Skrpune's Network+ Notes

Skrpune’s Network+ Notes Based on the CBT Nuggets Network+ Video Series Author: Skrpune, ProProfs.com

Table of Contents 1. Network Topologies Part 1 ...... 2 2. Network Topologies Part 2 ...... 3 3. Media Connectors & Cabling ...... 5 4. Network Devices & Components Part 1 ...... 7 5. Network Devices & Components Part 2 ...... 8 6. OSI Model ...... 10 7. Media Access Control ...... 11 8. IP Addressing ...... 12 9. Network Layer Protocols ...... 13 10. TCP/IP Suite of Protocols & Services ...... 15 11. TCP/UDP Protocols & Services ...... 17 12. Additional Network Protocols & Services ...... 18 13. WAN Technologies ...... 20 14. Wireless Technologies ...... 22 15. Internet Access Technologies ...... 23 16. Remote Access Protocols & Services ...... 24 17. Server Remote Connectivity & Configuration ...... 25 18. Security Protocols ...... 26 19. Authentication Protocols ...... 28 20. Network Operating Systems ...... 30 21. Client Workstation Connectivity ...... 31 22. Firewalls & Proxy Services ...... 33 23. VLANs ...... 35 24. Intranets & Extranets ...... 36 25. Anti-Virus Protection...... 37 26. Fault Tolerance & Disaster Recovery ...... 38 27. Troubleshooting Strategies ...... 40 28. Troubleshooting Utilities ...... 42 29. Physical Network Troubleshooting ...... 43 30. Troubleshooting in Client/Server Environments ...... 44 1. Network Topologies – Part I Physical & Logical Topologies - Bus Topology – need terminator on each end of backbone o Physical Bus – physical arrangement in a series, not used much anymore o Logical Bus – i.e., hub in a physical star acting as the logical bus

HUB

PHYSICAL BUS LOGICAL BUS STAR TOPOLOGY

- Star Topology o Physical Star – hub or switch at the center of the star o Logical Star – i.e., switch o Used in LAN / WAN

Shared Ethernet bus if hub RING TOPOLOGY Switch does dynamic bridge • Maximize bandwidth via transparent braiding - Ring Topology o Physical Ring – physical closed loop o FDDI = both physical & logical ring o Token Ring = physical star, but logically a ring to pass token from node to node BUT each node must be attached to a hub/concentrator or a MSAU / MAU (multistation access unit) - MeshTopology o AKA, Frame Relay, ATM o Partial Mesh = used where need most redundancy or bandwidth ISP

IEEE 802.2 / LLC - LLC = Logic Link Control MESH TOPOLOGY PARTIAL MESH o Maps to Data Link Layer 2 of OSI Model - What does LLC do?? OSI LAYERS o Manages data link connections, works with physical medium 7 APPLICATION o Addressing – reads MAC addresses 6 PRESENTATION o SAP’s – service access points o 5 SESSION Performs sequencing of data packets as they are moved around network 4 TRANSPORT o In a nutshell…provides basic networking between devices 3 NETWORK 2 DATA LINK 1 PHYSICAL IEEE 802.3 / ETHERNET (CSMA/CD) - Dominant LAN Technology = ~85%!!! - CSMA/CD = Carrier Sense Multiple Access/Collision Detection o FIRST, before sending, polls the channel to see if another node is transmitting o If not carrier is senses, then it transmits o If have a collision (i.e., 2 signals at once), will retry to send after a wait period o Puts limits to number of machines that can access network before collision increase & network gets too crowded - Collision Domain – logical network segment where data packets can collide with each other o NOTE: Switches create smaller collision domains than hubs & reduce congestion - 10BaseT / 10Mbps Ethernet developed by DEC + Intel + Xerox - Ethernet Types / Speeds (Using CSMA/CD) Half-Duplex Switching – cannot send & receive at same time 10 Mbps 10BaseT o I.e., walkie-talkie 100 Mbps Fast Ethernet - Full-Duplexed Switching – can send & receive; two-way transmission 1000 Mbps / 1 Gbps Gigabit Ethernet o I.e., telephone 10000 Mbps / 10 Gbps 10 Gigabit Ethernet - Advantages of using Ethernet o Easy to manage, maintain, implement o Flexible o Widely supported - Terminology / Components o DTE = Data Terminal Equipment – source or destination of data (laptop, PC, Server, Printer) o DCE = Data Communication Equipment – receive & forward frames on LAN network or to other LAN’s (Switch, Hub, Router, Modem) 2. Network Topologies – Part II CSMA/CA - CSMA/CA = Carrier Sense Multiple Access/Collision Avoidance o Node signals its intent to transmit – prevents other devices from sending, hence avoiding collision! o Used in Apple Talk / Local Talk o CA – algorithm by which channel time on ring is reserved to avoid collision Use RTS – Request To Send (“jam signal” of sorts) – wait to receive OK MSAU If another node tries to send a frame & sees a jam signal, will stop & retry later o CSMA/CA is principle median access method for 802.11 & WLAN’s too Need collision avoidance on 802.11 & WLAN’s because wireless uses half duplex radio signals 802.5 / TOKEN RING - Uses CSMA/CA - Created by IBM, still their main LAN technology - 802.5 – IEEE Standard, modeled after IBM’s token ring - Uses Physical Star, Logical Ring MSAU o All nodes attached to MSAU – MultiStation Access Unit) o MSAU performs the token passing inside the device - Speeds of 4.16 Mbps & 16 Mbps - Baseband transmission – uses full transmission range for one signal (as opposed to Broadband/DSL/Cable) o Other Baseband Transmissions HSTR (High Speed Token Ring - 100 Mbps, 16 Mbps, 4 Mbps); 802.5t, 802.5u, 802.5v, etc. - Token Passing Access Method - o Move a small frame (00110110), broken up by fields, etc. o If node gets a token & had no data to send, just sends the token along to next device on logical ring o If node has data to send, i.e. to printer, will grab the frame & alter a 0 or 1 & will append the info it wants to transmit (adds its own stuff) ***While the data frame circles the ring, no token can be on the network, unless using Early Token Release Early Token Release – allows release while a frame transmission is being finished, i.e., put in qeue so can grab the token ASAP Used in never implementations Unless ETR being used, all nodes have to wait – delays the sending but NO COLLISIONS! o Frame circles ring until reaches destination OR until gets dropped by original sending station - Token Rings are Deterministic o Deterministic = possible to calculate max. time passed before any station is capable of transmitting because knows size/factors/etc. to complete current task o Great for applications, where you need to know the extend of network delay o Uses complex priority mechanism – can assign higher priority for servers, etc. Priority field & Reservation field (can use to shield from lower priority users…) FDDI: Fiber Distributed Data Interface Primary Ring - FDDI Characteristics/Terminology: o 100 Mbps; Fiber Optic (MAN, WAN) o Baseband ; physical ring of trees; logical ring o Dual Ring ; traffic on each ring is counter-rotating Secondary Ring Primary – usually default for signal use Secondary – backup If one ring fails, the other doubles back onto itself & converts into one/single

(token) ring; if there is a failure in the remaining ring, it breaks down into WAN independent rings o ANSI – American National Standards Institute o Great for distributed application model o Often used for backbone o CDDI also in use now too – Copper Distributed Data Interface o 100 Mbps, using twisted pair copper o SAS – Single Attachment/Attached Station (i.e., regular PC/laptops, etc.) Connected to only to one / Primary ring via concentrator (can’t directly attach to ring) o DAS – Dual Attachment/Attached Station (i.e., server, devices w/2 network attachments) Connected to both rings o SAC – Single Attachment/Attached Concentrator Connected only to Primary ring (through a tree) o DAC – Dual Attachment/Attached Concentrator Connects to both Primary & Secondary rings : HIGHLY fault tolerant Provides connection for additional stations & concentrators; Is the root of a tree - FDDI Fault Tolerance Methods = Dual Rings & Dual Homing (can made a server/device into a DAS for more fault tolerance) - TRT: Token Rotation Time – amount of time it takes token to travel around network - THT : Token Holding time – amount of time a station can hold the token

NOTE: Can use two (2) D AC’s for redundancy

DAC DAC DAS DAC

Application & File Servers SAS SAS

Routers, Switches, Multi-Layer Switches

3. Media Connectors & Cabling

10BaseT 802.3 LANs 10Mbps Baseband – one Ethernet signal using full Twisted Pair 330’ / 100m max bandwidth (no multiplexing) (UTP & TP) segment length 10Base-FL 802.3 10Mbps Link between concentrator & end user station Fiber Optic (workstation/server or router/switch)

STANDARDS 100BaseT 802.3u 100Mbps Fast Ethernet Twisted Pair OR

Based on CSMA/CD Fiber Optic 100BaseT Cabling Schemes: 100BaseTX Predominant Twisted Pair

CABLE 2 pair high quality TP (Cat5 UTP/STP) 100BaseT4 4 pair regular quality TP wires Twisted Pair 100BaseFX 2 MMF fiber optic cables Fiber Optic 1000Base-CX Gigabit 1000Mbps 2 pair 150 STP Twisted Pair Ethernet (1Gbps) (STP) 1000Base-SX 1000Mbps 2 MMF – short wave laser Fiber Optic (1Gbps) (MMF) 1000Base-LX 1000Mbps 2MMF/SMF – long wave laser Fiber Optic (1Gbps) (MMF & SMF) 10GBase-SR 802.3ae 10Gbps 33-300 m length 10GBase-LR 10Gbps Backbone, MAN, etc. Fiber Optic Up to 10km max cable length 10GBase-ER 10Gbps MAN, etc. Fiber Optic Up to 40km max cable length

UTP STP - Twisted pair cabling with no additional shielding - 150 Ohm IBM cabling system for Token Ring - Usually includes 4 pairs of wires in a common sheath - Twisted pairs wrapped individually in a foil shield & w/outer braided wires - Typicall 100 Ohm Category 3, 4, 5, 5e, 6 (&7) cables from (further reduces crosstalk & EMI) TIA/EIA 568-A standard - Originally IBM cable types 1, 2, 6, 8, 9 – supported token ring up to 16 Mhz - 10Base T; 100BaseTX; 100BaseT2 = 2 wire pairs - Can be used in Ethernet: 10BaseT, 100BaseTX, 100BaseT-2 using special - 100BaseT4; 1000BaseT = 4 wire pairs impedence matching transformers - Better performance BUT a lot of effort: monitoring, maintenance, $$$$$ - Newer types = STP-A: 1A, 2A, 6A, 9A – support FDDI up to 100Mhz - Type 1 is heavy black cable associated with IBM cabling system Characteristics of BOTH : - Between 1-3 twists per inch - Two insulated copper wires twisted together = 1 pair

RJ -11 RJ -45 F-Type ST SC MTRJ FiberLC -Registered Jack 11 -Ethernet LAN’s -Coax -Fiber Optic -Fiber Optic -Fiber Optic -Fiber Optic -Global standard -Cat5, Cat5e, Cat6 -Straight Tip (can -Square tip -Connects MMF & -4 copper wires -Wider than RJ-11 twist on/off) SMF -Phone/fax/modem -Up to 8 wires -Usu. used for MMF -Cat3 -Typically w/UTP - Local, LAN -Historically used for LAN -Telephony, Token Ring, connections CONNECTORS ISDN, 10BaseT, 100BaseT4

UTP Cat3 100Mbps (16Mhz) Voice/Data transmission ISDN 4 UTP T1 / 1.54 Mbps RJ-11 1-BaseT; 100BaseT4 Token Ring 4Mbps POTS (plain old telephone system) Cat5 100Mbps max Patch cables at PC, workstation, etc 10BaseT (100Mhz) High grade Type 1 cable 100BaseT4 1994-replaced with 5e 100BaseTX 4 UTP; 100m max distance; RJ-45 FDDI, ATM Cat5e 1Gbps / 1000Mbps Gigabit ethernet BUT also backwards compatible 1000BaseT (350Mhz) RJ-45 155Mbps ATM Cat6 Better performance; Higher signal/noise ratio 10BaseT Overall better reliability Fast Ethernet For future enhancement in data rate & application usage Gigabit Ethernet RJ-45 STP Shielding reduces EMI & crosstalk 10BaseT 100BaseTX Use IDC/UDC connectors, also RJ-45 100BaseT-2 FDDI COAX RG8 10Mbps ThickNet 10Base5 No hub needed AUI connector & VampTap Economical; good shielding; not too flexible RG58 10Mbps ThinNet 10Base2 No hub needed BNC connector Economical; good shielding; not too flexible FIBER SMF 2.5 Gbps Single Mode Fiber Connectors: OPTIC Only transmit light in one fundamental mode/path ST (straight tip) & SC (square) Very small core diameter MTRJ Transmits over longer distance than MMF FiberLC (usu. MMF; local/LAN Supports very high bandwidth connections) MMF 2.5 Gbps Multi Mode Fiber Connectors: Light travels in multiple modes/paths within the wire ST (straight tip) & SC (square) Larger center core / thicker than SMF MTRJ Used for relatively short distance, i.e., LAN’s & Campus FiberLC (usu. MMF; local/LAN networking connections) OTHERS: IEEE 1394/ Firewire Used for data transfer from peripherals to PC USB – Universal Serial Bus Connects peripheral devices for high speed data transfer; also used for USB NIC’s Cable Type Common Name Physical Layer Speed Max Length Links & Notes Name (M) Segments COAXIAL RG -6 Satellite TV N/A … N/A … Satellite TV RG -8 (AUI) Thicknet 10Base5 10 Mbps 50 (drop) 100/segment Thicker wire; used 500 (backbone) in some networks RG -58 (BNC) Thinnet 10Base2 10 Mbps 185 30/segment Small bus topology RG -59 Cable TV N/A … N/A … … UTP CAT3 UTP Fast Ethernet 10 Base -T 10/100 Mbps 100 1 per link/drop Phone/data; (Unshielded 3-4 TPF Twisted Pair) CAT4 UTP Fast Ethernet 10 Base -T 16 Mbps 100 1 per link/drop 5-6 TPF - general UTP CAT5 Fast Ethernet 10 Base -T 10/100 Mbps 100 1 per link/drop( -T) 3-4 TPI & STP note: 100 Base-T4 cancels out 100 Base-TX interference CAT5e Gigabit Ethernet 10 Base -T 10/100/1000 100 … More reliable by twisting the 100 Base-T4 Mbps IGBPS network wires. The # 100 Base-TX after “CAT” is 1000 Base-T code for how CAT6 Gigabit Ethernet 10 Base -T 10/100/1000 100 … …. many twists 100 Base-T4 Mbps per foot. 100 Base-TX - RJ-45 1000 Base-T CAT 7 … … … … … Has 2 added wire pairs STP (Shielded Twisted Pair) … … … … … Need for Star -Token (IDC/UDC) Network FIBER SMF … 10 -Base -F 2.5 Gbps 2000 1 per link/drop … (ST/SC) Single-Mode MMF … 10 B ase -F 2.5 Gbps 2000 1 per link/drop …. Multi-Mode * TPF = twists per foot of cable * TPI = twists per inch of cable * All CAT cable can be used for Token Ring. * 10 Base-T, 100 Base-TX, 100 Base-T2 use 2 wire pairs * 100 Base-T4, 1000 Base-T use 4 wire pairs Connectors BNC RJ -45 AUI ST/SC IDC/UDC - Bayonet Naur - UTP/STP - Attachment Unit - ST (straight tip) - very expensive Connector - 8 total wires Inferface - SC (square one) - copper jacket & - connects to network - RJ-11 has 4 - 15 pin socket - Fiber wires/pairs wrapped card or T-connector connector - IBM-type/ Universal - Coax Data Connector - Twisted Pair Other connector bits… T-Connector Vamp Tap Terminator - intermediary connector - thicknet coax cable - stop s signal so no echo - Coax - pierces to contact copper core - can use with T-Connector

