership

25. Antivirus Protection

What is a Computer Virus?? o Virus: program or chunk of code that reproduces its code (self-duplicates) by linking itself to another executable file Can insert code at front, middle, whereveror can redirect to another file/part of HD Virus is run when the file is executed o Goal: to reproduce without permission or knowledge of the end-user o Two Phases: Infection: reproduces on your system Attack (optional) Worm: Infection & attack without damage o Executables: .exe; .com; etc. See table at right for list of some common executables you should NEVER run from an email attachment unless youre expecting them & know the sender Other Types of Malware o Worms: are standalone programs, but unlike viruses, dont require host code to spread themselves o Wabbits: self-replicating; dont infect host programs or documents; example: Fork Bomb o Trojans: disguised as legitimate software; do NOT replicate themselves; usually attached to adware & spyware o Backdoors: chunk of software code that allows access to your computer by bypassing typical authentication procedures Backdoor Trojan; backdoor worms Also called Ratware o Spyware: collects & sends info back to a website; i.e., browsing patterns, credit card numbers, etc.; beware of P2P sharing & shareware with spyware!!!! o Exploits: software code that attacks a security vulnerability on your system, routers, etc. o Rootkits: (aka stealth rootkit, backdoor rootkit) code inserted into system by a hacker to give root access to the operating system; can also be backdoors or open backdoors for later access; REALLY hard to detect o Keyloggers: software that copies/tracks/stores users keystrokes; gives access to ANYTHING you type: pin, passwords, etc. o Dialers: replaces phone numbers in dial-modems connection software; usually replaces with 900 numbers, etc.; can also be used to dial-out & send out keylogger info, etc. o URL Injection: changes browsers behavior to other domains than what youve typed in Characteristics of AntiVirus Software o How AV Software Works: Inspects memory Looks for signatures Checks before opening files Notifies when malware detected ALARM!! o AV Process: Source System: can be email, web page, floppy, etc. Interception: done by Virus Scan Engine Alerts: logs, reports, pages, emails, etc.
Source System Destination System Interception Disinfection Alert
Common Executable File Extensions: ADE Microsoft Access Project File ADP Microsoft Access Project BAS Visual Basic Class Module BAT Batch file CHM Compiled HTML Help File CMD Windows NT Command Script COM MS-DOS application CPL Control Panel Extension CRT Security Certificate DLL Dynamic Link Library DO* Word Documents & Templates EXE Application HLP Windows Help File HTA HTML Applications INF Setup Information File INS Internet Communication Settings ISP Internet Communication Settings JS Jscript File JSE Jscript Encoded Script File LNK Shortcut MBD Microsoft Access Application MDE Microsoft Access MDE Database MSC Microsoft Common Console Doc. MSI Windows Installer Package MSP Windows Installer Patch MST Visual Test Source File OCX ActiveX Objects PCD Photo CD Image PIF Shortcut to MD-DOS Program POT PowerPoint Templates PPT PowerPoint Files REG Registration Entries SCR Screen Saver SCT Windows Script Component SHB Document Shortcut File SHS Shell Scrap Object SYS System Config/Driver URL Internet Shortcut (Uniform Resource Locator) VB VBScript File VBE VBScript Encoded Script File VBS VBScript Script File WSC Windows Script Component WSF Windows Script File WHS Windows Scripting Host Settings File XL* Excel Files & Templates

Virus Scanning Engines o Virus Scan Engines use two basic methods: Compares virus signatures to a database, typically updated periodically from vendors website Heuristic Scanning scans for patterns of activity o Permanent Protection: essential but complicated and take more resources o On-Demand scans: require user intervention; only scans when user scans

