14Table Of Contents

1.Network Topologies & Types Of Networks

2.The OSI Model
3.Networking Equipment - I
4.Networking Equipment - II
5.Understanding Frame Types, Especially Ethernet
6.Understanding Wireless
7.TCP/IP Addressing and IPv6
8.Protocols of the TCP/IP Protocol Suite
9.NAT and ICS
10.DHCP, Port Forwarding, and DMZ Hosts
11.TCP/IP Troubleshooting Tools
12.NetBIOS
13.Network Troubleshooting - A Case Study
14.Common Protocol Suites
15.DNS
16.WAN Technologies
17.Network Management
18.Remote Access

Chapter-1
 Topologies
Networking topologies are organized by the way in which information "flows" across a
network. Below are the basic topologies:

At the core of the Network+ exam and networking concepts in general is the idea of
topology, or more specifically, the manner in which data is exchanged over the network.
Network topology is mainly a conceptual topic - when we speak of "star" networks or
"ring" networks, we are really speaking in terms of the manner in which information is
exchanged and not their physical setup. Remember that each topology/network
type has its unique advantages and disadvantages that will be tested on the
Network+ exam in the form of asking you "which is the most appropriate." Don't try to
memorize the perks of each - rather, try to understand the manner in which each allows
the exchange of information; then, the advantages and disadvantages will seem only
logical to you.

Bus - This is the most simplistic topology in which the nodes of the network are
individually linked up to two successive other nodes or another node and a terminating
node or terminator. This is considered now an archaic topology, because of the difficulty
of troubleshooting network issues (how do you know which node is causing the
connection issue?), redundancy issues (if one node fails, the network as a whole
can fail), the need for terminators, and the amount of traffic created (every node
between A and B must receive the packet that A sends). The nodes linked in this
topology are often referred to as "daisy-chained."

Ring - Similar to a bus network in that nodes are linked to each other, but dissimilar in
that the ends of a ring network are not terminated because, well, there are no ends! A
ring network is something like a " circular" network in which each and every node is
linked to two other nodes. This shares many of the same weaknesses as the bus
topology, including troubleshooting difficulty, redundancy issues, and traffic created, and
also adds an additional difficulty - the difficulty of adding a node to a token ring network.
Star - This is the most typical and practical network setup. In a star network, each node
maintains an individual connection to a switch, where all other nodes are connected.
Traffic between two known nodes, therefore, only goes through the switch and not
through other nodes. This increases the redundancy of the network (one computer
faltering will not cause the network to fail), increases data privacy (unicast traffic does
not travel through all nodes), and is a relatively easy-to-use setup. Disadvantages
include reliance on the switch (a fail-point) and the amount of wiring necessary.
Mesh/" Ad Hoc" - This is a rarely occurring configuration in which every node is
connected to every other node; it usually occurs only in wireless networks in "ad hoc"
mode, which will be discussed later; in this mode, each wireless card maintains a
connection to each other wireless node it wishes to connect with, forming a "mesh" of a
network. This is a relatively easy to understand option but is inefficient, requires a
large amount of overhead, and is difficult to manage.
Combined or Hybrid - This is simply a topology referring to the case where more than
one topology is utilized. For example, you may have three token ring networks
connected to a central hub, forming a star of token rings. This is one of many
possibilities of a hybrid network.

Types of Networks (Access Models)

The Network+ examination is interested in your ability to identify network access models,
generally referred to as types of networks. This does not suggest the way in which
network nodes are connected or the way that information flows (as do topologies), but
rather, the manner and mode in which nodes communicate with each other and
share information. There are three basic types:

Decentralized - Often referred to as "peer to peer" network, a decentralized network

does not contain any distinctions between client and server. In a decentralized
network, every node acts as a client and/or a server depending on the task at hand. For
example, many file sharing networks are considered "decentralized" because nodes
both download and upload (serve) files. The ease of adding nodes and the ease of
setup is a drawing point of decentralized networks, but the pivotal downfall of these
networks is their difficulty of maintenance (a setting must be changed on each node to
reflect a setting change on the whole network).

Client-Server Access - In this type, nodes can either act as "clients" or "servers,"
requesting or handing out information. Do not confuse the model with the star topology;
though the star topology often utilizes the client-server access model, this does not infer
that every client-server network utilizes the star topology. In a client-server network,
management is easy and the network can offer services that decentralized networks
cannot, but this comes at the expense of difficulty in setup, setup cost, and server
reliance.

Centralized - A centralized network is a modified client-server network in which the

clients have no individual control; that is, all maintenance and setup occurs at the
server level. The extreme ease of management and ability to micromanage is a
drawing point of this access method, but the prohibitive cost and inflexibility of the
method deter many from employing.

Chapter-2
The Open Systems Interconnection (OSI) Model
At the core of the Network+ exam is the OSI "Seven" Model. The model describes the
ways and means that networks use to operate and for communication . Though
you will seldom (if ever) encounter or use it in practice, and although you will find it to be
a mundane, ambiguous, or even arbitrary model, it is heavily tested on the Network+
exam and therefore for our purposes, it is immediately relevant.

The OSI Model is like a seven-layered cake. Just like the cake the OSI Model is a LIE
and will never help you in life. But I digress, as the cake starts from the bottom and
becomes more ornate as it reaches the top, the OSI Model begins with the most basic
layer, the Physical layer, and ends at the layer that we as users encounter, the
Application layer. Like a cake, each of the layers depends on the layers below it to
operate - for example, Outlook Express cannot receive email when the network cable is
disconnected - without the cable, the "cake" crumbles. (OK, this analogy is a bit of a
stretch, but just go with it!) The order of the layers, therefore, is quite important and you
should have it intimately memorized.

Here are the layers, from bottom to top:

Layer
Name Mnemonic
Number

Application All 7

Presentation People 6

Session Seem 5

Transport To 4

Network Need 3

Data Link Data 2

Physical Processing 1

Of course, you are free to come up with your own mnemonic device, but we do
recommend you find some way of remembering the layers because it will be a subject of
the test. Which is not a lie, unfortunately.

More important than the order of the layers, however, is the function of the layers. Most
exam questions on the OSI model ask you, "Which layer does so-and-so operate
in?" or something to that nature. Another type of question that occurs frequently is, "A
problem has occurred (Problem description). Which layer is to blame ?" These
questions can feel ambiguous or difficult, but most of the time, there is a single, clear
answer that makes itself known provided that you are aware of the model and the place
each layer takes in the model. We will now cover each layer in detail.

Physical (Layer 1)
At the base of the OSI model is the physical layer. This one is the easiest to understand
- it encompasses most of the physical aspects of the network; for example, a
repeater (a piece of equipment that amplifies signals) operates at the physical level
because it is only concerned with transmitting the electric signal on the wire - it does not
try to interfere with, encode/decode, or otherwise logically manipulate the signal. Think
of the physical layer as the " electrical" layer of the model - the physical layer is the
layer of low-level networking equipment, such as some hubs, cabling, and
repeaters . The physical layer is never concerned with protocols or other such higher-
layer items.

Examples of hardware in this layer:

· Network adapter

· Repeater

· Network hub

· Modem

· Fiber Media Converter

Data Link (Layer 2)

The Data Link Layer transfers data between adjacent nodes in a Wide Area Network, or
between nodes on any given Local Area Network. This layer also provides the
procedural means to transfer data between network entities and sometimes to detect
and correct errors that have occurred within the Physical Layer.
Since the Data Link layer is concerned primarily with local delivery within a LAN, data
link frames do not cross the boundaries of a local network segment and instead focus
on local delivery, addressing, and media arbitration.

Switches operate in the Data Link layer.

Sublayers
The Data Link Layer is often subdivided into two sublayers, the LLC Sublayer and the
MAC Sublayer:
· The LLC (or Logical Link Control) Sublayer multiplexes protocols running atop the
Data Link Layer, and provides flow control, acknowledgement, and error control. It also
specifies the mechanisms to be used for addressing stations and for controlling the data
exchanged between machines.

