Network + N10-008 Notes

1. The OSI Model – Open Systems Interconnection Reference Model

a. Layer 1 – Physical
i. Physics of network. Signals, cabling, connectors
ii. Not about protocols
iii. Check/test cables, run loopback tests.
b. Layer 2 – Data Link
i. The basic network language.
ii. Foundation of communication
iii. Data Link Control protocols – MAC address on ethernet
iv. The “switching” layer
c. Layer 3 – Network
i. The “routing” layer.
ii. Where IP operates.
iii. Fragments frames to traverse different networks.
d. Layer 4 – Transport
i. The “post office” layer.
ii. How and where data is being layered.
iii. TCP and UDP
e. Layer 5 – Session
i. Start and stop communication between endpoints.
ii. Control or tunneling protocols.
f. Layer 6 – Presentation
i. Character encoding.
ii. Puts data into a form that can be understood by the end user.
iii. Often combined with application layer.
iv. Encryption (SSL/TLS)
g. Layer 7 – Application
i. The layer that humans get to see on browsers or interfaces.
2. Data Communication
a. PDU – Protocol data unit:
i. Transmission units. Taking a little bit of data and transferring it
across the network in a single unit.
ii. Ethernet operates on a frame of data.
iii. IP operates on a packet of data.
iv. TCP or UDP header – TCP segment or UDP datagram
b. Encapsulation and decapsulation
i. Sends data within app. Data needs to go from server to client.
ii. TCP header is on top of application data.
iii. IP header is on TCP and app data.
iv. The frame header encapsulates all above. The frame trailer
decapsulates all above.
v. Each layer has a header and payload.
c. TCP flags
 i. Within TCP header.
ii. The header describes or identifies the payload.
iii. The device that’s receiving data can interpret bets or control
flags.
iv. Can identify if a flag has been turned on or off.
v. The flags control the payload
1. SYN – synchronize sequence numbers
2. PSH – push the data to the application without buffering.
3. RST – reset the connection
4. FIN – last packet from the sender
d. MTU – Maximum Transmission Unit
i. Within IP header.
ii. Deals with fragmentation of data.
iii. Used when you can’t send large packets.
iv. Max size is determined by MTU. Designates size of data.
v. Difficult to know MTU value from beginning to end because there
are different hops.
e. Building an ethernet frame
i. Fragments are always in multiples of 8 because of the number
fragmentation of bits
f. Troubleshooting MTU
i. MTU sizes are usually configured once.
ii. MTU needs to change when tunneling is involved.
3. Network Topologies
a. Useful in planning a network. It’s the physical layout of the network.
Assists in understanding signal flow and troubleshooting problems.
b. Wired Types
i. Star – Hub and spoke. Used in most large and small networks. All
devices are connected to a central device. Ethernet switch is in
middle and all devices connect to the switch and not each other.
ii. Ring – used in many popular topologies for WAN and Metro Area
Networks. Has a built-in fault tolerance.
iii. Bus – a type of ethernet network ran over coaxial cable. Used in
local early networks. Simple but prone to errors because there is
a single cable used. If there is a break in cable, it will segment
data or cause no data to traverse network. No redundancy.
Used in CAN (controller area network) buses. Used to control all
sensors and controls in automobiles.
iv. Mesh – popular topology. Multiple links to same place. Instead of
a single connection, there are multiple connections to create
redundancy. Commonly in a WAN.
v. Hybrid – combining different topologies together. More than 1
topology type working together.
c. Wireless Types
i. Infrastructure – all devices communicate through an access
point. The most common wireless communication mode.
 ii. Ad hoc networking – no pre-existing infrastructure. Devices
communicate amongst themselves. No proxy.
iii. Mesh – ad hoc devices work together to form a mesh “cloud”.
Self-form and self-heal.
4. Network types
a. Peer-to-peer – all devices are both clients and servers. Easy to deploy
and low cost. Difficult to administer and secure.
b. Client-server – responsibilities are split. Clients and a server. Everyone
accesses the same server.
c. LAN – local area network. A building or group of buildings with high-
speed connectivity. Uses ethernet and 802.11 wireless. Any slower and
it isn’t local.
d. MAN – metropolitan area network. A network within your city. Larger
than a LAN but smaller than a WAN. Sometimes referred to as metro
ethernet. Common to see government ownership because government
has the “right of way”.
e. WAN – wide area network. Spanning the globe. Generally connects
LANs across a distance. Networks become slower. Many different WAN
technologies like cable in the ground and satellite.
f. WLAN – wireless local area network. 802.11 technologies. Exists within
a building and has a limited geographical area. If you leave the
building you won’t continue to communicate with the WLAN. Can be
extended using multiple APs.
g. PAN – personal area network. Bluetooth headsets, keyboards etc.
