1.1 Introduction to IP
1.1 Common Ports
1.2 Understand the OSI Model
1.3 Introduction to Ethernet
1.3 Network Switching Overview
1.3 Broadcast and Collision Domains
1.3 Unicasts, Broadcasts and Multicasts
1.3 Protocol Data Units
1.3 Network Segmentation
1.3 Spanning Tree Protocol
1.3 Switch Interface Properties
1.3 Static and Dynamic Routing
1.3 IGP and EGP
1.3 Dynamic Routing Protocols
1.3 IPv4 and IPv6 Addressing
1.3 Configuring IPv6
1.3 Prioritizing Traffic
1.3 Network Address Translation
1.3 Access Control Lists
1.3 Circuit Switching and Packet Switching
1.3 Software Defined Networking
1.4 Binary Math
1.4 IPv4 Addresses
1.4 Classful Subnetting
1.4 IPv4 Subnet Masks
1.4 IPv6 Subnet Masks
1.4 Calculating IPv4 Subnets and Hosts
1.4 Seven Second Subnetting
1.4 Assigning IPv4 Addresses
1.4 Assigning IPv6 Addresses
1.5 Network Topologies
1.5 Common Network Types
1.5 Internet Of Things Topologies
1.6 Wireless Standards
1.6 Cellular Network Standards
1.6 Wireless Network Topologies
1.7 Cloud Services and Delivery Models
1.8 An Overview of DNS
1.8 DNS Record Types
1.8 DHCP Addressing Overview
1.8 Configuring DHCP
1.8 An Overview of NTP

2.0 Infrastructure (18% of the exam)

3.0 Network Operations (17% of the exam)

5.0 Network Troubleshooting and Tools (22% of the exam)

1.0

Introduction to IP

TCP and UDP for moving data across the network
Frames have many things inside them including headers and data
Lots of encapsulation when getting a frame ready to move across the network
TCP is layer 4
- Uses the TCP handshake
- A connection based protocol
- Good when you need to make sure you get all of the data
UDP is layer 4
- Does not verify that data has been received
- Faster but less reliable (Connection less protocol)
- Good for real time purposes like voice/video calls, ect
IP addresses and port numbers is what is used so the routers and other devices know where to direct the frame/data so that the right person may get their information
Many different applications have their own ports
- SHH - 22
- HTTPS 443
- ect
All of this routing data like source and destination IP and ports will be stored in the frame
0-1023 are permanent port numbers while 1,024-65535 are non permanent port numbers
TCP ports and UDP ports are different things
ICMP (Internet Control Message Protocol)
- Used to check in and see if a device is functioning properly
- Admin use mainly
- Also can be used for devices to alert others when they are not working properly
- Could alert that a packet timed out and did not reach its destination

Common Ports

Telnet TCP 23
- Remote login via console
- Not encrypted so not at all secure
- Not used often
SHH TCP 22
- Encrypted remote login via console
- Better than Telnet
DNS UDP 53
- Converts names of websites to IP addresses
- Very important, if they aren’t working they whole network will have trouble
SMTP TCP 25
- Server to server email transfer
- Send from a device to a mail server
SFTP TCP 22
- Uses SSH to make secure file transfer
- Full featured file transfer protocol
FTP TCP 20 (active mode data) TCP 21 (Control)
- An unencrypted file transfer protocol
- Username and password needed
- Full featured
TFTP TCP 69
- No authentication or encryption
- Just read and write files, very basic
DHCP UDP 67 and UDP 68
- Automatically configures IP address, default gateway, subnet mask, ect
- DHCP could be stand alone or more commonly for houses in the router
- There is a lease time for IP addresses, you only get it for a certain amount of time
- Reservations can make it so certain devices always get the same IP addresses
HTTP TCP 80
- Unencrypted protocol commonly used via a browser
HTTPS 443
- Encrypted browser protocol
SNMP UDP 161
- Managing network devices, gathering logs and statistics from the devices
- V1 & V2 not encrypted, V3 is encrypted, has integrity, authentication and authorization
RDP TCP 3389
- Remotely share a desktop (or just an application)
- Common for Windows
- Can use other OS for this as well
NTP UDP 123
- Sync all the clocks
- Very accurate
SIP TCP 5060-5061
- Voice over IP
- Setups up and ends calls
- Adds features as well
SMB also called CIFS, TCP 445
- Used by Windows
- Files sharing, printer sharing, ect
POP3 TCP 110
- Receive emails from a mail server
- Basic
IMAP4 TCP 143
- More common today
- Receive emails from a mail server
- More features than POP3
LDAP TCP 389
- Directory access protocol
- Store and retrieve info in a network directory
LDAPS TCP 636
- LDAP but over SSL, so secure
H.323 TCP 1720
- Another VoIP signaling protocol
- Call, ring, hangup
- Early VoIP protocol, but still used quite a lot today

Understanding the OSI Model

Open Systems Interconnection Reference Model
7 Layers
- Layer 7 Application (The layer we see, HTTP, FTP, POP3, ect)
- Layer 6 Presentation (encoding and encryption, often combined with layer 7)
- Layer 5 Session (Communication management between devices, control protocols and tunneling protocols)
- Layer 4 Transport (TCP, UDP, ect)
- Layer 3 Network (Routing layer, routers, IP, Packets, Layer 3 switches, frame fragmentation)
  - Frame fragmentation is when you break a frame into smaller pieces so the data can be sent across the network
- Layer 2 Data Link (MAC, Frames, Switches, Bridges)
- Layer 1 Physical (Signaling, cabling, connectors, hubs, bits, ect)
Certain protocols and processes exist at each layer
Packet capture tools like Wireshark are where you really start to see OSI model in the real world

Introduction to Ethernet

Enterprise networks have the same base functionality as a home network
- There is just a ton more data and hardware
- May even be many buildings connected to each other
MAC addresses
- Physical unique address
- 48 bits long, displayed in hexadecimal
  - First half is the Organizationally Unique Identifier (the manufacturer)
  - Second half is Network Interface Controller Specific (serial number)
Half duplex
- Cannot send and receive at the same time (like hubs or switches if configured as so)
- Prone to collisions
- CSMA/CD Can tell when there is a collision and wait a random amount of time before continuing to send data
- CSMA/CD can see if any data is currently being transmitted or if the case is clear
Full duplex
- Can send and receive at the same time
- Need to make sure the switch and devices support full duplex
- Much more intelligent in many ways (Knows where the data needs to go instead of just sending it to everyone on the network)
CSMA/CA
- Collision Avoidance, like CD but for wireless networks
- Can’t hear the other devices so they will ask if the network is in the clear before sending data

Network Switching Overview

The switch is much smarter than the hub
- Forward or drop frames based on the MAC addresses
- Has a table MAC addresses
- Keeping the environment loop free with STP
Frame switching
- Has a table of MAC addresses to output interface
- Only knows the next step, just keeps passing the packet on until it gets to its location or its TTL expires
- Always adding to its table when it comes across something new
  - If it doesn’t know where to send the data it floods the data to all of the devices
    - When the data finds the right person the switch gets a response and adds the information to it’s table
ARP
- Determine MAC address based on a IP address
- Can be captured with a packet capture tool
- arp -a to view the arp table on your computer

Broadcast Domains and Collision Domains

Collision domains CSMA/CD
- Hard to find these days because of full duplex
- Only one station can talk at a time
- The collision domains are separated by switches
Broadcast domains
- There are some cases where you need to broadcast something (a necessary evil)
- Broadcasts can go through switches and bridges but they stop at a router

Unicasts, Broadcasts, and Multicast

Unicast = one to one (most common, HTTPS, FTP, IMAP3, ect)
Multicast = one to many (things like live voice calls with many people, streams, ect)
Broadcast = one to all (arp requests, routing updates, ect)

Protocol Data Units

Unit of transmission (Frame, packet, bits, TCP, UDP, ect)
Lots of headers are needed so each devices service can see the information they need
- Frame are encapsulated in headers as they move down the OSI model and de-encapsulated as they move back up the OSI model when they reach their destination
MTU
- Maximum size of a IP packet that you can transmit
  - All devices need be able to support the MTU that you have set
  - A high MTU can greatly increase speeds
- 1500 bytes is the standard MTU for IP packets
  - Some of this packet is the headers not all of it is your payload (only 1472 bytes is the payload)
- If the DF bit is set it means that the data cannot be fragmented

Network Segmentation

LANs = Local Area Network
Virtual LANs
- Separated logically instead of physically
- Can have many on a single switch (or use many switches)
  - You could run a cable for each VLAN when connecting switches in order to keep the traffic separate or you could use one cable for all of the VLANs with VLAN trunking
    - This is known as a 802.1Q trunk, it adds a header to the frame that notes what VLAN the traffic came from so that it can be routed, once it reaches the end of the trunk the header is removed and the frame is forwarded to the correct VLAN

Spanning Tree Protocol

Used to prevent loops in networks
- Loops will easily overwhelm your network so you need to stop them from happening
802.1D standard
There are a few port states for ports using STP
- Blocking = not forwarding to prevent a loop
- Listening = not forwarding and cleaning the MAC table
- Learning = not forwarding and adding to the MAC table
- Forwarding = data passes through
- Disable = admin turned off the port
Root switch
- One per network
- STP will label ports as “root port” if that is the way to get to the root switch
- The designated ports are the other ports that lead to other spots in the network
- Blocked ports are well closed ports that traffic cannot go through
STP may make a route to a certain device a little bit longer, but this is worth it
STP can automatically change the port states if a device fails and you need a new path to get somewhere
RSTP is 802.1W
- Faster than STP
- Backwards compatible

Switch Interface Properties

Speed and duplex settings
- The most basic settings you need to config or have config automatically
IP addresses may also be needed
Switches need to be assigned a VLAN as well
- Trunk interfaces need to be config-ed too
DMZ Demilitarized zone
- Between the internet and your intranet
- Security
POE (802.3af)
- Ethernet and power in one cable
- Endspans is what you call a switch with built in POE
- Midpsans is what you call it when you use a power injector with your switch for POE
- Mode A = POE on the wires that are used for data
- Mode B = POE on unused wires
- 15.4 watts DC power
- Max current of 350 mA
POE+ (802.3at)
- Improved POE
- 25.5 watts DC power
- Max current of 600 mA
Port mirroring
- Connect a monitoring device so you can copy what is happening on the device (switch) and send a copy to your device