26. Fault Tolerance & Disaster Recovery

Fault Tolerance o Fault Tolerance = ability of a system to continue to operate (at least to some degree) when some of the components fail o Necessary for high-availability (network backbone, email/web servers, etc.) or life-critical equipment o Can also apply to protocols, i.e., TCP retransmitting lost packets/guaranteed delivery o Necessary to anticipate possible failures in order to implement fault tolerance properly Fault Tolerance: Power! o Power Supplies (usually more of a disaster recovery thing, but good to have spares); some mission-critical devices have bays for modular additional/backup power supplies o UPS: Uninterruptable Power Supply Backup continuous power; provides emergency power & surge protection UPS uses/gets commercial power Internal batteries; need maintenance Long enough for server shutdown at a minimum Goal: prevent hardware damage & prevent data loss o Backup Power Generators run on gas & can keep things going for hours Fault Tolerance: Links & Network Channels o Multiple ISPs with different connections to backbone of network o Link (dial-up?) and protocol (BGP) redundancy to ISP BGP: border gateway protocol; can do BGP multihoming too o Multi-homed network devices Switches, routers, VPN concentrators, etc. o Fault Tolerant Adapters Adapter load balancing / adapter teaming, aka, port aggregation Microsoft has NLB (Net Load Balance) Cards are configured to distribute load between cards Fast Ethernet = 100Mbps; Gigabit Ethernet = 1000 Mbps Great solution for large corporate environments More info on fault tolerant adapters: www.networkcomputing.com Fault Tolerance: Storage o Storage fault tolerance is usually done via duplication o Replication Services Simplest method; i.e., MS Exchange can replicate areas of web server to other servers, SQL databases Basically, a scheduled copy of data to other locations/servers o Redundancy Method More powerful; multiple identical instances of same data/component/system & be able to hot swap to those other instances RAID redundant array of inexpensive disks o Server Clustering Clustering = 2+ devices (i.e. file server, web server) pooled together & presented as a single server with a single IP address Helps distribute load across multiple servers & keep things rolling if one device fails Great web services solution for redundancy, load balancing, etc. o Storage Area Networking (SAN) Very popular for enterprise storage Attach disk array controllers & tape libraries to servers over fiber channel technology, SCSI or iSCSI: leverages existing TCP/IP over Fast/ GigabitE switches, provides SAN as well = redundancy & high-speed networking! o Network Attached Storage Similar to SAN, but allows many computers to access the same set of files on the network Multiple units can share same storage area with less overhead than SAN Fault Tolerant Services o Active/Active Clustering Have several nodes/servers as part of a cluster (up to 8 depending on hardware/software chosen) All active & sharing load of processing client requests FTP requests, WWW requests, etc. If one node goes down, the others pick up the slack o Active/Passive Clustering Cluster of servers where one or more are on standby, able to be brought up online if an active node goes down o Hot Standby Clustering Have more than one failover server as backup on standby, gets consolidated to one single hot-standby node which you can bring on line if needed to take over for a failed server in the cluster

o Network Load Balancing Aggregation or adapter teaming Software component of Windows 2000/2003; provides failover support for apps & network services running on IP networks i.e., if running IIS, can run NLB to run up to 32 servers to balance load & provide failover services Disaster Recovery: Backup & Restore o Part of Security Plan! Secure your data!!!! Lots of good software to backup PCs, Servers, configuration files for other hardware, etc. o XP: Accessories | System Tools | Backup Disaster Recovery: Offsite Storage o Take tapes/backup media offsite for storage either use a service or take it home o BUT can do Backup to Offsite Location via VPN too!! Disaster Recovery: Hot/Cold Spares o Hot Spares Extra unused component in standby mode Usually setup so occur without shutdown of server or device AND/OR without administrative intervention Most RAID arrays use hot spare drives Also seen on higher-end routers, MLS (multi-layer switches), VPNs, firewall appliances o Cold Spares Extra part which is not already running & ready to go Generally requires a shutdown or interruption of service, etc. Disaster Recovery: Hot/Warm/Cold Sites o Hot Site: $$$$$ Usually a hot-standby data center and/or office facility Able to handle full failover solution for entire business or organization in case of catastrophic event o Warm Site: $$$ Partly equipped, without live data SOOOO will need to update data o Cold Site: $ Air conditioned/heated, electrically prepared building/facility without equipment or communication links

