Free Comptia Network+ Study Sheet
By MC MCSE
[edit section] Types of Networks
• Peer to Peer - A peer to peer network is one in which lacks a dedicated server and every computer acts as both a client and a server. This is a good networking solution when there are 10 or less users that are in close proximity to each other. A peer to peer network can be a security nightmare, because the people setting permissions for shared resources will be users rather than administrators and the right people may not have access to the right resources. More importantly the wrong people may have access to the wrong resources, thus, this is only recommended in situations where security is not an issue.
• Client/Server - This type of network is designed to support a large number of users and uses dedicated server/s to accomplish this. Clients log in to the server/s in order to run applications or obtain files. Security and permissions can be managed by 1 or more administrators which cuts down on network users medling with things that they shouldn't be. This type of network also allows for convenient backup services, reduces network traffic and provides a host of other services that comes with the network operating system(NOS).
• Centralized - This is also a client/server based model that is most often seen in UNIX environments, but the clients are "dumb terminals". This means that the client may not have a floppy drive, hard disk or CDROM and all applications and processing occur on the server/s. As you can imagine, this requires fast and expensive server/s. Security is very high on this type of network.
[edit section] Network Topologies
• Bus - This topology is an old one and essentially has each of the computers on the network daisy-chained to each other.
As you can see if computer #1 sends a packet to computer #4, it must pass through computers #2 and #3, creating excess traffic.
ADVANTAGES: Cheap, simple to set up.
DISADVANTAGES: Excess network traffic, a failure may affect many users, problems are difficult to troubleshoot.
• Star - The star topology uses twisted pair (10baseT or 100baseT) cabling and requires that all devices are connected to a hub.
ADVANTAGES: centralized monitoring, failures do not affect others unless it is the hub, easy to modify.
DISADVANTAGES: If the hub fails then everything connected to it is down. This is like if you were to burn down the phone company's central office, then anyone connected to it wouldn't be able to make any phone calls.
• Ring - The ring topology looks the same as the star, except that it uses special hubs and ethernet adapters. The ring topology is used with Token Ring networks.
ADVANTAGES: Equal access.
DISADVANTAGES: Difficult to troubleshoot, network changes affect many users, failures affect many users.
• Hybrid - Hybrid topologies are combinations of the above and are common on very large networks. For example, a star bus network has hubs connected in a row (like a bus network) and has computers connected to each hub as in the star topology.
• Mesh - In a true mesh topology every node has a connection to every other node in the network. A full mesh network can be very expensive, but provides redundancy in case of a failure between links.
• Wireless - As the name implies, wireless networks allow computers to comunicate without the use of cables. IEEE 802.11b defines two pieces of equipment, a wireless station, which is usually a PC or a Laptop with a wireless network interface card (NIC), and an Access Point (AP),which acts as a bridge between the wireless stations and Distribution System (DS) or wired networks. An 802.11b wireless network adapter can operate in two modes, Ad-Hoc and Infrastructure. In infrastructure mode, all your traffic passes through a wireless 'access point'. In Ad-hoc mode your computers talk directly to each other and do not need an access point at all. 802.11b delivers data throughput of 11 Mbps and 802.11g runs at 54mbps.
ADVANTAGES: World-wide acceptance. Ranges over 150 feet. Freedom to move about and no cables (obvious).
DISADVANTAGES: Susceptible to interference from objects such as microwave ovens and cordless phones.
[edit section] CABLING
The table below lists provides details on the various ethernet standards.
|Name||Standard||Cable Type||Connector||Maximum Length||Speed|
|10Base-T||802.3i||Category 3 or better UTP cable||RJ-45||100 meters(328 ft)||10 mbps|
|10Base-FL||802.3j||Fiber optic cable||ST||2000 meters||10 mbps|
|100Base-TX||802.3u||Cat 5 twisted pair||RJ-45||100 meters(328 ft)||100 mbps|
|100Base-FX||802.3u||Fiber Optic||ST, SC||2000 meters||100 mbps|
|1000Base-T||802.3ab||CAT5e or higher||RJ-45||100 meters(328 ft)||1 gbps|
|1000Base-LX||802.3z||Laser over fiber||SC||Up to 5000 meters||1 gbps|
|1000Base-SX||802.3z||Short wavelength laser over fiber||SC||Up to 550 meters||1 gbps|
|1000Base-CX||802.3z||Twinax or short haul copper||9-Pin shielded D-subminiature connector, or 8-pin ANSI fiber channel type 2 (HSSC) connector.||25 meters||1 gbps|
|10 GBASE-LR||???||Laser over single-mode fiber optics||???||2000 meters||10 Gbps|
|10 GBASE-SR||802.3ae||Shortwave laser over multi-mode fiber optics||???||300 meters||10 Gbps|
|10 GBASE-ER||???||Laser over either single or multi-mode fiber||???||40000 meters||10 Gbps|
Miscellaneous Cable Info
• Shielded twisted pair (STP) differs from UTP in that it has a foil jacket that helps prevent crosstalk. Crosstalk is signal overflow from an adjacent wire.
• The 5-4-3 rule: this rule states that a 10base2 network can have 5 cable segments connected with 4 repeaters, but only 3 of these segments can be occupied by computers. There is also a maximum of 30 computers per segment.