Static and Dynamic Routing

Each router only knows the next step
- Routing table tells them where to send packets
Static routing
- Manually add the routes
- Good for small networks / bad for large networks
- More secure
- No overhead for routing protocols
- Easy to mess up and make a loop
- Have to manually update routes when there is a change
Dynamic routing
- Routing tables are updated automatically in almost real time
- Good for large and complicated networks
- Has some router overhead
- Still has some initial configuration that is needed
Default route
- The way of last resort
- Great when there is only one way in and out of the network
- Can make things a lot simpler depending on your network

IGP and EGP

AS
- Autonomous System
- A network of nearly any size with a single routing policy
- Within your control
IGP
- Used within a single AS
- IPv4 dynamic routing
  - OSPFv2 (Open shortest path first)
  - RIPv2 (Routing information protocol version 2)
  - EIGRP (Enhanced interior gateway routing protocol)
- IPv6 dynamic routing
  - OSPFv3
  - EIGRP for IPv6
  - RIPng (RIP next gen)
EGP
- Used for routing between AS
- BGP (Border gateway protocol
  - Very common

Dynamic Routing Protocols

Automatically communicate between routers so they are always updating their routing tables
Needs a formula to determine the best routes
Distance vectoring routing protocols
- How many “hops” (number of routers) away is another network
- Does not care about the speed of the link only the distance
- Very little config as it is quite simple
- Not great for large networks
- Many different protocols use this
  - RIP
  - RIPv2
  - EIGRP
Link-state routing protocols
- Care more for the speed of the link than the distance
- A ton better for large networks
  - OSPF (very common for large networks)
Hybrid routing protocols
- Combining Link state and distance vectoring
- BGP

IPv4 and IPv6 Addressing

Every device needs an IP address
Subnet mask is also needed
- Subnet masks tells you which part of the IP address is the network ID and which part is the host ID
IPv4 address
- 32 bits / 4 bytes / 4 octets long
- Lowest number is 0 highest is 255
IPv6 address
- 128 bit / 16 bytes / 16 octets long
- Displayed in hexadecimal
- Hard to memorize this type of addresses so DNS is even more important
- IPv6 can be shortened
  - Leading 0’s are optional
  - Groups of 0’s can be replaced with :: (but only once per address)
  - So 2001:0000:0000:CD30:0000:0000:0000:0000
    - is now 2001:0:0:CD30::

Configuring IPv6

Dual-stack routing
- v4 and v6 in one network (Have both types of addresses for a single device)
- Most modern networks can understand both versions of IP
Tunneling IPv6
- 6to4 addressing
  - Can send IPv6 between devices that have a IPv4 connection
  - No NAT support
  - Needs relay routers
- 4in6 tunneling
  - V4 tunneled in a v6 network
- Teredo/Miredo tunnel
  - IPv6 through IPv4
  - No special hardware needed
  - Teredo is Microsoft | Miredo is Linux, Mac OS, ect (Open Source)
NDP (Neighbor Discovery Protocol)
- Sends multicast with ICMPv6
- Replaced IPv4 ARP
- Finds other devices MAC addresses
- SLAAC - automatically config IP address without DHCP servers
- DAD - No duplicate IPs
- Discover routers with RS and RA
NS and NA
- NS = Neighbor Solicitation
  - Sent as a multicast
  - One workstation searching for the MAC of another workstation
- NA = Neighbor advertisement
  - The response to a NS with the needed info

Prioritizing Traffic

Many different apps and devices with many different requirements
Some types of traffic are more important than others
Packet Shaping
- Control bandwidth and data rates
- Some apps have higher priority
QoS
- The process of controlling traffic flows
- Many different methods
- CoS
  - Layer 2
  - In a 802.1Q trunk
- DiffServ
  - Layer 3
  - QoS is set in the IPv4 header

Network Address Translation

All of the IPv4 addresses are used up
Private IP addresses
- For inside a Intranet only
- Not rout-able across the internet
- These are the private addresses range
  - 10.0.0.0-10.255.255.255
  - 172.16.0.0-172.31.255.255
  - 192.169.0.0-192.168.255.255
NAT changes these private addresses into public addresses (The routers own address which is rout-able across the internet)
- Each router directly connected to the internet has its own IPv4 address
- Port numbers are used so the router can tell where on the intranet to send internet traffic (Since it can’t use IP addresses due to the changes being made to them)
Port forwarding
- Someone on the outside gets access to the inside of your network
- Maps External IP and port number to an internal IP and port number
- Also known as Static NAT or Destination NAT
- Does not timeout or expire

Access Control Lists

Allow or deny traffic
Commonly sits on the outer limits of the network where traffic is going in and out
Can evaluate on many different types of criteria
- Source IP, Destination IP, Port numbers, ICMP, time of day, application, ect
Works from top to bottom
- Looks at first rule to see if there is a match there if not it keeps moving down the list of rules
- Most specific rules tend to be at the top
- At the bottom tends to be a implicit deny rule
  - If it matches no other rules than it is denied and can’t come through

Circuit Switching and Packet Switching

Circuit switching
- Circuit is established before data passes through
- Nobody else can use it when it is idle
- Not an efficient use of resources
- Connection is always there and it is all yours
- Examples
  - POTS (Plain Old Telephone Service)
  - T1, T3, E1, and E3
  - ISDN
Packet Switching
- Grouping data into packets and sending it across a network
- The media is shared
  - If you aren’t using it, someone else is
- More efficient
- Examples
  - SONET
  - ATM
  - DSL
  - Frame Relay
  - MPLS
  - Cable Modem
  - Satellite
  - Wireless

Software-Defined Networking

Control Plane
- Administration and ongoing servicing
Data plane
- Transferring data
Directly programmable
Make changes at any time (Dynamically if needed)
Centrally managed
Vendor neutral
Virtualize things with distributed switching
- Servers can be far away from each other while on the same VLAN
- Don't need to worry about moving the servers

Binary Math

This is kinda hard to write out without any charts or something but here we go
All 0’s and 1’s
Each digit is a bit
- 8 bits is a byte/octet
Each bit represents a number
- 0 means that digit is not included in the number while 1 means that digit is included in the number
- 0 0 0 0 0 0 0 0
- 128 64 32 16 8 4 2 1
Every time there is a 0 bring down a 0 every time there is a 1 bring down the number associated with the bit then add them all together
So for 10010100
- We have 3 1’s in this binary and they are associated with the numbers 128, 16, and 4
- So if we simply add all 3 of those numbers together we get 148
This can be done in reverse so say we have 186 and needed to make it in binary
- First we ask if there is a 128? if so the first number is a 1 (we also now subtract 128 from 186 to get 58)
- Now we ask if there is 64 in the remaining number of 58 - there is not so that is a 0
- Next is 32 which there is so that is 1 and now we have 26 left
- Next is 16 which there is so that is also a 1 and we have 10 left
- Next is 8 which there again is so that is 1 and we have 2 left
- There is no 4 so that is a 0
- There is a 2 so that is a 1 and now we have 0 Left
- So this is now 0
- In the end we have 10111010 = 186

IPv4 Addresses

Every device needs one | like 182.23.46.2
Also need a subnet mask like 255.255.0.0 or 255.240.0.0
Default gateway is needed to talk outside of the local subnet
Loopback address is a way to send traffic to yourself
- 127.0.0.1-127.255.255.254
Reserved addresses are set aside for future use
- 240.0.0.1-255.255.255.254
Virtual IP addresses
- Not for a physical device

Classful Subnetting

Class A
- Leading bits of 1-126
- 8 network bits and 24 remaining bits
- like 255.0.0.0
Class B
- Leading bits of 128-191
- 16 network bits and 16 remaining bits
- 255.255.0.0
Class C
- Leading bits of 192-223
- 24 network bits and 8 remaining bits
Class D (Multicast)
- Leading bits of 224-239
- Nothing else is defined for class D
Class E (reserved)
- Leading bits of 240-254
- Nothing else is defined for class E
For each subnet there are host addresses, network address and broadcast address
- The first address in a subnet is the host address
- The last address in a subnet is the broadcast address
- All of the other addresses are host addresses
For actually calculating all of these addresses scroll down to the 7 second subnetting section (I will add it soon)

IPv4 Subnet Masks

Subnet masks could be written in binary with ones all lined up on the left and zeros all on the right
- Something like 11111111.11111111.0.0 or 255.255.0.0 or /16
- Or 11111111.11100000.00000000.00000000 or 255.224.0.0 or /11
  - These / followed by a number are the CIDR notation, it is a way to display what the subnet mask is
just simply used Professor Messer’s chart for converting between CIDR notions, binary and decimal for the subnet masks and I am too lazy to make my own chart ATM so nothing goes here

IPv6 Subnet Masks

IANA (Internet Assigned Numbers Authority provides addresses to RIRs (Regional Internet Registries
- RIRs assign smaller blocks to ISps (Internet Service Providers)
- Then that provider will give you a /48 subnet
First 48 bits is the Global Routing Prefix
- The next 16 bits tend to be the different subnets
  - Those 16 bits give you 65,536 total subnets
- The last 64 bits tend to be Host ID’s on that subnet
  - Those 64 bits give you about 18 million trillion hosts per subnet (So much more than the total IPv4 address range)
So all in all this is quite similar to how subnet masks for IPv4 work there is just so many more subnets and host addresses to work with

Calculating IPv4 Subnets and Hosts

VLSM (Variable Length Subnet Masks)
- Allows network admins to define their own subnets (not classful)
- So many more options and flexibility comes from this
2 to the power of the number of subnet bits you have would allow you to calculate the total numbers of subnets you have
2 to the power of the number of host bits that you have would allow you to calculate the total numbers of hosts you have per subnet (make sure to subtract 2 from that number for the network address and broadcast address)
Look at the first number of the IPv4 address to see what range it is in (Class A, B, ect) and that will tell you have many bits are the network ID in this case lets say is Class A, so 8 network bits, then you look at your CIDR notation and see it is for example /24 meaning there are still 16 bits left that are not host IDs but indeed subnet ID’s. The remaining 8 bits are then your hosts ID’s, this is how you get your numbers for the for the equations above