27. Troubleshooting Strategies

Refresher on the OSI Layers
The Scribe Application Layer - Provides file, print, message services. - Protocols for service usage & advertisement. - Window for users & applications to access network services. - Provides data translation typically part of OS. - Converts inbound & outbound data from one format to another. - Also handles syntax, compression & encryption. - Establishes communication sessions between network devices. - Handles dialog control & coordinates sessions and connections, i.e., decides whether duplex, half-duplex, etc. - Ensures data deliverability & reliability & priority. - Maintains data integrity. - Makes sure that packets are ordered & that there is no loss/duplication. - Responsible for routing & forwarding data packets. - Controls packet on basis of network state, priority, & quality of service, etc. - Provides error-free transmission of data frames. - Sends frames from network to physical layer. - Converts raw bits into frames & vice-versa. - Packages & transmits bits on the physical media. *Includes encoding & functions at the mechanical and electrical level.

The Royal Translator The Broker OSI LAYERS

Presentation

Session

The Middle Manager The Map Maker The Royal Horsemen The Kings Road

Transport

Network Data link

Physical

Troubleshooting Strategies - Define the Problem o Know your network Make a plan Know your network - Document the infrastructure! Create a baseline of activity (i.e., get to know regular activity so you can identify anomalies when they happen) o Problems typically become known via user input or software alerts o Some companies have total network management systems o Develop a quick concise problem statement, based on problem type: Configuration, i.e. change software settings, services, etc. Break-Fix, i.e. bad media/interface, PSU bad, OS, malware, etc. o Focus thought on obvious possible causes DONT PANIC!! o Fully document the symptoms -

1. DEFINE THE PROBLEM 2. GATHER DATA 3. ISOLATE THE PROBLEM 4. FORMULATE A PLAN OF ACTION 5. IMPLEMENT A SOLUTION 6. OBSERVE THE RESULTS
IS THE PROBLEM SOLVED?

Gathering Data & Collecting Information o Question the users: When did it first occur, how often? What are the effects? Is it reproducible, i.e., is it a consistent problem? Have there been any recent changes? Hardware, software, settings, server updates, etc. o Collect data from all sources if available Ask coworkers, check existing documentation on previous problems Network management services Logs, analyzer traces: system logs, event viewer Show & debug commands Troubleshooting tools

7. DOCUMENT THE FACTS

YES

NO

REPEAT THE PROCESS

Isolate the Problem o Divide & Conquer! based on modular network design, i.e. end user access, server module, WAN module, VPN module, etc. o Know your network and its isolation boundaries o Focus on relevant things: prioritize your fires!! o Eliminate unnecessary information o Rule out causes one at a time via a regular, logical process of elimination

Formulate a Plan of Action o Attack the most probable, obvious cause first o Be ready to change only ONE variable at a time o Document the steps for recovery purposes (so you can undo whatever you just did & try something else) o Know when to say when cry uncle if necessary o Bring in expert consultants if necessary Implement A Solution o Apply your configuration change or your break-fixBe sure to document your implementation!!!! Observe The Results o Questions to ask yourself: Did you follow logical repeatable steps? Did you make the problem worse or cause other trouble? Did you have minimal impact on users? Did your actions cause security vulnerability? Have back-up configurations, data backup, redundancy, etc. Successful? YES then document the facts! Successful? NO repeat the process o Go back to Step 4 & formulate another plan of action Dont assume that you isolated the wrong problem, try another solution or tool first o If make several attempts & still not having success, then go back to Step 2 gather more data Additional resources for troubleshooting o FREE Internetwork Troubleshooting Handbook from Cisco www.cisco.com/univercd/cc/td/doc/cisintwk/itg_v1/