10BaseFL – Fiber Optic Coax (hash marks = shielding) Twisted Pair

4. Network Devices & Components – Part I

- Network Interfaces: o PCMCIA o PCI Card o NIC (Network Interface Card) NIC has circuitry & software to support encoding & decoding frames o Switches/Hubs o Logical Bus – i.e., hub in a physical star acting as the logical bus - NIC’s o Operate on OSI Layers 1 & 2 o Have circuitry & software to support encoding & decoding frames - Hubs & Repeaters o Layer ONE Devices o HUBS – usually used in smaller offices or in home networks Use logical bus topology in a physical star topology CSMA/CD is handled by the hub HUB On small/workgroup hubs, last port (uplink) allows link to other hubs o Types of Hubs Passive Hub – doesn’t amplify any electrical signals Active Hub – amplifies the signal Intelligent Hub – active hub plus some added features, i.e., stackable; software for SNMP, WAN, etc. o Repeater Amplifies the signal: reshapes wave forms & extends the LAN segments Usually used for office buildings, i.e., extending the LAN beyond usual length constraints to reach other floors, etc. Concentrator – multi-port repeater o NOTE : all notes/hosts connected via repeaters & hubs are all on the same: Network Collision Domain Broadcast Domain - Bridges – connects & subdivides LAN’s o Uses a process to learn about devices on the network to streamline future communications via a MAC address table: Host A sends packet, which is framed with data Frame has ID for node of origin and destination = MAC Address The packet is broadcast throughout the network Bridge forward traffic out to all nodes Bridge checks Host A’s MAC Address & adds it to its MAC table

BRIDGE A

- Switches = multi-port bridges o Switches optimize the collision domain (whereas routers optimize the broadcast domain) Use software & hardware to create full duplex non-collision domain to communicate uber-fast. o Multi-layer switch Operates as a Switch at Layer 2 Operates as a Router at Layer 3 o Examples of some commands at a Switch interface, i.e., like that of Cisco Catalyst 3550 Show version = display switch info Config terminal = allows for configuration of the terminal ? = lists available commands within the switch’s configuration interface SWITCH

5. Network Devices & Components – Part II Physical & Logical Topologies - Routers o Similar to bridges, but added functionality o Can be computer or system/device OR software ROUTER o Usually transfer data between networks using same protocols o Connects 2 networks – LANs, WAN, MAN, or LAN-to-ISP (via destination IP addressing) Looks at packets & then routes the packet… o Usage: Internet, small-big businesses, homes, … o Layer 3 of OSI Model o Create/maintain table of available routs so can forward the packets most efficiently Best routes change due to traffic, down routers, etc. NOTE: can enter C:\> route print to see route table o Can use command line interface OR protocols (RIP, OSPF, BGP) to onfigure & dynamically get/set info RIP = Routing Information Profocol; RIP v.2 = latest OSPF = Open Shortest Path First BGP = Border Gateway Protocol All Protocols use different set of calculations/algorithms to choose best route via criteria/metrics/parameters o To access command line interface for router: Via Console port Telnet in Secure Shell to get terminal emulation NOTE: can usu. access router/switch/hub/firewall/VPN concentrator via web-based interface BUT uses HTTP (not secure) o Sample of command line interface / administration interface for a router: (UNIX, LINUX based) CISCO3660# show version “CIOS” CISCO3660# config terminal CISCO3660# ? shows all available commands

- Gateways o Device/application that passes data between networks of similar function but maybe different medium or implementation I.e., wireless to local LAN or ISP o Functions at all different OSI Model layers BUT a router can be considered a Layer 3 Gateway, where a mail gateway (i.e., server) is a Layer 7/Application Gateway (i.e., between email systems) o A Gateway can: Use protocol translators Do impedence matching Do rate conversions Fault isolation Signal translation …all in order to provide communication/interoperability between disparate systems (AOL & Prodigy are gateways of sorts)

- Transceiver (AKA, Media Converter or Media Adapter) o Transmits AND Receives – Full Duplex device o Usually used on routers for different cable connections: AUIDV15 = older AUI RJ45 = newer GBIC = Gigabit interface converter • Converts light stream of fiber optic cable into the electronic signals used on NIC • Allows one (1) GB port to support full range of media, from copper to 100km SMF

- ISDN Adapters – CSU / DSU o ISDN = Integrated Services Digital Network o Digital method of moving voice/data; older tech.; newer have adapter built into Cisco card in the Switch; If using phone/older need adapter

- Modems o Mo dulator – Dem odulator: Use dialup through an ISP Modulate outgoing from digital to analog to travel on POTS Demodulates incoming from analog to digital for PC o Internal: 14.4Kbps (16,000Bps) – 56 Kbps o External: 128Kbps – 256 Kbps or higher…

- Firewall o Firewall – hardware device/software application that functions in a network environment to prevent some communications that are explicitly forbidden by a corporate security policy o Goals/Characteristics: Can be Hardware or Software running on a Server or Both Prevents spread, provides security & controls traffic between different types of security zones Will have varying levels of “trust” to control connectivity & packet flow between the different zones Goal is to prevent hackers & unauthorized people from accessing your private network Firewall examines all packets/messages inbound & outbound from the network o Physical Firewall One interface connected to internal organization – has to be the MOST secure interface One interface to the Public May have more going to other security zones (like a Host or DMZ)

- VPN Concentrators o VPN Concentrator – used to create virtual private networks using a fleet of protocols to encrypt & decrypt traffic to terminated end points o Can also use software solutions running on servers or can be integrated into routers sitting at perimeter of your network I.e., Cisco allows you to have firewall & VPN capabilities & intrusion detection services too…all built into the OS of the Router or the Multi-Layer Switch device. o VPN Concentrator administration:Can use Unix-based command line interface (like with Routers & Gateways) OR via web interface Unix-based command line interface (like with Routers & Gateways) – some are in a menu system similar to FDISK or BIOS Via web interface – easier to work with web-based menu NOTE: if managing multiple hubs/routers/VPN Concentrators, use a third party management system, i.e., Computer Associates • Manage users, groups; tunnels; IPtunnels • SSL, secure shell, web VPN … • HTTP to access – some let you use HTTPS

6. OSI MODEL OSI = Open System Interconnection - Global networking framework standard - Control is passed through 7 layers, Most layers exist in all communication systems - Layers can be combined… i.e., Microsoft combines several top layers, i.e., app/presentation/session + transport + network + data-link/physical Application Layer - Provides file, print, message services. - Protocols for service usage & advertisement. - Window for users & applications to access network services. Presentation - Provides data translation – typically part of OS. - Converts inbound & outbound data from one format to another. - Also handles syntax, compression & encryption. Session - Establishes communication sessions between network devices. - Handles dialog control & coordinates sessions and connections, i.e., decides whether duplex, half-duplex, etc. Transport - Ensures data deliverability & reliability & priority. - Maintains data integrity. - Makes sure that packets are ordered & that there is no loss/duplication. OSI LAYERS Network - Responsible for routing & forwarding data packets. - Controls packet on basis of network state, priority, & quality of service, etc. Data link - Provides error-free transmission of data frames. - Sends frames from network to physical layer. - Converts raw bits into frames & vice-versa. Physical - Packages & transmits bits on the physical media. *Includes encoding & functions at the mechanical and electrical level.

7. MAC Addressing *Note: layers 2-4 are where most networking type folks do their work… Data Link / OSI Layer 2 o OSI Layer 2 = Data Link = TWO parts: LLC AND MAC , subdivided by IEEE into two layers - Reliable data transmission over various media (wireless, fiber, etc.) - Defines : o Physical addressing – separate from network address; physical address defines how physical network devices are addressed o Topology – how the network devices are physically connected, i.e., ring, star o Error notification – alert/send message to upper layer protocols (3 & 4 & up) that there’s been a transmission error o Frame sequencing – putting in proper order o Flow control – moderates data transmission rate so receiving network/device won’t get overwhelmed w/more data than can handle at any given time. - IEEE subdivided data link into the two layers… LLC & MAC - LLC = Logical Link Control o Manages communications between network devices on network over a single network link. o Supports both connectionless & connection-oriented upper-layer protocols o Defined by 802.3 fields in Layer 2 frames o Provides interface between MAC Sub-layer & Upper Layers - MAC Sub-Layer Management Functions : o To manage protocol access to underlying physical medium of the network o Controls node access to physical medium and is protocol-specific o Both MAC’s must support the same transmission rate to function…otherwise need intermediary device like router to provide translation o Encapsulates data into frames & starts frame transmission/recovery. - MAC Addressing (i.e., data link addressing) o Used to identify nodes/devices implementing IEEE MAC addresses on the data link layer o Must be unique for each LAN interface, i.e., NIC o 48-bit address, expressed as 12 hexadecimal digits, i.e.: 00-40-CA-47-C4-BF OR 0090.bf1f.e000 OR 0040.ca19.c776, etc. o To FIND MAC address, go to C: prompt & enter IPCONFIG /ALL – find the Ethernet NIC Physical address o BIA = burned in address, burned into ROM & then stored in RAM… o First 6 digits (24 bits) = OUI – organizationally unique identifier. o Last 6 digits (24 bits) = Vendor Assigned , i.e., serial number assigned by the vendor - Address Resolution Protocol (ARP) o Method used in TCP/IP suite to map IP addresses to physical addresses in order to forward data/frames o Sending workstation checks it’s MAC Address Table (in NETWORK B this case an ARP table) HUB ROUTER o If nothing there for the desired destination address, sends out a broadcast – hey, where are you?! o The desired destination hears the call, it compares it’s matching IP address to the message & responds with it’s MAC Address o IF going beyond your local network, forwards ARP request to its default gateway/next hop router (usually a Router or a multi-honed Server with 2 NICs) on same network. Gateway/Router forwards packets until gets to right network with router that has the MAC address of destination…if not, will send out it’s own broadcast to find the MAC address on it’s local network. - Basic Ethernet Frame Format o When datagrams come down OSI stack to Network (Layer 3), IP header is wrapped around that datagram & it becomes a packet … o That packet gets passed down to Data Link Layer 2 & that information becomes encapsulated & becomes a frame - MTU = Maximum Transmission Unit = for Ethernet frame it is 1500 bytes