Bluetooth, infrared, NFC.
h. CAN – campus area network. Or corporate area network. Connected
with conduit and fiber connected. Run LAN for high-speed ethernet
between buildings as if you’re within the same building. Usually on
private land. No third-party provider.
i. NAS – network attached storage. Contains multiple drives and stores
large amounts of data in one single area. Can access files at file level.
j. SAN – storage area network. Block-level access. Very efficient reading
and writing. Requires a lot of bandwidth.
k. MPLS – multiprotocol label switching. Communication through the WAN
but uses labels to determine how traffic is routed. Can be used with
any type of connection and any type of data can be inside. Forwarding
decisions made based on label switching.
l. mGRE – multipoint generic router encapsulation. Used for DMVPN to
send data across mGRE networks. Only created when needed. If there
is a break, the VPN rebuilds itself to communicate between different
sites. Also considered a dynamic mesh.
m. SD-WAN – software defined wide area network. Can be defined
however we want to lay out. Useful for cloud.
5. WAN Terminations
a. Demarcation point – a physical connection that separates the ISP and
personal area. Location of demarcation is important to troubleshoot
where the issue is occurring.
 b. Smartjack – a specialized equipment that allows providers to control
demarcs remotely. Usually in a locked container with limited access.
Built-in diagnostics.
6. Virtual networks
a. All servers are connected with enterprise switches and routers. Migrate
several servers into a virtual server within one physical server.
b. NFV – network function virtualization. Moving physical infrastructure
within hypervisor. Same functionality as a physical device.
c. Hypervisor – virtual machine manager. Manages all operating and
virtual systems and connections. Responsible for managing access to
CPU, memory, and network from a management console.
d. vSwitch – Virtual switch. Functionality is similar to a physical switch:
forwarding, link aggregation, port mirroring, netflow etc.
e. vNIC – virtual Network Interface Card – configured through hypervisor.
Can enable additional features.
7. Provider Links
a. Satellite networking – communication to a satellite. High in costs but
good bandwidth. High latency.
b. Copper – inexpensive but limited bandwidth. Not used for higher
speeds. Common in WAN on cable modem or DSL. Often combined
with fiber.
c. DSL – Asymmetric Digital Subscriber Line. Speeds are different coming
in than going out. Download speed is faster than the upload speed.
Distance limitation from the central office.
d. Cable broadband – the signals inside the coax connection are being
transmitted across a broad number of data lengths. Different traffic
types. DOCSIS – type of connectivity used by this cable modem. High-
speed networking.
e. Fiber – fastest way to communicate over network. More expensive than
copper and more difficult to repair. Allows to send a lot of data along
long distances. Common for WAN and Isp to use fiber because of the
speed and bandwidth.
f. Metro Ethernet – used in MAN. Usually within a small geographical area
and connect using high-speed networks. Ethernet on both sides of
connection. The provider network has higher speed connectivity over
fiberoptics.
8. Copper cabling
a. The foundation of ethernet networks. The majority of wireless
communication is a wired connection.
b. Twisted pair copper cabling – balanced pair operation. Sending
opposite and equal signals. Transmit +/-, Receive+/-. Because the
wires are twisted, they are always moving away from interference.
c. Copper cabling categories
i. 1000BASE-T – Category 5 100 meters
ii. 1000BASE-T – Category 5e (enhanced) – 100 meters
iii. 10GBASE_T – Cat 6 – unshielded 555 meters, shielded 100
meters
 iv. 10gBASE-T – Cat 6A augmented – 100 meters
v. 10GBASE-T – Cat 7 shielded only – 100 meters
vi. 40GBASE-T – Cat 8 shielded only – 30 meters
d. Coaxial cables – two or more forms share a common axis. Used in
television and digital cable.
e. Twinaxial cable – two separate conductors. Common on 10GB ethernet
over copper. Full duplex, five meters, low cost, low latency compared
to twisted pair.
f. Structured cabling standards – a set of standards that dictate use and
installation. Called international ISO/IEC 11801 cabling standards.
Telecommunications industry Association (TIA) – standards, market
analysis, trade shows, government affairs. Commonly referenced for
pin and pair assignments of eight conductor
g. T568A and 7568B Termination – pin assignments from t568b standard.
Are different pin assignments for 8p8c connectors. Many orgs use
T568B. Once you select a standard, you must use that for their entire
organization.
i. T568A (in order)
1. White and green
2. Green
3. White and orange
4. Blue
5. White and blue
6. Orange
7. White and brown
8. Brown
ii. T568B
1. White and orange
2. Orange
3. White and green
4. Blue
5. White and blue
6. Green
7. White and brown
8. Brown
9. Optical fiber
a. Fiber communication – transmission by light instead of electrical