28. Troubleshooting Utilities

PING Examples: Ping 192.0.0.1 Ping myserver1 o PING = Packet INternet Groper; Works like sonar o Unix tool to test network connectivity & to verify a host exists o Linux: |usr|sbin|ping ping 192.168.100.1 o Windows: Command PromptC:\ > Ping /? (lists out available switches) o NOTE: if RTT are in triple digits, have congested network try TRACERT to figure out where the bottleneck is o NOTE: if request timed out, try TRACERT to determine where the signal is getting dropped PING Process: o ICMP type 9 echo request packet will be sent do the address being pinged o Then ARP kicks in & requests the destination hardware address from the pinged address o ARP server replies & says my MAC address is o ICMP packet is cached on local machine making the ping request o ICMP echo request is sent to the destination machine o Pinged machine responds back PING Logic o Start with loopback address: 127.0.0.1 if fail, something wrong with TCP/IP configuration o Next, ping own IP address, i.e. 192.168.0.12 if successful, have proper IP address bound to network interface card; if fail, either have wrong IP address OR have APIPA address o Then try pinging a neighbor, i.e. 192.168.0.15 if fail, something wrong with neighbors physical connection media, switch, neighbors configuration, may be using VLAN o Next try pinging local gateway or router, i.e. 192.168.0.1 if success, then you can ping beyond LAN o Then try DNS server or ISP provider, i.e. 68.2.208.45, etc. o Purpose is to discovery the routing path to remote host, OR figure out where congestion/packet dropping is occurring o Uses TTL (Time To Live) values & ICMP Type 11 packets o Traces route of a packet from router to router until reaches destination o Unix/Linus uses UDP Port 33434 o Utility can also use ICMP Echo Request Type 8 (ie., Windows TRACERT) o NOTE: Some firewalls block UDP probes but allow ICMP echo requests, so best used locally on LAN o Windows: Command PromptC:\> tracert 68.1.17.9goes up to 30 hops & shows in between routers & RTTs for each of three packets sent, shows trace complete message when gets to address entered o Helpful to find out where packets are dropped if try to PING an address i.e., shows which router blocks pings o CTRL+C = stop the tracert HOW TRACERT WORKS: o Local host sends three datagrams, with header info containing TTL of 1 sent to very first router & will time out, sending back ICMP Time Exceeded message; get some RTT info from the first step o Next, TTL of 2 & goes to 2nd router; then TTL of 3 to 3rd router; and so on o Used to troubleshoot MAC address o Can view & modify arp table entries on local computer; also shows IP addresses to MAC addresses o arp-a Shows ARP cache entries o arp-a flushes the ARP cache o arp-s manually adds entries o arp na (Linux) shows neighbor address o Network Statistics o Lists active inbound & outbound TCP/IP connections; can be used to see if an intruder is connected to you via a TCP or UDP port o Available on Unix/Linux/Windows o Data Includes: local/remote IP addresses; ports being used; TCP status codes o netstat a (-a is for ALL): lists out active connections by protocol; TCP then UDP o netstat r : shows all TCP/IP connections PLUS the local routing table o Helpful in Windows NT environment, not useful on Windows 2000 & beyond o Shows NetBIOS over TCP/IP statistics o Helpful in WINS environments o Displays NetBIOS name table with list of NetBIOS applications & other info o View & modify NetBIOS name cache & get MAC address of any Windows computer o NBSTAT a xxx.xxx.xxx.xxx: show NetBIOS name table of a remote computer o NBSTAT c: shows contents of NetBIOS name cache o NBSTAT n: shows NetBIOS name table of local computer o Monitors and controls network connections; shows TCP/IP configuration info on Windows NT+ computer o IPCONFIG = NT/2000/2003/XP; IFCONFIG = Unix/Linux; WINIPCFG = GUI tool equivalent, Win98 & ME o /all = see all IPCONFIG info o /release = release DHCP server lease; /renew = renew DHCP server lease o ifconfig a = linux/unix version of ipconfig /all o Graphical version, available in Windows 9x o Name Server Lookup, look up IP address of host o Basic test of domain name servicein Windows: C:\> nslookup www.cbtnuggets.com...shows IP address o Flawed tool at best, not used very much.replaced by: o NETDIG from http://mvptools.com for better results