Seven Second Subnetting

Assigning IPv4 Addresses

This used to be completely manual
BOOTP
- Automatically define some things but not everything
- Didn’t know when leases were up
DHCP
- Automatically configured most settings and works with nearly every device
- Your IP will expire and you will get a new one every now and then
  - But you can set it so you always have the same IP if you desire
    - A DHCP reservation where you tie a MAC address to a IP address
APIPA
- When you use DHCP but no address is available you can use a link local address to communicate within your subnet
- 169.254.0.1-169.254.255.254
  - First and last 256 addresses are reserved
- Your device will pick a link-local address then send an ARP request to make sure that said address is not in use by anyone else, then it assigns it to itself if it is available

Assigning IPv6 Addresses

DHCPv6
- Every device already has a link-local address without the need for DHCP
  - So your DHCP request can be sent with multicast instead of broadcast
- Process of getting an address is a lot like IPv4
  - Solicit | Advertise | Request | Reply
A static IP address with a modified EUI-64 (64 bits)
- A modified MAC address (48 bits)
- To make this address first split the MAC address in half
  - Now place FFFE in the middle of the MAC address (the missing 16 bits)
  - Now invert the 7th bit (The U/L bit aka the Universal/local bit)
    - This is the second character in the address and it switches like so (They work both ways to while 1 will become a 3, if you simply started with a 3 that will then be a 1)
    - 0 to 2 | 1 to 3 | 4 to 6 | 5 to 7 | 8 to A | 9 to B | C to E | D to F
- Examples
  - MAC of 8c:2d:aa:4b:98:a7 to EUI-64 of 8e2d:aaff:fe4b:98a7
  - MAC of a0:21:b7:63:40:3f to EUI-64 of a221:b7ff:fe63:403f

Network Topologies

Physical network map
- All of the physical devices and cable connections
- Physical maps of the racks and the components inside them
Logical network map
- For virtual devices or high level overview of the network
- Visio, OmniGraffle, Gliffy.com
- Good for planning and sharing with 3rd parties
Star network
- A switch in the middle with everything connected to that switch
Ring network
- All of the devices are connected to each other in a ring form
- Used in MANs and WANs
- Sometimes you have 2 rings for fault tolerance
Mesh network
- Many redundant links, sometimes all of the devices are connected to all of the other devices
- Redundant, fault tolerant, load balancing
- Used in WANs
Bus network
- Single cable with every device connected to that cable
- Easy to implement, very horrible for fault tolerance
- CAN (in your car) is a modern bus network
Wireless Topologies
- Infrastructure
  - All devices communicate through an AP
  - Most common
- Ad hoc networking
  - No pre existing hardware
  - Just configure both devices to communicate directly with each other
- Mesh
  - Ad hoc devices working together to create a mesh “cloud”
  - Self form and self heal

Common Network Types

LAN = local area network
- A single building, group of buildings, ect
- High speed and small
WLAN = Wireless local area network
- Same thing as LAN but wireless
- Can be extended with more AP’s
MAN = metropolitan area network
- Between the side of a LAN and a WAN
- Size of like a city or something
- Often owned by governments
WAN = Wide area network
- Spanning around the globe
- Tends to be slower in speeds
CAN = Campus Area network
- Many buildings owned by a company or a college | group of buildings close to each other
- LAN technologies are very high speed (many times fiber)
SAN = Software area network
- Looks and feels like a local storage device
- Block level access (More efficient)
NAS = Network attached storage
- Remote storage device
- File level access
PAN = personal area network
- Bluetooth, IR, NFC
- Common inside a house or car (Audio, Mobile phone, workout/health devices, ect)

Internet of Things Topologies

Wearable tech, home automation, ect
Z-Wave
- Mainly for home automation
- Control lights, locks, garage doors
- Wireless mesh network
ANT / ANT+
- Fitness devices, heart monitors, ect
- Uses 2.4GHZ so it could be jammed
- Optional encryption
Bluetooth
- Uses PAN
- Wireless headphones, smart phones, smart watches, tethering, ect
NFC (near field communication)
- Common on phones
- 2 way communication (commonly for payments)
- Can help with Bluetooth pairing
- Could also use it as an access token
IR (Infrared)
- Included on phones and much more
- Control entertainment center with your phone (most common use case)
RFID (Radio-frequency Identification)
- Tracking, access badges, ect
- Not usually powered devices
IEEE 802.11 wireless networks
- Most common IoT networks
- Always being updating

Wireless Standards

802.11a (one of the first standards)
- 5GHZ range
- 54 Mbit/s
802.11b (also one of the first standards)
- 2.4 GHZ range
- 11 Mbit/s
- Better range than 802.11a
- More conflict with other devices
802.11g
- “upgrade of 802.11b”
- 2.4GHZ range
- 54 Mbit/s
- Backwards compatible with 802.11b
802.11n
- 5 or 2.4GHZ range
- Much more bandwidth
- 600 Mbit/s
- Uses MIMO (Multiple input multiple output)
802.11ac
- 5GHZ range
- Can use channel bonding for large channel bandwidths
- 6.8 Gbit/s
- Uses 8MU-MIMO

Cellular Network Standards

Separate land into cells
- One antenna per cell
2G networks
- GSM (Global System for Mobile Communications)
- CDMA (Code division multiple access)
- Poor data support
GSM
- 90% of the market for a while (AT&T, Tmobile)
- Could move SIM from phone to phone
- Uses TDMA (Everyone gets a little slice of time)
  - Streams are combined into a single stream then broken out again when they reach the location
CDMA
- Everyone is using the same frequency, but they have their own code
- Verizon and Sprint used this
4G LTE
- Converged standard
- Based on GSM and EDGE
- Downloads of 300Mbit/s for LTE-A (150 Mbit/s for normal LTE)

Wireless Network Technologies

Channels
- Not overlapping channels is necessary (When using many AP)
- So many more channels with 5GHz
- For 2.4 GHz channels 1, 6, and 11 are likely what you will want to use
Different bandwidths are used
- 802.11a 20MHz
- 802.11b 22MHz
- 802.11g 20MHz
- 802.11n 20 or 40MHz (2 20MHz channels)
- 802.11ac 40MHz (for 802.11n stations), 80MHz for 802.11ac stations or 160MHz also for 802.11ac
Antennas
- 802.11n added MIMO which allowed us to send many streams at once on the same frequency
  - 802.11ac improved upon this
- This relied on the number of antennas you have
  - Information is displayed like this (Antennas on the AP) x (antennas on the client): number of streams
  - Like 2x2:2 or 3x3:2 or 4x4:4
MIMO could still only send to one device at a single time but this all changed with MU-MIMO which can send to many clients at the same time
Power level controls
- Set it as low as you can while still getting the coverage you need
- Control the distance covered by your AP or router
Omnidirectional antennas
- Most common on AP
- Sends the signal in all directions evenly
Directional antenna
- Focus the signal
- Send the signal from building to building
- Yagi antenna
- Parabolic antenna
Wireless survey tools
- Need to know signal coverage and interference
- Many built in tools can help with this as well as 3rd party tools
- Spectrum analyzer will give you very detailed information

Cloud Services and Delivery Models

SaaS
- On demand software
- Nothing is stored locally
- Your data is out there, not in your control
- Stuff like Google Mail
IaaS
- Your provided with the hardware but nothing more
- Your data is still in the cloud but you have a bit more control
PaaS
- Nothing physical in your environment (OS is not handled by you)
- You just handle the development process
- Gives you a sandbox to build your own application
Cloud types
- Private cloud
  - Everything is within your control (hardware, software, all of it)
- Public cloud
  - 3rd party data server
- Hybrid cloud
  - Both public and private combined
- Community cloud
  - A group of people get together and share a cloud
- On-premise
  - You control everything and it is all owned by you
- Hosted
  - Not in your building, you may not even own the servers
- Cloud
  - More modular (can add and remove resources and data very quickly)
Connecting to the cloud
- SSL or TLS for browser access
- VPN for a encrypted private way to access your cloud data
- Direction connection is the more secure but also the most costly
Cloud policies
- Use a CASB for security policies and controls for data on the cloud
  - Visibility
    - Make sure the right people are seeing the right things and have the right authority to access things
  - Compliance
    - Are you complying with laws and other things
  - Threat Prevention
    - Make sure people are authorized
  - Data Security
    - Encryption, protect transfers of data with DLP

An Overview of DNS

Translate human readable names into computer readable names
Has a hierarchy
- At the top is the .com, .net, .org, ect
- Next up is a name like .professor messer or .youtube
- Then is the web sever something like www or mail
- You could even have another level down lower for certain sections of your website
A huge distributed databases with so many servers and server clusters
- You likely need to ask many different servers before you can find the IP address you need
1. Client queries local name server
2. Local name server queries root server
3. Root server replies to local name server
4. Local name server queries .com name server
5. .com name server replies to local name server
6. Local name server queries ProfessorMesser.com name server
7. Professermesser.com name server replies to local name server
8. Local name server gives the client the info and logs the data into a cache
Internal DNS
- Managed on internal network and has the internet routing information that you don’t want anyone else to be able to see
External DNS
- Like Google or Quad9
- Won’t have local information but they can help with external DNS queries
Third-party DNS
- Middle ground between internet and external
- Good for large environments
- Run in the cloud
- May have more features compared to internal DNS servers

DNS Record Types

RR (resource records)
- Database records of domain name servers
Configure the DNS and the lookups will simply take place in a text file
A or AAAA
- Name with an IP address
- A for IPv4
- AAAA for IPv6
CNAME record
- Alias of another name
- Make it so www.youtube.com could be just “videos” or something along that line
Service record (SRV)
- Find a certain service on the network
- find the Windows Domain Controller, or the messing server, or the VoIP controller, ect
Mail exchange record (MX)
- Determines the host name for the name server (not IP the NAME)
Name server records (NS)
- Points to the name of the name server
Pointer record (PTR)
- Reverse of A or AAAA records
- You give it an IP and it gives you the name
Text record (TXT)
- Human readable information
- Likely valuable to 3rd parties viewing your DNS
- Things like SPF to prevent mail spoofing
- Or DKIM to digitally sign outgoing mail

DHCP Addressing Overview

Starts as a broadcast (Discover message)
- Stops at a router of course
Next the DHCP will offer an IP (if it got the broadcast)
If many offers were given (more than one DHCP server) then the computer will pick one and send them a DHCP Request
Finally the DHCP will send an acknowledgment that that said address is now for your computer
Large organizations DHCP
- Routers stop the traffic (could config a DHCP relay so that the traffic would not stop at the router but be turned into a unicast and sent to the DHCP server)
- Multiple servers likely needed for redundancy
- Ability to scale well is also a good thing to have
IPAM
- Manage IP addressing (plan, track and config DHCP)
- Reports on all sorts of things
- Lots of controls you can use
- IPv4 and IPv6 on one console