· The MAC (or Media Access Control) Sublayer determines who is allowed to access
the media at any one time (as in CSMA/CD) and provides frame synchronization, which
determines where one frame ends and the next begins.
Protocols
Protocols in the Data Link Layer include:
· Ethernet for LANs

· PPP

· HDLC

· ADCCP for point-to-point connections

· PTPPD Point-to-Point Portal Device

Network (Layer 3)
The Network layer is where the frames of the Data Link layer become packets. It can
be described as the puberty of the OSI model. It is where the boys of the Data Link layer
become men. The best way to think of the Network layer is as the mailroom clerk of the
OSI model. The clerk receives mail and directs it to the appropriate couriers. In similar
fashion, the Network layer translates the frames it receives from the Data Link layer into
more logical packets which can be routed to other networks (like sending it to a courier).
At the Network layer, you can begin to actually communicate across a Network, but the
service is called "unreliable" because no connection can be established. Communication
over the Network layer is something like throwing a message in a bottle into the sea or
hollowing out the wall and writing cryptic references to the Companion Cube at the
Aperture Science enrichment center- you cannot verify that the other person ever
reads the message. The Network Layer is the layer that uses IP addresses. Most
of what we call " routing" occurs at the network layer - that is,network traffic is
routed from one network to another at this layer, allowing for inter-network (as opposed
to intra-network) communication.

Transport (Layer 4)
At the Transport layer, the Network layer's packets are sorted and organized into
" segments." This is different from the idea of packets in the Network layer in one
fundamental way: the segments of data over the Transport layer contain information
on the connection and the transmission of data. The Transport layer removes the
uncertainty of "throwing the message in the bottle" that we experience over the Network
layer by attaching to segments (which are basically continued packets) information
about the state of a connection. Thus,

the Transport layer uses the LLC sub-layer of the Data Link layer to establish
connections between hosts. The protocols that are typically associated with the
Transport layer are:
· TCP: Connection-Oriented, reliable - unlike the "message in the bottle," or "hidden
Companion Cube reference," it can verify that a segment or packet reaches the location,
or note failure
 · UDP: Connectionless, unreliable - it is like a "smarter" message in the bottle service; it
makes a best-effort delivery but does not establish a connection or verify receipt

Session (Layer 5)
The Session layer is the layer that initiates and terminates the transport layer
connection-oriented services . While the Session layer is not widely used by protocols,
it is important in that it is responsible for managing the connections that we value and
that the Transport layer provides. In other words, the Session layer is like the GLaDOS
of the transport layer, just like GLaDOS tells the robots what to do and promises them
eternal damnation in case of insubordination, the Session layer also bosses the
Transport layer around.

Presentation (Layer 6)
The Presentation layer translates the segments of information from the Transport layer
into data that can be used at the Application layer. It is like the C3-PO of the OSI model.
It is something of an intermediary between the network node's processing area and the
network node's actual networking area - it can interpret the segments or packets it
receives and change them into " data formats" that we all know and that the PC
can recognize.

Application (Layer 7)
This is the top of our cake, utilizes the layers below it, and includes the functions that we
are most familiar with - the end-user application protocols such as FTP and HTTP,
the vital services like DHCP and DNS, and several obscure applications. This is where
the sockets are defined. The Application layer does indeed cover a wide variety of
protocols and services, but don't let this overwhelm you. In general, when trying to
decide if a service or protocol is an application level one, ask: "Does this facilitate
networking, or does networking facilitate the service?" If the answer is the latter, you
know it is an Application layer service.

Chapter-3
The Equipment
Hub: A hub, at the most basic level, is a dumb device that operates at the Physical
layer of the OSI model. A hub forwards all signals it receives to all connected
network devices. Think of a hub as a drunk when he speaks, he speaks to all
around him, even if he really only means to speak with one person.
Switch: Because the hub is something of a drunk, it can be an inefficient (think about
the excess traffic created) and unsecure device. Imagine if you wish to send sensitive
credit card information over the network do you really want every node to receive your
electronic signal? To alleviate this, the switch was developed. A switch operates at the
Data Link layer of the OSI model. It uses the MAC sub-layer to forward the relevant
frames of information only to the intended recipient. Messages can still be
broadcast, but this is only an option and not the normal condition. Unlike the drunken
hub, the switch can speak softly to one person at a time or announce to the crowd. The
Network+ exam tends to test you on this difference between a hub and switch, so
keep it fresh in your mind.

Bridge: A bridge also operates at the Data Link layer (aka Layer 2) and is used to
connect two (similar or dissimilar) physical network segments together, forming a
larger inter-network. It can forward packets or reject them based on their destination
(MAC) address. Note: The connected network segments must have same network ID.

Router: The router operates at the Network layer of the OSI Model and is used to
forward packets across network segments to reach a certain destination address.
Do not be confused between a router and a bridge a bridge simply forwards packets or
frames based on their destination address from one connected network segment to
another. A router can determine where a packet should be sent to given its final
destination (IP address). Usually, routers forward packets to other routers, but
sometimes routers also forward to other pieces of network equipment. A router is
usually used to connect a home computer to an always-on Internet connection through
the home network. To appreciate what a router really does, run tracert to your favorite
website and see how many steps (hops) are involved in getting from your computer to
the web server in question.

Gateway: A gateway is any device that serves to interface with other networks using
dissimilar protocols . For example, a gateway might interface between a home
network and the Internet or between a NetBIOS network and an IPX/SPX network. A
gateway operates in any of the seven OSI layers.

WAP: A Wireless Access Point is a device that allows wireless devices to access and
to communicate with the network. It acts as a bridge between the wired, traditional
network and other wireless devices.Alternatively, it can act as a bridge between
wireless devices and another, linked WAP. It typically operates in the Network layer of
the OSI model as a sort of router/bridge/switch combination. Note that most WAP
devices direct traffic by MAC address, making them switched.
NIC: A Network Interface Card is a device that allows a node to connect to the
network, typically in the form of a computer card (PCI/ISA), but also in the form of
an external (think USB) device. It can either be wired and connect to a traditional, wired
network, or wireless, and connect to a WAP.

Chapter-4
Equipment
CSU/DSU: A CSU/DSU (Channel Service Unit/Data Service Unit) is a special type of
bridge that operates between the WAN (wide) and LAN (local) networks. It is
typically found in devices such as cable modems, which are not modems in the true
sense of the word, but rather, converters from one digital signal to another. CSU/DSU
devices operate in the physical layer of the OSI model.

Modem: A modem (short for modulator demodulator) acts like a sort of CSU/DSU
between digital/analog networks. That is, a modem can translate a physical analog
signal to a digital one, and vice-versa. It typically acts as the intermediary between the
analog phone system and digital networks. Modems operate in the physical layer of
the OSI model.

ISDN Adapter: Integrated service digital network ISDN is a somewhat archaic

technology that allows connection via a special digital phone line. An ISDN Adapter is
a CSU/DSU for ISDN connections.
Firewall: A firewall is a device that can filter traffic coming into and out of a network.
There are different types of firewalls that will be tested on the Network+ exam:
Packet Filtering This firewall operates at the network layer of the OSI model, and
filters traffic based on the headers (destination/source) of the individual packets.

Circuit Level Circuit level firewalls filter traffic based on whether or not a session has
been established between the destination and source using TCP handshaking.
You can think of a circuit level firewall as a protective father who will not let his daughter
date a boy until he gets to know him. In a similar way, circuit level firewalls regulate
traffic based on whether or not a trusted connection has been established. These
operate in the Session layer of the OSI model.
Application Level Application level firewalls inspect the contents of packets, rather than
the source/destination or connection between the two. Application level firewalls are
similar to proxies in that they operate and regulate between two segments of the
network. Remember that an Application Level firewall operates in the 7th layer of the
OSI model (Application Layer) and can inspect the actual contents of packets.

Stateful Inspection This firewall combines the circuit level and the application level
firewall techniques and is most commonly employed today. It assures the
connection (session) between the two parties is valid (like the circuit level firewall) and
inspects packets from this connection to assure the packets are not malicious
(application level). So, the stateful inspection firewall operates in the network, session,
and application layers of the OSI model.

Proxy: Proxy Servers operate at the Application layer of the OSI model and serve as
filters of client-Internet traffic. Instead of establishing direct connections between
the clients and servers on the Internet, clients connect to the proxy server, which
can filter their request and then forward it to the Internet. The information sent back
is first filtered and then sent back to the client. In this way, a proxy server is something
like the propaganda office of an oppressive government that only presents to its citizens
information that has gone through the office. The citizens never directly know what is
going on, but instead, what the government (the proxy server) has told them.
 Chapter-5
Understanding Frame Types, Especially Ethernet
Frame technologies are the medium between the physical electric signals and the
higher-level logical packets that drive networking technology. Through the years, we
have seen a number of prominent frame technologies.

Ethernet (802.3) is the frame technology standard that drives most networks today
and probably the one that you are most familiar with. Understanding Ethernet is a key
to doing well on the Network+ exam, yet there is actually not much information that
you need to know about Ethernet. Instead, it is more important that you understand how
Ethernet works and the methods it employs in controlling traffic on the wire.
Remember that Ethernet is not a protocol as it operates at the Data Link layer of the
OSI model.