• Plenum grade cabling is required if the cabling will be run between the ceiling and the next floor (this is called the plenum). Plenum grade cabling is resistant to fire and does not emit poisonous gasses when burned.
• Fiber Optic cabling has an built in security as you can't intercept data as you can with other cable mediums.
[edit section] Wireless Technologies
The table below shows some of the various wireless networking technologies.
|802.11b - WiFi||2.4 Ghz||Wireless networking commonly used in homes and SOHO environments. Being replaced by the faster 802.11g standard. Uses a wireless access point (WAP) to connect to other wireless computers.||150+ feet||11 mbps|
|802.11g - WiFi||2.4 Ghz||Wireless networking commonly used in homes and SOHO environments. Uses a wireless access point (WAP) to connect to other wireless computers. Backward compatible with 802.11b||150+ feet||54 mbps|
|Infrared - IrDA||Uses light, not radio frequencies||Uses line of sight connections making it useful for sharing data between personal devices.||150+ feet||Usually 16mbps - high powered beams can reach 10Gbps|
|Bluetooth||2.4 Ghz||See below||Up to 30 feet||721 kbps|
Infrared - IrDA
Infrared is typically a short-range line of sight technology which means that there cannot be obstructions between 2 devices that are trying to communicate. It is often used for file sharing between portable devices and can communicate at speeds up to 16Mbps. In certain situations, high power infrared beams transfer high-speed data from 45Mbps to 10Gbps and are installed between buildings within a few miles of each other.
Bluetooth (IEEE 802.15.1), originally developed by Ericsson and later formalized by the Bluetooth Special Interest Group (SIG), is a specification for wireless personal area networks that facilitates the exchange of data between electronic devices, such as mobile phones, PDAs, laptops, personal computers, printers and digital cameras. The devices, containing a low-cost transceiver, connect to each other using a short range radio frequency (2.45 gHz) of up to 328 feet. Each Bluetooth enabled device is assigned a unique 48-bit address and a 24-bit class identifier. The class identifier provides information as to the nature of the device (phone, PC, etc.) and is transmitted to other devices performing an inquiry.
Bluetooth was developed out of a demand to create networks that were easy to install, configure and use without using the standard cabling. There have been three major versions of Bluetooth released: 1.1, 1.2 and 2.0. Each release increased the transmission speed and the 2.0 release also decreased the power consumption.
Bluetooth is not without security vulnerabilities. In 2004, a proof-of-concept virus that spread via Bluetooth enabled devices appeared, though it never propagated outside of the test environment. Active Bluetooth devices can be detected using directional antennas, allowing unattended devices to be located and stolen. Experiments to reverse engineer the device PIN have also been successful.
Bluetooth is competing against two other major methods of wireless networking: IrDA and WiFi. However, WiFi is most useful as a replacement for LANs and IrDa is limited by its need for an unobstructed line-of-sight between connecting devices.
[edit section] Network Hardware
Below are some of the common hardware devices found on a network. NOTE: The higher the network device is in the OSI layer the more intelligent the device is.
• Network Interface Card: - A Network Interface Card, often abbreviated as NIC, is an expansion board you insert into a computer so the computer can be connected to a network. Most NICs are designed for a particular type of network, protocol and media, although some can serve multiple networks.
• Hub: - A hub is used to connect computers on an ethernet network.
• Repeater: - Boosts signals in order to allow a signal to travel farther and prevent attenuation. Attentuation is the degradation of a signal as it travels farther from its origination. Repeaters do not filter packets and will forward broadcasts. Both segments must use the same access method, which means that you can't connect a token ring segment to an Ethernet segment. Repeaters can connect different cable types.
• Bridge - Functions the same as a repeater, but can also divide a network in order to reduce traffic problems. A bridge can also connect unlike network segments (ie. token ring and ethernet). Bridges create routing tables based on the source address. If the bridge can't find the source address it will forward the packets to all segments. Bridging methods:
o Transparent - Only one bridge is used.
o Source-Route - Bridging address tables are stored on each PC on the network
o Spanning Tree - Prevents looping where there exists more than one path between segments
• Switch - A switch prevents traffic jams by ensuring that data goes straight from its origin to its proper destination, with no wandering in between. Switches remember the address of every node on the network, and anticipate where data needs to go. It only operates with the computers on the same LAN. It isn't smart enough to send data out to the internet, or across a WAN. These functions require a router.
• Router - A router is similar to a switch, but it can also connect different logical networks or subnets and enable traffic that is destined for the networks on the other side of the router to pass through. Routers can connect networks that use disimilar protocols. Routers also typically provide improved security functions over a switch. Unroutable protocols can't be fowarded.
• Gateway - Often used as a connection to a mainframe or the internet. Gateways enable communications between different protocols, data types and environments. This is achieved via protocol conversion, whereby the gateway strips the protocol stack off of the packet and adds the appropriate stack for the other side.