Configuring DHCP

Scope properties
- A list of IP addresses that will be available for a certain subnet
  - Subnet masks info as well
  - Lease duration
  - ect
Pools
- Grouping of IP addresses that will be leased out by the DHCP server
- Pools are inside the scope (scope if larger and contains other data including the pool)
Dynamic allocations
- IP addresses are reclaimed after a lease period
- May or may not get the same address each time
Automatic allocations
- You will always get the same address (if it can, but since the IP may not be reserved the same IP may not be available for you to have)
- Ties IP addresses to MAC addresses
Static Allocations
- Admin configs it
- Always have the same IP address
- Tying the IP to the MAC address
DHCP leases
- Temporary IP addresses
- You get the IP for a certain amount of time
- You could also manually release the IP address if you wanted
- T1 timer
  - When the devices will try to renew the IP address (50% of the lease time)
- T2 timer
  - If the original DHCP server is down it will try to keep the IP address by talking to another DHCP server around (87.5% of the lease time)

An Overview of NTP

Sync all of the clocks (everything has a clock and syncing them is important)
Automatically happens with NTP
- And very accurate as well
You have lots of control on how this will work
May have an NTP server
- In charge of the clock for all the devices
- NTP client may request the time from the NTP server and get updates for their clocks
- Devices could be both a client and a server at once
Stratum layers
- Lower is better
- The number 0 is the original reference clock
- Next closest clock is number 1 (synced to number 0)
- 2 is synced to 1, ect
May use many NTP servers for redundancy
- If there is a choice between which clock to sync yourself with the device will choose to sync with the lowest number

2.0

Copper Cabling

There are twisted pairs inside the cable
- One of the signals will be positive and one will be negative
- Twist helps to stop interference
- The different pairs in the cable will have different twist rates
UTP
- UnShielded Twisted pairs (No shielding anywhere)
STP
- Shielded twisted pairs (shielding around the whole cable or the individual pairs)
- Has a grounding wire
Abbreviations
- U = Unshielded
- S = Shielded with braided shield
- F = Foil shield
- (Over cable shielding) / (Individual pairs shielding)TP
  - Like U/STP (No whole cable shielded but braided shield around each pair)
EIA set a lot of these cabling standards
TIA also set standards as well as ISO/IEC
Cable specs
- Cat 3 = 10Base-T at 100m
- Cat 5 = 100BASE-TX or 1000BASE-T at 100m
- Cat 5e = 100BASE-TX or 1000BASE-T at 100m
- Cat 6 = 10GBASE-T at 37-55m
- Cat 6a = 10GBASE-T at 100m
- Cat 7 = 10GBASE-T at 100m
The plenum
- A non circulating air space above the ceiling is a non plenum
- If the air ducts go into a shared air space in the ceiling that is a plenum
  - There are fire regulations for this area
  - You also need to make sure your cable inside the plenum need to be plenum rated cable
    - May not be as flexible as other cables
Coaxial cables
- Wire conductor right in center with an insulator around that, metal shielding around all of that, and finally a plastic jacket on the outside
- For TV and modems mostly

Copper Connectors

RJ11 connector
- Cable (6P2C) for telephones and modems
RJ45 connector
- For our Ethernet (8P8C) cable
BNC connector
- Commonly used on WAN connections like DX3
- Bulky and hard to work with
DB-9 and DB-25
- Serial connections
- Early on they were used for almost anything
- Still today the 9 pin one is sometime used for a console connection
F-connector
- Cable televisions or modem
- RG-6 cable

Optical Fiber

Communication using light wavelengths (LED or laser)
Over km of distance
No external interference or tapping
You have a core, cladding and coating on a fiber cable
Multi mode fiber
- For short distances, 2 km or less (often with an LED)
- More than one signal at once
Signal mode fiber
- For long distances, up to 100km
- More expensive with lazers
UPC
- Ultra polished connector
- 0 degree angle connection
- High return loss
APC
- Angled polished connector
- 8 degree angle connection
- Lower return loss, little higher insertion loss

Optical Fiber Connectors

ST connector
- Straight tip connector
- Bayonet connector
- Round at the end
SC connector
- Subscriber connector
  - Square connector
- Have a plastic key on the side
LC
- Lucent connector
  - Little connector
- The connectors are getting smaller and smaller
MT-RJ
- Mechanical Transfer Registered Jack
- Smallest connector
- About the same size as an RJ-45 connector

Copper Termination Standards

Cable tester can verify the termination is done properly
Don't mix and match the cable pin outs on a single cables
T568A
1. White and Green
2. Green
3. White and Orange
4. Blue
5. White and Blue
6. Orange
7. White and Brown
8. Brown
T568B
1. Orange and White
2. Orange
3. Green and White
4. Blue
5. Blue and White
6. Green
7. Brown and White
8. Brown
Straight through cables
- Pin 1 is connected to pin 1
- 2 is connected to 2, ect
Crossover cable
- For connecting like devices together
- Pin 1 no longer goes to pin one it goes to pin 3
- Pin 2 to pin 6, ect
- May not need to do the crossover on the physical cable because if your device supports Auto-MDI-X the device can do the crossover digitally
- Does not deal with 568A or 568B standards

Network Termination Points

Patch panels
- Take the connections from say office cubicles punching them down then on the other end have a RJ45 connection that goes into your networking equipment (switch)
- If someone changes desk locations you can simply change the small cable length from the patch panel to the switch instead of having to run a completely new cable
- 66 block is used for older standards
- 110 block is more common for modern networks
  - Wire to wire patch panel
  - For cat 5 or 6 cables
Distribution panels for fiber
- Patch panel at both ends at times
- Need to watch the bend radius of the cable
- Leave some cable slack for future changes

Network Transceivers

Transmit and receive mostly in a single device
Modular interface
Most often there are two fibers, one for transmit and one for receive
- You could also have both transmit and receive in one cable with BiDi transceivers
GBIC
- Early standard
- Something like an SC connector
- Copper and fiber support
- Rather large though
SFP
- Replaced GBIC for the most part
- 1G fiber or copper connections
- Much smaller form factor
SFP+
- Much faster than SFP (16Gib)
QSFP or QSFP+
- 4 SFP or SFP+ in one connector that is not that much bigger
- Crazy speeds
- Saves money because there is less fiber and equipment needed

Ethernet Standards

Most of this was already covered in the Copper Cabling video so like hardly anything is here because I am not writing it again
100BASE-T used 2 pairs of wires
1000BASE-T uses all 4 pairs of wires
1000BASE-SX = multi mode fiber of 220-500m distance
1000BASE-LX = Multi mode fiber of 550m or single mode fiber for 5km distances
10GBASE-T = Much higher frequency (500 MHZ)

Networking Devices

Hub
- Layer 1
- Very basic (Sends data out of every single port because it doesn’t know where it needs to go)
- Everything is half duplex
- Not efficient at all
Bridge
- Basically a switch with 2 ports on (Bridging 2 networks together)
- Forwarding decision made via software
- Layer 2 device (Forwards based on MAC addresses)
- Today's WAPs are bridges (Bridging between Ethernet and wireless networks)
Switch
- Layer 2 device
- Forwarding decision made in the hardware (ASIC)
- Modern ones have many more features such a PoE
Router
- Layer 3
- Forwarding decisions based on IP addresses
- Can connect different types of networks together
Firewall
- Layer 4 (Could be layer 3 or 7 as well)
- Allows or denies traffic based on certain criteria (TCP/UDP)
- Modern firewalls could even look at the application information and see rather or not that would be allowed into the network (Layer 7)
- May also be an VPN endpoint
- Can proxy traffic
WAP
- Not a wireless router (this is just the wireless part)
- Layer 2 device
Modem
- Converts analog sounds to digital signals
- On traditional phone lines
- Allow you to POTS as a backup way of communicating if everything else fails
- Can be used for internet access if they are ADSL modems
Converting media
- Layer 1
- Signal conversion (Copper to fiber, or fiber to copper)
- Helpful for extending the range of your connection
- Almost always a powered device
Wireless range extender
- A wireless repeater
VoIP endpoint
- Some people still use voice for some reason
- Can be used like POTS or on some sort of software like modern phones

Advanced Networking Devices

Multilayer switch
- A switch and a router in a single device
- Switching still happens at layer 2 and the routing happens at level 3
Wireless networks
- Many AP to manage
- Security controls
- Should be easy for your users
Wireless LAN controllers
- Centralized management of all of your WAP’s (on single console)
- Make changes to all of the WAP easily
- Monitor and reports on the WAP
Balancing the load (Load balancer)
- Many servers sharing the load of one task
- Used for large scale implementations
- Could be used for fault tolerance
- The load balancer decides which server will handle which request
- TCP offload, SSL off load, caching, and many more features
- Prioritizing QoS at times, content switching
IDS
- Intrusion detection system
- Looking for security events
- Will simply alert when it detects something
IPS
- Intrusion prevention system
- Looking for security event
- Will actually prevent the harmful traffic from entering your network
Identification technologies
- Signature based
  - Looking for an exact match
- Anomaly based
  - Build a baseline of what is normal and notify you of anything odd
- Behavior based
  - Observe and report certain actions
- Heuristics
  - Uses AI to determine if traffic flow is malicious
Proxy
- Sits between the users and the external network
- Makes requests and accepts data on the users behalf (So it can examine things to make sure nothing dangerous is going on)
- Can filter through data
Application proxies
- Understands maybe only one application
VPN concentrator
- Allows you support VPNs
- Could be a stand alone device or be part of a firewall
  - Could also be simply software
- The client will need software for this to work
- very common to config VPN to be always on
AAA framework
- Identification
  - Username most often
- Authentication
  - Prove you are who you say you are (password)
- Authorization
  - What level of access do you have?
- Accounting
  - Logging times, data transfers, ect
RADIUS
- Common service for the AAA framework
- can be used as authentication for almost any type of device
UTM (unified threat management)
- An all in one security appliance
- Filtering, inspection, spam filter, CSU/DSU, routing and switching, firewall, IDS/IPS, bandwidth shaping, VPN endpoint, so much stuff in one device
NGFW (Next gen firewalls)
- Layer 7 firewalls (inspect application layer information)
- Looking at every frame and making security decisions based on all of that data
- Can get very detailed and specific with their understanding
VoIP tech
- PBX
  - For analog phones
  - Connects phone to provider
- VoIP PBX
  - Integrate all VoIP devices to work over a normal network
  - No need for extra cables
- VoIP gateway
  - Convert VoIP information into something that the normal PSTN network can understand
Content filtering
- Could detect if sensitive information is being shared across the network
- Could look for inappropriate content
- Can detect malware
- Filtering out what you don't want