Remembering the Ancestors

Before you can understand (and appreciate) Ethernet, it is important to backtrack a bit
through the predecessors of the Ethernet standard.

Typically, when networks are illustrated to laypeople, they are demonstrated as

computers that appear to be linked or daisy-chained to each other. This in fact was
one of the earliest networking concepts, the bus topology. That topology is inexorably
linked to the 802.4 Token Bus standard, which defined the way in which data would
move across a token bus network. The standard stipulates that data would be treated
like a token that is, data would move through the network, passing from one node to
the next until it reached its destination. You can imagine some of the problems incurred
with this for example, for a frame to travel across the network, it would have to pass
through every node between two communicating nodes. This mode of communication
made impossible the idea of information privacy; in addition, the bus technology is
infamous for the large amount of traffic produced. Don t forget that bus networks
require terminators on the ends on networks to end token travel.

The token ring (802.5), though an improvement on the bus design was only a slight
improvement at best. In the ring formulation, a token still had to be passed from
node to node the only difference was that in the token ring, there was no need for
terminators necessarily, but in practice, very few ring networks literally daisy-chain all of
their nodes together. In fact, in many cases, the terminators are still employed. Still, the
ring was promoted as an improvement to the bus standard and a competitor to the rising
Ethernet standard.

Ethernet s Entrance
Yet, in the end, Ethernet prevailed. The key difference between Ethernet and the
aforementioned two standards was that Ethernet featured a seemingly counter-intuitive
and problematic approach to handling network traffic. In the Ethernet standard, traffic is
not passed on a token. Instead, information is sent almost haphazardly along the wire
without regard to the status of other packets. In the token formulation, the transfer of
information can be schematically controlled because the passing of tokens implies that
no collisions occur. Ethernet, in contrast, features a system called CSMA/CD (Carrier
Sense Multiple Access with Collision Detection) that allows Ethernet to automatically
detect and fix collisions in frame communication. The basic principle behind this system
can be conveyed in three steps:

Determine if frame is ready for transmission (if wire is idle ); wait until it becomes open
Send frame

Run collision detection procedure if collision occurs

Note About How Ethernet Works: Notice that there is no passing of tokens
through nodes in the Ethernet standard. So, it is very possible that collisions occur. If
they do occur, Ethernet simply waits a random back off period before reattempting
transmission. After too many failures, the attempts stop and the transmission itself is
deemed a failure.

Also be aware: Ethernet has a feature called promiscuous mode in which nodes can
receive all frames of information and not just those passed along to those specific
computers. This can be defeated by using switching.

Now, critics of the time charged that the Ethernet system was inefficient, that failing to
prevent collisions would create excess network traffic, and that the Ethernet standard
would be inherently slow in nature. All of these concerns however proved to be
unnecessary as the Ethernet standard is still dominant today and has been since the
early 1990 s.

Considerations with Ethernet

As with any networking technology, Ethernet has special facets and features you must
take into account when troubleshooting it and dealing with it. One of the most
important features of Ethernet today is the ability to auto-negotiate network
speed and duplex mode. Duplex mode refers to whether the traffic is one-way (talk
or listen) or two-way (talk and listen). Half duplex is akin to a one-way radio. A node
can transmit or receieve, but not do both at the same time. Full duplex allows for two-
way communication, a node can both transmit and receive at the same time. Auto-
negotiation allows Ethernet devices to determine which mode to use. In addition,
Ethernet speeds vary depending on medium and the router or gateway employed; below
is a table of Ethernet media and information you should know concerning them.

Ethernet Media Table

Name/Max Length of
Type Speed Use
Cable
Special coaxial cable,
needs vampire taps Oldest technology and
10
10Base5 / 500 m. (cut into wire to read), media; rarely employed
Mbps
SHARED MEDIUM today
(similar to bus)
Also old and rarely used,
Coaxial cable with BNC remember that it requires
10Base2 ( ThinNet ) / 10
connector. SHARED special circular BNC
185 m. Mbps
MEDIUM connector, similar to
cable TV connector
Twisted Pair wire with
EXCLUSIVE MEDIA Used RJ-45 connectors
10
10BaseT / 100 m. (connected to hubs (look like large phone line
Mbps
rather than to other connector)
nodes), RJ-45
Twisted pair wire, An improvement on speed
100BaseTX ( Fast 100
EXCLUSIVE MEDIA, RJ of 10BaseT, capable of
Ethernet ) / 100 m. Mbps
-45 auto-negotiation of speed
Twisted pair wire,
1000BaseT ( Gigabit 1000 Another speed
EXCLUSIVE MEDIA, RJ
Ethernet ) / 100 m. Mbps improvement
-45
Faster Speed/Other
Uses next-generation
media Ethernet Another speed
fiber optic cabling to 10+
(10GBASE-SR, improvement and change
achieve 10+ Gbps Gbps
10GBASE-CX4, etc) / in connectors, cabling
speeds
2000+ m.
Note for the exam: You may see options such as 100BaseFX this simply means it is
the same as 100BaseTX, but with a fiber optic connection (media) and an SC or ST
connector.

Chapter-6
Understanding Wireless
The Network+ exam is becoming increasingly focused on wireless technology, so it is in
your best interest to learn all of the current wireless standards and implementations. As
with almost everything you must learn for the Network+ exam, it is crucial that you learn
the differences between the standards/implementations and not just their features.
Exam questions typically deal with which one to implement , not what this
implementation does . Read and study accordingly.

IrDA (Infrared Data)

IrDA technology allows for communication over network through infrared beams.
Infrared (a specturm of light) does not pass through solid objects, so a direct and
clear path is essential for correct IrDA operation. IrDA typically operates at speeds
around 16-25Mbps, but is known to operate at faster speeds with specialized equipment.
It is a rather uncommon wireless networking technology given its inability to transmit
signals where light is blocked. To do this, a lower frequency radio signal is necessary.

Bluetooth

Bluetooth (802.15.1) technology has received a lot of buzz lately, but it is basically a
short-range wireless technology designed to allow for connectivity between portable
consumer wireless devices and Bluetooth enabled wireless access points.
Because of the relatively weak and low-frequency radio signal employed, Bluetooth is
typically limited to a 20-35ft. access range. It is therefore usually limited to applications
involving those portable consumer devices and not LAN technology, the most common
application of Wi-Fi.

Wireless Fidelity (Wi-Fi)

Wi-Fi technology has really taken off in the last few years; it is probably almost as
commonly known by its IEEE name, 802.11(letter). It is a technology that utilizes low-
frequency (2.4 and 5GHz.), mid-powered radio waves to transmit data across wireless
networks. While 5 GHz has a higher theoretical throughput, 2.4 GHz tends to have a
better range. There exist many flavors of the 802.11 standard; they differ primarily in
speed and typical usage. These flavors are listed in a convenient table below:

Name-
Speed (Mbps) Usage
Standard
5GHz band; outdated; used for LAN networking in
802.11a 54
businesses; expensive
802.11b 11 Cheaper 2.4GHz mode;
Cross between A and B flavors; 2.4GHz at fast speeds.
802.11g 54/108
Also offers backwards compatibility
802.11n 150/300/450/600 Works at either 2.4 GHz or 5 GHz

General Wireless Info

One of the major factors or considerations that many companies think about before
employing wireless technology is its somewhat high cost, though it is falling as time
goes by. Still, cost is a major consideration. Wireless networks are also subject to
interference from microwaves, phones, and other radio devices. Wireless networks are
compatible with Ethernet using a MAC bridge that translates wireless frames into
Ethernet frames.

Most wireless networks today connect using a sort of wireless Star topology that is,
in many setups, wireless devices all connect to a single wireless access point.
Wireless traffic can be (but is not necessarily) switched, so information is not
easily sniffed from a wireless network. However, Wi-Fi LANs have become
somewhat notorious for their relative insecurities in terms of ease of access. Wi-Fi LAN
s are by default accessible without any sort of authentication and therefore
vulnerable to different types of attacks and of course, mooching (wardriving). In addition,
the original wireless encryption, Wired Equivalent Privacy WEP is considered weak by
today s standards and should not be used if at all possible. WEP was replaced by Wi-Fi
Protected Access WPA which uses TKIP to encrypt data. WPA was further improved
upon with WPA2, which uses AES to encrypt data. WPA2 should always be used when
possible.

Wireless networks can also operate in ad-hoc mode, meaning that nodes can, if they
so incline, connect to each other individually in a sort of mesh scheme. This adds
redundancy but makes management of such a network almost impossible.