• Modem - The modem is a device that converts digital information to analog by MODulating it on the sending end and DEModulating the analog information into digital information at the receiving end. Most modern modems are internal, however, they can be internal or external. External modems are connected to the back of the system board via a RS-232 serial connection. Internal modems are installed in one of the motherboard's PCI or ISA expansion slots depending on the modem. The modem contains an RJ-11 connection that is used to plug in the telephone line. Modems have different transmission modes as follows:
o Simplex - Signals can be passed in one direction only.
o Half Duplex - Half duplex means that signals can be passed in either direction, but not in both simultaneously. Half-duplex modems can work in full-duplex mode.
o Full Duplex - Full duplex means that signals can be passed in either direction simultaneously.
Modems can also be classified by their speed which is measured by the BAUD rate. One baud is one electronic state change per second. Since a single state change can involve more than a single bit of data, the Bits Per Second(BPS) unit of measurement has replaced it as a better expression of data transmission speed. Common modem speeds are V.34 at 28.8 kbps, V.34+ at 33.6 kbps and V.90 at 56 Kbps.
• ISDN Adapter - ISDN service is an older, but still viable technology offered by phone companies in some parts of the U.S. ISDN requires an ISDN adapter instead of a modem, and a phone line with a special connection that allows it to send and receive digital signals.
• CSU/DSU - A CSU/DSU (Channel Service Unit / Data Service Unit) is a piece of equipment that connects a leased line from the telephone company to the customer's equipment (such as a router). Although CSU/DSU's look similar to modems, they are not modems, and they don't modulate or demodulate between analog and digital. All they really do is interface between a 56K, T1, or T3 line and serial interface (typically a V.35 connector) that connects to the router. Many newer routers have 56K or T1 CSU/DSUs build into them.
• Wireless Access Point - A Wireless Access Point is a radio frequency transceiver which allows your wireless devices to connect to a network. A wireless access point will support up to 32 wireless devices. There are currently 2 mainstream wireless standards: 802.11b operates at 11mbps and 802.11g works at a speed of 54mbps.
• Proxy - A proxy server acts as a middle-man between clients and the Internet providing security, administrative control, and caching services. When a user makes a request for an internet service and it passes filtering requirements, the proxy server looks in its local cache of previously downloaded web pages. If the item is found in cache, the proxy server forwards it to the client. This reduces bandwidth through the gateway. If the page is not in the cache, the proxy server uses Network Address Translation (NAT) to use one of its own IP addresses to request the page from the appropriate server.
• Firewall - Either a hardware or software entity that protects a network by stopping network traffic from passing through it. In most cases, a firewall is placed on the network to allow all internal traffic to leave the network (emails to the outside world, web access, etc.), but stop unwanted traffic from the outside world from entering the internal network.
[edit section] OSI 7 Layer Model
The OSI networking model is divided into 7 layers. Each layer has a different responsibility, and all the layers work together to provide network data communication.
• Physical - The Physical layer is the specification for the hardware connection, the electronics, logic circuitry, and wiring that transmit the actual signal. It is only concerned with moving bits of data on and off the network medium. Most network problems occur at the Physical layer.
• Data Link - The Data Link layer is the interface between the upper "software" layers and the lower "hardware" Physical layer. One of its main tasks is to create and interpret different frame types based on the network type in use. The Data Link layer is divided into two sub-layers: the Media Access Control (MAC) sub-layer and the Logical Link Control (LLC) sub-layer.
o LLC sub-layer starts maintains connections between devices (e.g. server - workstation).
o MAC sub-layer enables multiple devices to share the same medium. MAC sub-layer maintains physical device (MAC) addresses for communicating locally (the MAC address of the nearest router is used to send information onto a WAN).
• Network - The Network layer addresses messages and translates logical addresses and names into physical addresses. It also manages data traffic and congestion involved in packet switching and routing. It enables the option of specifying a service address (sockets, ports) to point the data to the correct program on the destination computer.
• Transport - The Transport layer provides flow control, error handling, and is involved in correction of transmission/reception problems. It also breaks up large data files into smaller packets, combines small packets into larger ones for transmission, and reassembles incoming packets into the original sequence.
• Session - The Session layer handles security and name recognition to enable two applications on different computers to communicate over the network. Manages dialogs between computers by using simplex(rare), half-duplex or full-duplex. The phases involved in a session dialog are as follows: establishment, data-transfer and termination.
• Presentation- The Presentation layer determines data exchange formats and translates specific files from the Application layer format into a commonly recognized data format. It provides protocol conversion, data translation, encryption, character-set conversion, and graphics-command expansion.
• Application - The Application layer represents user applications, such as software for file transfers, database access, and e-mail. It handles general network access, flow control, and error recovery. Provides a consistent neutral interface for software to access the network and advertises the computers resources to the network.
Here is an idiotic, yet easy way to remember the 7 layers. Memorize the following sentence: All People Seem To Need Data Processing. The first letter of each word corresponds to the first letter of the layers starting with Application and ending with the physical layer.
Here are some examples of items that operate at each layer:
|Network||Routers, Layer 3 Switches|
|Data Link||Network Interface Card, Bridges, Layer 2 Switches|
|Physical||Hub, Repeater, cabling|
[edit section] Frame Types
A frame type is the format of the packet that your Operating System will use to communicate over your network. Below is a table of the different types:
|802.2||Logical link control - LLC adds header information that identifies the upper layer protocols sending the frame.|
|802.3||Ethernet - Media Access Control (MAC) sub-layer uses Carrier Sense Multiple Access with Collision Detection(CSMA/CD)|
|802.4||Token bus LAN|
|802.5||Token Ring BUS|
|802.6||Metropolitan Area network (MAN)|
|802.12||Demand Priority. Like 100VG-Any LAN|
[edit section] Protocols
Protocols are the special set of rules that end points use in a telecommunication connection when they communicate. These rules allow computers with dissimilar operating sytems, network topologies, hardware, etc. to communicate. Next is a description of some of the more common protocols:
• TCP/IP - TCP/IP is the protocol suite of the internet and will be covered in the next section.