signals. No radiofrequency that can be eavesdropped. Can send signal
over long distances.
b. Multimode fiber – for short range up to 2km and uses LED or
inexpensive light source. Light reflects through multiple modes as it
travels from one side to the other.
c. Single mode fiber – has a smaller core and only allows one mode of
light. Used for long distances. Some implementations of ethernet can
run along single mode fiber up to 100km. need a light stronger than
LED. expensive because it’s using laser lights.
10.Network connectors
 a. LC – local connector. Has 2 different fibers inside of it to send/receive.
Plugs in with locking connectors. Small connectors and popular on
recent routers and switchers.
b. ST – straight tip. Slightly larger than LC. Been around for a while. Lock
in place using bayonet connectors.
c. SC – subscriber connectors. Square connectors. Might be connected
individually or plugging in two fibers simultaneously. Has a locking
mechanism.
d. MT-RJ – mechanical transfer registered jack. Very small connector with
2 tiny fiber connectors. The one with the smallest amount of real
estate that it takes on a switch or router. Used when you want to use
as many connectors as permitted.
e. UPS and APC – makes sure optimal amount of light is from beginning to
end. The return loss is how much light is reflected back to the source.
To minimize return loss you use a UPC (ultra-polished connectors). Has
a high return loss. APC (able-polished connector) slight angle and has a
lower return loss.
f. RJ11 connector – a copper connection. Stands for registered jack type
11. Only 2 conductors are inside of cable. Sometimes as a 6p2c.
g. RJ14 – uses 6P4C. used for DLS or analog.
h. RJ45 – 8P8C. modular connector. All 6 connectors are used for internet
connections.
i. F connector – used for cable modems. Follows standards associated
with DOCSIS. An RJ6 type of coax cable and the end is threaded to lock
in place.
11.Network Transceivers
a. Media converter – operates on OSI layer 1. Physical layer conversion.
b. Transceiver – a transmitter and receiver within the same physical
component. Allows you to plug in the type of connection you would like
to use.
c. Duplex communication – two fibers within the transceiver. One
transmits and one receives.
d. Bi-directional (biDi) transceivers – traffic in both directions with a single
fiber. Allows to send and receive traffic over a single strand of fiber.
e. SFP and SFP+ - small form factor pluggable. Commonly used to provide
1 GB connections. The enhanced version is the same physical size but
increases throughput of transceiver.
f. QSFP – the more interfaces the more value. This transceiver is also
called a quad small form-factor pluggable. It’s smaller than an SFP but
fits 4x the throughput. It also has an enhanced version.
12.Cable Management
a. Cable infrastructure – a well thought out way to manage cabling within
a space.
b. Patch panel – allows cable management. A central console for
connection of multiple cables.
 c. Fiber distribution panel – fiber is not run through desks but ran through
buildings. Provides a fiber bend radius. Often has extra fiber in case it
needs to be extended.
d. 66 block – a patch panel for analog voice.
13.Ethernet
a. Most popular networking tech in the world. Many different types.
Ethernet standards = BASEband.
b. 1- and 100-megabit ethernet – twisted pair. 10BASE-T. Cat 3 cable
minimum. 100-meter max distance. Can be increased with 100BASE-
TX. Sometimes referred to as “fast ethernet’. Cat 5 minimum with two
pair of wires extended over a 100-meter max distance.
c. 1000Base-T – uses 4 pairs of wires. Cat5e cables. 100-meter max
distance.
d. 10GBASE-T – 10 gig ethernet over copy. 4 pair balanced twisted pair.
Frequency of 500 MHz Requires minimum of Cat6 cable. Unshielded
max distance is 55 meters. Shielded can go up to 100 meters. Cat6A
can go up to 100 meters shielded or unshielded.
e. 40GBASE-T – 40 gig per second Ethernet. Requires a Cat8 cable
minimum and only allows up to 40 meters.
f. 100BASE-FX – 40 gig ethernet over fiber. Up to 400 meters on half-
duplex. Up to 2 km full duplex. Pair of multimode fiber; uses the same
fiber as FDDI. Uses lasers to send light.
g. 100BASE-SX – can communicate using LED optics and less experience
than 100BASE-FX. Can go up to 300 meters.
h. 1000BASE-SX – using short wavelength laser and can go to 220 meters
to 550 meters depending on fiber type
i. 1000BASE-LX – gig ethernet using wavelength laser
j. 10GBASE-SR – also called short range. Can extend 26 – 400 meters.
k. 10GBASE-LR – long range. Uses single-mode fiber and can be extended
to 10 km.
l. WDM – wavelength-division multiplexing. Use different wavelengths for
each carrier.
m. CWDM – coarse wavelength – division multiplexing. Uses 4 3.125
gb/sec carriers at 4 diff wavelengths.
n. DWDM – dense wavelength division multiplexing. Add 160 signals.
14.Binary Math
a. A bit is 0 or 1. 1 = on. 0 = off.
b. 8 bits = 1 byte = 1 octet
c. A byte = 8 bits. Also called an octet.
d. A binary-to-decimal conversion chart.
128 64 32 16 8 4 2 1