- PRE = Preamble ; notifies receiving nodes that a fr ame is coming down the Transmission order: left-to-right, bit serial pipe; to synchronize reception of those frames on physical media on the incoming bit stream of the receiving device FCS error detection coverage - SFD = Start of Frame Delimiter (also SOF ); ends w/ two consecutive ON (1) bits to signify that next bit = left-most bit in the left-most byte of the destination address (i.e., hark!, destination address is next!) FCS generation span - DA = Destination Address ; 6 bytes / 48 bits in hex format = MAC address - SA = Source Address ; 6 bytes / 48 bits NOTE : SA & DA will change as moves thru network, but data will contain info Length/Type PRE SFD DA SA Data Pad FCS about orig. IP addresses of the original SA & DA - Length/Type = # of MAC client data bytes in data field OR frame type ID 7 1 6 6 4 46-1500 4 - Data = the actual data, of course! (Field length in bytes) - Pad - FSC = Frame Check Sequence ; 4 bytes; contains CRC (cyclical redundancy check – created by sending a MAC frame & seeing if it’s still the same after sending…if see problems, then can have the frame resent) 8. IP Addressing - IP Address = field in the IP header that’s added to data as it’s moved around the network o Each field fits 32 bits – source address & destination address o Four octets of 8 bits: 128 64 32 16 8 4 2 1 128 position = high order bit 1 position = low order bit o Each position is 2 to the nth power: 7 6 5 4 3 2 1 0 o Add all numbers of octet = 255 BUT have 256 values (0-255) - Binary conversion to Base 10/Decimal: o Add up the position/bits where there is a value of 1, i.e. 11000000 = 128 + 64 = 192 1010100 = 128 + 32 + 8 = 168 01100101 = 64 + 32 + 4 + 1= 101 00101101 = 32 + 8 + 4 + 5 = 45 SO 11000000.1010100.01100101.00101101 = 192.168.101.45 - NOTE: each IP address is two parts: o Network o The Location on the network - Subnet Mask o Non-zero (1 = ON) bits tell us what parts are reserved for the Network address o Zero’s (0 = OFF) bits tell us what parts are reserved for the host address - Class A o First octet represents the networks; remaining three octets (24 bits) are for the hosts (2 24 hosts!) o 255.0.0.0 = Subnet Mask Address 1st Octet Octets for Number of Hosts per - Class B Class Range Network Networks Network o Two octets for hosts = 16 bits for hosts A 1-127 1 126 16,777,214 o 255.255.0.0 = Subnet Mask B 128-191 2 16,384 65,534 - Class C C 192-223 3 2,097,152 254 o First three octets for network = 24 bits for network D 224-239 - - - o ONLY last octet for hosts = 8 bits E 240-247 - - - o 255.255.255.0 = Subnet Mask NOTE: 127.0.0.1 used as loopback address for testing… - NOTE : do not count: o XX.XX.XX. 0 – this is the network address (on a Class C) D used for multicasting o XX.XX.XX. 255 – this is the BROADCAST address E used for experimental purposes o SO your possible number of hosts ALWAYS excludes these two addresses/values per network - Private/Reserved Address Ranges o NOT recognized on the internet, info will be dropped PRIVATE/RESERVED ADDRESSES (by class) o Used commonly for examples or testing or training o RFC (request for comment) 1918 = doc’s used for reserved address standards A 10.0.0.0 to 10.255.255.255 o Corporations use reserved addresses internally via NAT ( Network Address B 172.16.0.0 to 17.31.255.255 Translation) to extend the number of addresses available via IPv4 – SO many companies can use the same network addresses behind their firewall, as long as C 192.168.0.0 to 192.168.255.255 have a PUBLIC IP address on the Firewall/on the other side… - Subnetworks & Subnetting o Create smaller broadcast domains within one large broadcast domain o Adjust Subnet Mask by partitioning bits between subnetworks & hosts, i.e.: -Class C usually 255.255.255.0 BUT if change to 255.255.255.192 THEN: first 2 bits of last octets are used for subnetworks & can use last 6bits for hosts - CIDR = Classless Inter-Domain Routing o Assumes entire 32-bit address for usage…no more classes! Put a forward slash (/) at end followed by # bits being used for the network o 192.168.101.45/24 o Number of available hosts = 2^n – 2, where N is the number of bits being used for the host - Main three ways to dole out IP addresses & subnet masks o Static – directly assign by hand using software/GUI o Dynamic – use DHCP to assign IP addresses automatically within a certain scope of addresses o APIPA (RFC 3330) – Automatic Private IP Addressing – assigns a temporary IP address in the range 169.254.0.1 – 169.254.255.254 (NOT publicly usable – but some PCs/programs need an address to function in a Peer to Peer network & get your DHCP going) - IP Version 6 (IPNG or IPv6) o Expands address space, security & quality of service over IPV4 – more fields, space, bits o Governed by Internet Task Force (IETF) o Address space is 128 bits expressed in hexadecimal o ~340 UNDECILLION (?!) addresses total; IPV4 ~ 4 billion total o EXAMPLE: 3ff3:0501:0008:0000:0260:97ff:fe40:efab (For more info see http://www.pcsupportadvisor.com/nasample/c0655.pdf ) 9. Network Layer Protocols - Network Layer 3 Protocols (other than TCP/IP): o AppleTalk o NetBEUI o IPX/SPX

- NetBEUI – NetBIOS Extended User Interface o Really in Layer 4 – not routable o Used w/ Microsoft & IBM (NT, LAN Manager, WIN for Workgroups, Win 95, Win 98, Workgroup add-on for DOS, OS/2) o Minimal configuration needed, rapid data transfer ; needs computer name & workgroup/domain name (NetBIOS) o Not used very much today, mostly obsolete o To access/set up in Win 95: Network Applet > Configuration tab > add NetBEUI Protocol > Add > Microsoft > BetBEUI > Reboot > Check bindings tab – need TCP/IP & NetBEUI bound to the NIC **Make sure File & Printer Sharing is on all PCs & turn OFF TCP/IP bindings for File/Print Share & Client for Microsoft Networks

- AppleTalk o Developed early 80’s for Mac systems o Early distributed client/server networking solutions for file & printer sharing…requires little user input/interaction o Two versions: AppleTalk Phase 1 & 2 …2 is the one discussed here… o 4 Key components: Nodes – computer, router, server, printer Sockets – unique addressable locations on a node; logical point where upper layer datagram delivery protocols (DDP’s – socket clients) & services work together and interact. Networks – single logical cable to multiple nodes Zones – logical group of nodes/networks defined by administrator during network setup. Do NOT need to be physically contiguous

Zone B 2 Network 1

5 4 3

Zone C Zone A

o Non-Extended AppleTalk network

Physical network segment that is assigned only a single network number 100.51 Network 100 100.11 (1-1024) (10-bit; 2^10) Each node # has to be unique for that network No more than one zone configured on it Non -Extended 100.101 o AppleTalk Extended AppleTalk network Network Networks can extend beyond the zone, or multiple networks in one zone 100.15

Accounting Zone 103.10 Purchasing 100.3 101.1 Zone Extended 100.101 101.93 AppleTalk Network 100.15 10212 101.12 102.49

o Local Talk Has media access dependencies on lower layer protocols, i.e., Ethernet, FDDI, Token Ring. Four main media access protocols: Ether Talk Token Talk FDDI Talk Local Talk Local Talk is a proprietary ( Data Link) Layer 2 implementation – cheap & efficient for small LAN’s Usually built into MAC products Uses twisted pair cabling, in a bus topology 300m segment limits; 32 nodes Routers (intermediate devices) can be used for a star topology o LLAP – LocalTalk Link Access Protocol Media access protocol Communicates between LocalTalk & upper layer protocols Delivers frames between nodes , guarantees error-free delivery, and performs best effort delivery o AppleTalk addresses = 48 bits NETWORK (16 bits) NODE (16 Bits) SOCKET (16 Bits) 1-65536 Unique random # Unique to each NIC/interface 100 11 50 Using example above, AppleTalk address can be expressed as: 100.11.50 –OR– 100.11, Socket 50 Dynamically doled out when attached to network: provisional network layer address is handed out (kinda like APIPA) in the range of 65280-65534 Node = random #, unique though Socket = individual to each NIC/network interface/connection o ZIP = Zone Informational Protocol Used to communicate with router ; supplies node with Node Number for the network Router replies to node with valid range for network Node selects a valid network number…then broadcasts to be sure it’s untaken If another node responds, process starts all over again…if not, then the node keeps the node number o AARP – AppleTalk Address Resolution Protocol Layer 3 protocol Associates network address with nodes/services/sockets taking place on the network o RTMP – Routing Table Maintenance Protocol Layer 4/Transport Layer protocol Based on RIP to establish routing tables using a hop count metric Hop Count = # devices to go through to get to another node Creates/maintains tables on intermediate devices using AppleTalk Stores entries for any network a packet has the potential of reaching Information is periodically exchanged by routers to ensure up to date

- Novell Netware IPX/SPX Tr ansport SPX o Netware = Novell’s NOS IPX o Combination of Layer 3 & 4 Network o Netware comes from XNS (Xerox’s Networking Data Link Ethernet Token Ring IEEE 802.3 IEEE 802.5 FDDI ARCnet PPP System, 70’s – 80’s) Physical

o IPX = Internetwork Packet Exchange (parallels to IP) Novell’s original Layer 3 protocol Uses IPX RIP (not TCP’s RIP – incompatible) or NLSP (Netware Link State Protocol) Network address must be unique Address expressed in Hexadecimal format of Network Number + node number, 80 bits total NETWORK (32 bits) MAC ADDRESS (48 Bits) 00000001 1c.0f1e.8d7a.a36c o SPX = Sequenced Packet Exchange (parallels to TCP) Less important to IPX than TCP is to IP o Encapsulation – wrap upper layer protocol info into frames, so can support different protocols/environments Ethernet_802.3

Added info/ 802.3 IPX bits at front so can operate in Ethernet_802.2 DATA different 802.3 802.2 LLC IPX environments Ethernet_II

Ethernet IPX Ethernet_SNAP

802.3 802.2 LLC SNAP IPX 10. TCP/IP Suite of Protocols & Services - TCP/IP = Transmission Control Protocol, over Internet Protocol o Standardized processes for communication o Open nature, so different OS’s can use TCP/IP to talk – WAN, LAN, MAN, Mac, PC, Linux… o Developed by DOD in the 70’s, came from ARPAnet - TCP o Main, most common L4 (Transport Layer ) protocol o Basis of most internet services o Connect & exchange data streams o Guaranteed delivery , packet assembly & reassembly, detection & retransmission of lost packets o Connection-oriented o Documented in RFC (Request For Comment) 793 - UDP = User Datagram Protocol o Communication protocol for L3, L4 (mainly), L5 (Network, Transport, Session layers, respectively) o Connectionless – no guaranteed reliability o Applications using UDP must perform reliability, error checking, etc. functions themselves o UDP is stateless with no acknowledgements o Used for DNS queries & multimedia/ streaming video o Documented in RFC 768 - FTP = File Transfer Protocol o Standard file exchange protocol for IP networks o “anonymous” FTP is common practice o Used to upload web pages to server & download files & applications NOTE: when go to download.com, etc., you’re using FTP to download files…may not SEE it, but going on “behind scenes”… o Documented in RFC 959 o Common FTP programs: WSFTP, CuteFTP…can also run FTP from c:\> ftp help o Common commands: get, mget, put, mput o Uses TCP Ports 20 & 21( one port for data & one port for control info) - TFTP = Trivial File Transfer Protocol o Used UDP (instead of TCP like FTP); simpler o Documented in RFC 1350 o Operates on Port 69 (sockets) o Used for starting diskless workstations & downloading applications & small files; can reboot servers, download files to router/switch, etc. o No passwords or directory trees - SMTP = Simple Mail Transport Protocol o Defacto email transmission standard o Server to server email transport ( use POP3/IMAP4 to download email ) o Standard listof commands – documented in RFC 2821 : *MAIL, RCPT, DATA, RSET, VRFY, EXPN, HELP, NOOP, QUIT o Allows PC/Server to act as email post office o Popular SMTP server = Microsoft Exchange 2000/2003 o Default = TCP port 25 o Setting up SMTP in Outlook Express: Tools > Accounts > Click on desired email account > Properties > Servers tab set the SMTP server settings for email here Can also perform: Import/Export/Set Order of email accounts; Remove; Add - POP3 – Post Office Protocol, version 3 o Standard protocol for retrieving email from mail server o Good for dialup with permanent connection o Client computer performs all management locally o Password authentication is clear text; uses TCP Port 110 (no encryption , not too secure…) - IMAP4 = Internet Message Access Protocol o Originally created by/for Stanford University o Remote mailbox access protocol o Allows for selective downloading o Includes more features , like searching o Supports public folders o TCP Port 143 - HTTP = Hypertext Transfer Protocol o Default is TCP Port 80 o Handles pages on the internet/www o Uses hypertext (HTML ) for browning o Used for document retrieval between servers & web client o HTTP:// is a uniform resource locator, or URL o Uses clear text, not secure - HTTPS = HTTP-Secure , or HTTP over SSL o HTTPS:// is shown in the browser AND a graphical padlock as well o Secure connection o Uses TCP Port 443 (SSL Port) o TLS = Transfer Layer Security – newer version, may replace SSL… - TELNET = Protocol AND a Program o C:\> telnet OR telnet blah.com >Username; >Password telnet /? lists switches available: -a, -t, -e, -f, -l, port o Unsecure , uses clear text o Terminal emulation – allows you to log on to other computes on the internet, assuming you have access to run programs & commands o Uses TCP Port 23 - SSH = Secure Shell o Uses TCP Port 22 o Develped by SSH Communications Security o Offers strong authentication & encryption , used for: Remote log in, running commands, moving files, etc. Replaces TELNET, RLOGIN, RSH, RCP, RDIST o PutTY = free telnet/SSH client - ARP = Address Resolution Protocol o Used in TCP/IP – usually Layer 2/3 (Data Link & Network Layers, respectively ) o Dynamically (or manually) binds IP addresses to hardware (MAC) addresses o Broadcasts on network segment ONLY – learns about local area & adds info to ARP cache To show interface address, MAC, & type (static vs dynamic): C:\> ARP - a - NNTP = Network News Transport Protocol o Client/server protocol; handles usenet & newsgroup postings o NNTP readers included in all browsers (with most email programs too, even Outlook Express) o Newsreaders = separate NNTP clients (not part of an email program or browser, standalone program)

11. TCP/UDP Protocols & Services - TCP characteristics: o Stream data transfers (sequence #’s) Sequences bytes with a forwarding acknowledgement # (FA #) – tells destination “I expect to receive this byte # next…” o Reliable communication o Efficient flow control (communicates the highest sequence #) o Full-duplex communication o Multiplexing services – several simultaneous upper layer services - TCP Three-Way Handshake o Client initiates link by sending initial sequence # & setting the SYN bit (X) Synchronization bit = set to 1 o Server receives the SYN, records the sequence #, and replies with a SYN-ACK (X + 1) o Client adds its own sequence # (FA): acknowledges all bytes sent by server and indicates what byte it expects next so that data transfer can commence - TCP Packet Components Source Port Source Port o Source Port o Destination Port – indicates type of communication TCP PACKET Sequence # 32 bits each row I.e., 23 for SMTP ; 53 for DNS ; 119 for NNTP = 160 bits Acknowledgement # o Sequence # - number assigned to first byte of data in = 20 bytes message Data Re - Flags Window o Acknowledgement # - contains Sequence # of next byte of data the Offset served sender of the TCP packet is expecting to receive Checksum Urgent Pointer o Data Offset - # of 32 bit words in TCP header – tells where fields start & end o Reserve – for future use Option ( + Padding) o Flags – carries control info, i.e., SYN, ACK, FIN (indicates final communication) Data (Variable size) o Window – sliding window Can designate size of sender’s receive windows – buffer space available for incoming data Performs Flow Control o Checksum – can use to indicate whether the packet is damaged/has errors/needs retransmission o Urgent Pointer – points to first urgent data byte in the packet, if there is any urgent data o Option (+ Padding) o Data – received from Layers 7, 6, 5 (Application, Presentation, Session) - UDP o Connectionless L4 (Transport Layer) protocol Source Port Destination Port o UDP 16 bits 1-65535 Ports differentiate applications/services Packet o No reliability, no flow control, no error recovery Length Checksum o Uses less overhead / fewer bytes than TCP o Used by SNMP, DNS, TFTP (port 69 ) o Packet contains FOUR fields only 20 FTP Source Port – 16 bits 21 FTP Destination Port 22 SSH 1-1023 = Well Known 23 TELNET 1024-49151 25 SMTP 49152-65535 = free to be used by anyone 53 DNS *For more info, see iana.org/assignments/port-numbers 69 TFTP

