Comptia Net+ Notes
Comptia Net+ Notes
OSI Model
2.Transport layer = includes TCP and UDP and provides TCP Error Recovery
TCP:
UDP:
-windowing
-no windowing
-connection oriented (SYN-ACK)
-connectionless
-guarantees delivery
-best effort delivery
-error detection
-no error detection
3way handshake = when ports are of different speed (1.SYN 2.SYN/ACK 3.ACK)
ISN = initial sequence number
flow control = raise/lower window size
7.Application = where user interacts with the network, makes sure the remote
communication partner is available, ensures that both ends agree on the rules, what we see
6.Presentation = how should data be presented (encryption and encoding)? SSL/TLS
5.Session = manager of data transfer process, handles creation, maintenance & teardown of
communication channel, half-duplex, duplex, tunneling protocols
4.Transport (segments) = establish logical end2end connection (tcp,udp)
3.Network (packets) = what valid paths exists from A to B? what path is best? router, ip
2.Data Link (frames=1500bytes) = switches, ethernet, hdlc, ppp, fr, mac, fcs
1.Physical (bits) = ones and zeroes, cables, signals, connectors, hubs, NIC
-prevents EMI
-pair of fibers (one for sending, one for receiving)
-most common size is 62.5/125microm
-MMF (multimode fiber, 850nm) = fiber optic that uses LED (modal distortion)
-SMF (single mode fiber, 1310 or 1550nm) = fiber optic that uses lasers
-susceptible to light leakage, modal distortion, attenuation
4.Serial
-RS232, 9pin male DB9 connector
2.Twisted Pair
-STP (shielded) = reduces crosstalk (lights, electric motors)
-UTP (unshielded) = no protection, most common, CAT ratings, 100m max
5.Parallel
-P2P topology, 2Mbps, 25pin female DB connector
CAT Rating
Max frequency
Max Bandwidth
Status with TIA/EIA
CAT 1
< 1 MHz
Analog phone lines No longer recognized
CAT 2
4 MHz
4 Mbps
No longer recognized
CAT 3
16 MHz
16 mbps
Recognized
CAT 4
20 MHz
20 Mbps
No longer recognized
CAT 5
100 MHz
100 Mbps
No longer recognized
CAT 5e
100 MHz
1000 Mbps
Recognized
CAT 6
250 MHz
1000 Mbps
Recognized
CAT 6a
500 MHz
10 Gbps
Recognized
Telecommunication room (IDF) = all cables go here
Main distribution frame (MDF) = room with all the equipment (demarc, telco, lan...)
Run = single horizontal cable
UTP cable:
-solid core (better conductor, brakes easily)
-stranded core (resistant to breaking)
1U = 1.75inchnes
Patch panel = box with a row of female connectors (ports) in the front (110block most used)
Patch cable = short stranded UTP cable
Demarc = diving line of responsibility
NIU (network interface unit) = model, a demarc point in personal home
Smart jacks = used for loop testing
Cable drop = where cable comes out of the wall
Multimeter = testing continuity (0 ohm = conn, infinite ohm = no conn)
Cable tester (wiremap) = shorts, crossed wires
6.FireWire
-P2P topology, 800 Mbps
L2 - ETHERNET BASICS
Ethernet = wired only LAN standards that define (by IEEE) physical and data link layers
WLAN = IEEE 802.11
Crossover cable: If the endpoints transmit on the same pin pair
Straight Through cable: If the endpoints transmit on different pin pairs (conn 2 hubs)
Attenuation = signal breaking as it travels
Repeater = creates clear copy of the signal (Hub)
CSMA/CD (802.3)
-examines the cable before sending the frame
-detects traffic, waits a few milliseconds (generates random #), rechecks, sends out frame
-max 10% is acceptable
Crossover cable
-used for connecting hubs together
-has reversed pins
STP (Spanning Tree Protocol) = 802.1D
-prevents loops (detects and blocks the loop port)
Troubleshooting
-light off = fault port
ETHERNET NETWORKS
10BASE-T = CAT3 UTP cable, RJ45 connector, uses two pairs only (1,2 send - 3,6 receive)
baseband, star-bus topology (physical star, logical bus)
10BASE-FL = fiber optic, 2km max, prevents EMI and crosstalk, MMF, SC or ST connector
100BASE-T4 = CAT3, retired
100BASE-TX (100BASE-T) = CAT5, star-bus topology, 1024 nodes, UTP or STP with RJ45
100BASE-FX = 802.3, fiber-optic, MMF, SC or ST connector, star-bus, 2km, 1024 nodes