Chapter-7
 TCP/IP Addressing and IPv6
The Network+ exam will contain a few questions on TCP/IP IPv4 addressing, which
is a fairly simple subject matter to master and will earn you some easy points. It is
therefore recommended that you understand what an IP address is and how the
numbering of the IP address reveals network information.

The IPv4 Address

An IPv4 Address, often shortened to IP Address, is a numeric identifier of a network
node that uniquely identifies that node either on a LAN or on the wider Internet.
Therefore, if two nodes on a network use the same IP address, a conflict will occur as
the IP address reflects a one-to-one relationship between hardware and logical
address. As a result, neither of the two nodes with duplicate addresses will receive full
communications.

The IP address is 32-bit number comprised of four octets ranging from 0 to 255, or
256 numbers (numbers that range from 0 to 2^8-1, hence the term "octet"). Given this,
there are a limited number of IP addresses at maximum, 256^4 or 4,294,967,296. This
number is inflated because certain IP addresses are reserved or unavailable. Given the
rate of growth that the Internet is currently experiencing, it is widely recognized that 4
billion IP addresses will not be enough to compensate for all of the nodes of the world. It
is for this reason that many advocate changing to IPv6, which is 128 bits and utilizes
hexadecimal (base 16), rather than octal (base 8), numbers. IPv6 will be covered briefly
later. What you should know is that although IPv6 is superior in many ways to IPv4, IPv4
is the most commonly used protocol for now and so is the one tested on the Network+
exam.

The IP address is comprised of two parts: the netid and the hostid. The netid
indicates the network that a node is on while the hostid indicates the actual, specific
node. The number of octets dedicated to the netid varies based on the first number of
the network. Actually, that first number tells you quite a bit. The first number determines
the size (Class) of the network and therefore both the number of octets dedicated to the
"netid" and the number dedicated the "hostid". Below is a table of the first octet numbers
and information about their classes:

The Class-Octet Table

First Octet
Class Example Default Subnet Typical Application
Range
A (netid . hostid . University Network
1-126 17.14.22.211 255.0.0.0
hostid . hostid) System
B (netid. netid. Corporate System or
128-191 143.144.1.1 255.255.0.0
hostid. hostid) Hospital Network
C (netid. netid. Small Business, Home
192-223 204.213.288.222 255.255.255.0
netid. hostid) Internet Connection
If you noticed, there is a column above for Default Subnet. Subnetting is a feature of
TCP/IP whereby networks can be subdivided, creating logical networks within a given
network. This allows one, in effect, to create multiple networks on a single IP network by
routing the subnets (nodes connect via a default gateway which can find the router)
necessary for communication with other logical networks.

Note that there are some reserved IP address ranges:

IP Range And Purpose

Range Purpose
127.0.0.0 127.255.255.255 Loopback (returns the node that requests it)
10.0.0.0 10.255.255.255 Private Network (Class A)
172.16.0.0 - 172.31.255.255 Private Network (Class B )
192.168.0.0 192.168.255.255 Private Network (Class C)

(255.255.255.255 is reserved as a Broadcast address, which sends information

to all nodes on the same network)

Often times, a connection (through a router) to the Internet may be shared by multiple
computers, which raises the question: What IP addresses do the computers that
connect to the Internet through the router take? Actually, they are assigned a private
IP address in one of the above reserved ranges for communication within the LAN;
external communication is all channeled through the single wide IP address. This is
called Network Address Translation and don t worry about it for now we ll cover it later.

IPv6
IPv6 is an emerging technology that is coming into networking as the IPv4 address
space is being exhausted. It differs from IPv4 in several important ways, first it is 128
bits instead of 32 bits, it is written in hexadecimal instead of decimal, and bytes are
seperated by colons instead of periods.

With those considerations we can write an IPv6 address as such:

0000:0000:0000:1aff:1923:ab00:0000:22a1:3712:0000:0000:0000:acc2:32aa:8eff:bf00

Obviously this is an unwieldy number for networking so the authors of IPv6 gave us
some shortcuts to help us out. First a double colon can be used to symbolize long
strings of zeroes in an address but only once for each address. For example, the
previous address could be written as:

::1aff:1923:ab00:0000:22a1:3712:0000:0000:0000:acc2:32aa:8eff:bf00
or

0000:0000:0000:1aff:1923:ab00:0000:22a1:3712::acc2:32aa:8eff:bf00

but not
::1aff:1923:ab00:0000:22a1:3712::acc2:32aa:8eff:bf00

as the computer would have no way of knowing how long each block of zeroes actually
is thus rendering the address unreadable.
Additionaly consecutive zeroes can be expressed as a single 0. So our previous
address would be correctly expressed as:
::1aff:1923:ab0:0:22a1:3712:0:0:0:acc2:32aa:8eff:bf0

While still far longer than an IPv4 address you can see that this is much more
manageable.

The authors did us another favor and created a new loopback address. Rather than
losing an entire range of addresses as they did in IPv4, the IPv6 loopback is ::1.

This should cover everything you need to know about IPv6 for the Network+ exam.
However, as a network technician you should remember that it is an emerging
technology, at some point you will have to work with it, and you should keep up with,
and eventually know it as well as IPv4.

Chapter-8
TCP/IP stack
The TCP/IP stack has more than just the TCP and IP protocols; in fact, it is home to the
most pervasive and prevalent protocols that cover many layers of the OSI model. The
Network+ exam will test you on your knowledge of the protocols of the TCP/IP
stack (suite), including information on the layers and uses of the individual
protocols. Below is a list of the exam-tested protocols, arranged by place in the OSI
model.

Data Link
Because no protocols operate at the Physical layer of the OSI model, we begin at the
Data Link layer.
The ARP (Address Resolution) protocol operates at the Network layer and is used to
translate logical IP addresses into Data Link (Physical) MAC (Media Access
Control) addresses. It is basically the translator between Layers 2 and 3.

The RARP (Reverse ARP) is similar to the ARP protocol, but translates MAC
addresses into IP addresses.

Network
The ubiquitous IP protocol allows for much of the routing capabilities of the Internet;
specifically, it allows for the connectionless transfer of packets. Most of the functionality
concerning the IP protocol is actually centered on the concept of addressing, or
assigning unique logical identifiers to nodes.

ICMP (Internet Control Message Protocol) Is a connectionless protocolthat allows you

to use functions such as ping to check if a route is available to a certain network node.
More generally, ICMP is used to manage control messages.
IGMP (Internet Group Management Protocol) is used to add, delete, and modify
members of multicast groups. A multicast is a packet sent to more than one user but
not all users distinguished, of course, from the broadcast, which is a message to all
users.
The RIP (Routing Information Protocol) allows for the routing of internal (and also
some Internet) traffic and adapting to changes in network structure.

Transport
TCP (Transmission Control Protocol) is the connection-oriented protocol that allows
for reliable data transfer and receipt of delivery between two network nodes. One of the
unique features of TCP is the concept of a port, or an opening into a node in which data
is sent and/or received. Higher-level protocols (especially Application layer protocols)
depend on TCP ports to allow outside nodes to communicate with specific services.A
port number is always between 1 and 65536, inclusive.
UDP(User Datagram Protocol) is the connectionless equivalent of TCP. In a
Connectionless protocol, a session is not created before sending the data,
therefore, there is no guarantee of data delivery.

UDP is usually seen as an unreliable protocol because of this but does facilitate several
higher-level protocols and also utilizes the 1-65536 port system. Make sure you
understand that there is a distinction then between TCP and UDP ports namely, the
protocol employed.

Application
The Network+ exam will not test you very much on the individual application layer
protocols, but you will need to know simple information such as their purpose and port
number. Remember that when it is said that a service operates on a certain port, it
doesn t mean that the service cannot operate on a different port; it just means that is the
default.
HTTP (Hypertext Transfer Protocol) is the protocol that facilitates transfer of data via the
world wide web. Typically, data is transferred in the form of pages, or HTML markup.
HTTP operates on TCP 80.

HTTPS (Secure HTTP) uses TCP 443 to securely transfer HTTP data via SSL, or
Secure Socket Layer. Sites that require increased security, such as an online merchant,
use HTTPS to protect user information. (Note: TLS is the newer SSL)

FTP (File Transfer Protocol) operates on TCP ports 20(data) / 21(transmission control).
It is used in simple file transfers from one node to another without any security
(transferred in cleartext).
SFTP (Secure FTP) is a version of FTP that uses SSH to transfer data securely, thus
using whichever port SSH uses. Port 22 for those who can't figure it out.
TFTP (Trivial FTP) is a UDP version of FTP that utilizes UDP port 69. It is called trivial
because it is relatively unreliable and inefficient and so is more often used for inter-
network communication (along routers) than in real node-to-node file transfers.