Length – TOTAL, including data 80 HTTP

Checksum – optional, depends on application 110 POP3

119 NNTP 123 NTP 143 IMAP4 443 HTTPS 12. Additional Network Protocols & Services NETWORK AWARE FILE SYSTEMS: NFS (Network File System) – Unix/Linux o Makes remote directories & files available locally o NFS mounted file system is transparent & is independent of platform, OS, or architecture o Designed by Sun Microsystems o VFS interface over TCP/IP o Part of open network computing (ONC) AFP: AppleTalk File Protocol o Determines sharing of data & applications o Transparent to user via GUI o Non-apple networks have to use AFP in order to access data on AppleTalk Servers SMB: Server Message Block o File sharing for legacy Windows (NetBIOS) & DOS o Used for network aware OS’s o Network protocol applied to files, serial ports, printers, etc. o In Win 2000/2003, replaced by CIFS (Common Internet File System) WINS: Windows Internet Naming Service o Naming service for Naming service for NetBIOS computer names o WINS is to NetBIOS as DNS is to IP Addresses o Rather than using broadcasts, uses centralized database of computer names & services – better efficiency, less network traffic o WINS died out basically with Windows 2003 o WINS Client tells its Server its name at startup o NOTE: can set the computer name in XP via: Network Connections > LAN > Right-Click > Properties > General Tab > TCP/IP > Properties > Advanced > General Tab > Advanced > WINS tab (tabs are IP Settings & DNS & WINS & Options) o LM HOSTS = LAN Manager Hosts Resolve IP addresses to computer names Used for static addressing o WINS also handy for remote connections/branches Workstation A checks cache for remote computer name If not in cache, checks with WINS Server If not there, then checks LMHOSTS Next, HOSTS-DNS LDAP – Lightweight Directory Access Protocol o Allows clients/servers to access active directory database (central repository for all objects [users, groups, computers, and servers] in a Windows 2000/2003 domain) o Based on X.500 directory standard, more elaborate o Established by the IETF o LDAP v2 & v3 supported by active directory DNS – Domain Name System o Database that maps domain name to IP address o Top Level Domains: .COM, .EDU, .NET, .GOV, .MIL, .INT, .ORG o Icann.org/tlds/ - for full/updated listing of TLDs

WINS: DNS: SWITCH ROUTER ISP LAPTOP USER ISP DNS SERVER

DNS Client

BRANCH OFFICE Work - station A ROOT WINS SERVER SOHO DNS – Domain Name System .COM .EDU .NET Sample scenario for student user at college, wanting to visit www.website.com from their college dorm room: 1. User sends Query > College> .EDU> Root > .COM WEBSITE COLLEGE 2. College > .COM > Website 3 3. College > Website > College > User 2 User Return message of: The IP Address is xxx.xxx.xxx.xxx Mail www 4. TCP/IP Communication from User > www.website.com via the IP Address The1 IP Address is 4 TCP/IP Communication xxx.xxx.xxx.xxx

DHCP – Dynamic Host Configuration Protocol o Configure dynamically at Host startup o TCP/IP stack initializes, contacts DHCP Server to get IP address, etc. o Usually have many logical servers, but one physical server or one group of physical servers

WINS Mail Server Server

SWITCH ROUTER ISP

DNS DHCP Client Directory DNS Server Server Server o DHCP Lease process: 4 1. Workstation/Client broadcasts a DHCP Discover Packet 3 2. DHCP Server(s) return a DHCP Offer 2 - If don’t have a DHCP Server for each LAN, router can be SWITCH configured to forward broadcast to a selected DHCP Server ISP 1 on a remote network or on another segment. DHCP - DHCP Lease terms may be minutes, days, etc. SERVER - If a server’s offer doesn’t get selected, it releases its offered ROUTER address for other Clients to use DNS 3. Client receives DHCP offer(s) & selects one…sends a DHCP Client Request Packet to the selected DHCP Server 4. DHCP Server returns a DHCP ACK (yes) /NACK (no ) NOTE: Server may do ARP first to see if the address requested is taken before returning an ACK/NACK response. If Client receives ACK, the lease maintenance is the Client’s responsibility… 5a. Client sends a DHCP request (prior to expiration of current lease in order to renew) OR 5b. Client sends a DHCP release (to release/finish lease prior to expiry date) to DHCP Server so can be used by other Clients If Client receives NACK, Client sends out another DHCP Discover Packet… o Non-renewed leases are released for other Clients to use SNMP – Simple Network Management Protocol o Manages networked devices, i.e., hubs, switches & routers – RFC 1157 o Monitors/controls via PDU’s – Protocol Data Units o Devices run agents , or software used to gather info regarding performance, etc. o Information is stored in an MIB – Management Information Base o SNMP v3 is the most current & most secure (as of the 2005 CBT Nuggets video…) NAT – Network Address Translation o IP Masquerading – source/destination addresses translated as pass thrurouter, firewall, proxy o Allows many internal (private) hosts to access the internet (public) via single/couple addresses o Internal addresses scheme is protected o Overcomes the constraints of depleted IP address space with IP v4 o (Privately) uses RFC 1918 addresses, Class A/B/C ICMP – Internet Control Message Protocol o RFC792 – used for error packets, control packets, informational packets for IP o PING & TRACERT use ICMP o Reports to sender if something has gone wrong in transmission/if packets not delivered o Valuable for doing diagnostics & troubleshooting IGMP – Internet Group Multicast Protocol o Standard for IP multicasting on the internet o Helps keep established home membership in a group o Keeps local routers up to date on members as hosts join/leave o RFC 2236 = IGMP v3 LPR (LPD) – Line Printer Remote o LPD is Berkeley Printing system o Provides network print services & spooling o Uses TCP/IP to establish links between network printers & Clients/Workstations o Developed for BSD Unix o LDP is installed on printer/printer server… LPR is installed on Client device/Workstation NTP – Network Time Protocol o Used especially on enterprise networks o Assures time synchronization for TCP/IP networks o References to radio & atomic clocks on internet o Synchronizes distributed clocks to milliseconds o Linux has free program “NTPD” or “NTPDaemon” – available via freeware 13. WAN Technologies - Wide Area Network = data communication network over a broad geographic area, not confined to direct/local networks o Usually in bottom 3 layers of the OSI – Physical & Data Link & Network BRANCH #1

Central Site ROUTER / HQ VPN Concentrator BRANCH #2

- Point to Point WAN SOHO o Solitary, pre-configured , dedicated path between customer & remote network o Usually consist of leased lines, with wire pairs being dedicated communication paths o More expensive , and price based on needed bandwidth & distance o Largely replaced by Frame Relay - Circuitry Switching WAN o Data connections are active only when needed, otherwise are shut down (i.e., like telephone call) o One type is ISDN o DCE = Data Communication/Circuit Equipment I.e., CSU/DSU = Channel Service Unit / Data Service Unit (essentially, a modem) o DTE = Data Terminal Equipment Carrier Network

SWITCH

DCE DCE SWITCH WAN SWITCH Customer Customer SWITCH

DCE - Packet Switched WAN Customer o Most popular o Individuals can share resources of common carriers and reap a better cost benefit o Packet Switching – multiplexes data into smaller packets so can take separate paths across carrier network to destination (i.e., insert multiplexers at the DCE locations of the above diagram) o Carrier uses Virtual Circuits through network (cloud in diagram) o Types of Packet Switched WANs: ATM – asynchronous transfer mode Frame Relay SMDS – switched multimegabit data services X.25 o Virtual Circuit – logical link/connection created within a shared infrastructure network between two (2) networked devices o SVC - Switched Virtual Circuits – created dynamically: 1. Establish circuit 2. Transfer data 3. Terminate circuit o PVC – Permanent Virtual Circuits – decrease bandwidth use for establishing communication circuit; need constant data flow Need constant data flow, since often used for used for file transfer, web access, email transfer… More expensive $$$$$$ - Frame Relay o Hi performance , flexible WAN protocol o Uses packet switching technology o Hosts can dynamically share medium AND bandwidth from the “cloud” o Layer 2 (Data Link) Suite o More efficient & better performance than X.25 o Uses DLCI for Layer 2 addressing DLCI = Data Link Connection Identifier - ISDN – Integrated Services Digital Network o Offered through regional telephone carriers o Circuit switching WAN o Digitizes voice, data, graphics, music, etc. over existing copper phone lines o Digital telephony & data transfer o ISDN uses several devices / reference points DCE for ISDN = CSU/DSU , Channel Service Unit / Data Service Unit, which acts as interface between provider/carrier switches & DTE (Data Terminal Equipment - PC/Telephone/Server/Router) DCE can also be multiplexer, translators… TA – Terminal Adapter NT1 – Network Termination 1 ; NT2 – Network Termination 2…

@PHONE CO. S T U V TEL NT2 NT1 LT ET

S T U V TEL TA NT2 NT1 LT ET

DTE – Data Terminal Equipment: PC, Tel, etc. o Two (2) main types: ISDN BRI & ISDN PRI - IDSN BRI – Basic Rate Interface o 2B + 1D Channel = 2 ( 64 Kbps) + 1( 16 Kbps control/signal info) = 128 Kbps User Data D Channel MAY be used for data as well… - ISDN PRI – Primary Rate Interface o 23B (64 Kbps ) + 1 D (64 Kbps , data OR control info) = 1.544 Mbps = T1 line!! Can get fractional , using only SOME channels to bring down cost/speed to whatever is needed Above calc’s only for USA/Canada/Japan – UK/Australia have 30 B channels , with up to 2.048 Mbps - FDDI – Fiber Distributed Data Interface o Used for hi-speed LAN backbone & WANs like MAN, government WANs, etc. o Dual ring over fiber o SMF & MMF CDDI = over copper o Has 4 specifications: MAC – defines medium access, frames, addresses, errors… PHY – physical layer specifications – encoding, clocking, framing PMD – physical medium dependent SMT – station management – configuration of stations, concentrations, servers, end user devices… - WAN Carriers OC Standard Transmission Rate o T1 – DS1 = 1 .544 Mbps – ISDN PRI OC-1 51.85 Mbps E1 European = 2.048 Mbps OC-3 155.52 Mbps o T3 - E3 – leased line connections; voice, data, etc. OC-12 622.08 Mbps

45 Mbps = 28 T1 channels OC-24 1.244 Gbps o OCX – optical carrier for SONET OC-48 2.488 Gbps optical transmission OC1 – OC192 – , uses fiber optic lines OC-192 9.952 Gbps - X.25 o ITU-T (International Telecummunications Unions – Telecomm.) Global WAN Standard o Works with many connected systems o Used in packet switched networks of carriers/telecommunications companies o “born” in 1970’s when need arose for a WAN standard o X.25 defines DTE , DCE & PSE o Also usees PAD (Packet Assembler / Disassembler) devices o Maps to layers 1, 2, 3 of OSI (Physical & Data Link & Network) o PSE – Packet Switching Exchange – cloud/matrix o PAD – used when DTE device too simple to fully implement X.25 Use PAD between DTE & DCE DTE PAD DCE

14. Wireless Technologies - Wireless Summary: o Lots of wireless solutions available o Lots of devices provide wireless options/connectivity o Benefits to wireless Extend your “technology portfolio” Goes where wiring (cable/fiber) can’t go – fewer physical limitations to installation & less impact/cleanup Can be cheaper & more rapidly deployed than wired network…ideal for small office / temp WLAN while wait on LAN installation Extends existing broadband & high-speed solutions/connections Great alternative when geographically challenged or when need to be mobile o Uses Phones, laptops, home networks, video game controllers, garage door openers, etc.