1000BASE-T = CAT5e/6, 4pair, RJ45, 200m
1000BASE-X = 4pair UTP or STP, 100m max
1000BASE-CX = twinaxial cable, 150ohm, 25m, copper
1000BASE-SX = fiber-optic cable, MMF, 220-500m, SC connector
1000BASE-LX = SMF, LC or SC
10GBASE-SR = S (short wavelength), R (LAN), 26-300m
10GBASE-SW = W (SONET/WAN), 26-300m
10GBASE-Lx = L (long wavelength), 10km
10GBASE-Ex = X (extra long wavelength), 40km
SFF (Small Form Factor) = new fiber connector
MT-RJ (Mechanical transfer Registered Jack) = new fiber connector
L3 - TCP/IP BASIC
IP = works at Internet layer on TCP/IP model (IPv4, IPv6, ICMP), 32bits
Packet to LAN = needs MAC and IP (sends ARP)
Packet to WAN = sends to default gateway (router)
RARP = was used for get L3 address when MAC was known
IP Header:
TCP:
-windowing
-connection oriented (SYN-ACK)
-guarantees delivery
-error detection
UDP:
-no windowing
-connectionless
-best effort delivery
-no error detection
TCP Header:
ROUTING
Default route = what to do in case the route is not in the table
Print routing table = netstat -r OR route print
Directed broadcast = broadcast for a specific subnet
No gateway = if the gateway is the same as the NIC address, it means NO gateway
NAT = enables private addresses to connect to the internet
replaces the Source IP with its outside interface address on outgoing packets
PAT = NAT for one2many connection, uses port numbers to map traffic from hosts
works only for outgoing connections
Port Forwarding = used for incoming connections
Metrics: MTU, Cost, Bandwidth, Latency, Hop Count, Load, Packet Loss, Reliability, Speed
Routing protocols:
1.Distance Vector Protocol
-calculates total cost and compares it to total costs of other routes pointing to the network
-transmits entire routing table to other routers in the WAN
-has a max hops for sending its routing table
-deletes all except the route with the lowest cost
-convergence = when table updating between routers is completed
-works fine with less than 10 routers
a) RIPv1
-IGP (interior gateway protocol)
-max hop count of 15, dynamic
-sends out update every 30s
-cant use VLSM (variable-length subnet masks)
-no authentication
-single hop cost is 1
b) RIPv2
-IGP (interior gateway protocol)
-added VLSM
-added authentication
c) BGP
-BGP
-connecting all AS together
-configured manually, very reliable
-AS = one or more networks governed by a single dynamic routing protocol
uses ASN (1.33428) instead of an IP address
2.Link State
-advertises changes only as they appear
a) OSPF
-IGP (interior gateway protocol)
-fast convergence (dynamic protocol)
-used internally in an AS
-sends out LSA (link state advertisement) or hello packets looking for other routers
-after convergence, sends out hello packets every 30min
-hop cost is based on the link speed
-assigned area IDs that look like IP addresses (area 0 = backbone = most important area)
-DR (designated router) = relays information to all other routers in the network
-BDR (backup designated router) = backup DR
-if link broken, sends out alert packet and corrects the path
-prevents loops
-supports authentication
b) IS-IS
-IGP
-similar to OSPF
-sends only updates
-supports IPv6
3.Hybrid
a) EIGRP
-IGP (interior gateway protocol)
-Cisco proprietary (metrics: total delay, min bw, reliability, load, mtu)
-supports (ip, ipx, appletalk), uses DUAL, RTP
Connecting to a router:
-rollover or Yost cable to serial port
-basic settings:
9600 baud
8 data bits
1 stop bit
No parity
Troubleshooting: tracert, mtr / pathping
L4 - TCP/IP APPLICATIONS
Session = connection between two computers
SESSION START
SESSION END
21 ftp-control
43 whois
79 finger
115 simple ftp
143 imap4
389 ldap
873 rsync
995 pop3s
DNS
FQDN = name.host OR www.domain.com
Zone = container for a single domain
Record = single line
DNS name limit = 255 chars
SOA = single zone for all host names on the domain
FQDN cache = ipconfig /displaydns
Delete cache = ipconfig /flushdns
AAAA = IPv6 address
CNAME (alias) = host.domain.