15.IPv4 Addressing
a. IP address – uniquely identifies a device on a network.
 b. Subnet Mask – used by the local device to determine what subnet it’s
on. The subnet mask isn’t transmitted across the network.
c. Default gateway – the router that allows you to communicate outside
of your local subnet. Must be an IP address on the local subnet.
d. Loopback address – an address that references itself. Ranges from
127.0.01 through 127.255.255.254.
e. Reserved addresses – a block of addresses that have been set aside.
Range from 240.0.0.1 to 254.255.255.254. should not be configured on
a local machine or prod network. All “Class E” addresses are reserved.
f. Virtual IP address – not associated with a physical network adapter.
Assigned to internal system and assigned to a logical adapter.
g. DHCP – dynamic host configuration protocol. Configures IPv4 address,
subnet mask, gateway, DNS servers, NTP servers, etc. provides
automatic address and IP config for almost all devices.
h. APIPA – automative private IP addressing. A link-local address. Can only
communicate to other devices. No forwarding by routers. Ranges from
169.254.0.1 to 169.254.255.254. First and last 256 addresses are
reserved. Automatically assigned if DHCP server is not available.
16.Network Address Translation
a. IPv4 supports around 4.29 billion addresses and the works has more
than that many devices. The address space has been exhausted.
b. RFC 1918 private IPv4 addresses