PC ETHERNET HUB WAP Hub OR Switch OR OR SWITCH (Bridge) WIRELESS ROUTER DSL/Cable Modem PC

Typical Office Wireless Environment Typical Home Wireless Environment

- Who Defines Wireless?? IEEE Institute of Electrical and Electronics Engineers WWANs - Wireles s Wide Area Networks - 2G – Second Generation IETF Internet Engineering Task Force WMANs - campus, govt, etc. - can be used as backup to wired WECA Wireless Ethernet Compatibility Alliance WLANs - home/office/airport - Use Radio or Peer to Peer (Infrared) ITU International Telecommunications Union WPANs - Wireless Personal Area Network - ad hoc / mobile devices - POS =personal operating space of ~ 10m - IEEE 802.15 - Bluetooth & Infrared

- IEEE 802.11 Standards 802.11A 802.11B 802.11G Adds to the original 802.11 WLAN Most popular WLAN spec (hotspots) Gaining in popularity (although N…) specifications Up to 11Mbps , w/fallback to 5.5, 2, 1 Compatible with 802.11b, NOT 802.11a up to 54 Mbps bandwidth @ 5GHz radio Mbps Up to 54Mbp s w/fallbacks band Transfer rates dependent on distance 2.4 GHz radio band/frequency Not frequently used even though faster to WAP & # of other users Developed as higher speed technology than 802.11b Uses 2.4 GHz radio band/frequency when communicating with other Not compatible with 802.11a or 802.11g Not compatible with 802.11a 802.11g devices

- WPAN Communication Methods: Infrared & Bluetooth Comparison Infrared Bluetooth Uses infrared light to carry data Specification for short-range wireless Needs hardware & software to function/communicate Cell phones, pagers, PDAs…can get a 3-in-1 phone to sync Governed by IrDA (Infrared Data Association) with desktop/laptop Laptops, printers, PDAs, phones, headsets Bluetooth headsets VERY popular; keyboard/mouse, etc. Can also use USB port adapter Very popular for WPAN communication ~ same rate as parallet port – up to ~4Mbps Line of site range of ~18” – if obstructed, bye-bye signal…

- Spread Spectrum – method used to modulate data into manageable bits to get sent via wireless communication o Transmitted in bandwidth that is considerably greater than the frequency content of the original data DSSS: Direct Sequence Spread Spectrum FHSS: Frequency Hopping Spread Spectrum DS-CDMA: Direct Sequence Code-Division Multiple Access FH-CDMA: Frequency Hopping Code-Dvsn Multiple Access Stream divided into smaller chunks, which are assigned to frequency Repeated rapid swapping of frequencies/channels during channels across the spectrum transmission process, coordinated between sender & receiver Better performance than FHSS but more susceptible to interference Originally used to thwart electronic eavesdropping/jamming 802.11 a/b/g use DSSS ( OFDM [Orthogonal Frequency-Division Used with original 802.11 standard Multiplexing] used for 802.11a/g higher & Broadband speeds) Used by Bluetooth 15. Internet Access Technologies PSTN / - Dial-Up via PSTN & POTS POTS o POTS = Plain Old Telephone System PC MODEM o PSTN = Public Switched Tel. Network o V-Series V8 - V29 (9600 baud rate per second) – baud rate = # times per second the carrier signal is changed V32, V34, V90 (56,000 baud rate) V110 – asynchronous DTE can use ISDN (128,000 bps) o Advantages to & Features of Dial-Up Economical ; great for backup to cable/DSL Flexible ; easy to set up ad hoc connection 33,600 bps = V34 on POTS ISDN – basic rate interface (BRI – 2B + 1D channel) = 64 x 2 = 128 kbps - DSL – Digital Subscriber Line o Modem technology; uses existing twisted pair phone lines for high bandwidth data transfer o Mostly home usage, but some usage in small businesses o xDSL = different “flavors” of DSL ADSL, SDSL, HDSL, HDSL-2, G.HDSL, IDSL, VDSL o Dedicated ; P2P access; over copper on local loop (last mile – need to be ~ <1 mile from customer to a telco central office) o ADSL = Asymmetric DSL – faster download than upload “always on ” – great for internet intranets, streaming video, remote access, etc. ADSL modems usu. offer various speeds/capacities 1.5 or 2.0 Mbps – 8Mbp s ( or higher now…) downstream speeds ADSL modems operate with IP & ATM (asynchronous transfer mode) o Other DSL options: SDSL equal upload & download transfer rates HDSL 2 pair of T1 = 784 k per pair HDSL-2 emerging alternative over single pair G.HDSL multi-rate version of HDSL-2 IDSL ISDN DSL, single pair @ 128 Kbps VDSL High-speed over short distance on existing copper lines - Broadband Cable o CATV operators had to compete with DSL & Direct Satellite in the 1990’s o Key operators (big cable companies like Time Warner, etc.) joined to form MCSN for IP solutions o Introduced DOCSIS 1.0 Standard (Data Over Cable Service Interface Specification ) with assorted cable modems (Cable Labs) o Use either all coax OR hybrid-fiber-coax Head End ALL COAX

Cable Modem PC CMTS HYBRID FIBER-COAX Customer Premises - Satellite Access o Use satellite in geostationary (GEO ) orbit as a relay from vendor to customer o 2-way access through special satellite modem sending requests through satellite dish to satellite ~22,000 miles above equator o Usu. asymmetric – slower than DSL, with some latency problems (i.e., not great for internet gaming or other interactive web access) o Need satellite dish & modem (external or internal)

16. Remote Access Protocols & Services - SLIP – Serial Line Internet Protocol: access remote networks using serial ports & modems for internet connectivity o Defined in RFC 1055 ; mostly replaced by PPP o Packet-based protocol; for IP only o Was ONCE the most popular encapsulation protocol for remote access, but no more… o Can use telephone serial line & DCE / DTE modem to browse internet, FTP, etc. o Downside – have to know your IP address & that of your destination PC you’re trying to remote control - PPP – Point to Point Protocol o Better engineered & feature-rich o Doesn’t require IP addresses to be configured before link established o Offers advantages over SLIP – configuration is easier, and have: o Multiprotocol support – IP, IPX, DECnet, AppleTalk o 3 Main Components of PPP: HDLC – to frame datagrams (from upper layers) over serial links LCP – for layer 2 connection management (the horse in the Lord of the Token Rings saga) NCP – for multiprotocol support (the guy on the horse in the Lord of the Token Rings saga) o PPP Operation Standard for assigning & managing IP addresses Asynchronous (i.e., email) & synchronous (i.e., IM) encapsulation Protocol multiplexing – can run many protocols at once in one organization/LAN/WAN Offers easy link setup, configuration, testing, error detection, compression o PPP overall process : 1. Modem sends LCP (link control protocol) frames to receiver 2. Sends NCP (network control protocol) frames, i.e., AppleTalk, IP, etc. 3. Continues until cancellation, or until inactivity timer goes off, or connection otherwise disconnected o Cables used: RS 232 (EIA/TIA 232) & RS 422 (EIA/TIA 422) - PPPoE – Point to Point Protocol over Ethernet o Connects many users & hosts on Ethernet segment to remote site via common CPE (customer premises equipment) o Encapsulates PPP frames in Ethernet frames o Used by cable modems & DSL (usu. SOHO application) o Authentication, encryption & compression o Always on service; RFC 2516 - RAS – Remote Access Service (now use RRAS – Routing & Remote Access) o Windows NT 4.0 service – for remote networking through dial-up connectivity from remote users/LANs o Uses modem dial-up, X.25, or WAN link o Works with networking protocols , i.e. NetBEUI, IPX, TCP/IP o Client needs RAS client software OR 3rd party PPP application ; Server runs the RAS service o In XP , can set new dial-up RAS connection up via: Start > All Programs > Accessories > Communications > New Connection Wizard > Connect to network at my workplace (also have choice to set up Internet Connection & Set up Home/small office network & Setup an advanced connection) > Dial-Up > Company Name > Phone Number – VOILA! - RDP – Remote Desktop Protocol o Introduced in Windows NT 4.0; remote connectivity protocol used by Linux & Microsoft (Terminal Services) o RDP Server listens on TCP Port 3389 o RDP 5.1 comes with Windows XP (Remote Desktop Connection ) o Provides remote display & input ability, audio, file/port/printer redirection, clipboard sharing, encryption o Access in XP via: Start > All Programs > Accessories > Communications > Remote Desktop Connections > Options button > General / Display / Local Resources / Programs / Experience = different tabs for setting up the connection(s) o Can use RDP to connect to user PC’s for remote troubleshooting o NOTE: can use Terminal Server /Services instead - ICS – Internet Connection Sharing o Used in home networks & SOHO o Microsoft feature – allows LAN hosts to share a single internet connection & a single IP address o Uses DHCP & NAT services (IP masquerading) o Works with all popular internet connection technologies – DSL, cable, ISDN, satellite, dial-up… o Other products out there – i.e. WinGate & WinProxy – turn your PC into a gateway/proxy server via software o To set up, need to set up on all LAN connections: Control Panel > Network Connections > LAN > Right-click > Properties > select TCP/IP > Properties > …MUST ensure that “Obtain IP address automatically is checked! also should go to Advanced Tab > Internet Connection Sharing > ensure “allow other network users to connect through this computer’s internet connection” is checked in order to share 17. Server Remote Connectivity Configuration

Perimeter (edge)

Corporate ISP Network

Switch Firewall Perimeter Router

MultiLayer Switch OR Remote Access Server in DMZ, Hi-End running RAS, NAT, Auth. VPN Router NLB Windows 2000/2003 NOTE: this network interface must be FAST. Either: - Unix/Linux-based (Mac OS X too) Etherchannel (~100Mbps) - Fiber channel (FDDI Ring) EXAMPLE 1

L3 Switch or Router (VLAN) Perimeter (edge)

Corporate ISP Network

Router + Built-in Firewall

MultiLayer Switch OR Hi-End Router EXAMPLE 2 – smaller/simpler solution: using Router + Built-In Firewall here, in place of Perimeter Router. Can also use Multi-Honed Linux Server with Firewall…

Perimeter (edge)

Corporate ISP Network ROUTER

MultiLayer Switch OR Hi-End Router

EXAMPLE 3 – more expensive solution, using second Multi-Layer Switch or High End Router & integrated Firewall

o RAS = modular solution – can add whatever modules you need to do business o NLB = Network Load Balancing solution – use 2+ servers, act as 1 logical server o Dual Homing = 2 NICs on one machine – often = one Public, one Private (NAT); covered in RFC 1918 o DMZ = demilitarized zone – own/separate security zone - NOS Remote Access Services o Dial-up Services (dial on demand, DOD – ISDN, telco/POTS) o Radius authentication & authorization – Password + (Biometrics; Pin; Digital Certificate; Smart card; Token; Thumbprint) o Virtual private networking – secure links (L2TP, PPP, IPsec, SSLVPN) between 2 different networks o Accounting & reporting services – when, how long, disconnect time, etc. o Modular add-in services to NOS’s – can activate individual features across most OS’s - Popular NOS Solutions o Novell Netware Open Enterprise Server (SuSE) o Sun Solaris Secure Shell (replaced IPSec – VPN standard) o Mac OS X (Unix-based component) o Linux (Red Hat, Debian, Mandrake) o Windows 2000/2003 RRAS / IAS RRAS = Routing & Remote Access Service – uses OSPF, RIPv2 IAS = Internet Authentication Service – Microsoft version of Radius for authentication & authorization & accounting (AAA) - Client Connectivity – via one of two methods: o Integrated remote access program (i.e., Internet Connect on Mac OS X) – NOTE: Need security layer operating above this o Integrated VPN client –OR- 3rd party solution , i.e. Cisco VPN Client – secure tunnel for a VPN 18. Security Protocols - VPN’s – Virtual Private Networks o Generic term for a private/encrypted connection over a public network between 2 terminating points of 2+ private networks; wide area network over public lines o Terminating Points = router/concentrator; mobile users; remote access sites o Cost effective – cheap access to public network without the need for expensive leased line connections (i.e., T1)

Mobile User (DSL, ISDN, analog cable)

Telecommuter

Remote Access Site Central Site ROUTER / HQ VPN Concentrator Remote Access Si te VPN TUNNEL

o Categories of VPNs: Remote Access VPN – for the telecommuter/mobile user • Access through their own ISP to terminating site on other side of the “tunnel” • Use VPN software on client side Site to Site VPN – LAN to LAN VPN • Extend to another corporate site via the internet to extend the LAN • More permanent solution – usually involves use of a hardware/software combo & data usually encrypted BRA NCH #1

Internet

Central Site / HQ BRANCH #2

- Tunneling – allows one network to send data using another network’s connection SOHO o Encapsulates the network protocols used by the client within the packets carried by the second network – embeds own network info in the TCP/IP packets For example, when sending gift via USPS, put in an outer packaging to protect it

VPN CONCENTRATOR

INTERNET VPN Client (Mobile User)

VPN Certicom PDA Hardware Client Concentrator IPSecVPN Client Software Client

o Software Client = NetScreen; Cisco; etc – allows administrators to set security policies for access (i.e., authentication, key exchange) Equivalent of PPP on steroids! Software clients used in situations with a couple of users – hard to manage/implement/administrate with more than few users o Hardware Client – used in larger settings – remote office, many users Takes control away from end users, puts firmly into hands of administrators - PPTP – Point-to-Point Tunneling Protocol o VPN Tunneling (encapsulation) protocol; uses encryption Documented in RFC 1999 o Included in NOS’s; Microsoft uses for low cost secure remote access to corporate networks o Supports: TCP/IP; IPX/SPX; NetBEUI o Weaker security/confidentiality than IPSec - L2TP – Layer 2 Tunneling Protocol o IETF standard o Marriage of Microsoft’s PPTP & Cisco’s L2F protocols o Based on IPSec; documented in RFC 2661 o Supports multiple protocols & NAT (Network Address Translation – allows you to use private IP addresses & communicate over the internet) - IPSec – IP Security o Operates at Layer 3 (Network Layer of OSI Model) to encrypt & authenticate & manage keys for TCP/IP transmissions o Four Core IPSec Services: Confidentiality: encrypts data Date Integrity: no change to date in transit Authentication: verifies users & data origin; non-repudiation AntiReplay: ensures that each packet is unique o Authenticates in two phases: Key Management – uses IKE (Internet Key Exchange) to manage keys; runs on UDP port 500. Determines which keys will be used by communicating nodes. Encryption – two types available: 1. AH: Authentication Header – only encrypts header, not data 2. ESP: Encapsulating Security Payload – encrypts entire IP package/data payload for added security; DES, 3DES, AES o Most commonly run on routers or other VPN connectivity devices - SSL – Secure Sockets Layer o Encrypts data over internet o Uses Public Key Infrastructure (PKI) to encrypt data o Developed originally by Netscape, used widely by everyone now. o Main protocol for secure transactions between web browsers (end users) & servers o SSL3 offers: Privacy Authentication Message integrity o Indicated via: HTTPS + lock symbol (sometimes get a pop up too depending on web browser being used) o TCP port 443 (rather than HTTP port 80) o Establish unique SSL session each time client/server create SSL connection, created by the SSL handshake protocol . Client_hello & server_hello messages - WEP – Wired Equivalent Privacy o Uses keys to authenticate clients and to encrypt data in transit o Prevents eavesdropping & packet sniffing o Optional standard for 802.11 WLAN o All products must support same XX-bit of WEP (40 bit/64/128) o Flawed – using the same key to encrypt & authenticate means if access one, access all…too easy to break into, not very secure - WPA – WiFi Protected Access (created/endorsed by WiFi Alliance) o Meant be used with authentication server (Radius or Tacacs+) but doesn’t need to be (can use WPA-Personal) o Can dynamically & rapidly change keys; uses stronger 48- or 128-bit keys o Improved data security & secure message authentication 19. Authentication Protocols - Authentication – security mechanism, used to validate identity of a data channel OR user OR message OR service; ensures person/service is as “advertised”