Virtual Networking

Make 100 physical devices seem like one single logical device virtually
Still need to be able to communicate to the physical world
- This is done via a hypervisor
  - Your hardware (CPU) needs to support this
Networking requirements
- Has their own private network for all of the VMs
- Likely uses a shared networking address with NAT for outside communication
  - They could also all have their own IP address
  - Or could have a private address
Virtualization
- Much more flexible
- Can add and remove things very easily

Network Storage

NAS
- Remote access to a file server
- File level access
SAN
- More efficient
- Block level access
Jumbo frames
- More than 1500 bytes of a payload
- Up to 9,216 (9,000 is the norm) bytes in a single frame
- Increase network speeds
- All of your devices need to support this option
Fibre Channel (FC)
- Built for SANs
- Up to 16Gbit/s
  - Fiber or copper
- Uses SCSI, SAS, or SATA commands
FCoE (Fibre channel over Ethernet)
- No new hardware needed
- Can’t go through a router
FCIP
- FC encapsulated into IP packets
- Can go through routers to other subnets
iSCSI
- Send SCSI commands over an IP network
- Make remote drives look and feel like a local drive
- Managed well in software
Infiniband
- High speed
- Has its own hardware
  - Copper or fiber
- Popular for supercomputers and the likes
- 200Gbit/s speeds are quite common

WAN Services

ISDN
- Can use BRI
  - Two 64 kbit/s bearer channels (for the data)
  - One 16kbit/s signaling channel (Setting up the ending the call)
- PRI
  - T1 or E1 line
  - T1 has 23 Bearer channels and one signaling channel
  - E1 has 30 bearer channels, one signaling channel and one alarm channel
- Common for old phone network and the likes (not used that often though)
T1
- NA, Japan, South Korea
- 1.544Mbit/s over 24 channels
E1
- Europe
- 32 channels for a total of 2.048Mbit/s
T3
- Also known as DS3
- On coax mostly
- 28 T1 circuits
- 44.736Mbit
E3
- 16 E1 circuits
- 34.36Mbit/s
OC (packet switching instead of the T and E stuff that was circuit switching)
- The new and more used today stuff
- SONET
  - Have different line rates (speeds)
  - OC-3 = 155.52Mbit/sec
  - OC-12 = 622.08Mbit/sec
  - OC-48 = 2.49Gbit/sec | 2.5G
  - OC-192 = 9.95Gbit/sec | 10G
DLS and ADLS (Digital subscriber line)
- Common for our homes
- WAN network that uses phone lines
- Downloads are faster than uploads
- 10,000 feet distance limitation
Metro Ethernet
- A single city
- Connect with Ethernet on a WAN (Not common)
- Often is running over a different topology
Broadband
- Many frequencies
- DOCSIS
  - Data over the cable network
  - 4-250Mbit/sec (maybe even a gig of speed)
Dial-up
- Using the existing voice lines for digital signals
- Very slow speeds 56kbit/sec
- hard to scale

WAN Transmission Mediums

Satellite
- Into space
- Slow and expensive
- 50 Mbit/s down and 3 Mbit/s up
- For hard to reach sites
- High latency 250ms up and down
- High frequency around 2GHz
- Rain and other things and interfere with the connection
Copper
- Cheap and easy to install and maintain
- Not as fast as fiber (often combined with fiber)
- Very popular
Fiber
- High speeds
- Higher costs than fiber
- Long distances
- Common for the core of the WAN
- Becoming much more popular for end users
Wireless
- Mobile providers
- Roaming communication
- Limited coverage and speed (remote areas don't tend to work well)

WAN Technologies

Frame relay
- Cost effective WAN types
- Part of the departure of T1’s
- Frames are passed through the cloud and appear on the other side
- 64 Kbit/sec through 45Mbit/sec speeds
- Replaced by MPLS nowadays
ATM
- Common for SONET
- No frames or packets, it uses cells that were 53 bytes large
- High speeds, low latency
- Max speeds of 10Gbit/s
MPLS (Multi protocol layer switching)
- Best of ATM and frame relay
- Traffic through the WAN are labeled
- Supports many types of traffic
- Common for WANs
- Labels are pushing onto packets as they enter the MPLS cloud
- Labels are popped off on the way out of the cloud
PPP (Point to point protocol)
- Connect 2 devices
- Works almost anywhere
- Supports authentication, compression, error detection, and multilink for larger speeds
PPPoE (PPP over Ethernet)
- Common on DSL networks
- Easy to implement, supported in most OS out of the box
DMVPN (Dynamic Multipoint VPN)
- VPN builds itself as it is needed
- A dynamic mesh
SIP trunking
- Control protocol for VoIP
- Using a VoIP connection to an IP-PBX
- Most efficient and gives you more control over the bandwidth and other things

WAN Termination

Demarc point
- Where you connect to the outside world
- Used everywhere
- On one side is your ISP’s hardware and on the other side is your own hardware
CSU/DSU
- Sits between your router and the demarc
- Commonly providers the conversion between your provider and your own equipment
- Could be built into a router
- Many types of connections are used for these devices
Smarjack
- More intelligent than just a cable hand off
- Owned by the provider
- Could provide diagnostics, alarms, re-configuration, ect

3.0

Network Documentation

Operations procedures
- Downtime notifications, facilities issues, ect
Software upgrades
- Testing and change control
Document everything in a way that is easy to reference
Mapping the network
- Both physical and logical maps
- This is important and very useful to everyone involved
- Logical network maps is a broad perspective of the network
  - Shows how things move across the network but not the physical hardware
- Physical network maps shows all the physical cables and hardware and how they connect
  - Show interferences, IP addressing, server racks, ect
Change management
- The process of how and when to make a change
  - Documentation, fall back plans, installation process, ect
- This can be hard to implement in a organization that is not already using it
Managing your cables
- The ANSI/TIA/EIA 606 is the standard for documenting the network
- Identifiers and labeling are needed
  - Color coding, bar coding, ect
- A centralized database is nice and common to have now a days
System labeling
- Unique system ID for every device
  - Asset tag, name, serial number, ect
- This should be clearly visible and for the server as whole along with each component
Circuit labeling
- WAN circuits that are coming into the building
  - Document all companies of these WAN circuits
  - Want to know the circuit ID, WAN provider phone number and other information to be able to communicate with them
- May want to put into place a monitoring system
Patch panel labeling
- Be able to see which port on the floor matches with which port on the patch panel
  - Usually uses numbers
Baselines
- What the normal operation for the network is
  - You can use this to spot abnormalities and predict when to upgrade what
Inventory management
- A record of every asset
  - Make/model, config, purchase data, location, ect
- Have an asset tag with a barcode, RFID, tracking number, ect
Inventory management software
- A centralized database of all of you assets
- May also have help desk and reporting functions

Availability Concepts

Fault tolerance
- If a problem occurs, then what?
- Adds complexity and costs to the network
- Redundant everything, load balancing, RAID, ect
Redundancy
- An additional device to replace a failed device
  - Power supplies, two completely different servers, RAID, UPS, ect
High availability
- Redundant doesn’t always mean available right away
- When you can't afford to have any down time you need a redundancy that is always on and always available
  - Always watch out for single points of failure
- Costs a lot more
Load balancing
- Spread the load between different servers or devices
- If one server is down the others can still perform the action needed
NIC teaming
- Load balancing on network cards / connections
- Redundant paths and aggregate bandwidth
- Done inside the OS
- Uses multicasts to do health checks with the other NICs

Power Management

UPS
- Uninterruptible power supply
- Good for blackouts, brownouts, power surge
Generators
- A long term power source that runs on fuel
- Could run the entire building or just part of it
- Can take some time to get up to speed (can run off the UPSs during this time)
Dual-power supplies
- Each one can handle 100% of the load so as long as one is working you are good
- Hot swappable

Recovery Sites

Cold site
- No hardware, just an empty building
- You bring everything including staff
Warm site
- Room and rack space, you bring the rest or maybe they even have the hardware there
Hot site
- An exact replica of everything
- Very costly
- Always updated with the latest information
  - Usually automatic
- Very easy to move over to the hot site

Backup and Recovery

The archive attribute
- Be able to tell if a file change been changed since the last backup
Full backup
- Backup everything
- Change all of the archive bits to off afterwards
- Long time to backup, very quick to restore
Incremental backup
- Backup all of the files changed since the last incremental backup
- Quick to backup, but slow to restore
Differential backup
- Backup all files changed since the last full backup
- Medium amount of time to backup, medium amount of time to restore

Process Monitoring

Log management
- Usually sent via syslog to a central log server
- Massive storage requirement
- Rolling up the data becomes important
  - Take samples every minute for the day
  - At the end of that day now keep 5 minute samples
  - After 30 days start keeping 1 hour samples times, ect
Data graphing
- Raw logs or summarized logs
- Often managed through SIEM
  - Turning reports into something visual (Graphs)
- Can require a lot of computing resources
Port scanning
- Nmap (network mapper)
- Find devices and open ports
  - Can also do a lot more, find OS, find services, ect
- Use NSE for more options
Vulnerability scanning
- Not that invasive
- See what is open and finding unknown devices
- Test from the inside and the outside
Vulnerability scan results
- Can find lack of security controls
- Can find misconfigurations
- Can also just find real vulnerabilities
Patch management
- Service packs
  - Many patches at once
- Monthly updates are also important
- Emergency updates for Zero-day patches
Rollback options
- Go back to the previous version (known to work)
Baseline review
- See what is normal in your network so you can find what is abnormal
Protocol analyzers
- Get into the details of what applications are doing
- Capture packets from wired or wireless networks
- Make it very easy to see everything that is happening on the network
- Might need a lot of storage for this

