Network+ Notes

OSI Model and TCP/IP

OSI, Open System Interconnect

OSI Model is conceptual model that define communication protocol between computing systems without regarding underlying structure and technology.

TCP/IP: Transmission Control Protocol, Internet Protocol, Layers

  • 7- Application Layer
  • 6- Presentation Layer
  • 5- Session Layer
  • 4- Transport Layer, data is in the form of segments, datagram
  • 3- Network Layer, data is in the form of packets
  • 2- Data Link Layer, data is in the form of Frames
  • 1- Physical Layer, data is binary

Wireshark is TCP/IP protocol analyzer.

Network Components

Devices and protocols in OSI Model.

Layer 1: Physical Layer

Network Interface Card, NIC

Cables and connectors

Hub: Hub works as repeater, broadcast packet on all directions.

Layer 2: Data Link Layer

Switch, Bridge

MAC address

Layer 3: Network Layer

IPv4, IPv6 Address

Router: router works on layer 3.

IP Addressing

What is IP address? A unique address composed of numbers separated by full stops, assigned to computers.

There are 4 octets.

Decimal to binary and binary to decimal conversion of IP address.

Routing and Switching

What is routing?

A routing protocol specifies how routers communicate with each other, distributing information that enables them to select routes between any two nodes on a computer network. Routing algorithms determine the specific choice of route. Each router has a prior knowledge only of networks attached to it directly

Static vs Dynamic Routing

Static routing is when you statically configure a router to send traffic for particular destinations in preconfigured directions. Dynamic routing is when you use a routing protocol such as OSPF, ISIS, EIGRP, and/or BGP to figure out what paths traffic should take.

Routing Tables

A routing table is a set of rules, often viewed in table format, that is used to determine where data packets traveling over an Internet Protocol (IP) network will be directed. All IP-enabled devices, including routers and switches, use routing tables.

IGP vs EGP

Interior Gateway Protocol (IGP) is a Routing Protocol which is used to find network path information within an Autonomous System. Exterior Gateway Protocol (EGP) is a Routing Protocol which is used to find network path information between different Autonomous Systems.

What is switching at Layer 2?

Switch memorize MAC Address.

Collision and broadcast domains (CSMA, CDMA)

CSMA

Carrier-sense multiple access (CSMA) is a media access control (MAC) protocol in which a node verifies the absence of other traffic before transmitting on a shared transmission medium, such as an electrical bus or a band of the electromagnetic spectrum.

CSMA/CD

Carrier-sense multiple access with collision detection (CSMA/CD) is a media access control method used most notably in early Ethernet technology for local area networking. It uses carrier-sensing to defer transmissions until no other stations are transmitting. This is used in combination with collision detection in which a transmitting station detects collisions by sensing transmissions from other stations while it is transmitting a frame. When this collision condition is detected, the station stops transmitting that frame, transmits a jam signal, and then waits for a random time interval before trying to resend the frame.

CSMA/CD is a modification of pure carrier-sense multiple access (CSMA). CSMA/CD is used to improve CSMA performance by terminating transmission as soon as a collision is detected, thus shortening the time required before a retry can be attempted

CSMA/CA

Carrier-sense multiple access with collision avoidance (CSMA/CA) in computer networking, is a network multiple access method in which carrier sensing is used, but nodes attempt to avoid collisions by transmitting only when the channel is sensed to be “idle”.

Broadcast Domain

A broadcast domain is a logical division of a computer network, in which all nodes can reach each other by broadcast at the data link layer. A broadcast domain can be within the same LAN segment or it can be bridged to other LAN segments.

Collision Domain

Collision domain would be all nodes on the same set of inter-connected repeaters, divided by switches and learning bridges. Collision domains are generally smaller than, and contained within, broadcast domains.

Spanning Tree Protocol

The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them.

What is VLAN?

A VLAN (virtual LAN) abstracts the idea of the local area network (LAN) by providing data link connectivity for a subnet. One or more network switches may support multiple, independent VLANs, creating Layer 2 (data link) implementations of subnets. A VLAN is associated with a broadcast domain. It is usually composed of one or more Ethernet switches.

What is VLAN Trunking Protocol?

The VLAN trunking protocol (VTP) is the protocol that switches use to communicate among themselves about VLAN configuration.

In the image above, each switch has two VLANs. On the first switch, VLAN A and VLAN B are sent through a single port (trunked) to the router and through another port to the second switch. VLAN C and VLAN D are trunked from the second switch to the first switch, and through the first switch to the router. This trunk can carry traffic from all four VLANs. The trunk link from the first switch to the router can also carry all four VLANs. In fact, this one connection to the router allows the router to appear on all four VLANs, as if it had four different physical ports connected to the switch.