TRACERT/ TRACEROUTE Examples: tracert 68.0.0.1 tracert mysrvr1

ARP Examples: arp a arp g NETSTAT Examples: netstat -a

NBSTAT Examples: nbstat a srvr01 nbstat a x.x.x.x

IPCONFIG/ IFCONFIG

WINIPCFG NSLOOKUP

29. Physical Network Troubleshooting

Identifying Physical Problems o ALWAYS check the physical first very early in the troubleshooting process o An ounce of prevention = a pound of cure! I.e., test each cable connection, wall jack, etc. WHEN INSTALLED!! o Eliminate the possibilities divide & conquer (figure out what zones are accessible & go from there) o Common media problems: keep away from things that cause electrical interference &/or interfering wireless signals KEY suggestion get yourself a cable tester Most indicators have indicators such as open, short, intermittent, high resistance Open = cable disconnected or missing between 2 end points Check physical connections fully inserted? Ends look ok/healthy? Dongle ok? Behind wallplate look ok? Server closet ok? If get Open, Intermittent Open, or High Resistance, common causes are: Wire insulation is caught in crimp termination due to poor crimping technique Loose crimps: including those caused by missing strands of wire Deformed/damaged/worn contacts either from bad crimping or just over time Contacts arent fully mating because connector isnt housed properly Cable/connector mismatch All strands broken can be result of excessive crimp force Insulation fails to properly separate points that you dont want connected o Remember your topology! (Adjust according to token ring, Ethernet, FDDI, etc.) Check connectivity to workstation & the intermediary device (hubs, concentrators) Cable Testers o Indicate wiring faults: Open/broken wires; wire shorts; crossed/reversed pairs o Support twisted pair, coax, fiber o Advanced testers can do Layers 1-4 of OSI (although $$$$$$$$$$$) o Indicates where fault is (measured in meters or feet) Qualification tester o Tests network speed o Also locates trouble spots o Main goal is to determine if cabling supports network load?? o Especially important with multimedia, VOIP, streaming Tone Generator o Fox & Hound trace from cable end-to-end over ceilings & ducts o Great for large cable bundles to locate cables & isolate cables o Validates initial twisted pair installation o Can diagnose & troubleshoot Interpreting LED Indicators, some examples o Check LED indicator on NIC, switch port, router port ON: usually green; have active connection between NIC & hub/switch/intermediary device OFF: no connection between NIC & hub (check cable, hub & ports, NIC, drivers for NIC) FLASHING: reversed cable polarity (replace cable) o Switch LEDs at ports: 100Mbps LED: usually GREEN; if OFF, operating at 10Mbpsif ON, then FastEthernet ACT(ivity) LED: usually YELLOW; if ON (or flashing) then ok; if OFF, problem with cable or port or device Link LED: usually GREEN; ON, then have a link to device; if OFF, then no connection between port & end device o Modem LEDs: ISDN modem module, external dial up modem, external DSL/Cable modem Power: obvious Cable/DSL/service: if flashing or dark, no stable connectivity Ethernet: if Ethernet connection is detected, i.e., router or direct connection to PC Activity o VPN Concentrators & other high-end devices: System: indicates OS is up & running Ethernet Link Status: shows which links are up & running Expansion modules: insertion status & run status Fan Status Power supplies Performance LEDs: CPU utilization, active sessions, throughputs