Telnet (Telecommunications Network) is used to remotely connect to a node. All

communications with telnet are in cleartext (even the password for authentication) and
should not be used in sensitive situations. It is called terminal emulation software
because the remote terminal is available upon connection. Telnet operates on TCP 23.
SSH (Secure Shell) is a secure replacement of Telnet. Telnet transfers information in
plain or clear text, but SSH allows terminal emulation in cipher text, which equates to
enhanced and increased security. SSH operates on TCP 22.

NNTP (Network News Transfer Protocol) is a protocol used by client and server
software to carry USENET (newsgroup) postings back and forth over a TCP/IP network.
NNTP operates on TCP port 119.

LDAP (Lightweight Directory Access Protocol) is a Dir ectory Services protocol that
basically allows a server to act as a central directory for client nodes. A famous
implementation of LDAP is Microsoft s Active Dir ectory (Domain). LDAP operates on
TCP and UDP 389.

NTP (Network Time Protocol) allows for synchronizing network time with a server. NTP
operates on UDP 123.

POP3 (Post Office Protocol) is the mailbox protocol of the Internet and allows users to
download mail from a mail server. The server will hold onto your mail until you access it.
Once you try to access it, your client software will download all of your incoming mail
and wipe it from the server. POP3 operates on TCP 110.
IMAP4 (The Internet Message Access Protocol) is a slightly better version of the
mailbox protocol. IMAP4 allows for server-based repositories of sent mail and other
specialized folders. Basically, when using IMAP4 instead of POP3 as your incoming mail
protocol, you download very minimal information to your local machine and when you
want to access actual incoming mail, you are pulling this directly from the mail server.
This allows you to access your mail from virtually anywhere (like yahoo mail). IMAP4
operates on TCP 143.

SMTP (Simple Mail Transfer Protocol) is the postman of the Internet. It allows for
mail to be sent. You would use this in conjunction with POP3 or IMAP4 to be able to
send/receive mail. If you do not define SMTP (usually is, though), you will only be able
to receive mail. SMTP operates on TCP 25.

DNS(Domain Name System) Resolves easy to read domain names such as google.com
into computer readable IP addresses such as 72.14.204.147 DNS operates on UDP 53

SNMP (Simple Network Management Protocol) A protocol for managing devices on IP

networks, such as modems, switches, routers, or printers.Works on UDP 161

Chapter-9
NAT & ICS
One of the main concerns with IPv4, as mentioned previously, is the relatively low
number of IPv4 addresses available. One Internet connection corresponds to one
IP address the IP address usually maps to the device connected to the Internet
gateway (modem, cable modem, DSL, etc.) However, in many cases, it is desirable to
share a connection in such a way that multiple nodes can utilize the connection from
one node. For example, in many home networks, families do not wish to pay for an IP
address per each computer that a family member owns. Rather, the family would rather
share one connection (one IP address).
The question that should immediately come to mind, however, is: How can multiple
nodes communicate with the Internet without a unique identifier? The answer is that
through NAT, or Network Address Translation, it is very possible for one device to
share its internet connection with other networked devices. A large amount of
real-world (not just Network+) troubleshooting is centered on the use of NAT, so it would
be to your advantage to fully understand NAT.

How Network Address Translation Works

Consider a home that receives postal mail. It has only one postal address and deals
with other postal addresses. Now, how would a home with five family members receive
mail? They would use their names to specify who they are. So, mail might be directed to
Ken or John, not just to the address. In a similar way, NAT allows for the
establishment of connections between internal (network) members and the Internet. A
typical scheme for this is below:
192.168.1.114 (Accounting) wants to connect to 44.33.22.11 (Bank)

192.168.1.114 accesses default gateway, 192.168.1.1

192.168.1.1 connects to 44.33.22.11 on 53.24.14.11 (the Wide IP) Random Port

44.33.22.11 transfers data to 53.24.14.11 (192.168.1.1)

192.168.1.1 transfers data to 192.168.1.114 on Random Port

Considerations
As you can see, NAT is actually quite simple in application, but there are issues
associated with NAT. Perhaps the most important (and common) issue associated with
NAT is the relative difficulty or even impossibility of opening a connection to a
NAT-connected computer from a remote host. Remote-to-local connections are
prone to failure because no port is opened for communication between that remote host
and the local host. In contrast, when the local host wants communication, it is very
possible because the NAT device (usually the gateway/switch/router) will automatically
create a temporary random port for communication. There are, however, ways (such
as Port Forwarding) to allow a remote host to connect to a PC behind an NAT
device, but these are covered elsewhere.

Another consideration, of course, is that NAT is not a replacement for a firewall. Many
people claim that they are behind a firewall when in fact they are simply behind an
NAT device. Just because NAT can hide a network doesn t mean that NAT is capable
of keeping a network safe. If you remember correctly, a firewall performs a different
function than does NAT; a firewall filters traffic, while an NAT device (at best)
blocks traffic.

ICS (Internet Connection Sharing)

Internet Connection Sharing is the built-in NAT feature in Microsoft Windows and allows
a Windows PC to share its Internet connection to other networked devices. In
this configuration, the PC with ICS is directly connected to the Internet in some way
(modem, ISDN, etc.) and networked with other computers. The ICS-enabled PC can
then share its connection with other Windows computers, acting as an NAT device. In
addition, the ICS-enabled PC can automatically assign IP addresses through DHCP, a
feature covered in a different article.
 Chapter-10
DHCP, Port Forwarding, and DMZ Hosts
You will, as a Network administrator, probably deal with DHCP, port forwarding, and the
DMZ more often than you may like. These technologies are classically associated
with NAT technology; so, many modern networks utilize them to provide various
network services and greater security.

DHCP
Dynamic Host Configuration Protocol, or DHCP, is the service that allows for the
dynamic (often called auto-magical) IP configuration of client nodes on a given
network. Typically (in most home or small-office networks), DHCP is employed over
manual configuration. In larger networks, DHCP can be very advantageous because it
allows network administrators to "kick back and relax" while addresses are auto-
magically assigned through a DHCP server. However sometimes a manual
configuration may be more desirable so that administrators know which computers
correspond to which IP address that is, so that the assignments are permanent.

DHCP works on a release/renew system. When an address is requested and

assigned, it is actually leased to the requesting node for a given period of time. After
half of the lease time has expired, the requesting node will automatically request a
renewal of the IP to the original DHCP server. In most cases, the server will help the
client renew the assigned IP address. If the server that the IP was originally assigned
from (the DHCP server that assigned the IP) is unavailable after around 87.5% of the
lease time has expired, the client will send a broadcast to all network nodes asking for
an IP address. When the lease expires, however, the node will lose the IP address.
Note that DHCP operates in a client/server rationale, so a DHCP client requests an
IP address from a willing DHCP server. DHCP assigns the:
· IP address

· Subnet mask
 · Default gateway

Microsoft Windows, Linux, and Macintosh all offer built-in DHCP server
functionality.

Port Forwarding
Most routers today offer a feature called port forwarding that works in conjunction with
NAT (Network Address Translation) to provide openings for incoming traffic to
internal network nodes. A typical application of port forwarding is network
configuration for a file sharing program. The file sharing program on node 192.168.1.4
may need a specific port open to accept incoming traffic for example, let s say TCP
4444. Because of NAT, requests on TCP 4444 will not be handled because the traffic is
being directed to the router, which does not have any service operating on TCP 4444.
However, the router can be configured to forward requests on port TCP 4444 to
192.168.1.4, which can handle the requests on TCP 4444, thus allowing for the incoming
traffic to be handled on that port. The general formulation for port forwarding is:
Port Request on (TCP/UDP) (Port Number)Forwards to(Internal IP Address)

DMZ Host
A DMZ (Demilitarized Zone) host is a special (security) feature in many modern routers.
A DMZ host is basically a catch-all host for requests on non-configured ports. For
example, in the previous example, let s say port forwarding is not configured, but a DMZ
host on 192.168.1.33 is. Then, the request to the router on TCP 4444 (because it is not
forwarded) will be automatically sent to 192.168.1.33:4444. There are two main benefits
associated with DMZ hosts.
1. Port forwarding doesn t have to be configured for each individual service
(though it is generally a BAD idea to setup an ordinary PC as a DMZ host)
2. As a security feature (quite the opposite of number 1), so that all of the
suspicious (non-port-forwarded) traffic can be directed to a single sanitized host
 Chapter-11
TCP/IP Troubleshooting Tools

TCP/IP is a wonderful protocol suite; it comprises almost all of the functionality and the
core services that make possible for the Internet and its applications. However, with
great power come many problems; so, knowledge of TCP/IP troubleshooting will be
necessary in your networking-related career and especially in your ability to pass the
Network+ exam. In fact, you will probably encounter around four or five questions
on TCP/IP troubleshooting alone on the Network+ exam.