802.1q, analysis with Wireshark.

https://learningnetwork.cisco.com/servlet/JiveServlet/downloadBody/15413-102-4-59345/802.1q.vlans10-20.pcap.zip

Link state vs Distance Vector VS Hybrid protocols

Routers contain a routing table and other information which allows them identify the best path to take and transporting a packet to get to its destination.

Distance Vector routing uses RIP (Routing Information Protocol) or RIP2 routing protocol. Both of these protocols use the hop count as their routing metric. RIP allows a maximum of 15 hops from source to a destination. This prevents routing loops. Distance vector routers exchange routing table information with other routers on a regular schedule.

Since Link State routing needs to exchange routing table information only when there is a change in the network, it requires less transmission overhead to achieve convergence. However, it requires more processing and more powerful routers.

Hybrid routing has the advantages of both distance vector and link state protocols. It uses distance vector protocol to reduce the processing power requirement, but exchanges routing table information only when their tables change to reduce transmission overhead.

Ports

Analyze protocols traffic with wireshark.

NTP, HTTPS, SMTP, POP3, Telnet, SSH, FTP, RDP, NTP UDP, DHCP, DNS, TFTP

Common Protocols

DHCP, RDP, DNS, ARP, IGMP, SIP, RTP, VOIP, SNMP, OSPF, analysis with Wireshark

Layer 4 Protocols:

  • TCP
  • UDP
  • EGP, Exterior Gateway Protocol
  • EIGRP, Enhanced Interior Gateway Routing Protocol
  • ICMP, Internet Control Message Protocol
  • IGMP, Internet Group Management Protocol
  • IPsec, Internet Protocol Security
  • OSPF, Open Shortest Path First
  • RIP, Routing Information Protocol

DNS

Domain Name System, it is called system because more than 1 Systems are involved.

DNS Servers, DNS Records, dynamic DNS (ddns).

Nslookup, for dns name resolution.

wireshark analysis of DNS traffic.

nslookup for ipv6 addresses use set type=AAAA.

Using Methodology for Troubleshooting

Bob cannot get to google, solve problem with tools:

ipconfig, ping, nslookup

Virtualization

How virtualization is possible?

What can be virtualized?

Servers, Desktops, Clients, routers, Switches, Firewalls, Phone Systems(PBX)

Virtualization software:

  • GNS3
  • VSphere
  • vmWare
  • Hyper-V
  • VirtualBox

Installing and configuring Routers and Switches

NIC Router-Switch

Routers:

Half Duplex:

Half-duplex data transmission means that data can be transmitted in both directions on a signal carrier, but not at the same time. For example, on a local area network using a technology that has half-duplex transmission, one workstation can send data on the line and then immediately receive data on the line from the same direction in which data was just transmitted.

Full Duplex:

Full-duplex data transmission means that data can be transmitted in both directions on a signal carrier at the same time. For example, on a local area network with a technology that has full-duplex transmission, one workstation can be sending data on the line while another workstation is receiving data. Full-duplex transmission necessarily implies a bidirectional line (one that can move data in both directions).

GNS3 Lab, configure interface with IP address, speed, full duplex

Routing Protocols:

  • Routing Information Protocols(RIP)
  • Interior Gateway Protocol (IGRP)
  • Open Shortest Path First (OSPF)
  • Exterior Gateway Protocol (EGP)
  • Enhanced interior gateway routing protocol (EIGRP)
  • Border Gateway Protocol (BGP)

NAT/PAT

In a nutshell Network Address Translation (NAT) provides a one-to-one translation from IP Address to IP address.

In a Port Address Translation (PAT) there is a many-to-one relationship. This is commonly used on a firewall when a corporation wants all IP addresses in its internal network to use a single IP address.

SNAT vs DNAT

Network Address Translation (NAT) occurs when one of the IP addresses in an IP packet header is changed. In a SNAT, the destination IP address is maintained and the source IP address is changed. Most commonly, a SNAT allows a host on the “inside” of the NAT, in an RFC 1918 IP address space, to initiate a connection to a host on the “outside” of the NAT. A DNAT, by way of contrast, occurs when the destination address is changed and the source IP address is maintained. A DNAT allows a host on the “outside” to connect to a host on the “inside”. In both cases, the NAT has to maintain a connection table which tells the NAT where to route returning packets. An important difference between a SNAT and a DNAT is that a SNAT allows multiple hosts on the “inside” to get to any host on the “outside”.

Quality of Service:

Quality of service refers to traffic prioritization and resource reservation control mechanisms rather than the achieved service quality. Quality of service is the ability to provide different priority to different applications, users, or data flows, or to guarantee a certain level of performance to a data flow.