Client

Server (Table) - PAP : Password Authentication Protocol o Most basic/elementary form of authentication – compares credentials to table of name-password pairs o Used as basic authentication of http o RFC 1334 o NOT secure/encrypted over network or internet; info IS encrypted on server side: 2. Checked against 1. User name/password sent in CLEAR TEXT encrypted info on server side 3. Acknowledgement sent back from server - CHAP = Challenge Handshake Authentication Protocol o Verifies the identity of a client with a 3-way handshake CHAP agent sends key to client – a shared, secret key is used to encrypt the User Name & Password CHAP sends challenges out at regular intervals to weed out intruders disguised as client RFC1994 – originally didn’t prevent unauthorized access (!); access was determined by the router and/or server o MSCHAP = Microsoft’s version of CHAP V.1 & V.2 used by Windows 2000 & 2003; prevents unauthorized access IAS, RRAS, RAS at Server; all these use active directory database to determine level of access granted to Client o Encrypts the data load using the shared secret key o HASH = one-way function o CHAP Process: 1. Link Established Link established between Server & Client MD5 – Message Digest 5 = take SERVER 2. MD5 (Message Digest 5) CLIENT credential info & once apply one-way 3. If MD5 does NOT match, connection is terminated has to it, you will have a fixed link result or DIGEST…which is sent back to the authenticator IF MATCHES: all OK, connection continues…but IF DOES NOT MATCH, connection is terminated… - RADIUS = Remote Auth. Dial In User Service o AAA = Authentication & Authorization & Accounting for network access and IP mobile availability (see notes below in AAA section) o Credentials are passed to NAS (Network Authentication Server ) via PPP…then forwarded to RADIUS Server (Cisco Access Control Services , or ACS ) o Radius uses following schemes: PAP, CHAP, EAP o Valuable for recording authorization, accounting, billing with extensive protocols… o OPEN Protocol – can use own customized version for own purposes o Used by ISP’s to measure bandwidth usage o DIAMETER = planned replacement for RADIUS - TACAS+ = Terminal Access Controller Access Control System o Predecessor to Extended TACAS o Used for authentication & authorization in UNIX networks & Cisco infrastructures o Offers limited accounting o Totally new replacement – use TACAS –OR– RADIUS, not both… o Stores usernames & passwords; encrypts communications to the NAS; authorizes o Centralized management for remote sites - AAA = Authentication & Authorization & Accounting o Authentication = ensuring you’re who you say you are o Authorization = verifying what you have access to o Accounting = when you log in/out, how long you accessed what, etc – good for billing & auditing services o NOTE: when network gets larger, good idea to get dedicated AAA Server o LDAP = Lightweight Directory Access Protocol

- EAP = Extensible Authentication Procotol o Extensible – can be modified & customized o Universal, open protocol o Used in P2P & Wireless Networks (WLANs) o WPA & WPA2 use 5 EAP types: LEAP EAP-TLS EAP-MD5 EAP-TTLS PEAP o Defined by RFC 2284 o Supports passwords, tokens, token cards (ATM cards), digital certificates, PKI, biometric methods, etc. – i.e., it’s versatile ! - KERBEROS o IETF Auth. Standard, using centralized ticket-granting server o Clients need to rely on a third-party to perform authentication & authorization on TCP/IP system o Encrypted tickets are transmitted in lieu of usernames & passwords o Applications & OS’s must be “ kerberized ” o Key Distribution Center Implements: AS: Authentication Service SWITCH TGS: Ticket-Granting Service o Usually have redundancy & security, and database with all KDC usernames & passwords o AD (Active Directory) o Slave Server can be used as backup Kerberized Kerberized Client A Client B 20. Network Operating Systems - Unix Networking Services o Introduced TCP/IP & UUCP (Unix to Unix Copy Protocol) o BSD – Berkeley Software Distribution…led to: Free BSD, Net BSD, Open BSD, and DARWIN o AIX – Advanced Interactive e Xecute – proprietary version, IBM o Sun Solaris – Sun Microsystems – Sun OS Open Windows; CDE…. = GUIs o HP – UX – developed by HP in the late 80’s - Linux Networking Services o TCP/IP on Linux in 1992 (prior to that it was UUCP) o Net-4 version networking standard o Supports TCP/IP, IPX, AppleTalk, SLIP/PPP o Firewalls, NAT, accounting services, tunneling o Runs on Ethernet, token ring, FDDI, frame relay, ISDN, ATM o 200+ distributions: Mandrake, Debian, Suse (sp?)… o Samba protocols used to “talk” to Windows-based machines - Three ways to move files over internet: File System CIFS FTP NFS o NFS = Network File System Mountable as local drive YES NO YES Used to access network resources & file/print services (all of Encrypted Passwords supported YES NO NO which appear LOCAL) Optim ized for modem dial -up connections YES NO NO

Used by Unix & Linux, although independent of platform Unicode file names supported YES NO NO • Redirects things over the network Secure anonymous requests allowed YES YES NO Client/Server suite using a virtual file system running on NO extra software required for file transfer YES NO YES TCP/IP NO extra drivers required for Win 3.11 YES n/a NO Developed by Sun Microsystems NO extra drivers required for Win 95 YES n/a NO Trend is moving to CIFS – Open Standard (Windows 2000, NO extra drivers required for Win NT YES n/a NO 2003) NO extra drivers required for OS/ 2 YES n/a YES o FTP = File Transfer Protocol NO extra drivers required for Unix YES n/a NO Used for internet & LAN networks YES NO NO o CIFS = Common Internet File System - MAC OS/X Server (Tiger…now moving to Leopard tho…) o Uses AFP (Apple File Protocol) o Includes SMB & NFS to run on Mac OSX, Apple Share, Unix, Linux, Netware, Windows o Uses Unix core from BSD open source community o No proprietary technology is used – Apache wb server, Sambe, Open LDAP, Kerberos… o Fully supported with AFP over TCP/IP o Notes on MAC Stuffs: Mac-Finder – allows you to browse the network…. & don’t need new software to connect MAC to Windows network LTLM2 – LT Lan Manager 2 - Netware (Now marketed as Suse Linux Enterprise Server ) o Now open source o Uses TCP/IP o Interoperability is for migration o Netware versions add open source functionality o Moving away from NCP (NetWare Core Protocol) & IPX/SPX Now uses TCP/IP & CIFS o Marriage of: Netware technology & Suse Linux O/S - Windows 2000/2003 NOS 2000/2003 Lower Layer Services Provided: - Windows 2000 Advanced Server DHCP Routing & Remote Access o Control Panel IAS, IPSec Terminal Services Add/Remove Components – can add Unix/Linux packages IPv6, VPNs Wireless Networking Support o IIS – Internet Information Services Windows 2000/2003 NOS: o Control Panel | Administrative Tools Web Server / Web Application Server DHCP – can set scope/scope options – time server, set router, name server, Remote Access / VPN Server (terminate VPN DNS/log servers at Server side) DNS – Forward & Reverse lookup zones – database of information (resolves DNS, DHCP, WINS domain names to IP addresses & vice versa) Streaming Media IAS – AAA (authentication, authorization, accounting) – add clients, etc. Security Proxy Server Routing & Remote Access Server IAS (Internet Authentication Server Terminal Services Manager 21. Client Workstation Configuration & Connectivity Structured Wiring & Cabling - Structured Wiring for SOHO or SMB LAN o Wiring Panels – in Wiring Closet or Server Room o Patch Panels – custom cut cable to reach patch panels (wall jacks), rather than direct drop of wiring to computers o Central Wiring Point – can be switch, group of switches, punch down panel, patch panel, etc. o Crimping Tools: can get just for RJ-45 or can get with interchangeable modular dye for RJ-11, etc. Use cutter part/stripper blade to trim off the outer jacket/plastic casing & reveal twisted wire pairs inside Trim inner wires down to ~1/2” to prepare for insertion into RJ-45 connector Used to crimp the connector into place o Typical Ethernet Scenario: Wall Patch Panel Jack -OR- Bulk Cable connects keystone to Punch-Down Block Patch Cords used to Patch Panel / CWP PC connect panel to Central Switch

o General Procedure for preparing / installing a small office network: Cut cable to planned lengths from CWP to holes where wall plates are attached Run cables according to local building specifications Use crimping tools to strip cable: squeeze handle & keep the cable perpendicular to the tool blades; remove outer shielding to 1- 1/2” exposure for insertion into punchdown blocks or keystone female jacks…trim to ½” for insertion into RJ-45 connector Use punchdown tool to set twisted wire pairs into place in keystone female jack or at patch panel or punchdown block o Guidelines: Always use more cable than necessary Test each part of a network as you install it (easier to keep track & replace right away if not functional) Stay at least 3’ away from fluorescent light boxes & other electrical devices that may cause interference Cover cable with cable protector if it must be run across a floor Label both ends of each cable; keep a spreadsheet/record of the labeling scheme Use cable ties to keep cables bundled & neat & under control

Preparin g & crimping Cat5 cabling:

Wiring Keystone Jacks:

Patch Panels: Rear & Front

WIRING DIAGRAM T568B (ATT) T568A (EIA) T568B/ATT T568A/EIA Color Code IDC RJ45 Color Code IDC RJ45 White/ Orange White/ Green Terminal Jack Terminal Jack Orange Green White/ Blue Pin 5 Pin 5 White/ Blue Pin 5 Pin 5 White/ Green White/ Orange Blue Pin 4 Pin 4 Blue Pin 4 Pin 4 White/ Orange Pin 1 Pin 1 White/ Green Pin 1 Pin 1 Blue Blue Orange Pin 2 Pin 2 Green Pin 2 Pin 2 White/ Blue White/ Blue White/ Green Pin 3 Pin 3 White/ Orange Pin 3 Pin 3 Green Orange Green Pin 6 Pin 6 Orange Pin 6 Pin 6 White/ Brown White/ Brown White/ Brown Pin 7 Pin 7 White/ Brown Pin 7 Pin 7 Brown Brown Brown Pin 8 Pin 8 Brown Pin 8 Pin 8

Network Interface Configuration - Workstation Network Interfaces: o PCI Network Interface Card – usually 10/100 o USB converter dongle o PCMCIA card for laptop – usually 10/100 LAN card Dongle extension to RJ-45 keystone – OR – Integrated/onboard dongle on the card itself OTHER TYPES: Wireless; Fiber Optic; Etc… - Configuring the NIC o Lower Layer Configuration: GENERALLY can just plug in the network device & Plug-and-Play will take over, BUT…enerally can just plus in the network device & Plug-and-Play will take over, but be sure to check device compatibility with your OS & download newest applicable device drivers if not included with the device Check Device Manager to be sure all is honky-dory o Upper Layer Configuration – layer 3 & higher Network Connections | Right-Click on the Local Area Connection | Properties | General: • Client for Microsoft Networks • File & Printer Sharing for Microsoft Networks • Internet Protocol (TCP/IP) | Properties | o Obtain IP Address Automatically o Use the following IP address: IP Address: 172.16.3.3 Subnet mask: 255.255.255.0 Default gateway: 172.16.3.2

o Obtain DNS server address automatically o Use the following DNS server addresses: Preferred DNS server: 172.16.3.2 (usually the default gateway) Alternate DNS server: o Advanced…: IP Settings DNS WINS Options: TCP/IP Filtering (firewall essentially) Authentication Tab • Enable IEEE 802.1x authentication for this network o Drop-down menu to select EAP Type & can set Properties • Authenticate as computer when computer information is available • Authenticate as guest when user or computer information is unavailable Advanced Tab • Windows Firewall: Settings o General On (Can also check box to not allow any exceptions) Off (Not recommended unless have another firewall) o Exceptions o Advanced 22. Firewalls & Proxy Services - Overview of Firewalls - Packet Filtering - Proxy Services - Stateful Packet Filtering

OVERVIEW OF FIREWALLS - Firewall – represents system of hardware and/or combination of hardware & software that provides a service: controlling access between two or more (2+) networks or broadcast domains o Zones: Outside corporate network Inside corporate network DMZ = De-Militarized Zone: place for specialized devices with needs for specialized access/security Outside Inside PIX

Internet

- Firewall Services DMZ o Packet Filtering Also known as ACL s ( Access Control Lists ) – limit amount of data or traffic coming into network; permit or deny traffic based on info stored in the header fields– TCP header & IP header Denies everything until you tell it to permit something inbound & outbound ACLs can get verrrrry long & hard to manage Malicious users can still discover what packets meet the firewall criteria & send out arbitrary traffic to hack MTU = maximum transmission unit: very small & fragmented under the IP protocol (for widespread usability, but not too good for security) Packets can still get through by being fragmented Not all services can be packet filtered

e0 e1

Internet

o Proxy Services Proxy server – a firewall that examines packets at higher layers of OSI Model above Network Layer 3 (Transport Layer 4, Session Layer 5, Presentation Layer 6, Application Layer 7) – acts as go extra layer of protection between inside Proxy Services & Policies: Negotiate state of session; Authentication; Authorize what app’s are available, etc. AAA (Authenticate, Authorize, Accounting) Servers are examples of proxy services General definition of proxy services: control upper application layer & usage Caches web pages to reduce traffic & limits types of internet activity (prevent certain type of usage) Proxy server represents a single point of failure for application services, authentication, & authorization policy High degree of performance overhead Not a scalable solution – only for smaller offices PIX

Internet

Proxy Server

o Stateful Packet Filtering– method used by Cisco PIX & others; combo of other two Used by most top of line firewall appliances & software, including Cisco PIX Stores complete session state date in a Flow Table for TCP or UDP in RAM memory on server or router Contains info in the fields of packet headers Firewall generates a “connection object” in memory – a logical object; for the life of the session Connection objects will be compared to flow table & allowed or modified or denied based on policies set by administrator for the different security zones created Functions on packet-by-packet basis –OR- can operate on entire connection between two endpoints Performs better than other methods – can do ACLs & Proxy Services as well Higher end firewalls have more memory, can handle more applications, etc.