• IPX/SPX - These protocols were developed by Novell and are/were used with Novell Netware. IPX is the fastest routable protocol and is not connection oriented. IPX addresses are up to 8 characters in hexadecimal format. SPX is connection oriented.
• NetBeui - Stands for "NetBIOS Extended User Interface". It is a transport layer protocol mainly used for small Windows 9x and NT LANs. In reference to the NetBIOS distinction, NetBIOS is the applications programming interface and NetBEUI is the transport protocol. NetBEUI is a non-routable protocol meaning it will not allow communication through a router. It is broadcast oriented which causes it to not scale well. Although it can still be installed on newer Microsoft operating systems, it has largely been replaced by TCP/IP.
• Appletalk - AppleTalk is the name given to the set of protocol and networking standards created by Apple Computer for use with the Macintosh family of computers. AppleTalk is routable and automatically handles such things as assigning of workstation and network addresses, message routing between networks, etc.
[edit section] TCP/IP
TCP/IP Protocol Suite The TCP/IP protocol suite is made of many other protocols that perform different functions. Below is a list of some of them:
• TCP - TCP breaks data into manageable packets and tracks information such as source and destination of packets. It is able to reroute packets and is responsible for guaranteed delivery of the data.
• IP - This is a connectionless protocol, which means that a session is not created before sending data. IP is responsible for addressing and routing of packets between computers. It does not guarantee delivery and does not give acknowledgement of packets that are lost or sent out of order as this is the responsibility of higher layer protocols such as TCP.
• UDP - A connectionless, datagram service that provides an unreliable, best-effort delivery.
• ICMP - Internet Control Message Protocol enables systems on a TCP/IP network to share status and error information such as with the use of PING and TRACERT utilities.
• SMTP - Used to reliably send and receive mail over the Internet.
• FTP - File transfer protocol is used for transferring files between remote systems. Must resolve host name to IP address to establish communication. It is connection oriented (i.e. verifies that packets reach destination).
• TFTP - Same as FTP but not connection oriented.
• ARP - provides IP-address to MAC address resolution for IP packets. A MAC address is your computer's unique hardware number and appears in the form 00-A0-F1-27-64-E1 (for example). Each computer stores an ARP cache of other computers ARP-IP combinations.
• POP3 - Post Office Protocol. A POP3 mail server holds mail until the workstation is ready to receive it.
• IMAP - Like POP3, Internet Message Access Protocol is a standard protocol for accessing e-mail from your local server. IMAP (the latest version is IMAP4) is a client/server protocol in which e-mail is received and held for you by your Internet server.
• TELNET - Provides a virtual terminal or remote login across the network that is connection-based. The remote server must be running a Telnet service for clients to connect.
• HTTP - The Hypertext Transfer Protocol is the set of rules for exchanging files (text, graphic images, sound, video, and other multimedia files) on the World Wide Web. It is the protocol controlling the transfer and addressing of HTTP requests and responses.
• HTTPS - Signifies that a web page is using the Secure Sockets Layer (SSL) protocol and is providing a secure connection. This is used for secure internet business transactions.
• NTP - Network Time Protocol is a protocol that is used to synchronize computer clock times in a network of computers.
• SNMP - Stands for Simple Network Management Protocol and is used for monitoring and status information on a network. SNMP can be used to monitor any device that is SNMP capable and this can include computers, printers, routers, mainframes, gateways and many more.
[edit section] TCP/IP Ports
Ports are what an application uses when communicating between a client and server computer. Some common ports are:
• 20 FTP DATA
• 21FTP CONTROL
• 22 SSH
• 23 TELNET
• 25 SMTP
• 37 and 123 NTP
• 69 TFTP
• 80 HTTP
• 110 POP3
• 119 NNTP
• 143 IMAP4
• 443 HHTPS
[edit section] TCP/IP Addressing
Every IP address can be broken down into 2 parts, the Network ID(netid) and the Host ID(hostid). All hosts on the same network must have the same netid. Each of these hosts must have a hostid that is unique in relation to the netid. IP addresses are divided into 4 octets with each having a maximum value of 255. We view IP addresses in decimal notation such as 184.108.40.206, but it is actually utilized as binary data.