Your knowledge of TCP/IP troubleshooting depends on your command of TCP/IP tool

usage. Many of the following tools are used in typical troubleshooting operations, and
almost all of them can be used to either identify or eliminate a potential problem in a
troubleshooting situation. We will go over general network troubleshooting in more detail
in later articles.

To give an example of the way TCP/IP troubleshooting tools can help, consider the
common tool ping. Ping operates over the ICMP protocol (using ICMP Echo
Request and Echo response) to attempt to contact a host given some kind of unique
identifier (hostname, domain, IP, etc.). If it is successful, it will return a reply from that IP
address; if it is unsuccessful, it will inform you that the destination could not be reached.
Why is this useful? Suppose you are trying to determine why you are unable to access
the company s remote email server through Outlook. The problem could stem from a
number of issues, including

· The computer is not properly configured for the internal network (media problems,
TCP/IP configuration issues, router is down, etc.)

· The Internet connection is down

· There is an issue in connecting to the email server at the Application or

Connection layers (maybe he is connecting to the wrong port, NAT issues, email
server is rejecting connections)

· The remote host is down or is unavailable in general (IP connection issues)

Obviously, these are only four of many possibilities, but they are four possibilities that
can be further investigated through Ping. For example, to ping your router would indicate
to you if your router or network connection is down, or if the problem lies at the remote
host level. This kind of step-by-step, process of elimination process is how most
troubleshooting takes place. Some other tools include:

· Tracert : Traces the connection path to a remote host, step-by-step. Allows

you to see where the connection is lost for example, sometimes a connection
to a remote host may stop at an ISP router, at which point you can determine that
the issue is a WAN problem.

· Netstat : Depending on the parameters, gives varying degrees of

information about TCP/IP connections and protocols. Examples include
information such as all connections and listening ports, routing table etc

· Ipconfig : Displays IP configuration information with the switch (/all), which

includes IP address, subnet mask, and default gateway. Ipconfig can also be
used to force a DHCP release or renew operation, using the switches /release
and /renew

· ifconfig : Displays IP configuration information in a UNIX environment.

ifconfiginterface_name can also be used to display the IP configuration
information for a specific interface

· Winipcfg - the GUI-based Windows 9x-era ipconfig tool

· ARP Returns the MAC address that maps from a given IP address
· RARP Returns the IP address that maps to a given MAC address

· Nslookup Used to troubleshoot DNS issues; can be used to find an IP

given a DNS name

There are of course other TCP/IP tools, but they will be covered in other sections (i.e.
NetBios). The most important things to remember about the above TCP/IP tools are not
the details of their functionality, but rather, remember the troubleshooting operations
that they are associated with. For example, if you read about some sort of DNS issue,
you should immediately think Nslookup before considering other tools.
 Chapter-12
NetBIOS

NetBIOS, or Network Basic Input/Output System, allows for session-layer

communication on the OSI model. NetBIOS is primarily concerned with two
functions: naming and starting/stopping NetBIOS sessions. Since NetBIOS is not
actually a networking protocol (it's an API) it is not routable and therefore nodes are only
visible to other nodes within the same subnet. It also provides for an unreliable NetBIOS
datagram service which is rarely utilized these days (and probably not on your Network+
exam). So, we will cover the two basic aspects of NetBIOS: naming and sessions.

NetBIOS Naming
NetBIOS names are 16 bytes in length but usually consist of 15 characters, with the last
being reserved for special purposes. You are probably familiar with the 15 character
limit if you have any experiences with naming PC s almost all operating systems
require the PC name to be 15 characters in length or less. All NetBIOS names resolve
to one or more IP addresses. If a NetBIOS name resolves to a single IP address
(that is, if the relationship is said to be one-to-one ), it is called a Unique Name. If
the name resolves to more than one computer, it is said to be a Group Name. The
Network+ exam tests you specifically on NetBIOS naming in Microsoft Windows
networks. Name resolution is an important feature of a NetBIOS network; after all, how
would you know which NetBIOS names correspond to given IP addresses?
NetBIOS name resolution is handled through several means.
A broadcast is simply a request to all nodes on a network to resolve a given name.
Think of it as calling out someone in a crowd. Yelling Is Anthony Parks here? may
result in someone who identifies himself as Mr. Parks to turn around and proclaim, Yes,
I am Anthony! Alternatively, perhaps nobody in the crowd bears that name, and the
request may be forwarded to other people. Similarly, in a NetBIOS network, broadcasts
are sent to all nodes, asking for a response if a computer recognizes the name as its
own.

However, broadcasts can be cumbersome and boggle down a busy network imagine
the amount of noise created if everyone is asking for someone in a crowded room! To
resolve this problem, several centralized NetBIOS name resolution services exist,
including:

· DNS: The most common medium of name resolution. DNS stands for Domain
Nak2me Service and operates on the concept of domains, or specific, named
hosts or networks that can account for sub-domains. DNS actually is deserving of
its own section, so we will move on for now.
 · NetBIOS Name Server: Stores NetBIOS names in a central location for easy
name resolution. Returns an IP address based on a NetBIOS name.
· WINS Server: Microsoft s version of NetBIOS name server. What you have to
know about for the exam is that it utilizes a primary and optional secondary WINS
server for redundancy and is considered wider in features than an ordinary
NetBIOS name server.

Microsoft Windows in particular allows you to save NetBIOS name entries in a file.

· LMHOSTS file: Has NetBIOS name entries for the local area network.
· HOSTS file: Has NetBIOS name entries for remote network hosts as well as
local ones.

NetBIOS Sessions
The Network+ exam is far more concerned with NetBIOS naming, but here are
some points to remember about NetBIOS sessions:

· Use TCP Port 139

· Provides Error Detection and Recovery

· Session Layer of OSI model

· Many Microsoft services utilize NetBIOS sessions

 Chapter-13

Network Troubleshooting - A Case Study

Network Troubleshooting - A Case Study

Instead of continuing on with Network+ material here, we would like to take a moment to
stop working on the facts and knowledge tidbits covered in the exam to instead work on
basic network troubleshooting skills. Network troubleshooting is perhaps the most
important network-related skill; as a Network+ technician, you will likely be
troubleshooting existing, unfamiliar networks. Many times, you will be working on
platforms covered in the Network+ exam, but even when you are not, you can utilize
basic troubleshooting logic to resolve issues with even the most obscure networking
platforms and setups.

Putting it in Perspective
As with virtually all troubleshooting, the fundamental rationale in network
troubleshooting is to eliminate potential causes of the issues by process of
elimination. Before considering how you would go about network troubleshooting,
consider something a bit more familiar to you. For example, perhaps you could not call
your Aunt Margaret. You begin to fear the worst Margaret is over 90 years old and
lives in a nursing home. So, you try to go about reaching her. First, you attempt to call
her again, but nobody picks up. Then, you call the nursing home, but nobody picks up
there as well. You breathe a sigh of relief because it now seems that the nursing home
as a whole is having issues with calls.

You then attempt to contact your friend Jane. However, Jane doesn t pick up as well.
You call her cell, and she still doesn t pick up. You try other friends to no avail. It now
seems to you that your phone line connection as a whole is at fault.
The process described above was essentially a troubleshooting process. By
calling different people until you arrived at a conclusion, you were able to
eliminate (or implicate) a point of failure. Of course, your efforts are not failsafe.
Perhaps the reason that none of the people are picking up is because they all suffered
terrible and painful deaths, or perhaps (even more likely) they were simply unable to
reach the phone. The point is, troubleshooting is not an exact science, but by contacting
all of the potential points of failure, you can usually implicate a particular one (or
particular ones).

The Real World

Let us now consider a more technical example. A coworker cries to you that she cannot
access the Internet and therefore cannot complete mission-critical work. The first thing
that should come to your mind is not the fact that she cannot access the Internet, but
that she cannot access the company network. You then generate a list of potential
failure points:
· PC TCP/IP is not configured

· PC TCP/IP is configured incorrectly

· IP address conflict

· DHCP issue

· Media issue

· Switch/hub issue

· Gateway issue

· WAN Issue

· Remote host issue

As you can see, there are quite a number of potential points of failure associated with
the described issue; in fact, for the sake of brevity, not all of them are included above.
The point is that these potential points of failure can all be independently assessed by
holding all others the same. Typically, we work bottom-up, meaning first from the client
PC and ending at the widest possible explanation (for example, the faraway remote
host).