Wireless Concepts

Install and configure a wireless network.

802.11 group, 802.11b, a, g, n rate band modulation.

Bands/Channels, 1-12

WAP, Wireless Access Point

Antenna Types: Omni directional (all directional), unidirectional is one directional

Service Set Identifier, SSID, name of AP, BSSID is mac address of AP, ESSID is more AP having same name, and user connect to AP with strongest signals.

Never use WEP, WPA for security. Always use WPA2 personal, or enterprise.

Wireless Configuration

Check with inSSIDer, for available channels.

Use wireless wizard for setting up connection.

Any verify with inSSIDer for overlapping channels.

DHCP

Analysis with Wireshark.

Dynamic Host Configuration Protocol

Static vs Dynamic Addressing

Reservations, MAC address to IP address static IP address.

Scopes, ranges of IP addresses

Leases, 24 hours

DHCP Options

IP Helper-> Single DHCP Server with multiple scopes requests coming from different routers.

Tshoot common wifi problems

SSID mismatch

Encryption Type

Interference

Signal strength

Incorrect Channel

why wireless is half duplex?

Wireless use CSMA/CA to detect usage on the frequency to see if it is safe to transmit data. There are a large number of factors that can affect a wireless signal and interfere with it which results in lower throughput.

Troubleshoot route and Switch

Switching loop

bad cables/improper cables

Port configuration

VLAN assignment

Mismatched MTU

Wrong IP

Duplicate IP address

Plan and implement small network

List of requirements

Cable Length

Device types/ requirements

Environment limitations

Equipment limitations

Compatibility requirements

Copper and fiber media

Copper: UTP/STP,

Cat”X,

Fiber: Single mode/Multimode

Multimode cable is made of glass fibers, with a common diameter in the 50-to-100 micron range for the light carry component (the most common size is 62.5).

Single-mode fiber has a small light carrying core of 8 to 10 microns in diameter. It is normally used for long distance transmissions with laser diode based fiber optic transmission equipment

Connectors

Fiber:

ST, SC, LC, MTRJ

Copper:

RJ-45, RJ-11, BNC, F-connector, DB-9(RS-232 printer)

Patch Panels:

110 block.

Compare 802.11 Standards

802.11 a,b,g,n standards

MIMO, multiple in, multiple out, more than one antenna.

What is signal attenuation?

Attenuation is a general term that refers to any reduction in the strength of a signal. Attenuation occurs with any type of signal, whether digital or analog. Sometimes called loss, attenuation is a natural consequence of signal transmission over long distances.

setup wireless AP and with inSSIDer analyze

Wans

Wide Area Networks.

Types:

T1, E1, T3, E3, DS3, OCx, SONET, SDH, DWDM

Satellite, ISDN, Cable, DSL, Cellular, WiMax, LTE,

HSPA+, Fiber, Dialup, PON, Frame Relay(virtual dedicated network), ATM

Properties:

Circuit, packet switched, speed, distance, media.

Lan Wan Topology

Bus

A bus network is a network topology in which nodes are directly connected to a common linear (or branched) half-duplex link called a bus.

Ring

A ring network is a network topology in which each node connects to exactly two other nodes, forming a single continuous pathway for signals through each node – a ring.

Star

A Star network is one of the most common computer network topologies. In its simplest form, a star network consists of one central hub which acts as a conduit to transmit messages. In star topology, every host is connected to a central hub.

Mesh

A mesh network is a local network topology in which the infrastructure nodes connect directly, dynamically and non-hierarchically to as many other nodes as possible and cooperate with one another to efficiently route data from/to clients.

Point to Point

The simplest topology with a dedicated link between two endpoints. Easiest to understand, of the variations of point-to-point topology, is a point-to-point communication channel that appears, to the user, to be permanently associated with the two endpoints. A child’s tin can telephone is one example of a physical dedicated channel.

Using circuit-switching or packet-switching technologies, a point-to-point circuit can be set up dynamically and dropped when no longer needed. Switched point-to-point topologies are the basic model of conventional telephony.

The value of a permanent point-to-point network is unimpeded communications between the two endpoints.

Point to multipoint

Point-to-Multipoint Wireless. The Point-to-Multipoint topology (also called star topology or simply P2MP) is a common network architecture for outdoor wireless networks to connect multiple locations to one single central location.

Tshoot Cable problems

Bad connectors

Bad wiring

open, short, split cables

DB Loss

TXRX reversed

cable placement

EMI/Interference

Distance

Cross talk.

Cable plant // identify wiring and distribution components

Demarcation Point

In telephony, the demarcation point is the point at which the public switched telephone network ends and connects with the customer’s on-premises wiring. It is the dividing line which determines who is responsible for installation and maintenance of wiring and equipment—customer/subscriber, or telephone company/provider.