IP address range Number of Classful Largest CIDR block Host

addresses description (subnet mask) ID size

10.0.0.0 – 16,777,216 Single class A 10.0.0.0/8 24

10.255.255.255 (255.0.0.0) bits

172.16.0.0 – 1,048,576 16 contiguous 172.16.0.0/12 20

172.31.255.255 class Bs (255.240.0.0) bits

192.168.2.2 – 65,536 256 192.168.0.0/16 16

192.168.255.255 contiguous (255.255.0.0) bits
class Cs
c. The router provides translation functionality.
d. NAT overload/PAT – when you have many Ips that need to
communicate.
17.Network communication
a. Unicast – one station sending information to another station. One-to-
one. Does not scale optimally for real-time streaming media.
b. Broadcast – send information to everyone at once. One-to-all. A single
packet of data is transmitted and broadcasted to all devices on the
network.
c. Multicast – send a single frame only to be received by devices that are
interested in receiving the information. Multimedia communication,
stock exchanges, dynamic routing updates. Very specialized but
difficult to scale across larger networks.
 d. Anycast – single destination IP address has multiple paths to two or
more endpoints. One-to-one-of-many.
18.Classful subnetting
a. Very specific subnetting architecture.

Class Leading Network Remainin Number Hosts per Default

bits bits g bits of Network Subnet
Networks Mask
Class A 0xxx (1- 8 24 128 16,777,2 255.0.0.0
127) 14
Class B 10xx 16 16 16, 384 65,534 255.255.0.0
(128-
191)
Class C 110x 24 8 2,097,15 254 255.255.25
(192- 2 5.0
223)
Class D 1110 Not Not Not Not Not defined
(multicas (224- defined defined defined defined
t) 239)
Class E 1111 Not Not Not Not Not defined
(reserved (240- defined defined defined defined
) 254)
b. The construction of a subnet
i. Network address – the first Ip address of a subnet. Set all host
bits to 0
ii. First usual host address – one number higher than the network
address.
iii. Network broadcast address – the last IP address of a subnet. Set
all host bits to 1
iv. Last usable host address – one number lower than the broadcast
address.
19.IPv4 Subnet Masks
a. A continuous series of 1s. ones are on the left and 0s are on the right.