IP addresses are divided into 3 classes as shown below:
NOTE: 127.x.x.x is reserved for loopback testing on the local system and is not used on live systems. The following address ranges are reserved for private networks:
10.0.0.0 - 10.254.254.254
172.16.0.0 - 172.31.254.254
192.168.0.0 - 192.168.254.254
IP addresses can be class A, B or C. Class A addresses are for networks with a large number of hosts. The first octet is the netid and the 3 remaining octets are the hostid. Class B addresses are used in medium to large networks with the first 2 octets making up the netid and the remaining 2 are the hostid. Class C is for smaller networks with the first 3 octets making up the netid and the last octet comprising the hostid. The Network ID and the Host ID are determined by a subnet mask. The default subnet masks are as follows:
|CLASS||DEFAULT SUBNET||# OF SUBNETS||# OF HOSTS PER SUBNET|
What if you wanted more than 1 subnet? Subnetting allows you to create multiple logical networks that exist within a single Class A, B, or C network. If you don't subnet, you will only be able to use one network from your Class A, B, or C network. When subnetting is employed, the multiple networks are connected with a router which enables data to find its way between networks. On the client side, a default gateway is assigned in the TCP/IP properties. The default gateway tells the client the IP address of the router that will allow their computer to communicate with clients on other networks.
The previous information on TCP/IP has referred to IPv4, however, this addressing scheme has run out of available IP addresses due to the large influx of internet users and expanding networks. As a result, the powers that be had to create a new addressing scheme to deal with this situation and developed IPv6. This new addressing scheme utilizes a 128 bit address (instead of 32) and utilizes a hex numbering method in order to avoid long addresses such as 220.127.116.11.18.104.22.168.22.214.171.124.126.96.36.199. The hex address format will appear in the form of 3FFE:B00:800:2::C for example.
DHCP stands for Dynamic Host Configuration Protocol and provides a solution that automatically assigns IP addresses to computers on a network. When a client is configured to receive an IP address automatically, It will send out a broadcast to the DHCP server requesting an address. The server will then issue a "lease" and assign it to that client. The time period that a lease will last can be specified on the server. Some of the benefits of DHCP include the following:
• Prevents users from making up their own IP addresses.
• Prevents incorrect gateway or subnet masks from being entered by your helpdesk.
• Decreases amount of time spent configuring computers especially in environments where computers get moved around all the time.
• Handy in situations where you have a large sales staff that only have to work 1 day a week. On that one day they bring their laptops and they can just plug them into the network and they are all set.
DHCP clients will attempt to renew their leases when %50 of the lease has expired. The client will send a message to the server that assigned the lease. Assuming the DHCP server isn't on fire or anything it will return a message with the new lease. If the server is unavailable, then the client can continue functioning as it has %50 remaining still. The client will continue as normal until the lease reaches %87.5 used at which time it broadcast to all DHCP servers and attempt to get a new lease. If the client receives a rejection message or the lease expires then the client must start all over again and will get a different IP address. If the lease expires and the client is unable to get a new one then the user will not be able to communicate over the network.
There are several different methods of resovling names to IP addresses. Before getting into the different methods, it is important to understand the role of NetBIOS. When talking about Netbios, we typically refer to the concept of Netbios name which is the name assigned to your computer. Netbios allows applications to talk to each other using protocols such as TCP/IP that support Netbios. Netbios is typically seen in other forms such as Netbeui and NetBT. These are the main functions that Netbios serves:
• Starting and stopping sessions.
• Name registration
• Session layer data transfer(reliable)
• Datagram data transfer(unreliable)
• Protocol driver and network adapter management functions.
[edit section] NETBIOS Naming:
A Netbios name is either a unique name or a group name, the difference being that a unique name is used for communication with a specific process on a computer, whereas a group name is for communication with multiple clients. Netbios name resolution resolves a computer's Netbios name to an IP address. Microsoft offers several different ways to resolve Netbios names and each will be disscussed below.
• Local Broadcast - If the destination host is local, then first the Netbios name cache is checked and a broadcast is not sent. If it is not found here, then a name query broadcast is sent out that includes the destination Netbios name. Each computer that receives the broadcast checks to see if it belongs to the name requested. The computer that owns the name then uses ARP to determine the MAC address of the source host. Once obtained a name query response is sent. NOTE: Some routers do not support the fowarding of these broadcasts as they use UDP ports 137 and 138.
• NETBIOS Name Server - When using a Netbios name server, the cache is checked first and if the name is not found the destination host's name is sent to the name server. After the name server resolves the name to an IP address, it is returned to the source host. When the source host receives the information it uses ARP to resolve the IP address of the destination host to it's MAC address. Microsoft uses WINS as a NETBIOS name server.
• LMHOSTS File - An lmhosts file is a text file that is used to manually configure Netbios names. In order to work, each entry in the lmhosts file must be unique, have a valid IP address for the Netbios name and be spelled correctly. On large networks configuring LMHOSTS files on all clients is not feasible, so these are not used much anymore.
• Hosts File - The hosts file is a little different than the lmhosts file in that it will resolve both local and remote names. If the host name can't be resolved and no other alternative name resolution processes are in place, the user will receive an error. Once the host name is parsed from the host file, ARP takes over and attempts to resolve the IP address to a MAC address. Like the lmhosts method, this is static name resolution.
• DNS - More on this later...