Event Management

Interface monitoring
- Up or Down? (Green is good, red is bad)
- Alarming and alerting when something fails
- Short term and long term reports
SIEM
- Security information and event management
- Monitoring and reporting on tons of logs from all over
  - Can send out security alerts based on this info
- Short and long term reports
  - Correlation between different data types
- Very good for forensic analysis
Syslog
- The standard for message logging and consolidating logs
- Usually logs are sent back to a centralized SIEM using syslog
- Lots of disk space required
SIEM logs
- Look at all the events that you may need to see in one place
SIEM dashboard
- A broader view of what is happening in the logs
- Uses lots of graphs
SNMP
- Provides queries to devices for more information
- v3 is the only one that is encrypted so use that if your devices support it
- Can be very detailed so access should be limited
Graphing with SNMP
- Uptime, response time, traffic transfers, ect
- Many tools can be used to browse or walk the SNMP

Performance Metrics

Monitoring the interface
- Trying to find the signs that will hint at a possible failure currently or in the future
- Can be monitored with SNMP
  - MIB-II are where most metrics are
- See the error rate, utilization, packet drops, interface resets, speed, duplex and more

Remote Access

IP sec
- Security for OSI layer 3
- Authenication and ecryption for packets
  - Also has confidentiality and integity
- Uses AH and ESP
- Sit-to-site VPNs
  - The common place to use IPsec
  - Uses existing connections (often with VPN applicances)
SSL VPN
- Common for end user VPN access
  - Client to site VPN
- Uses SSL/TLS protocol
- Often built into the OS (or browser)
- Can authenticate users
- TCP based
DTLS VPN
- Datagram transport layer security
- UDP based
- For real time needs
Remote desktop access
- Share a desktop from a remote location
- RDP is commong for this
- VNC is also quite common for this
  - Some versions are free and open source
- Can be used for troubleshooting or often by scammers
SSH
- Encrypted console communication
- Good for connecting to network devices for many reasons
Web based Mangement console
- All in your browser
- Uses HTTPS for encryption
- May still need the command line for things not support via the browser’
Transferring files
- FTP, SFTP, TFTP, ect
- SFTP
  - FTP with SSH
- FTPS
  - FTP over SSL
Out of band management
- The network or device isn’t avaible what do you do?
- Most devices hav e a separate management interface
  - Could connect a moden to this so you can do things remotely
- Management network not tied to or relying on the hardware of the normal network

Policies and Best Practices

PUA (Privaledge user agreement)
- Exspectations when dealing with data and devices
- A signed agreement at times
Password policies
- A written policy of what is expsected in a password and how to change / deal with passwords
- The recovery process should be difficult to avoid other people gaining access
On-boarding
- The process of adding a new employee and setting up all the physical and digital things that they need
Off-baording
- The process of getting rid of a former employee and all of their hardware and digital accounts need to be reassigned, deleted, archived, ect
Licsensing restrictions
- There are so many licsenes to manage
- Need to make sure you have aviability
- Need to have intergrity
- Watch out these expiring and how that would affect the company
International export controls
- Equipment, information, data and more being exporing to other countries
- Processes, procudures, laws and more
Data loss prevention (DLP)
- Where is your data?
- Detailed polcies to define what is and isn’t allowed with the data
- DLP and watch out for and notify you when it finds a policy violation
Remote access policies
- Hard to control external communication at times
- A policy for everyone included 3rd parties
- Very specific requirements to keep things safe
Security incidents
- How to handle something going wrong with security
Incident response policies
- How should you identify the incident
- How should you catagorize the incident
- Who needs to respond to the incident
- What process needs to be followed
BTOD
- Managing employee owned devices and how they can use them
- These can be hard to secure
AUP (acceptable use policy)
- What is the acceptable ways to use company assets
- Should cover all assets and the policies for them
- Good for limited the leagal liability of a company when something goes wrong
NDA
- Confidentialilty agreement
- Internally to proctect the company from exployees
- Externally to make sure two companies dont disclose each others information
System life cycle
- Managing the disposal of assets
- Make sure to completely destroy important information so no one else can see it
- Make sure to follow the laws when doing this
Physical destruction
- Shredder / pulverizer
- driller / hammer
- Electromagnetic
- Incinerating
Safty procedures and policies
- Equipment safty
- Personal safty
- Enviromental safty
  - Toxic waste, batteries and the likes
- Local government regulations need to be known and followed

4.0

Physical Security

CCTV / IP cameras
- Video surveillance
- Need to get the right specs (Depth of field, illumination requirements, focal length, ect)
- Networked together and recorded over time
- Motion detection for alerts
Asset tracking tags
- Record of every single asset
- Good for financial records, audits, deprecation, ect
- Barcode, RFID, tracking number, ect
Tamper detection
- Have systems be able to monitor themselves
- Sensors, firewalls, ect
- Asset tags that could provide tamper notification
ID badge
- Can help track who has been where and give you access to certain things
Bio-metrics
- Tied to a certain person (fingerprint, iris, voice print)
- Useful for 2FA
- Hard to change (Could be duplicated though)
- Not foolproof but still pretty good
Tokens and cards
- Smart card, USB token, hardware or software tokens, key fobs, SMS code to your phone
Door access controls
- Lock and key, electronic locks, deadbolt
- Token based locks with a card or the likes
- Multi factor (smart card and pin)

Authorization, Authentication, and Accounting

AAA framework
- Identification
  - Who you say you are (username)
- Authentication
  - Prove you are who you say you are (Passwords or other)
- Authorization
  - Make sure you get access to what you need to and don't have access to what you should not
- Accounting
  - Tracking information and logging everything
RADIUS
- More common AAA protocol
- Centralized authentication for users
- Works on almost any OS
TACACS
- Alternative to RADIUS
- For dial-up lines
XTACACS
- Made by Cisco
- Added more accounting and auditing to TACACS
TACACS+
- Latest version of TACACS
- Works with many OS and services
Kerberos
- Authentication protocol
- A one and done login
- Protects against man in the middle attacks
- Works with many OS’s
SSO with Kerberos
- Uses cryptographic tickets
- No constant username and password input
- Not everything works with Kerberos
LDAP
- Read and write information to a directory
- DAP was an early version of LDAP
- Uses attributes to describe data in the directory
  - CN = Common name
  - O = Organization
  - L = Locality
  - C = Country
  - ect (there are more)
- Makes a tree of information
Local Authentication
- Most devices have an initial account (make sure to change the password for this)
- Hard to scale local accounts with large networks
- Useful as a backup if AAA is down
Certificate based authentication
- Private keys stored somewhere (like a smart card)
- PIV cards are used by US federal government
- CAC is used by the Department of Defense
- Could also be stored on a laptop, USB fob, ect
Auditing
- Logs of everything
- Who logged in, what did they do, when did they do it
- Network usage
- Security logs

Multi-factor Authentication

Something you are (Bio-metrics, ex: fingerprint, iris scan, voiceprint)
Something you have (smart card, key fob, USB stick, phone for SMS)
Something you know (Password, pin)
Somewhere you are (location)
Something you do (hand writing, typing style)
Some of this can be expensive, others can be quite cheap

Access Control

NAC (Network Access Control) 802.1X
- You don't get access until you authenticate
- Port access (Physical ports)
- Makes use of EAP and either RADIUS or TACACS
- Disable unused ports, check for duplicate MAC
Port security
- Prevent unauthorized users from connecting to a switch
- Based on the MAC address of the connecting device
- Can setup your own rules for this
  - Setup how many MAC and which MAC addresses can connect to each physical port
MAC filtering
- Allow or deny based on the MAC
- Easy through packet captures (Can also be easily spoofed)
Captive Portals
- Common for wireless networks
- Has a list of allowed devices and if you are not on that list it gives you a login screen
  - Once you login you now have access to the network
ACL
- Looks at the packets of allow or disallow traffic
  - Can filter on very specific criteria
- On routers or switches (for ingress or egress)

Wireless Encryption

Wireless Encryption
- Anyone can listen in so this needs to be encrypted
- WPA and WPA2 (you need the password to listen)
WPA
- Upgrade to WEP
- Short term bridge between WEP and the new standard
- Uses TKIP
  - Combined the secret key with the IV
  - 64 bit message integrity check to prevent tampering
  - Still had its own set of issues
WPA2
- Uses CCMP for encryption (replaced TKIP)
  - Uses AES for data confidentiality
  - More advanced encryption
- The long term standard

Wireless Authentication and Security

EAP (Extensible Authentication protocol)
- Authenticate framework
- WPA and WPA2 use EAP
LEAP
- Used with WEP
EAP-FAST
- Lightweight
- More security
EAP-TLS
- Strong security
- Lots of people use it
EAP-TTLS
- Other types of authenticate through the TLS tunnel
PEAP
- EAP within a TLS tunnel
Open system
- No authentication
WPA2-Personal / WPA2PSK
- Has a pre shared key that you need to login
WPA2-Enterprise / WPA-802.1X
- Authenticates users individually
MAC filtering
- Can do it on wireless networks as well
- Can use a wireless analyzer to help with this (but can be spoofed)
Geo-fencing
- Using the GPS to determine rather or not to give someone access
- Authentication method

Denial of Service

Force a service to fail by overloading it
- Could take advantage of a vulnerability
- Could just turn off the power
Could be a smoke screen for other attacks
Could happen accidentally
- Network loop or bandwidth limitation, ect
DDOS
- The attack is coming from many places at once
- At botnet
- Make a small attack into a big attack
  - A small request is now a large response overloading servers

Social Engineering

Manipulate people as they are weakest point in security
Authority
- Act like they are in charge so it's okay to do what they say
Intimidation
- Bad things will happen if you don't help
Consensus
- Convince someone this is what is normally done
- “your co-worker did this last week but is out today, could you help?”
Scarcity
- Limited amount of time so we have to act fast
Urgency
- Make things move faster
- Don't think about it or ask others if it is okay
Familiarity
- Become your friend and talk with you
Trust
- Someone who is safe and can fix the issues

Insider Threats

Someone from within the organization with knowledge and access about the network
Usually causes more harm than other types of attacks
- Can harm reputation
Could be accidental or intentional

Logic Bombs

When a event occurs the attack goes off
- Time and date or a certain event
Often deleting things from systems
Hard to identify
- Need processes to procedures
- Lots of monitoring
- Auditing

Rogue Access Points

A backdoor into your network
Simply buy an AP and plug it into the network
- Needs to be monitored to prevent
Require everyone to Authenticate before using the network
Wireless Evil Twin
- This one is config just like all the other WAP
- Get other users to use their WAP not the legitimate WAPs

Wardriving

Driving down the street and gathering information about different wireless networks around you
All of this is free with certain applications
Also works on drones or bikes