- Cisco Private Internet Exchange (PIX) Firewalls o Security appliances built for security & reliable, robust performance o Create security zones via Adaptive Security Algorithm (ASA) o Engines to inspect traffic on Layers 4 – 7 o Provide user-based authentication, rather than having to use a RADIUS server 23. VLANs - LAN Switches o Higher port density than bridges for less money o Allows for fewer users/network segment (collision domain) o Increase avg. available bandwidth per user Micro-segmentation: can generate a private network segment with full access with full bandwidth & no collisions o Layer 2 LAN switch forwards on Layer 2 frame address (MAC Address) o Layer 3 LAN switch can use Layer 2 and/or Layer 3 addressing o LAN Switches – similar to transparent bridges or multiport bridging

- VLANs Defined o VLAN = broadcast domain created inside a switched network o Broadcast domains are boundaries where broadcast frames end (generally) need router to communicate beyond broadcast domain o Switches can support one or more VLANs o Broadcasts from one VLAN never …unless you have a router or a multilayer switch that can do the communicating between VLANs for you!!

- VLAN Advantages: o Broadcast domain segments provide better bandwidth utilization o Isolating users can enhance security for company/network o Flexible deployment/VLAN assignment; based on factors other than physical location i.e., can reallocate ports on switch to be part of different VLANs as needed o Use TRUNKING to connect switches together…

- Switch Port Modes o Access Mode (most common) Switch port belongs to one and ONLY one VLAN Typically, attached to end user devices: server, laptop, printer, etc. o Trunk Mode VLAN-A Can communicate with multiple VLANs & can interconnect switches Multiplexes the traffic between switches carrying multiple VLAN VLAN-B VLAN-B location STILL need to go above Layer 2 & need a Layer 3 device (such as SWIT a router) to have hosts on different VLANs communicate; this ONLY works to have same-VLAN-hosts talking Trunks connect VLANs A/B/C to each other via Trunks

SWIT VLAN-C SWIT VLAN-C - Trunking Protocols o ISL: Inter-Switch Link, Commonly used by Cisco; Used to go above & beyond IEEE 802.1Q o Adds extra 0s & 1s to (encapsulates) frames in order to direct traffic to another part of VLANs Allow for physical expansion of VLANs o NOTE: this still only communicates within the same VLAN!

- Layer 3 (MultiLayer) Switching o Layer 2 Switch with added Layer 3 features Additional software features Manages broadcast/multicast traffic Routing Protocols and QOS (Quality of Service – differentiate & control different types of traffic on network) Access List Security – can filter & block based on Layer 3/4 protocols IP Fragmentation – can connect different types of network topologies o Data flow can bypass routers Can be used for backbone of corporate network Beefed up version of b-router o Uses Store-And-Forward Switching Stores the entire frame, analyzes, and then sends out Differs from cut-through & fragment-free switching…Store-And-Forward largely used across the board now 24. Intranets & Extranets - INTRANETS o Definition : a LAN or a series of LANs connected via high bandwidth exclusively inside an organization for internal collaboration & productivity Use same TCP/IP protocols for intranet as for internet Set behind firewall to keep intranet safe from outside access

- Characteristics & Applications of Intranets : o Web-based collaboration & productivity tools o Document management (web folders, public folders) o CMS (content management systems) o Online Calendars o Group scheduling o Bulletin boards o IMing o Task/Project management, DSS (decision support systems used by management) o HR Management o Web/AV conferencing o Training, continuing education o Web data & raw data management o QOS & traffic separation for data, telephony, etc.

- Extranet : two or more intranets connected between & created by two different entities o Uses public internet to connect different intranets o Can use dedicated lease lines -OR- virtual private networking (VPNs) for connection between intranets VPN: can create tunnel via Point to Point tunneling protocol, Layer 2 Tunneling protocol, IP Sec o Great for communicating with: Strategic partners Key vendors Preferred customers Transitional mergers Transitional acquisition R&D partnership

25. Antivirus Protection - What is a Computer Virus?? o Virus: program or chunk of code that reproduces its code (self-duplicates) by linking itself to Common Executable File Extensions: another executable file ADE Microsoft Access Project File Can insert code at front, middle, wherever…or can redirect to another file/part of HD ADP Microsoft Access Project Virus is run when the file is executed BAS Visual Basic Class Module o BAT Batch file Goal: to reproduce without permission or knowledge of the end-user CHM Com piled HTML Help File o Two Phases: CMD Windows NT Command Script Infection: reproduces on your system COM MS -DOS application Attack (optional) CPL Control Panel Extension Worm: Infection & attack without damage CRT Security Certificate o DLL Dynamic Link Library Executables: .exe; .com; etc…. DO* Word Documents & Templates See table at right for list of some common executables you should NEVER run from an EXE Application email attachment unless you’re expecting them & know the sender HLP Windows Help File HTA HTML Applications - Other Types of Malware INF Setup Information File o INS Internet Communication Settings Worms: are standalone programs, but unlike viruses, don’t require host code to spread ISP Internet Communication Settings themselves JS Jscript File o Wabbits: self-replicating; don’t infect host programs or documents; example: Fork Bomb JSE Jscript Encoded Script File o Trojans: disguised as legitimate software; do NOT replicate themselves; usually attached to LNK Shortcut adware & spyware MBD Microsoft Access Application o Backdoors: chunk of software code that allows access to your computer by bypassing MDE Microsoft Access MDE Database MSC Microsoft Common Con sole Doc. typical authentication procedures MSI Windows Installer Package Backdoor Trojan; backdoor worms MSP Windows Installer Patch Also called “Ratware” MST Visual Test Source File o Spyware: collects & sends info back to a website; i.e., browsing patterns, credit card OCX ActiveX Objects numbers, etc.; beware of P2P sharing & shareware with spyware!!!! PCD Photo CD Image o PIF Shortcut to MD -DOS Program Exploits: software code that attacks a security vulnerability on your system, routers, etc. POT PowerPoint Templates o Rootkits: (aka stealth rootkit, backdoor rootkit) code inserted into system by a hacker to give PPT PowerPoint Files root access to the operating system; can also be backdoors or open backdoors for later REG Registration Entries access; REALLY hard to detect SCR Scree n Saver o Keyloggers: software that copies/tracks/stores user’s keystrokes; gives access to SCT Windows Script Component ANYTHING you type: pin, passwords, etc. SHB Document Shortcut File o SHS Shell Scrap Object Dialers: replaces phone numbers in dial-modem’s connection software; usually replaces SYS System Config/Driver with 900 numbers, etc.; can also be used to dial-out & send out keylogger info, etc. URL Internet Shortcut o URL Injection: changes browser’s behavior to other domains than what you’ve typed in (Uniform Resource Locator) VB VBScript File - Characteristics of AntiVirus Software VBE VBScript Encoded Script File o VBS VBScript Script File How AV Software Works: WSC Window s Script Component Inspects memory WSF Windows Script File Looks for signatures WHS Windows Scripting Host Settings File Checks before opening files XL* Excel Files & Templates Notifies when malware detected – ALARM!!

o AV Process: Source System Source System: can be email, web page, floppy, etc. Interception: done by Virus Scan Engine Destination Alerts: logs, reports, pages, emails, etc. System Interception

Disinfection - Virus Scanning Engines o Virus Scan Engines use two basic methods: Compares virus signatures to a database, typically Alert updated periodically from vendor’s website Heuristic Scanning – scans for patterns of activity o Permanent Protection: essential but complicated and take more resources o On-Demand scans: require user intervention; only scans when user scans

26. Fault Tolerance & Disaster Recovery - Fault Tolerance o Fault Tolerance = ability of a system to continue to operate (at least to some degree) when some of the components fail o Necessary for high-availability (network backbone, email/web servers, etc.) or life-critical equipment o Can also apply to protocols, i.e., TCP retransmitting lost packets/guaranteed delivery o Necessary to anticipate possible failures in order to implement fault tolerance properly

- Fault Tolerance: Power! o Power Supplies – (usually more of a disaster recovery thing, but good to have spares); some mission-critical devices have bays for modular additional/backup power supplies o UPS: Uninterruptable Power Supply Backup continuous power; provides emergency power & surge protection UPS uses/gets commercial power Internal batteries; need maintenance Long enough for server shutdown at a minimum Goal: prevent hardware damage & prevent data loss o Backup Power Generators – run on gas & can keep things going for hours

- Fault Tolerance: Links & Network Channels o Multiple ISPs with different connections to backbone of network o Link (dial-up?) and protocol (BGP) redundancy to ISP BGP: border gateway protocol; can do BGP multihoming too… o Multi-homed network devices Switches, routers, VPN concentrators, etc. o Fault Tolerant Adapters Adapter load balancing / adapter teaming, aka, port aggregation Microsoft has NLB (Net Load Balance) Cards are configured to distribute load between cards Fast Ethernet = 100Mbps; Gigabit Ethernet = 1000 Mbps Great solution for large corporate environments More info on fault tolerant adapters: www.networkcomputing.com

- Fault Tolerance: Storage o Storage fault tolerance is usually done via duplication o Replication Services Simplest method; i.e., MS Exchange can replicate areas of web server to other servers, SQL databases… Basically, a scheduled copy of data to other locations/servers o Redundancy Method More powerful; multiple identical instances of same data/component/system & be able to hot swap to those other instances RAID – redundant array of inexpensive disks o Server Clustering Clustering = 2+ devices (i.e. file server, web server) pooled together & presented as a single server with a single IP address Helps distribute load across multiple servers & keep things rolling if one device fails Great web services solution for redundancy, load balancing, etc. o Storage Area Networking (SAN) Very popular for enterprise storage Attach disk array controllers & tape libraries to servers over fiber channel technology, SCSI or … iSCSI: leverages existing TCP/IP over Fast/ GigabitE switches, provides SAN as well = redundancy & high-speed networking! o Network Attached Storage Similar to SAN, but allows many computers to access the same set of files on the network Multiple units can share same storage area with less overhead than SAN

- Fault Tolerant Services o Active/Active Clustering Have several nodes/servers as part of a cluster (up to 8 depending on hardware/software chosen) All active & sharing load of processing client requests FTP requests, WWW requests, etc. If one node goes down, the others pick up the slack o Active/Passive Clustering Cluster of servers where one or more are on standby, able to be brought up online if an active node goes down o Hot Standby Clustering Have more than one failover server as backup on standby, gets consolidated to one single hot-standby node which you can bring on line if needed to take over for a failed server in the cluster o Network Load Balancing Aggregation or adapter teaming Software component of Windows 2000/2003; provides failover support for app’s & network services running on IP networks i.e., if running IIS, can run NLB to run up to 32 servers to balance load & provide failover services

- Disaster Recovery: Backup & Restore o Part of Security Plan! Secure your data!!!! Lots of good software to backup PCs, Servers, configuration files for other hardware, etc. o XP: Accessories | System Tools | Backup - Disaster Recovery: Offsite Storage o Take tapes/backup media offsite for storage – either use a service or take it home… o BUT can do Backup to Offsite Location via VPN too!!

- Disaster Recovery: Hot/Cold Spares o Hot Spares Extra unused component in standby mode Usually setup so occur without shutdown of server or device AND/OR without administrative intervention Most RAID arrays use hot spare drives Also seen on higher-end routers, MLS (multi-layer switches), VPNs, firewall appliances o Cold Spares Extra part which is not already running & ready to go Generally requires a shutdown or interruption of service, etc.

- Disaster Recovery: Hot/Warm/Cold Sites o Hot Site: $$$$$ Usually a hot-standby data center and/or office facility Able to handle full failover solution for entire business or organization in case of catastrophic event o Warm Site: $$$ Partly equipped, without live data – SOOOO will need to update data o Cold Site: $ Air conditioned/heated, electrically prepared building/facility without equipment or communication links

27. Troubleshooting Strategies Refresher on the OSI Layers… The Scribe Application Layer - Provides file, print, message services. - Protocols for service usage & advertisement. - Window for users & applications to access network services. The Royal Presentation - Provides data translation – typically part of OS. Translator - Converts inbound & outbound data from one format to another. - Also handles syntax, compression & encryption. The Broker Session - Establishes communication sessions between network devices. - Handles dialog control & coordinates sessions and connections, i.e., decides whether duplex, half-duplex, etc. The Middle Transport - Ensures data deliverability & reliability & priority. Manager - Maintains data integrity. - Makes sure that packets are ordered & that there is no loss/duplication. OSILAYERS The Map Maker Network - Responsible for routing & forwarding data packets. - Controls packet on basis of network state, priority, & quality of service, etc. The Royal Data link - Provides error -free transmission of data frames. Horsemen - Sends frames from network to physical layer. - Converts raw bits into frames & vice-versa. The King’s Road Physical - Packages & transmits bits on the physical media. *Includes encoding & functions at the mechanical and electrical level.