So, first you proceed to test if TCP/IP is configured at all on the host computer. The
easiest way to do this is to simply ping the local host, or (if you remember your IP
addressing), 127.0.0.1. Once the local host returns four replies, you then know TCP/IP
is configured.
Upon checking the IP configuration, you determine that the IP address information is
automatically configured by DHCP, so you proceed to run ipconfig and check if
the said information is actually configured. You further determine that the IP address
is 192.168.1.111 and that the default gateway is 192.168.1.1.

Running through our checklist of sorts, we next check if we can ping the default gateway.
No replies are returned which means there is a connection issue between the host and
the gateway. Checking the media running from the host to the switch, everything
appears to be ok. From the switch to the gateway, however, there is a kink in the
media caused by what appears to be excessive wear and tear. After replacing the
media, all is ok again and the world is once again a happy place.

This short lesson in troubleshooting should have taught you two basic lessons: first, that
ping (if it's not turned off on the network for security reasons) is without question your
best friend, but second, that even with an almost endless number of potential causes, a
network issue can usually be spotted and corrected in a small number of steps.
In the following lessons we will return to Network+ related content, but remember the
basic premise of network troubleshooting: identify the issue, determine potential causes
of the issue, and eliminate the causes by process of elimination to determine and
correct the exact cause of the issue.

Chapter-14
Understanding Common Protocol Suites
Network+ will test you on your ability to differentiate between the more common
protocol suites, or groups of protocols that are interconnected and work together to
provide network services on many different layers of the OSI model. Most of the
protocols operate between the Network and Application layers. The most common
(and most tested on the exam) protocol suite is the TCP/IP suite, which
encompasses such widely pervasive protocols as TCP, IP, HTTP, FTP, POP3, and
many others. However, there exist other protocol suites as well, and CompTIA expects
you to be able to identify the proprietor, usage, and unique features of each of the
protocol suites.

NetBEUI (NetBIOS Extended User Interface)

NetBEUI is a Microsoft protocol suite designed to work within a small-sized, Windows
-based LAN. In fact, the NetBEUI protocol is not even routable, or able to transmit
through routers. This is because the system of addressing that NetBEUI employs does
not utilize unique identifiers or addresses; instead, NetBEUI uses 15 character
names that are not necessarily unique. Think of NetBEUI as the system of
communication you may use within your office office mailboxes may address people
on a first-name-last-name basis and in communicating with people, you often will say,
Send this to John . Yet, outside of your office your request is meaningless, because
there are millions of Johns throughout the world. So, that inter-office communication
system is not routable .

AppleTalk
The AppleTalk protocol suite is used for communication within Apple (Macintosh)
networks. Unlike NetBEUI, AppleTalk is routable and can be employed in large LAN
networks and even some WAN networks. However, this implementation is relatively
uncommon as most computers on most networks will not be Apple computers and
therefore will not natively communicate with AppleTalk. However, AppleTalk remains a
viable option in large Macintosh networks.

IPX/SPX
Novell is no longer such an active purveyor of this protocol suite (at least not as much
as they used to be), but IPX/SPX is still employed on Novell (NetWare) networks. You
should know that IPX (Internet Packet Exchange) is the Novell equivalent of the IP
protocol of the TCP/IP suite as it is connectionless and cannot guarantee data delivery,
while SPX (Sequenced Packet Exchange) is the equivalent of TCP and is connection
-oriented. IPX is considered the fastest routable protocol available today, but the
proprietary nature of the IPX/SPX suite, as well as the lack of developer consensus on
the protocol suite and network hardware available for the suite has historically kept it
from gaining widespread acceptance.

DLC
DLC (Data Link Control) is a specialized protocol used for communication between a
PC and non-PC devices, such as an older IBM PC, mainframe computer, or network-
enabled printer. DLC is not designed for use between normal PC computers.

TCP/IP
TCP/IP (Transmission Control Protocol / Internet Protocol) is by far the most common
protocol suite today. There are several reasons for this, including the amount of
development and architecture dedicated to the suite, the non-proprietary nature of the
suite, its large number of application layer protocols, its use in the Internet, and its status
as a relatively light-weight protocol suite. Key aspects of the TCP/IP protocol suite
include:

· IP Addressing Scheme
· Suite Protocols at the Network, Transport, Session, and Application layers

· TCP Ports

· ARP Protocol (Layer-2 to Layer-3 translation)

· DHCP (Ability to automatically assign IP addresses)

Each of these items requires a broader study and will be covered individually in other
articles, but remember that the above constitute the integral components of the TCP/IP
stack.
 Chapter-15
DNS
DNS (Domain Name System) is the name resolution protocol of choice in the
TCP/IP suite. It is responsible for name resolution as it is commonly known; for
example, most people know the website ProProfs as www.ProProfs.com, as opposed
to its logical identity, 208.43.76.251. Name resolution is essentially a service that allows
for a more user-friendly experience and eliminates or at least reduces the need of a user
to memorize physical or logical addresses. The name resolution offered by DNS is
provided by DNS name servers, meaning that DNS operates in a client-server
access method. The Network+ exam will test you on your ability to differentiate
between several types of name servers, domain names, and of course, name server
records. Typically, the exam will have at least three questions on or related to DNS
name resolution.

Name Servers
DNS name servers are responsible for handling requests to translate user-friendly
domain names into logical IP addresses. Typically, a one-to-one correlation exists
between a domain name and the IP address it maps to. However, the reverse is not
always the case: many domain names can point to a single IP address. The name
resolution entries (DNS entries) are stored in a file on the DNS name server, so
requests to a server typically involve the server checking its DNS entries for the
name; if the name server does not have an entry for that name, it may try to forward the
request to other DNS servers (hence, the Internet). If it is determined that no entry exists
for that name, the DNS server will return an error to the requesting client. Name servers
are typically differentiated as either primary or secondary:

· Primary name servers handle client requests, checking a request against the
DNS entries stored in a local file.

· Secondary name servers provide redundancy and can allow for additional
checking of DNS entries. Typically, a primary server that is bogged down might
forward the request to a secondary name server.

Hierarchy
Not all domain names are created equal. In fact, you ve probably noticed before that
domain names can be very long, like accounting.administration.company.com. Or,
account names can be very short, like yahoo.com or proprofs.com. Many websites use
the style www.subdomain.com, but they are certainly not restricted to this form of
naming (the www.* convention in particular).
Internet DNS names can be broken down into two basic categories: TLD, or Top
Level Domains, and all the others, or subdomains. TLD include such favorites as
.com, .us, and .info, while sub-domains include such common entries as
www.yahoo.com and uncommon ones, like city.county.state.country.gov. In general,
TLD are the final suffix of any domain, whereas subdomains are domains that fall under
a TLD.

DNS Records
At the core of the DNS experience are the DNS records, the data that is looked up by
the name servers to return information to requesting DNS clients. Different types of
records hold different types of information. Below is a short list of the records that you
will be expected to know for the Network+ examination.

· Address (A) Record This is by far the most important DNS record as it maps a
given domain name (DNS name) into an IP address. Note this is a one-to-one
function.
· Pointer (PTR) Record The opposite of the A record; translates IP addresses
into DNS names
· Name Server (NS) Record Identifies the DNS server that has authority over a
particular domain

· Mail Exchange (MX) Record Identifies the mail server that has authority for a
particular domain

· Canonical Name (CNAME) Record Used to map a subdomain (or another

domain entirely) to a domain. In other words, it is used to alias a domain. For
example, most websites have a CNAME Record that maps www.website.com to
website.com
 Chapter-16
WAN
Now that you have a firm grip on the core of the Network+ exam, LAN administration
and troubleshooting, you can begin to study the various modes and methods of
operation for WAN access. A WAN, or Wide Area Network, is a group of
interconnected LAN s; usually, WAN access refers to Internet access. You are
probably intimately familiar with some WAN access technologies, such as POTS (Plain
Old Telephone Service, or Dial-Up), but are less familiar with OC3 and FDDI. This
section of our guide will help you understand these widely varying Wide Area Network
technologies.