Microsoft's definition of WINS is "An enhanced NetBIOS Name Server(NBNS) designed by Microsoft to eliminate broadcast traffic associated with the B-node implementation of NetBIOS over TCP/IP. It is used to register NetBIOS names and resolve them to IP addesses for both local and remote hosts." If a WINS server is configured, then name resolution requests are sent directly to it and in turn the WINS server will send the IP address to the requesting client. If the WINS server can't resolve the name for some reason, then it will use a broadcast to try to resolve the name. A secondary WINS server can be configured to prevent such situations. WINS is dynamically updated which gets rid of the need for lmhosts files. If a client is configured to use WINS then it will register it's name and IP address with the WINS server. When the computer is turned off, it releases its lease on that name which may be used by a different computer. With Windows 2000, Microsoft has introduced Dynamic DNS (DDNS) which may be the beginning of the end for WINS and NETBIOS.
TCP/IP networks used to use hosts files to resolve IP addresses to host names or domain names. Networks began growing to the point where the administration and the traffic needed to maintain this file became unbearable and DNS was born. A DNS client(aka resolver) sends requests to the DNS nameserver which responds with the requested info, another server to query or a failure message. This process is very similar to calling information. You call them with a name, they check their database and give you the phone number. There are a variety of roles a nameserver can satisfy within the zone that they are responsible for:
• Primary Nameserver - Gathers DNS information from local files and is a focal point for adding hosts and domains.
• Secondary Nameserver - Gathers the data for its' zone(s) from another DNS server. Secondary nameservers provide redundancy, traffic on primary server and quicker access for locations that are remote in regards to the primary server.
• Caching Only Nameserver - These do not have a zone that they are responsible for. Their databases only contain info that is received from resolutions that it has made since the server was last started.
Nameservers are distributed into tiers called domains.
Microsoft discusses domains in terms of a hierarchical "domain name space" which they refer to as being like a tree structure. There are several different domain levels as listed below:
• Root level domains - The top of the tree.
• Top level domains - These are divided into different categories. Com, net, mil, edu, org and gov are the most common.
• Second level domains - These domains make up the rest of networks as all sub-domains are categorized under this heading. So if you visit Intel's site, you are visiting the sub-domain intel.com. Within intel.com many other sub-domains may also exist.
• Hosts - Hosts are the final level in the hierarchy as they are the individual computers that occupy or comprise a domain.
[edit section] DNS Records:
Below are some of the common DNS records and their purpose:
• A - The A-record is used for hosts on a network. It is used to translate human friendly domain names sinto an IP-addresses such as 188.8.131.52.
• CNAME - CNAME (canonical name) records are used to create aliases. Often computers on the Internet have multiple functions such as web server, FTP server, mail server etc. To mask this, CNAME-records can be used to give a single computer multiple names (aliases). For example computer "xyz.com" may be both a web-server and an ftp-server, so two CNAME-records are defined: "www.xyz.com" = "xyz.com" and "ftp.xyz.com" = "xyz.com".
• MX - MX (mail exchanger) records identify mail server(s) responsible for a domain name. When sending an e-mail to "[email protected]", your mail server must first look up the MX record for "xyz.com" to see which mail server actually handles mail for "xyz.com".
• NS - NS (name server) records identify DNS servers responsible (authoritative) for a zone.
• PTR - PTR (pointer) records map IP addresses to domain names which is the reverse of A-records.
NAT stands for Network Address Translation and is a commonly used IP translation and mapping technology. Using a device (such as a router) or piece of software that implements NAT allows an entire home or office network to share a single internet connection over a single IP address. A single cable modem, DSL modem, or even 56k modem could connect all the computers to the internet simultaneously. Additionally, NAT keeps your home network fairly secure from hackers. NAT is built in to the most common Internet Connection Sharing technologies around. Microsoft's implementation of NAT is called Internet Connection Sharing (ICS) and is supported by Windows 98SE and Windows 2000. ICS is a NAT based routing application, designed to share an Internet connection among multiple computers connected via a LAN. ICS can handle both dial-up and broadband based Internet connections. ICS can handle networks with clients running any operating system, as long as the OS supports the TCP/IP protocol. The clients can have their TCP/IP information assigned manually or they can run as DHCP clients, obtaining their TCP/IP settings from ICS' built-in DHCP server.
TCP/IP offers several tools that are helpful in the troubleshooting process and provide information to help locate and correct problems. Some of these are listed below:
• ARP - Provides a mapping from the logical 32-bit TCP/IP address to the physical 48-bit MAC address (i.e. translates a IP address into MAC address).
• TELNET - Provides a virtual terminal or remote login across the network that is connection-based and handles its own session negotiation. The remote server must be running a Telnet service for clients to connect. Defaults settings are Port 23 VT100 terminal emulation.
• NBTSTAT - Is used to troubleshoot connectivity problems between 2 computers communicating via NetBT, by displaying protocol statistics and current connections. NBTSTAT examines the contents of the NetBIOS name cache and gives MAC address.
• TRACERT - By sending out ICMP packets, it determines the path taken by a data packet to reach it's destination and can help determine at what point a network connection is now longer active. Can help troubleshoot network response time issues.
• NETSTAT - Displays in-depth detail about TCP/IP protocol status and statistics.
• WINIPCFG - Displays current TCP/IP configurations on Windows workstations(see also IPCONFIG on Windows NT).
• IPCONFIG - Below are the ipconfig switches that can be used at a command prompt.
- ipconfig /all will display all of your IP settings.
- ipconfig /renew forces the DHCP server, if available to renew a lease.
- ipconfig /release forces the release of a lease.
• PING - Uses ICMP to verify a connection to a remote host by sending echo requests and "listening" for reply packets.