Troubleshooting Strategies - Define the Problem 1. DEFINE THE PROBLEM o Know your network Make a plan 2. GATHER DATA Know your network - Document the infrastructure! Create a baseline of activity (i.e., get to know regular activity so you can 3. ISOLATE THE PROBLEM identify anomalies when they happen) o Problems typically become known via user input or software alerts 4. FORMULATE A PLAN OF ACTION o Some companies have total network management systems o Develop a quick concise problem statement, based on problem type: 5. IMPLEMENT A SOLUTION Configuration, i.e. change software settings, services, etc. Break-Fix, i.e. bad media/interface, PSU bad, OS, malware, etc. 6. OBSERVE THE RESULTS o Focus thought on obvious possible causes – DON’T PANIC!! o Fully document the symptoms 7. IS THE REPEAT DOCUMENT YES PROBLEM NO THE - Gathering Data & Collecting Information THE FACTS SOLVED? PROCESS o Question the users: When did it first occur, how often? What are the effects? Is it reproducible, i.e., is it a consistent problem? Have there been any recent changes? Hardware, software, settings, server updates, etc. o Collect data from all sources if available… Ask coworkers, check existing documentation on previous problems Network management services Logs, analyzer traces: system logs, event viewer Show & debug commands Troubleshooting tools

- Isolate the Problem o Divide & Conquer! …based on modular network design, i.e. end user access, server module, WAN module, VPN module, etc. o Know your network and its isolation boundaries o Focus on relevant things: prioritize your fires!! o Eliminate unnecessary information o Rule out causes one at a time via a regular, logical process of elimination

- Formulate a Plan of Action o Attack the most probable, obvious cause first o Be ready to change only ONE variable at a time o Document the steps for recovery purposes (so you can undo whatever you just did & try something else) o Know when to say when – cry “uncle” if necessary… o Bring in expert consultants if necessary

- Implement A Solution o Apply your configuration change or your break-fix…Be sure to document your implementation!!!!

- Observe The Results o Questions to ask yourself: Did you follow logical repeatable steps? Did you make the problem worse or cause other trouble? Did you have minimal impact on users? Did your actions cause security vulnerability? Have back-up configurations, data backup, redundancy, etc.

- Successful? YES – then document the facts!

- Successful? NO – repeat the process… o Go back to Step 4 & formulate another plan of action Don’t assume that you isolated the wrong problem, try another solution or tool first o If make several attempts & still not having success, then go back to Step 2 – gather more data

- Additional resources for troubleshooting o FREE Internetwork Troubleshooting Handbook from Cisco www.cisco.com/univercd/cc/td/doc/cisintwk/itg_v1/ 28. Troubleshooting Utilities PING o PING = Packet INternet Groper; Works like sonar o Unix tool to test network connectivity & to verify a host exists o Linux: |usr|sbin|ping ping 192.168.100.1 Examples: o Windows: Command Prompt…C:\ > Ping /? (lists out available switches) Ping 192.0.0.1 o NOTE: if RTT are in triple digits, have congested network – try TRACERT to figure out where the bottleneck is Ping myserver1 o NOTE: if request timed out, try TRACERT to determine where the signal is getting dropped… PING Process: o ICMP type 9 echo request packet will be sent do the address being pinged o Then ARP kicks in & requests the destination hardware address from the pinged address o ARP server replies & says ‘my MAC address is…” o ICMP packet is cached on local machine making the ping request o ICMP echo request is sent to the destination machine o Pinged machine responds back PING Logic… o Start with loopback address: 127.0.0.1 – if fail, something wrong with TCP/IP configuration o Next, ping own IP address, i.e. 192.168.0.12 – if successful, have proper IP address bound to network interface card; if fail, either have wrong IP address OR have APIPA address o Then try pinging a “ neighbor ”, i.e. 192.168.0.15 – if fail, something wrong with neighbor’s physical connection media, switch, neighbor’s configuration, may be using VLAN… o Next try pinging local gateway or router , i.e. 192.168.0.1 – if success, then you can ping beyond LAN o Then try DNS server or ISP provider , i.e. 68.2.208.45, etc. TRACERT/ o Purpose is to discovery the routing path to remote host, OR figure out where congestion/packet dropping is occurring TRACEROUTE o Uses TTL (Time To Live) values & ICMP Type 11 packets o Traces route of a packet from router to router until reaches destination o Unix/Linus uses UDP Port 33434 Examples : o Utility can also use ICMP Echo Request Type 8 (ie., Windows TRACERT) tracert 68.0.0.1 o NOTE: Some firewalls block UDP probes but allow ICMP echo requests, so best used locally on LAN tracert mysrvr1 o Windows: Command Prompt…C:\> tracert 68.1.17.9…goes up to 30 hops & shows in between routers & RTTs for each of three packets sent, shows “trace complete” message when gets to address entered o Helpful to find out where packets are dropped if try to PING an address – i.e., shows which router blocks pings… o CTRL+C = stop the tracert HOW TRACERT WORKS: o Local host sends three datagrams, with header info containing TTL of 1 – sent to very first router & will time out, sending back ICMP Time Exceeded message; get some RTT info from the first step o Next, TTL of 2 & goes to 2 nd router; then TTL of 3 to 3 rd router; and so on… ARP o Used to troubleshoot MAC address o Can view & modify arp table entries on local computer; also shows IP addresses to MAC addresses Examples: o arp-a Shows ARP cache entries arp –a o arp-a flushes the ARP cache arp –g o arp-s manually adds entries o arp –na (Linux) shows neighbor address NETSTAT o “Network Statistics” o Lists active inbound & outbound TCP/IP connections; can be used to see if an intruder is connected to you via a TCP or UDP port Examples: o Available on Unix/Linux/Windows netstat -a o Data Includes: local/remote IP addresses; ports being used; TCP status codes o netstat –a (-a is for ALL): lists out active connections by protocol; TCP then UDP o netstat –r : shows all TCP/IP connections PLUS the local routing table NBSTAT o Helpful in Windows NT environment, not useful on Windows 2000 & beyond o Shows NetBIOS over TCP/IP statistics Examples: o Helpful in WINS environments nbstat –a srvr01 o Displays NetBIOS name table with list of NetBIOS applications & other info nbstat –a x.x.x.x o View & modify NetBIOS name cache & get MAC address of any Windows computer o NBSTAT –a xxx.xxx.xxx.xxx: show NetBIOS name table of a remote computer o NBSTAT –c: shows contents of NetBIOS name cache o NBSTAT –n: shows NetBIOS name table of local computer IPCONFIG/ o Monitors and controls network connections; shows TCP/IP configuration info on Windows NT+ computer IFCONFIG o IPCONFIG = NT/2000/2003/XP; IFCONFIG = Unix/Linux; WINIPCFG = GUI tool equivalent, Win98 & ME o /all = see all IPCONFIG info o /release = release DHCP server lease; /renew = renew DHCP server lease o ifconfig –a = linux/unix version of ipconfig /all WINIPCFG o Graphical version, available in Windows 9x… NSLOOKUP o Name Server Lookup, look up IP address of host o Basic test of domain name service…in Windows: C:\> nslookup www.cbtnuggets.com...shows IP address o Flawed tool at best, not used very much….replaced by: o NETDIG from http://mvptools.com for better results 29. Physical Network Troubleshooting - Identifying Physical Problems o ALWAYS check the physical first – very early in the troubleshooting process o An ounce of prevention = a pound of cure! …I.e., test each cable connection, wall jack, etc. WHEN INSTALLED!! o Eliminate the possibilities – divide & conquer (figure out what “zones” are accessible & go from there) o Common media problems: keep away from things that cause electrical interference &/or interfering wireless signals KEY suggestion – get yourself a cable tester Most indicators have indicators such as “open”, “short”, “intermittent”, “high resistance” “Open” = cable disconnected or missing between 2 end points Check physical connections – fully inserted? Ends look ok/healthy? Dongle ok? Behind wallplate look ok? Server closet ok? If get Open, Intermittent Open, or High Resistance, common causes are: • Wire insulation is caught in crimp termination due to poor crimping technique • Loose crimps: including those caused by missing strands of wire • Deformed/damaged/worn contacts – either from bad crimping or just over time… • Contacts aren’t fully mating because connector isn’t housed properly • Cable/connector mismatch • All strands broken – can be result of excessive crimp force • Insulation fails to properly separate points that you don’t want connected o Remember your topology! (Adjust according to token ring, Ethernet, FDDI, etc.) Check connectivity to workstation & the intermediary device (hubs, concentrators)

- Cable Testers o Indicate wiring faults: Open/broken wires; wire shorts; crossed/reversed pairs o Support twisted pair, coax, fiber o Advanced testers can do Layers 1-4 of OSI (although $$$$$$$$$$$) o Indicates where fault is (measured in meters or feet)

- Qualification tester o Tests network speed o Also locates trouble spots o Main goal is to determine if cabling supports network load?? o Especially important with multimedia, VOIP, streaming…

- Tone Generator o “Fox & Hound” trace from cable end-to-end over ceilings & ducts o Great for large cable bundles to locate cables & isolate cables o Validates initial twisted pair installation o Can diagnose & troubleshoot

- Interpreting LED Indicators, some examples… o Check LED indicator on NIC, switch port, router port ON: usually green; have active connection between NIC & hub/switch/intermediary device OFF: no connection between NIC & hub (check cable, hub & ports, NIC, drivers for NIC) FLASHING: reversed cable polarity (replace cable) o Switch LEDs at ports: 100Mbps LED: usually GREEN; if OFF, operating at 10Mbps…if ON, then FastEthernet ACT(ivity) LED: usually YELLOW; if ON (or flashing) then ok; if OFF, problem with cable or port or device Link LED: usually GREEN; ON, then have a link to device; if OFF, then no connection between port & end device o Modem LEDs: ISDN modem module, external dial up modem, external DSL/Cable modem Power: obvious… Cable/DSL/service: if flashing or dark, no stable connectivity Ethernet: if Ethernet connection is detected, i.e., router or direct connection to PC Activity o VPN Concentrators & other high-end devices: System: indicates OS is up & running Ethernet Link Status: shows which links are up & running Expansion modules: insertion status & run status Fan Status Power supplies Performance LEDs: CPU utilization, active sessions, throughputs 30. Troubleshooting in Client/Server Environments - Questions to ask customers/users o Is this a new system? Has it ever worked properly? o Has anything changed since it was last working? New hardware, software, settings? o May I sit in the driver’s seat & take a look for myself?

- Troubleshooting Scenario 1 : VP of customer service says his workstation can’t connect to network, network resources/services o Check physical connections first o Test TCP/IP connectivity Ping loopback address: ping localhost (or ping 127.0.0.1) Ping local IP address(es) for NIC(s): ping 172.16.3.3 OR - Ipconfig /all & skip steps 1 & 2…check IP addresses, subnet mask, gateway, DNS Ping local gateway: ping 172.16.3.10 • If request timed out, do IPCONFIG /ALL & check configuration • If do IPCONFIG /ALL & see adapter being recognized & not using DHCP & have 0.0.0.0 for IP address and gateway, you probably have an IP address overlap, might have duplicate IP address or someone’s running rogue DHCP! • If see 169.254.x.x. address = APIPA (automatic private IP addressing) address – self-assigned when no DHCP server found Ping local server: ping 172.16.3.1 Ping local neighbor: ping 172.16.3.4 o Check TCP/IP settings: Start | My Network Places | Right Click | Properties | right click Local Area Connection | Properties | Click on “Internet Protocol (TCP/IP) | Properties If “Obtain an IP address automatically” is selected & no DHCP is available, will get an APIPA address If “Use the following IP address” is selected NOTE: if assigning static IP, select addresses outside of range used by DHCP (generally 100-199) Can obtain DNS server address automatically OR select “Use the following DNS server addresses” Click on ALTERNATE CONFIGURATION tab for further choices…not available on all connections… o IF configuring LAN connection’s TCP/IP connectivity & see error: “The static IP address that was just configured is already in use on the network. Please reconfigure a different IP address” Often happens on a network with both DHCP & static/manual o Try renewing IP address ipconfig /release & ipconfig /renew & ipconfig /all to check all is well… o Check other settings: Start | My Network Places | Right Click | Properties | right click Local Area Connection | Properties | Make sure you have a client listed, i.e. Client for Microsoft Networks File & Printer Sharing for Microsoft Networks: usually turned off in corp. environments for security & to encourage network storage Internet Protocol (TCP/IP) | Properties | Advanced | Options | TCP/IP filtering…click on Properties | • Enable/disable TCP/IP filtering (all adapters) • Permit all / Permit Only TCP Ports – UDP Ports – IP Ports o Check for third party applications that may be causing the problem, i.e. Firewall or AntiVirus Suite that may be blocking ports/protocols o Check Name Resolution mechanisms: Hosts file – still used on Linux/Unix systems; exists by default by Microsoft TCP/IP to integrate with Unix/Linux systems & uses NetBIOS over TCP/IP (NetBT) to support NetBIOS method of name resolution for pre-Win2K LMHOSTS file – found in C:\Windows\system32\drivers\etc\ (also find hosts file here); # indicates remarks WINS: used in routed networks; primary service used for NetBIOS name resolution; uses LMHOSTS file; being used alone or in conjunction with DNS server? • If using WINS, check LMHOSTS file, hosts file, check TCP/IP configuration & check on WINS tab in advanced settings • Can use & check DHCP from the server side: Programs | Administrative Tools | DHCP manager tool | • DHCP | ServerName | - pane at right shows contents of DHCP Server & Status (i.e., Active) & Description • DHCP | ServerName | - right click on ServerName & can stop/start/pause/restart service • DHCP | ServerName| Scope | Address Pool – shows Start IP address & End IP Address & Description • DHCP | ServerName| Scope | Scope Options – right click & select “Configure Options”, to set router/dns/wins/etc. • DHCP | ServerName| Server Options | Check on WINS Server on server side: Start | Programs | Administrative Tools | WINS… DNS: Domain Name Services; check configuration on server • Start | Programs | Administrative Tools | DNS • DNS | DNSSrvrName | Forward Lookup Zones | - right pane shows Name, Type (i.e. Active Directory-integrated) & Status • DNS | DNSSrvrName | Forward Lookup Zones | . | com | zone name – are there records there for all objects that need to have fully qualified domain names resolved to IP addresses??? • NOTE: if can ping by host name, then do NOT have DNS problem; if unable to ping, check DNS database/configuration Dynamic DNS Check IIS if more than one computer is having issues… Start | Programs | Administrative Tools | Internet Information Services Also check Routing & Remote Access, Internet Authentication Services…