Phishing

Social engineering with a touch of spoofing
Often done via email then sends you a fake website to login
- Check the URL to see if it checks out
  - Or just don't click links from emails
Vishing
- Phishing over the phone
Spear Phishing
- Customize the attacks for a certain person or group of people
Spear phishing against the CEO is called Whaling

Ransomware

Take control of your data on your computer until you give them the money they want
- Could be fake ransomware where just trying to trick you
Crypto-malware
- Ransomware that asked for crypto to unlock
Can protect against this with a backup on a different computer (ideally offline)

DNS Poisoning

Modify the DNS server
- To send someone to a different IP address
- Send a fake response to a valid DNS request
Modify the workstation files

Spoofing

Pretend to be something you are not
Fake web server, fake DNS, fake MAC address, fake email addresses, fake caller ID, fake IP address, ect
Man in the middle attack uses ARP spoofing to sit between the conversation of 2 devices

Wireless Deauthentication

Keep connecting and dropping off a wireless network
Significant DoS attack
802.11 management frames that make everything work
- Some wireless networks don’t protect these management frames
- So attackers can make their own management frames and send them through the network to your devices
802.11w addressed this problem by making the management frame encrypted
- Still not everything is encrypted
- Is required for 802.11ac and all versions going forward

Brute Force Attacks

Dictionary attacks
- Using a word list in order to try and crack a password
  - Start with the easy and most common words
- Catch the low hanging fruit / the bad password people
Brute force attacks
- You try every possible combination of characters
  - Very slow and most systems will not allow this many attempts
- Best if you can find the hashed password and try to crack that offline where you don't have a limited number of attempts
- Lots of computing power required for this

VLAN Hopping

You should only have access to your VLAN
You may be able to hop to another VLAN
- Switch spoofing
  - You pretend to be a switch
  - Setup trunks so you can now send a receive from any VLANs
  - Switch admins should disable trunk negotiation so this can’t happen
- Double tagging
  - When a switch sees a frame with a 802.1Q header and the header specified the current native VLAN, and that frame must be forwarded out of a trunk interface then the switch will remove the header
  - If you had 2 headers on that frame and the first one was then removed your second header is what the second switch would see and that is where it would route the traffic allowing you to talk with other VLANs

Man-in-the-Middle

Get in the middle of a conversation of 2 devices
Neither end station knows someone is watching their communication
Arp poisoning
- Arp has no security
- Arp maps IP’s to MAC address so if you modify the arp table in a device you could make it send traffic to a different MAC address
  - This man in the middle would then continue to send the traffic to the right location in order to keep both devices from noticing something is wrong, so that the man in the middle can keep spying and gathering intel
Often done from inside the browser where it will send the traffic to the attacker
- The attacker does not need to be on your local network
- Requires malware on your machine

Vulnerabilities and Exploits

Vulnerabilities
- A weakness that allows bad guys to gain access to things that they shouldn’t have access too
- Some are never discovered
- Many different types of vulnerabilities
Exploits
- Takes advantage of a vulnerability
- Many different methods to exploit a vulnerability
  - Can get quite complex
Zero Day attacks
- When someone finds a brand new vulnerability they could notify the organization that has the vulnerability or if they are bad guys they could trade them or exploit that vulnerability
- Zero-day vulnerability are when it has been discovered that there is a vulnerability but it is yet to be patched
  - If they are exploited then it is a Zero-Day attacks

Device Hardening

Changing default credentials
- The default username and password can be easily found by anyone so don't use them!
Avoid common passwords
- Something that you can’t find in the dictionary is best
- Longer is better and special characters/numbers are very good to use
Upgrading Firmware
- To a version that does not have any known vulnerabilities
  - Make a plan for the new security risks and issues you may run into
Patch management
- Security fixed, system stability, ect
- Monthly updates or emergency updates for important security issues
File hashing
- A way to keep your data security and not in the clear
- Allows you to do some integrity checks to make sure the data has not been changed
Disabling unnecessary services
- Hard to tell which are unnecessary at times, but every service is a potential risk
- requires a lot of research and trial and error
Watching the network
- It is quite easy to steal wireless data that is going across a network
- Use encrypted protocols and technologies to try and avoid this
Secure protocols
- SSH instead of Telnet
- HTTPS instead of HTTP
- SFTP instead of FTP
- SNMPv3 because v3 is the only encrypted version
- IPsec encrypt everything at the IP packet level
Generating new keys
- Encrypted data requires a key
- Need to make sure no one gains access to these keys
- Update or change these keys if you have a default key
Disabling unused TCP and UDP ports
- If you don’t need the port, why take the risk?
- Add this type of filtering on a firewall or appliance
Disabling unused interfaces
- The physical ports that are unused should be disabled
- More effort to maintain but much more secure
- Could also use NAC to help mitigate the risk of unused ports

Mitigation Techniques

IPS signature management
- Determine what happens when unwanted traffic appears
- Thousands of rules and you need to determine the outcome for these rules
  - Can be done one by one or by groups
- This can take a lot of time to get just right
Device hardening
- Use harden guides for your services and platforms
  - From the manufacture or a 3rd party
Native VLAN
- When you are sending traffic across a trunk and the traffic belongs to the native VLAN then it does not need a header
- You may want to change this value to separate management traffic from other types of traffic
Privileged accounts
- Admin or Root
- Needs to be highly secure
- User accounts need to have limited access, don't give them more than they need
FIM (File integrity Monitoring)
- Some files should NEVER change
- Monitor to see when important files change
  - Windows can check its files with SFC
  - Linux can check its files with Tripwire
  - Many other host based options
Restricting access with ACLs
- Drop all traffic except for admins when accessing management devices
- Different for ACL for application access
Honeypots
- Trap the bad guys into a fake network that looks real
  - Could be a single device or a whole network (honeynet)
- Make them look as real as possible
Penetration testing
- Simulate an attack to find vulnerabilities
- Can be done yourself or from a hired 3rd party
- Often these penetration tests are required

Switch Port Protection

At the MAC address layer there is no way to count how many times a frame has been sent around
- This leads to loops if config the network incorrectly
- The IEEE 802.1D standard is the STP protocol and is used everywhere
STP
- This was already talked about somewhere above but
- Root Ports are ports that lead to the root switch
- Designated ports are other open ports
- Blocked ports are blocked to prevent a loop
BPDU Guard
- Is the protocol used to communicate between STP devices (switches)
- Can't let non offical devices tells your stp switches what to do so you stop that from happening with a BPDU gaurd
Root Guard
- One switch will also be the root switch (or bridge)
  - Can be set manually
Flood guard
- Config a maximum number of MAC addresses on a interface
  - Could be a single MAC or a group of MAC addresses
- When this maximum number is exceeded the port will be disbaled
- Prevents people from flooding the network with MAC addresses
DHCP snooping
- Switch becomes a DHCP firewall
  - Filters out trusted DHCP servers as trusted and everything else is untrusted
  - Makes a table of this information and filter things through

Network Segmentation

Physical, logical, virtual
Could increase the performance and security
Physical segmentation
- Completely separate devices that are not connected in any way
- Could keep different applications separate, custom information separate, ect
Logically segmentation with VLANs
- On the same hardware but still separated logically
- Can make it so they cant talk to each other
DMZ
- Additional security between the internet and you
- Public access to local resources

5.0

Network Troubleshooting Methodology

Identify the problem
1. Perhaps see if you can duplicate the problem
2. Identify symptoms
3. Question the users experiencing the issues
4. See if any changes have taken place
5. Some of the problems might not be related to each other
Establish a theory
1. Start with the most simple explanation
2. Consider everything
3. List all of the possible causes
Test the theory
1. Go into a lab and try and recreate the problem to test your theories on
2. You may run out of theories
Create a plan of action
1. Correct the issues with minimum impact on the users
2. Identify that possible side effects of fixing the issue
3. Have a backup plan
Implement the solution
1. Probably done during non production times
2. May need other people's assistance
Verify full system functionality
1. Ask users and customers that everything is all good
2. Check yourself for the problem
3. Implement preventive measure so it does not happen again
Document findings
1. Write down everything, as much as possible
2. Consider having a formal database for these types of documents

Hardware Tools

Cable crimpers
- Pinch connector to a wire
- Good for ethernet cables and other types as well
- Wirestrippers and cable snips are also needed for installing these cables
Cable testers
- Continuity test
- Make sure pin 1 is connected to pin 1
  - 2 to pin 2, ect
- Simple devices, will simple readouts
TDR and OTDR
- TDR for copper
- OTDR for fiber
- Lots of information
  - Estimated cable lengths
  - Find splice locations
  - Cable impedance information
  - Signal loss
  - Certify cable installations
    - Log everything
  - Locate breaks
- Can be very costly
- Need a person that knows how to properly use the tool
Punch down tools
- Punch a wire into a wiring block (66 or 110 block)
- Each wire must be punched down on its own
  - Can take time
- Keep things organized
- Make sure to keep the twists as close as possible to the block itself, don't do a lot of untwisting
Light meter
- For fiber to see how much light is making it all the way through the fiber run
- Very useful for testing very long fiber runs
Tone generator
- Sends a tone down the cable so you can easily find the other end of the cable
- Useful when working with large amounts of cabling
Loopback plug
- Loop the signal coming out of a device back into the same device
- Can test all types of connections
- This is not a crossover cable
Multimeters
- Check AC and DC voltage
- Continuity tests to see if connections are working
  - Wire mapping
Spectrum analyzers
- Examine all of the frequencies coming from wireless networks in the area
- Helps when checking for interference

Software Tools

Protocol analyzer
- Gathers every frame on the network
  - Wireshark
  - Or even built-in tools
- Solve complex application issues
- Good for finding security issues as well
Port scanner
- Scan for IP addresses and open ports
  - OS and service information as well
- Nmap is the most popular one
  - And Zenmap
- Can graphically see the results on some port scanners
- Good for finding rogue devices
Wireless packet analysis
- Wireless networks are very easy to monitor
- You can't hear the network if you are transmitting so turn that off
- Need the right hardware to capture this information
- Gather lots of data from the network
Speed test sites
- Bandwidth testing, or ping testing
- Very easy to use
- Useful when comparing the impact of changes you made