POTS
Plain Old Telephone Service, or as it is affectionately known, POTS, is one of the oldest
WAN access technologies and remains the most popular in most parts of the
world. It utilizes phone networks and analog-to-digital modems to send information over
the telephone line. One of the drawbacks of POTS WAN access is that in order to
connect, you to have to establish a POTS hand-shake which takes around one or two
minutes. Additionally, POTS is a very slow access method; most people connect via
POTS at a speed of about 56 Kb/S, or 7 KB/S. However, due to its inexpensive price
and the fact that it uses existing infrastructure, it remains a viable option even today.

ISDN
Integrated Service Data Network (ISDN) is a now almost-obsolete technology that
allows for an internet connection via a special, reserved line set up by the
telecommunications company. It usually consists of two 64 Kbps "B" channels for a
maximum data transfer rate of 128 Kbps, or 16 KB/S. Though fast as compared to older
standards, this technology is outdated and has been replaced by newer broadband
technologies, such as DSL or cable.

DSL
Digital Subscriber Line, or DSL, is arguably the successor to ISDN. It also utilizes a
special line set up by the telecom company, but utilizes a special DSL modem to
translate the high-speed DSL signal to a network-friendly language.'''' DSL can be
as slow as 256 Kbps and some of the fastest DSL lines operate at speeds exceeding 10
Mbps. DSL is generally used in small business/office or home connection settings.
Connections on the new ADSL2+ Technology can now go up to 15 Mbps in certain
areas. There are 3 types of DSL. SDSL with synchronous speed up and down. ADSL
with the download speed usually much higher than the upload speed and is most
commonly used today and IDSL which can work over electronics and up to 30,000 ft.
Most DSL is hampered by the 15,000 to 18,000 ft limitation from the phone companies
Central Office for the Area.
Cable
Cable utilizes a traditional coaxial cable to transmit network signals. Typically, one would
sign up for a cable connection through a cable company (the same ones who provide
cable TV access). Cable requires a cable modem to translate between the cable
signal and the Layer 2 segments, and typically costs a bit more than its DSL
counterparts. Cable can operate at speeds exceeding 60 Mbps and would be used by
small to medium-sized business applications and in many home settings.

T1/T2/T3
T(X) lines are dedicated lines set up by a telecom company between a remote site
and the network backbone. T1 operates at 1.544 Mbps, T2 at 6.312 Mbps, and T3 at
44.376 Mbps. All you have to know about T1/2/3 is that these lines are typically used by
larger businesses and are far more expensive than the traditional broadband connection
as they are dedicated and always reliable.

ATM
Asynchronous Transfer Mode, or ATM, uses fiber optic cable to achieve speeds
exceeding 600 Mbps, and is only used in large-scale, backbone operations. ATM can
accommodate such varying technologies as traditional phone service, data service, and
even VOIP service (Voice over IP).

OC1/OC3/OC(X)
OC(X), or Optical Carrier WAN access, utilizes SONET fiber-optic technology to allow
for speeds exceeding 50 Gbps, though OC1 operates at only 51 Mbps. Only large
companies or backbone operations would need such speed.

Chapter-17
Network Management
Network+ will feature a few questions testing your ability to discern between different
network management technologies and their various uses. Network administration
refers to the day-to-day management, maintenance, and configuration of
networks, and is one of the most in-demand opportunities available to a Network+
professional today (though you may consider getting another certification in a more
specific subject area such as Cisco or Microsoft networks).

Microsoft Active Directory

Active Dir ectory is an implementation of LDAP (Lightweight Directory Access
Protocol) created specifically by Microsoft to allow for easier administration of Microsoft
Windows networks. Through Active Dir ectory, an AD Domain Server can be used to
centrally manage the Windows network, especially in Security, Access Control, and
Windows-specific features like Group Policy. While Active Directory is a Microsoft
technology, Linux and *Nix users can connect to an AD server via SAMBA, which is an
open-source *Nix client to Microsoft LDAP (Active Directory).

VLAN
A Virtual LAN, or VLAN, is a logical network segment that operates on the same
physical LAN (and probably connects to the same physical network hub or switch)
but is separated logically from other network segments for easier administration.
For example, though Accounting, Engineering, and Executive Departments may all
connect to the same central Domain server, each of them may constitute a VLAN so
that one network administrator can focus on each department. A VLAN server can map
certain physical addresses to logical VLAN networks and appropriately load-balance
the traffic originating from connected hosts.

Load Balancing
Load balancing is a feature that is something like a manager who delegates work across
many employees so that no one employee becomes overwhelmed. A load-balancing
server can intelligently delegate traffic and requests from clients across the
network and to other servers in a way that maximizes network efficiency.

Redundancy
As the name suggests, redundancy is a feature that allows for data access even when
one server is down, meaning that no one server can become a choke or fail point. For
example, in old Greek temples, the failure of one or two columns could bring the entire
structure down. In modern architecture, skyscrapers are designed to withstand multiple
structural failures. At any rate, the idea of redundancy is clear: redundancy is the
ability of a system to maintain some function even after some of the components
of the system have failed. In a network application, this means multiple hard
drives, multiple servers, and so forth. Another closely-related term is fault
tolerance, which refers to redundancy in cases of component failure.

Access Control
Access Control is a security technology closely intertwined with modern networking that
prevents unauthorized access to network resources and maintains the integrity of
those resources through only allowing certain users to access information. There are
different types of access control, but two basic types are:

· User Level: In this setup, the user defines what he wishes to be accessed by
other users.

· Mandated: In this formulation, a central server defines how access to various

network resources takes place (for example, Active Directory server)

There are different forms of access control as well. One that you are likely intimately
familiar with is the ubiquitous login screen, which is found in virtually any trustworthy
network installation. However, other less familiar access controls exist. For example,
you may have a Windows share designed such that only users of a certain group
can access the shared folder . This is certainly a type of access control that differs
from the simple login and password screen. If you would like to learn more about access
control and other related subjects, the Security+ certification might be a viable next
option to pursue.

Chapter-18
Remote Access
One of the most ever-present and ancient uses of the Internet and networking has been
to provide remote access to networks or network resources. Since the early 1980 s,
different remote access protocols have existed to allow users to remotely dial in to a
network of choice; while some of these protocols have come and gone, many of
them remain widely in use even today in dial-up WAN access and business VPN
networks. The Security+ examination will test you on your ability to identify the security
features, benefits, and costs of several types of remote access protocols and services.
RAS
RAS, or Remote Access Service, is a rarely-used, unsecure, and outdated Microsoft
offering in the area of remote access technology. You should know for the exam that
RAS provides dial-up access and once was the protocol of choice for connecting
to the Internet.

PPP
RAS was eventually replaced by PPP, the most common dial-up networking
protocol today. PPP, or point-to-point protocol, utilizes a direct connection from a client
to WAN over TCP/IP. This is advantageous for dial-up networking services as most
people today wish to be able to use the Internet, which of course requires TCP/IP
networking. When you think dial-up access, think PPP.

Secure Connections
The next group of technologies is considered secure in that the technologies set up an
encrypted, sometimes tunneled, and difficult-to-intercept connection. These are the
technologies typically employed in VPN (Virtual Private Network) applications and
corporate remote networks.

PPTP
Point-to-point tunneling protocol, or PPTP, is a tunneling protocol that can
encapsulate connection-oriented PPP packets (which are simple remote access
packets) into connectionless IP packets. In doing so, the data remains within the IP
capsule, which prevents sniffing and other outside manipulation. PPTP is a client-
server system that requires a PPTP client, a PPTP server, and a special network access
server to provide normal PPP service. PPTP is commonly used to set up Virtual Private
Networks, which are like LANs that are spread across the Internet so that multiple
remote clients can connect to one logical network.

L2TP
Like PPTP, L2TP (Layer 2 Tunneling Protocol) utilizes a tunneling protocol, but
unlike PPTP, L2TP utilizes IPSec (IP Security) to encrypt data all the way from the
client to the server. Because of this, L2TP data is difficult to intercept. L2TP can
accommodate protocols other than IP to send datagrams and is therefore more versatile;
it is also common in VPN applications.
Implementation of L2TP, a popular tunneling protocol
SSL
SSL, or Secure Sockets Layer, is a technology employed to allow for transport-layer
security via public-key encryption. What you should know about this for the exam is that
SSL is typically employed over HTTP, FTP, and other Application-layer protocols
to provide security. HTTPS (HTTP over SSL) is particularly used by web
merchants, credit card validation companies, and banks to ensure data security (think:
lock icon)
Kerberos
Kerberos is a *Nix (Unix-like) technology that is also being implemented in
Microsoft technology to allow for client-server authentication over a network
based on a shared key system. Kerberos is a public-key encryption technology and
therefore is consideredquite modern.