SECURING TCP/IP
1.Encryption
-scrambling/descrambing, mixing up, changing data
-cipher = algorithm run to encrypt data
-symmetric encryption = DES, 3DES, IDEA, Blowfish, RC4, AES
-asymmetric encryption = RSA
Authentication standards:
-PPP = point2point connection, five phases:
1.Link dead = modem is off, no link
2.Link establishment = LCP communicates with LCP on another side
3.Authentication = user/pass login
4.Network layer protocol = TCP/IP, NetWare IPX/SPX, NetBEUI
5.Termination = link closed
2.Nonrepudiation
-uses two methods to authenticate:
-guaranteed the data is unchanged and that it came from the source
-hash = math function run on data that result in checksum (MD5, CRAM-MD5, SHA-1, SHA-2) 1.PAP = transmits username and password in plaintext
-digital signatures = PKI (certificates)
2.CHAP = hash-based, prevents man-in-the-middle attacks (MS-CHAP most secure)
3.Authentication
-verify user accessing
4.Authorization
-permissions and user groups
-ACL = list of permissions
ACL Access Models:
a) Mandatory
-every resource is assigned a label that defines the security level (MAC)
b) Discretionary
-resource has an owner that can assign access to that resource
c) Role Based
-defines user access based on the roles, most popular
L7 - SSL/TLS and others
L6,5,4,1 - no encryption
L3 - IPSec
L2 - proprietary encryption devices
Encryption standards:
-SSH = uses PKI (RSA), used as a tunnel
Hybrid:
-SSL/TLS = created by Netscape, TLS today
-IPSec = works at L3/Network, transport (payload encrypted) & tunnel mode (all encrypted)
protocols that work with IPSec: AH, ESP, ISAKMP, IKE, KINK
L2TP VPN
-Cisco proprietary
-server endpoint is a router, not software
-supports different connections (ethernet, telephone...)
-site2site connection = two LANs functioning as a single network
-no auth, no encryption
SSL VPN
-works at Application Layer
1.SSL Portal VPN = client accesses the VPN and is presented with a secure web page
2.SSL Tunnel VPN = client web browser runs active control (java,fash) and has better access
OpenVPN
IPSec VPN (Cisco Easy VPN)
IPv6
-no more NAT (every IP is routable)
Link-local Address
-DHCPv6 = a)stateful (passing IP and subnets) b)stateless mode (passing optional information) -when PC boots up, it gives itself a link-local address (lika APIPA)
-AAAA = DNS A records
-First 64bit of link-local is always FE80::/64
-IPv6 tunnels = 6to4 (2000:/16), 6in4 (can go through NAT), Taredo (xp,vista,7), ISATAP (adds -Last 64bit are EUI-64 (generated by NIC)
-no need for DHCP or broadcast
IPv4 address at the end of IPv6
-link-local is a unicast address
-tunnel broker = creates tunnel and offers custom-made endpoint client, to use
-max subnet is /64
Notation
-128bit hexadecimal (48bit from upstream router+16bit subnet from default gateway+EUI64) Multicast, Anycast
-double colons and leading zeroes
-uses multicast (FF02::1 - All nodes, FF02::2 - All routers, FF02::1 :FFXX:XXXX - Solicited-Node)
-CIDR subnet masks
-anycast = gives a cluster of computers one IP, routers use BGP to find closest one, sends pckt
Aggregation
-every router underneath another uses a subset of that routers existing routes
Global Address
-used to connect to the internet
-on boot PC sends a solicitation msg FF02::2 looking for a router
-router sends back IP and Subnet
REMOTE CONNECTIVITY
TELEPHONY
modulator = converts digital signal to analog
demodulator = converts analog signal to digital
modem = does both
DS0 = makes up simple data stream of digital part of the telephone system
T-carrier = digital trunks carrier used by phone industry
CSU/DSU = connects leased T1 or T3 lines from telco to customer
CSU = protects the line from lightning striking and EMI
DSU = supplies timing to each port
Demarc (NIU)= line of responsibility
BERT (Bit Error Rate Test) = verifies T1 connection from end2end
T1 = 1.544 Mbps (25 64Kbps DS0 channels)
-point2point connection
-shielded, two-pair cable
-CSU/DSU
-DS1 signaling method = framing bit + 24 chans (1 chan = 8bit DS0 = 193bits/DS1 frame)
-TDM = process of having frames, that carry a portion of every channel, in every frame sent
2.DSL
-fully digital, RJ-11 and RJ-45 connector
-must be 18,000 feet or 5.5km from the central switch
SONET
-DSLAM = connects multiple customers to the internet
-primary standard for WAN connections
a)SDSL (Symmetric)
-defines interface standards at the L1 and L2
-same dl/ul speed (up to 15 Mbps)
-ring is fault-tolerant
-expensive
-multiplexing = combines DS1, DS3, E1 signals into single SONET frame