30. Troubleshooting in Client/Server Environments

Questions to ask customers/users o Is this a new system? Has it ever worked properly? o Has anything changed since it was last working? New hardware, software, settings? o May I sit in the drivers seat & take a look for myself? Troubleshooting Scenario 1: VP of customer service says his workstation cant connect to network, network resources/services o Check physical connections first o Test TCP/IP connectivity Ping loopback address: ping localhost (or ping 127.0.0.1) Ping local IP address(es) for NIC(s): ping 172.16.3.3 OR - Ipconfig /all & skip steps 1 & 2check IP addresses, subnet mask, gateway, DNS Ping local gateway: ping 172.16.3.10 If request timed out, do IPCONFIG /ALL & check configuration If do IPCONFIG /ALL & see adapter being recognized & not using DHCP & have 0.0.0.0 for IP address and gateway, you probably have an IP address overlap, might have duplicate IP address or someones running rogue DHCP! If see 169.254.x.x. address = APIPA (automatic private IP addressing) address self-assigned when no DHCP server found Ping local server: ping 172.16.3.1 Ping local neighbor: ping 172.16.3.4 o Check TCP/IP settings: Start | My Network Places | Right Click | Properties | right click Local Area Connection | Properties | Click on Internet Protocol (TCP/IP) | Properties If Obtain an IP address automatically is selected & no DHCP is available, will get an APIPA address If Use the following IP address is selected NOTE: if assigning static IP, select addresses outside of range used by DHCP (generally 100-199) Can obtain DNS server address automatically OR select Use the following DNS server addresses Click on ALTERNATE CONFIGURATION tab for further choicesnot available on all connections o IF configuring LAN connections TCP/IP connectivity & see error: The static IP address that was just configured is already in use on the network. Please reconfigure a different IP address Often happens on a network with both DHCP & static/manual o Try renewing IP address ipconfig /release & ipconfig /renew & ipconfig /all to check all is well o Check other settings: Start | My Network Places | Right Click | Properties | right click Local Area Connection | Properties | Make sure you have a client listed, i.e. Client for Microsoft Networks File & Printer Sharing for Microsoft Networks: usually turned off in corp. environments for security & to encourage network storage Internet Protocol (TCP/IP) | Properties | Advanced | Options | TCP/IP filteringclick on Properties | Enable/disable TCP/IP filtering (all adapters) Permit all / Permit Only TCP Ports UDP Ports IP Ports o Check for third party applications that may be causing the problem, i.e. Firewall or AntiVirus Suite that may be blocking ports/protocols o Check Name Resolution mechanisms: Hosts file still used on Linux/Unix systems; exists by default by Microsoft TCP/IP to integrate with Unix/Linux systems & uses NetBIOS over TCP/IP (NetBT) to support NetBIOS method of name resolution for pre-Win2K LMHOSTS file found in C:\Windows\system32\drivers\etc\ (also find hosts file here); # indicates remarks WINS: used in routed networks; primary service used for NetBIOS name resolution; uses LMHOSTS file; being used alone or in conjunction with DNS server? If using WINS, check LMHOSTS file, hosts file, check TCP/IP configuration & check on WINS tab in advanced settings Can use & check DHCP from the server side: Programs | Administrative Tools | DHCP manager tool | DHCP | ServerName | - pane at right shows contents of DHCP Server & Status (i.e., Active) & Description DHCP | ServerName | - right click on ServerName & can stop/start/pause/restart service DHCP | ServerName| Scope | Address Pool shows Start IP address & End IP Address & Description DHCP | ServerName| Scope | Scope Options right click & select Configure Options, to set router/dns/wins/etc. DHCP | ServerName| Server Options | Check on WINS Server on server side: Start | Programs | Administrative Tools | WINS DNS: Domain Name Services; check configuration on server Start | Programs | Administrative Tools | DNS DNS | DNSSrvrName | Forward Lookup Zones | - right pane shows Name, Type (i.e. Active Directory-integrated) & Status DNS | DNSSrvrName | Forward Lookup Zones | . | com | zone name are there records there for all objects that need to have fully qualified domain names resolved to IP addresses??? NOTE: if can ping by host name, then do NOT have DNS problem; if unable to ping, check DNS database/configuration Dynamic DNS Check IIS if more than one computer is having issues Start | Programs | Administrative Tools | Internet Information Services Also check Routing & Remote Access, Internet Authentication Services