• NSLOOKUP - This tool queries a DNS database for information about DNS objects and can be used to troubleshoot name resolution problems.
General troubleshooting strategy includes the following steps:
1. Establish the symptoms
2. Identify the affected areas
3. Establish what has changed
4. Select the most probable cause
5. Implement a solution
6. Test the result
7. Recognize the potential effects of the solution
8. Document the solution
Basic TCP/IP troubleshooting steps include:
1. Ping 127.0.0.1 - This is the loopback address and verifies that the computer that you are pinging from can communicate via TCP/IP with its own ethernet adapter.
2. Ping own IP address - Verifies that a valid IP address was entered for this computer.
3. Ping default gateway - Typically this would be the near side of a router. If you can ping this address, then you should be able to ping other hosts on your same subnet.
4. Ping far side of router - This will verify that the routing table is correct.
5. Ping remote host - If this works then it would appear that there are valid communications.
6. If you are unable to connect to a host via host or domain name, see if you can connect to it using its IP address. If so, then you are likely having name resolution problems and should check your DNS configuration.
For the exam troubleshooting section, you will need to know how to solve various problems based on information such as PING/TRACERT/IPCONFIG output, topology type, operating system, network configuration, visual indicators (link lights, collision lights), etc. There will most likely be diagrams that you will have to glean information from.
[edit section] WAN Technologies
This section outlines some common WAN technologies you will need to know:
• Packet and Circuit Switching - Packet switching refers to protocols in which messages are divided into packets before they are sent. Each packet is then transmitted individually and can even follow different routes to its destination. Once all the packets forming a message arrive at the destination, they are recompiled into the original message. Most modern Wide Area Network (WAN) protocols, including TCP/IP and Frame Relay are based on packet-switching technologies. In contrast, normal telephone service is based on a circuit-switching technology, in which a dedicated line is allocated for transmission between two parties. Circuit-switching is ideal when data must be transmitted quickly and must arrive in the same order in which it is sent. This is the case with most real-time data, such as live audio and video. Packet switching is more efficient and robust for data that can withstand some delays in transmission, such as e-mail messages and Web pages.
• ISDN - Integrated Services Digital Network (ISDN) is comprised of digital telephony and data-transport services offered by regional telephone carriers. ISDN involves the digitalization of the telephone network, which permits voice, data, text, graphics, music, video, and other source materials to be transmitted over existing telephone wires. There are 2 types of ISDN channels:
o B (bearer) - Transfers data at 64Kbps. An ISDN usually contains 2 B channels for a total of 128kbps.
o D (data) - Handles signalling at either 16Kbps or 64Kbps(sometimes limited to 56Kbps) which enables the B channel to strictly pass data
• FDDI - Fiber Distributed Data Interface (FDDI) is an appealing choice for high-speed data networking. Essentially, it is a very high-speed token ring network connected by optical fibers. With a data transfer rate of 100Mbps, the ring can support up to 500 nodes with as much as 2 km of spacing between adjacent nodes.
• ATM - ATM stands for Asynchronous Transfer Mode and is a high-speed, packet-switching technique that uses short fixed length packets called cells. ATM can transmit voice, video, and data over a variable-speed LAN and WAN connections at speeds ranging from 1.544Mbps to as high as 622Mbps. ATM is capable of supporting a wide range of traffic types such as voice, video, image and data.
• Frame Relay - Frame relay is a secure, private network that utilizes a logical path or "virtual circuit" to allocate bandwidth for high performance transmissions. Frame relay is the premier high-speed packet-switching protocol communicating data, imaging, and voice between multiple locations. Frame relay is available in a range of bandwidths from 56 Kbps to full T1 (1.54 Mbps).
• T-1/T-3 - A T-1 is a dedicated phone connection supporting data rates of 1.544Mbps. A T-1 line actually consists of 24 individual channels, each of which supports 64Kbits per second. Each 64Kbit/second channel can be configured to carry voice or data traffic. Most telephone companies allow you to buy just some of these individual channels, known as fractional T-1 access. T-1 lines are a popular leased line option for businesses connecting to the Internet and for Internet Service Providers (ISPs) connecting to the Internet backbone. The Internet backbone itself consists of faster T-3 connections. T-1 comes in either copper or fiber optics.
• SONET - SONET and SDH are a set of related standards for synchronous data transmission over fiber optic networks. SONET is short for Synchronous Optical NETwork and SDH is an acronym for Synchronous Digital Hierarchy. SONET is the United States version of the standard and SDH is the international version. SONET defines a base rate of 51.84 Mbps and a set of multiples of the base rate known as "Optical Carrier levels." (OCx). Speeds approaching 40 gigabits per second are possible.