b)ASDL (Asymmetric)
-uses STS signal method (payload + overhead)
-different dl/ul speed (dl < 15 mbps, ul < 1 Mbps)
-suitable for SOHO
OC
c)VDSL (Very High Bitrate)
-describes speed, designed to meet the needs of corporations
- same ul/dl speed (up to 100 Mbps = < 300m)
-WDM = enables individual SMF to carry multiple signals by giving each signal diff wavelength -copper lines and fiber-optic
-most expensive
SONET Level
Line Speed
Signal Method
OC-1
51.85 mbps
STS-1
3.CABLE MODEMS
OC-3
155.52 Mbps
STS-3
-coax cable (5-100Mbps/2-10Mbps)
OC-12
622.08 Mbps
STS-12
-BNC and RJ-45
OC-24
1.244 Gbps
STS-24
-DOCSIS 3.0 = increases transmission speed and introduces IPv6
OC-48
2.488 Gbps
STS-48
OC-192
9.955 Gbps
STS-192
4.SATELLITE
OC-256
13.22 Gbps
STS-256
a)One-Way = DL via satellite, UL via PSTN/dial-up
OC-768
39.82 Gbps
STS-768
b)Two-Way = DL/UL via satellite
PACKET SWITCHING = first gen packet switching was X.25 (CCIT protocol)
FR
5.CELLULAR WAN
a)Mobile data service
-efficient
-designed for T-carrier lines
-doesnt guarantee delivery of all frames
ATM
-integrated voice, video and data in one connection
-use cells to transport information
-155.52 to 622.08 Mbps
MPLS
-uses header info to route packets quicker
-perfect for VPNs
REMOTE ACCESS
a)Dial-up to the Internet = inexpensive
b)Private Dial-up = remote system to private network, doesnt use the internet (RAS)
c)VPN = tunneling
d)Dedicated connection = never disconnected
e)DSL and Cable = split cables degrade signal in half (dB), 0dB is solid, - loss + gain
f)Remote terminal (RDP)
g)VoIP = RTP, SIP, H.323
h)Skype
WIRELESS NETWORKING
802.11 = WiFi standard (2.5GHz), 14 channels (US 1-11, no! 6,7)
Non-overlapping = 1, 6, 11 (by default)
AP = works at L1
Range = 150ft / 45m
BSSID = 48bits of random numbers, one AP, one or more nodes
SSID = 32bit name
ESSID = SSID applied to multiple APs
Spread-spectrum = broadcasts data in small chunks over different frequencies
DSSS = multiple frequencies at a time, 22Mhz
FHSS = one frequency at a time, shifting frequencies (hopping), 1Mhz
OFDM = multiple frequencies with hopping
CSMA/CA = collision avoidance for Wi-Fi (radio is half-duplex, CD doesnt work)
a)DCF = additional back-off wait period, requires nodes to send ACK for every frame
b)PCF = not used
NETWORK MODES
1.Ad Hoc (peer-to-peer) Mode
-no AP, uses Mesh topology
-works best for small <12 computers
-IBSS
2.Infrastructure Mode
-uses one or more APs
-similar to Star topology
-used to connect to wired
-one AP = BSS (Basic Service Set)
-more APs = ESS (Extended Service Set)
VIRTUALIZATION
supervisor = handles very low-level interaction among HW and SW
hypervisor = runs multiple virtual machines, doesnt require OS
NETWORK MANAGEMENT
Asset Management = managing each aspect of a network
Monitoring
-performance monitor
-logs and network traffic = syslog, Windows Event Viewer
Configuration Management
-network connectivity = wiring schemes, network diagrams, network maps
-baselines = a log of performance indicators (cpu, hdd, network...)
-policies, procedures, configurations = AUP, Security Policy, Configuration, Regulation
-regulations = what to do in case of an issue
-change management = update documentation on every change
Optimization
-caching
-controlling data throughput = QoS (802.1Q @ L2), traffic shaping
-keeping resources available = HA
-data backup
-UPS
-RAID = RAID0,1,5,6,10
-load balancing
NETWORK TROUBLESHOOTING
HARDWARE
Cable Tester = open circuit, short, lack of continuity, wire map problem, crosstalk, noise
impedance mismatch, echo
TDR = if break of the cable (copper)
OTDR = where break on the cable (fiber-optics)
Cable Certifier = (underperformance) crosstalk, attenuation, interference, impedance misma
Voltage Event Recorder = temperature issues
Protocol Analyzer = Wireshark
Cable Stripper = to make UTP cables
Multimeter = test voltage, resistance, continuity (if no cable tester)
Tone Probe & Tone Generator = locates the cable
Butt Set = check if line is working on 66 or 110 block
Punchdown tool = puts UTP cable into 66 or 110 block
SOFTWARE
tracert/traceroute, ipconfig/ifconfig, ping/arping, nslookup/dig, hostname, mtr, route, nmap,
nbtstat , netstat, wireshark, speedtest
TROUBLESHOOTING
1.Identify the problem = gather info, identify symptoms, question users, anything changed?
2.Establish a theory = question the obvious
3.Test the theory = next step or re-establish
4.Establish a plan of action
5.Implement the plan
6.Verify system functionality
7.Document findings