Command Line Tools

Ping
- See if a device is reachable using ICMP
- Determine round trip time between devices
Traceroute / tracert
- Map the entire path to a device
- Uses ICMP
- Many different options and control over how exactly this happens
NS lookup and Dig
- Look up information from DNS servers
  - Names, ip addresses, cache timers, ect
- NS look up is on almost any OS
  - Not really used anymore
- DIg
  - More advanced than NS look up
  - Much more common today
Ipconfig and ifconfig
- ipconfig for windows and ifconfig for linux and mac
- Lots of IP details can be seen here
iptables
- A stateful firewall for linux
- Advanced filtering by all sorts of things
  - IP address, port, application, content, ect
netstat
- Network statistics for many OS
  - -a shows all active connections
  - -b shows binaries (windows)
tcpdump
- Capture packets from the command line
- Included in linux and mac and windows has its own version called windump
- Apply filters and view in real time
- Save the data to use later
  - Readable by things like wireshark
- Lots of data to shift through
Pathping
- For windows
- Both ping and traceroute in one (also adds a few things)
- All of this happens in 2 phases
  - First phases run a traceroute
  - Second phase measures the round trip time and packet loss at each hop along the way
Nmap
- Network mapper, port scanner, OS sanners, services scan
- It is all types of things in one with tons of options of what you can do
  - NSE is a scripting language you can use to extend its capabilities
Route / route print
- View the devices routing table
arp
- Determine MAC address based on IP address
  - arp
  - arp -a

Wired Network Troubleshooting

Signal loss
- Signal strength diminishes over distance
  - This is signal attenuation
- Happens with wireless networking, copper, and fiber
- dB is the measurement of signal strength
- Common symptoms
  - No connectivity
  - Intermittent connectivity
  - Poor performance
- Good to have a TDR or OTDR for troubleshooting this
Latency
- Waiting time (some is normal)
- Examine the response time of an application with all types of tools
  - Packet captures, protocol analyzers, ect
Jitter
- When data does not arrive at regular intervals
- Really bad for real time information because if the packet is dropped it is gone forever
- Jitter itself is the time between frames
  - A high number can lead to a choppy voice call
- Troubleshooting it
  - Confirm that you have enough bandwidth
  - Make sure your hardware is fast enough for real time interaction
  - Make sure to use QoS to help with jitter
Crosstalk (XT)
- Signals on one circuit affect another in a bad way
  - Causes interference
- Measure it with a TDR
- NEXT is near end crosstalk
  - Crosstalk at the transmitting end
- FEXT Far end crosstalk
  - At the receiving end
- Troubleshooting it
  - Almost always a wiring issues
    - Maintain twists
    - Check your crimp
    - Use a shielded cable if needed
    - 6A for increased cable diameter
  - Always test and certify your installations
EMI and interference
- Cable handling
  - Don't twist, pull, or stretch cables too much
  - Watch your bend radius
  - Don't use staples
- EMI is anywhere there is a power source
- Always test with a TDR after installation
Open and Shorts
- Short circuits
  - When two connections are touching
  - Some communication may still occur (inconsistently)
- Open circuits
  - When the cable is broken completely
  - No communication can occur
- Troubleshooting them
  - May be hard to find where the problem is
  - Replace the cable (hard to repair)
  - TDR helps find the location of the issue
Pin-outs
- When they are incorrect, you may have a slow link or a link that does not work at all
- Cable testers are good for verifying the pinouts
- 2 popular ways of doing pinouts
  - T568A
  - T568B
Incorrect cable type
- Outside of the cable is likely labeled with some helpful information
  - TDR is also good for making sure the labing is correct and getting more info
Troubleshooting interfaces
- Interface errors may indicate a hardware issue
- Verifying the configurations to make sure they are set correctly
- Verify two way traffic connectivity
Transceiver mismatch
- Transceivers need to match the fiber type (single mode, multi mode) and the wavelength
- Check across the entire link that you have the right transceiver
Reversing transmit and receive
- Wiring mistake
- Easy problem to catch (visually or with a cable tester)
- Some internet hardware can automatically fix this in software so everything still works (Auto-MDIX)
Damaged cables
- Cables can be out in the open and easily damaged
- Hard to see inside the cable so you may need a TDR
Bottlenecks
- One or more of the devices in the network are much slower than the others bring down the performance significantly
- Must continue to monitor all of these to find the slowest ones
  - A baseline is good to help with find abnormality
Interface configuration problems
- Could cause poor throughput or no connectivity at all (with or without link lights)
- Some people prefer to set this up manually instead of automatically
- Settings need to match on both sides for it to work properly
VLAN configuration
- May have a link light no internet surfing
  - Automatically IP’s have the wrong subnet and manual assignment won’t work
- Check the VLAN config on the switch itself
Duplex and speed mismatch
- Incorrect speed will lead to performance issues, slowing down everything
- Incorrect duplex will also cause significant slowdowns

Wireless Network Troubleshooting

Reflection
- Signals can bounce off some surfaces
- Too much of this and the signal will be weaker
- Changing the location of the antennas and where they are pointed could help solve this
- Not as big of a problem when using MIMI in 802.11n or 802.11 ac
Refraction
- Signal passes through an object and exits the object at a different angle
- Can affect data rates
  - For long links the most
Absorption
- Passes through an object and loses a bit of signal
  - Changes how much this happens based on the material it is passing through and the frequency used
- Put the antennas on the ceiling to try and avoid most walls
Latency and Jitter
- The delay between transmitting and receiving the response is latency
- Jitter is an unpredictable data stream and inconsistent intervals
- There is more interference and signal issues on wireless networks because everything could conflict with everything else
  - May run into these problems when there are too many people on the network
Attenuation
- Signal gets weaker as you move away from the AP
  - Measured with a WI-FI analyzer
- Control the power output if it is an option
- Use a higher gain antenna
- Move closer to the antenna
Interference
- Something else is using the same frequency
- Can be predictable or unpredictable
  - Multi tenant buildings are very unpredictable
- Use netstat -s or performance monitor in windows to measure this
Incorrect antenna type
- Must fit the room and the situation
- Omnidirectional
  - Good on the ceiling, poor between buildings
- Directional
  - Good for connecting two points together, or for a wall mounted AP
Incorrect antenna placement
- Don't put AP too close to each other
- Don't put AP too far away from your users
- Make sure to check frequencies and channels you are using
  - Hard to make sure channels don't overlap in 2.4GHZ because there are only so many channels to work with
Overcapacity
- Hitting the limit of devices you can use
  - 5GHZ can help with this
- Bandwidth saturation
  - Not enough bandwidth
- Large environments suffer from this a lot more
Frequency mismatch
- Devices need to match the AP
  - May not operate properly
- Mixing standards can cause issues with performance
SSID (Service set identifier)
- Indicates the name of the wireless network
  - Make sure to connect to the correct one
Wrong passphrase
- Wireless authentication through many methods
- A single shared passphrase may get you into the network (not common on large enterprise networks)
  - For enterprise things like 802.1X would authenticate you to the network
    - Different credentials for each person
Security type mismatch
- Encryption on wireless networks is very important
  - Make sure the client matches the AP
- Much easier these days since most things use WPA2 for this
Signal to noise ratio
- What to you to what you don't want ratio
- A very large ration is best
  - Equal amounts of each would be terrible

Network Service Troubleshooting

Names not resolving
- Web browsing and other applications will not work
  - Try to ping IP addresses to make sure it is not a connection issue
- Check all of your IP settings (IP, subnet mask, default gateway, DNS server IP addresses, ect)
  - Use nslookup or dig to test if you can get a response from the DNS server
IP configuration issues
- Can’t communicate outside the subnet, no communication at all, or can only communicate to some IP addresses on your subnet
- Assure that you have the correct information (Ip address, subnet masks, gateway, ect)
- Traceroute and ping to try and see if the issue is you or something else in your infrastructure
Duplicate IP addresses
- Static assignment must be the very organized
- DHCP could make a mistake, overlap, or be rogue causing issues
- Most modern OS have systems in place to prevent duplicate IPs
- Troubleshooting them
  - Check the manually configured ones first
  - Ping the IP addresses
  - Capture the DHCP process
Duplicate MAC addresses
- Not common
  - Could be someone messed up a manual config
  - Could be a manufacturing error but that is VERY rare
- Could be man in the middle attack
- Likely causes intermittent connectivity
Expired IP address
- A device failed to be able to renew its IP address
- Could be a issue with a DHCP server
  - Not functioning right
  - No available IP addresses
Rogue DHCP server
- Could make someone have an invalid or duplicate IP address
- Enable security on your switch to stop this
  - DHCP snooping
  - Authorized DHCP servers in Active Directory
- Disable any Rogue DHCP you find and make sure to not keep any IP addresses they may have assigned
Untrusted SSL certificate
- Browsers don’t trust the certificate
- Look at the Certificate details for the issuing CA and compare it to the trusted list of CA’s on your computer
Incorrect time
- Lots of things, especially security is time sensitive
  - Kerberos, Active Directory and more
Exhausted DHCP scope
- No more addresses in the pool so you get an APIPA address
  - Add more addresses if possible to avoid this
- IPAM can report and monitor on IP address shortages
- Lowering the lease time can also help if you have a lot of users coming and going from your network
Blocked TCP/UDP ports
- Applications not working because the traffic can’t get through
  - Especially new applications may have issues
- Confirm this is the issue with a packet capture
- Could run a traceroute tool to see how far your packet can go to find where the filtering is occuring
Incorrect host-based firewall setting
- Also will cause applications to not work
- Filtering on your device
  - Check the settings of your firewall (might need to be done by an admin)
  - Could be centrally administered
- Packet capture from an external device could give you more information on the firewall and its filtering
Incorrect ACL settings
- Only some IP addresses may be accessible
- Confirm with packet capture that this is indeed the issue
  - Tracerout could also help with identifying the point of no return
Unresponsive service
- No answer at all
- Make sure your port number and protocol is correct
- Confirm that there is connectivity
  - Ping or traceroute
- Could try and use Telnet to see if it responds
Hardware failure
- No response
- Confirm connectivity
  - Ping and traceroute likely won't work
- Check the server itself

Name		Name	Last commit message	Last commit date
Latest commit History 74 Commits
README.md		README.md
_config.yml		_config.yml

HiroNewf/Network-Plus-Notes

Folders and files

Latest commit

History

Repository files navigation

Table of contents

1.0 Networking Concepts (23% of the exam)

2.0 Infrastructure (18% of the exam)

3.0 Network Operations (17% of the exam)

4.0 Network Security (20% of the exam)

5.0 Network Troubleshooting and Tools (22% of the exam)

1.0

2.0

3.0

4.0

5.0

About

Resources

Stars

Watchers

Forks