The following table displays information about the various WAN connection types.
|Dial-up connection (POTS)||Up to 56 Kbps||Twisted pair||Rapidly being replaced by faster technologies.|
|T-1||1.544 Mbps||Twisted-pair, coaxial cable, or optical fiber|| Large company to ISP|
ISP to Internet infrastructure
|T-2||6.312 Mbps||Twisted-pair, coaxial cable, or optical fiber|| Large company to ISP|
ISP to Internet infrastructure
|Digital Subscriber Line (DSL)||256 Kbps to 8 Mbps||Twisted-pair||Home, small business, and enterprise access using existing phone lines|
|Cable modem||512 Kbps to 52 Mbps||Coaxial cable||Home, business, school access|
|T-3||44.736 Mbps||Coaxial cable|| ISP to Internet infrastructure|
Smaller links within Internet infrastructure
|OC-1||51.84 Mbps||Optical fiber|| ISP to Internet infrastructure|
Smaller links within Internet infrastructure
|OC-3||155.52 Mbps||Optical fiber|| Large company backbone|
|Asynchronous Transfer Mode (ATM)||622.08 Mbps||Optical fiber||Internet backbone|
[edit section] Remote Access Protocols and Services
This section describes some of the various protocols and services used for remote and secure connections.
• RAS - RAS stands for "Remote Access Service", Microsoft's term for modem pools. This service provides dial-in access to networks and to the Internet.
• PPP - Point-to-point Protocol (PPP) is a method for connecting a personal computer to the Internet using a standard phone line and a modem. The difference between PPP and other, older dial-up procedures is that a PPP setup will establish a direct Internet connection that allows the PC to use TCP/IP (Internet-based) applications.
• PPTP - The Point to Point Tunneling Protocol (PPTP) provides for the secure transfer of data from a remote client to a private server by creating a multi-protocol Virtual Private Network(VPN) by encapsulating PPP packets into IP datagrams. Setting Up PPTP requires a PPTP Client, PPTP Server and a Network Access Server(NAS). PPTP does not support the Appletalk protocol.
• IPsec - IPSec is a suite of Internet-standard protocols that allow secure, encrypted communications between two computers over an insecure network. IPSec provides end-to-end security, meaning that the IP packets are encrypted by the sending computer, are unreadable en route, and can be decrypted only by the recipient computer.
• L2TP - L2TP creates a tunnel through a public network that is authenticated on both ends, uses header compression, and relies on IPSec for encryption of data passed through the tunnel. L2TP works like PPTP in that it creates a "tunnel", but uses IPSec encryption in order to support non-IP protocols and authentication.
• SSL - SSL (Secure Sockets Layer) uses a technique called public-key cryptography to provide encrypted connections. This enables you to move information across the Internet with confidence that it will not be intercepted or modified in transit. This is heavily used in e-commerce and can be identified by a URL that begins with HTTPS.
• Kerberos - This form of security has been evolving in the Unix world for a long time and is now becoming a standard. Kerberos provides mutual authentication between a client and a server or between servers before a network connection is opened between them. Rather than sharing a password, computers share a cryptographic key, and they use knowledge of this key to verify each other's identities. Kerberos security only works with computers running Kerberos security software.
[edit section] Network Management
This section discusses network management, storage and recovery concepts:
• VLAN - A virtual LAN is a local area network with a definition that maps workstations on some other basis than geographic location (for example, by department, type of user, or primary application). The virtual LAN controller can change or add workstations and manage loadbalancing and bandwidth allocation more easily than with a physical picture of the LAN. Network management software keeps track of relating the virtual picture of the local area network with the actual physical picture.
• Fault Tolerance - Fault-tolerance describes a computer system or component designed so that, in the event that a component fails, a backup component or procedure can immediately take its place with no loss of service. Fault tolerance can be provided with software, or embedded in hardware, or provided by some combination. This is an important component of disaster recovery which is being included more and more in operating system software. For example, Windows 2000 includes RAID and tape backup functions although additional hardware is required.
• Network Attached Storage - Network Attached Storage, or NAS, is a data storage mechanism that uses special devices connected directly to the network media. These devices are assigned an IP address and can then be accessed by clients via a server that acts as a gateway to the data, or in some cases allows the device to be accessed directly by the clients without an intermediary. Some of the big advantages of NAS include the expandability; need more storage space, add another NAS device and expand the available storage. NAS also brings an extra level of fault tolerance to the network. In a direct attached storage environment, a server going down means that the data that that server holds is no longer available. With NAS, the data is still available on the network and accessible by clients. Fault tolerant measures such as RAID can be used to make sure that the NAS device does not become a point of failure.
[edit section] Diagnostic Tools
• Network Monitor - Tracks usage of network resources(good for establishing a network baseline).
• Performance Monitor - Tracks usage of various resources over time(good for establishing a general baseline).
• Tone Generator - Used to test cabling. Identifies which cable or wire is being tested by generating different tones.
• TDR (Time Domain Reflectometer): Sends a signal down a cable and measures the distance that the signal travelled before bouncing back(like sonar). Used to find opens and shorts in cables.
• Oscilloscope - Tests cable by determining where there are shorts, crimps or attenuation.
• Protocol Analyzers - This tool is used to monitor network traffic and display packet and protocol statistics and information.
• Optical Testers - A tool used to monitor and troubleshoot the performance of a fiber optic network.
• Crimping Tools - Crimping tools are used to connect cabling to their appropriate connectors. There are different crimping tools for different types of connections.
• Punch Down Tool - A punch down tool is used to connect cabling such as telephone and ethernet to wall jacks.
MCMCSE is a leading portal for free certification preparation materials including practice tests, study guides, forums, and much more. Their sister site, TechTutorials.net offers a database containing thousands of free tutorials.