CSU/DSU

A CSU/DSU (Channel Service Unit/Data Service Unit) is a digital-interface device used to connect data terminal equipment (DTE), such as a router, to a digital circuit, such as a Digital Signal 1 (DS1) T1 line. The CSU/DSU implements two different functions.

Network Appliances

Describing Network appliances?

Load balancer

Proxy server

Content filter

VPN concentrator (VPN Server).

Hardware Tools, used to troubleshoot connectivity issues

Cable Tester/certifier

Crimper

Toner probe

Punch Down tool

Protocol analyzer, wireshark

loop back plug

TDR/OTDR, (TDR distance at which problem in cable) OTDR Optical Time DR

Multimeter(measure multiple things, current, voltage, continuety, battery testing)

Environmental monitor.(make sure does not get too warm)

Software Tools for troubleshooting

connectivity software, remote desktop rdp, vnc.

protocol analyzer, wireshark

throughput tester, LAB speed test tool

ping, tracert/traceroute

dig, nslookup

ipconfig, ifconfig

arp

netstat, nbtstat

route

Network Monitoring

SNMP v1/2/3

Syslog

System Logs

History Logs

General logs

Traffic Analysis

Network Sniffer

Documentation

Wire schemes

Network Maps

Documentation

Cable Management

Asset Management

Baseline

Change management

Optimizing the network

Methods:

What is IP Precedence? Type of Service ToS. DSCP, Differentiated Service Code point

QoS, Traffic Shapping(Rate limiting, traffic policing), Load Balancing,

Caching engines, Cache videos or any content

High Availability HA, HSRP is cisco high standup routing protocol.

Fault Tolerance, CARP common address redundency protocol, 2 gateways with same ip address.

Reasons:

Latency sensitivity applications, ( VoIP, Video)

uptime

jitter, latency in packets consecutively

Securing Network Access, Securing our communications

Access/Technical Controls, ACL Access Control list, allow from ip, port, L2, L3, L4

Tunneling: VPNs (IPSec (IKE phase 1 for control messages, IKE phase 2 for data,) (Site to site vs remote access), SSL, PPTP, L2TP)

Remote Access: SSH, RAS (remote access server, IPSec or SSL vpn server), PPP (chap vs pap, vs mschap), PPPoE, RDP (or vnc,), ICA(independent computing architecture) protocol used by citrix.

Wireless Security

Encryption protocols: WEP, WPA, WPA2 PSK/ENT, (active directory vs radius)

MAC Address filtering

Device Placement

Signal Strength

User Authentication

CHAT, / MS-CHAT

AAA(authentication, authorization, accounting (record)  )(RADIUS, TACACS+)

Network Access control (802.1x, EAP, Posture assessment (service packs must be installed on user systems))

Two factor/ multifactor authentication, (know, has, is(biological) )

kerberos, TGT

Single Sign-on

PKI, symmetric vs asymmetric, https->ssl, tlsv1, tlsv2, brower verify certificate of websites.

PKI is use to third part Certificate Authority to verify certificate authenticity.

Threats, Vulnerabilities and mitigation

Wireless:

War driving, chalking, WEP/WPA cracking, Rogue AP/Evil Twin.

Attacks:

DoS/DDoS, Man in the middle,

Social Enigneering,

Virus, trojans, worms, buffer overflow

packet sniffing

Smurf: The Smurf attack is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim’s spoofed source IP are broadcast to a computer network using an IP broadcast address. Most devices on a network will, by default, respond to this by sending a reply to the source IP address. If the number of machines on the network that receive and respond to these packets is very large, the victim’s computer will be flooded with traffic. This can slow down the victim’s computer to the point where it becomes impossible to work on.

Mitigation techniques:

Training and awareness,

Patch management

Policies and procedures,

Incident response.

Firewalls

Types of firewall, HW/SW

Stateful inspection, packet filtering.

Firewall Rules, ACLs, NAT/PAT

DMZ,

Port Security

Port security is a layer two traffic control feature on Cisco Catalyst switches. It enables an administrator configure individual switch ports to allow only a specified number of source MAC addresses ingressing the port

DHCP Snooping

DHCP snooping is a layer 2 security technology built into the operating system of a capable network switch that drops DHCP traffic determined to be unacceptable. The fundamental use case for DHCP snooping is to prevent unauthorized (rogue) DHCP servers offering IP addresses to DHCP clients.

IDS-IPS, Network Security Appliances

IDS/IPS, based on:

Behavior, signature, network or host.

Vulnerability Scanners:

Nessus, & nmap

Methods:

Honeypots, Honeynets