20.Calculating IPv4 Subnets and Hosts

a. To be able to connect to certain devices and separate the network into
smaller pieces by sending traffic to the next router and that router
sending to the next router.
b. VLSM – Variable Length Subnet Masks. Network admins can determine
the best subnet mask. Allows customization of subnet mask to specific
network requirements.
c. Number of subnets = 2 to the subnet bits power
d. Hosts per subnets = 2 to the host bits power – 2
21.Introduction to IP
a. Efficiently move large amounts of data.
b. The network topology is the road
c. The truck is the IP
d. The boxes hold your data. Boxes of TCP or UDP
 e. Inside the boxes is more information, app information etc.
f. TCP and UDP
i. Transported inside of IP. Encapsulated by the IP protocol.
ii. Two different ways to send data.
iii. Operates on the OSI layer 4. Layer 4 protocol.
iv. Can perform multiplexing (using multiple apps simultaneously
over the same network)
v. Transmission control protocol – connection-oriented. A setup
process before data is sent. When data is sent there is an
acknowledgement. Known as a reliable protocol.
vi. User Datagram Protocol – connectionless. No formal open or
close and no acknowledgement. Known as an unreliable delivery
method because there is no acknowledgement to confirm data
was sent and accurately. No flow control.
g. Ports
i. IPv4 sockets – consists of Server IP address, protocol, server
application port number or client IP address, protocol, client port
number.
ii. Non-ephemeral ports – permanent and well known ports. 0 –
1,023. Usually on a server or a service.
iii. Ephemeral ports – temporary port numbers. 1,024 – 65,535.
h. Ports on the network
i. Web server – tcp/80
ii. voIP server – udp/5004
iii. email servr – tcp 143
22.Common ports
a. Telnet – telecommunication network protocol. Tcp/23. Allows to connect
to devices remotely via console. Sends information across network
without any encryption.
b. SSH – secure shell. Tcp/22. Encrypted communication. Allows to
connect to devices remotely via console and information is sent over
the network in encrypted form.
c. DNS – Domain Name System. Udp/53. Converts names to IP addresses.
Large transfers may use tcp/53.
d. SMTP – simple mail transfer protocol. Tcp/25(plaintext) or
tcp/587(encryption using TLS). Server to server email transfer. Also
used to send email from a device to a mail server.
e. POP3 – post office protocol version 3. Tcp/110 (plaintext) tcp/995 (over
TLS encryption. Basic mail transfer.
f. IMAP4 – internet message access protocol version 4. Tcp/143
(plaintext) tcp/993 (TLS encryption) includes management of email
inbox from multiple clients.
g. SFTP – secure file transfer protocol. Tcp/22. Provides file system
functionality like resuming interrupted transfers, directory listings, or
remote file removal. Encrypted communication uses SSH22.
h. FTP – file transfer protocol. Tcp/20 (active mode data) transferring file.
Tcp/21 (control) tells system which file to send. Authenticates with
username and password and has full functionality.
i. TFTP – trivial file transfer protocol. UDP/69. Very simple method of
transferring files. Reads and writes files. No authentication. Not used
on prod systems.
j. DHCP – dynamic host configuration protocol. Udp/67 and udp/68.
Requires a DHCP server. Automated configuration of IP address, subnet
mask, and other options. DHCP pool are a pool of IP addresses that are
assigned in real-time and are given a lease time. DHCP reservation;
addresses are assigned by MAC address in the DHCP server.
k. HTTP – Hypertext transfer protocol tcp/80. Web server communication
in the clear.
l. HTTPS – hypertext transfer protocol secure tcp/443. Encrypted web
server communication
m. SNMP – simple network management protocol. Udp//161. Gather
statistics from network devices.
n. Syslog – udp/514. Standard for messaging logging to see what is
occurring over the network. Diverse systems within a consolidated log.
Integrated into the SIEM.
o. RDP – remote desktop protocol. Tcp/3389. Share a desktop from a
remote location on Windows computers. Can connect to an entire
desktop or just an app.
p. NTP – network time protocol. Udp/123. Switches, routers, firewalls,
servers and workstations have the same date and time configured.
q. SIP – session initiation protocol. Tcp 5060/5061. Used to set up phone
call, tear down phone call and control while it’s in use. It’s in charge of
voice communications.
r. SMB – server message block. Protocol used by MSFT Windows. File
sharing and printer sharing. Direct over tcp445. Direct SMB
communication over TCP without the NetBIOS transport.
s. LDAP/LDAPS. Tcp389. Lightweight directory access protocol. Secure is
tcp636 and also not a standard for. This is used to store and retrieve
information.
t. Databases
i. MSFT SQL server – TCP 1433
ii. Oracle SQL server tcp 1521
iii. MySQL tcp3306
u. ICMP – internet control message protocol. Devices use to send
messages not transfer data. For example: ping, ipconfig etc
v. GRE – Generic Routing Encapsulation. The tunnel between two
endpoints. Allows to encapsulate other types of data within an IP
packet and send to remote site.
w. VPN – virtual private networks. Send information over encrypted
tunnel. Integrated into firewalls. Can be standalone or software based.
x. IPSec – internet protocol security. Provides encryption of security of
data running across the IP network at OSI layer 3. Provides integrity
and anti-replay.