1. Standard Topologies
A single cable (trunk) that connects all computers in a single line.
Computers connect to a centralized hub via cable segments.
Connects all computers on a single cable. Ends are n
ot terminated, but form a full
Commonly used in WAN configurations. Routers are connected to multiple links for redundancy and to
give the ability to determine the quickest route to a destination.
2. Access Methods
Accessing Network Media
Deterministic access method
Contention based method
Collision Detection; listens to cable prior to sending data. (Ethernet)
Collision Avoidance; Announces intention to send data. (AppleTalk)
evolves around ring, computer which has token is permitted to data. (Token Ring)
One device designated media administrator. Secondary device waits to be polled by primary device to check if it
has data to be sent.
3. IBM Cabling System
RG stands for Rad
.25 inches thick carries signal 185 meters. Known as RG
58 family and has a 50 ohm
Solid Copper Core
Stranded Wire Core
Military Specification of RG
transmission (Television Cable)
ArcNet Network Cable
When troubleshooting thinnet coaxial cable, the cable terminator must read 50 ohms, and the cable and
connector must measure infinite.
.5 inches thick, carries signal 50
0 meters. A transceiver (Vampire Tap) is used to
make a physical connection with the Thicknet core.
Unshielded Twisted Pair
Twisted pair wiring, carries signal 100 meters. Is susceptible to crosstalk.
Shielded Twisted Pair
Twisted pair wiring, carri
es signal 100 meters. Has foil or braided jacket around wiring
to help reduce crosstalk and to prevent electromagnetic interference.
The degrading of a signal as it travels farther from its origination.
Signal overflow from on
e wire to another adjacent wire.
Instability in a signal wave. Caused by signal interference or an unbalanced FDDI ring or
4. UTP/STP Category Speeds
Carries light pulse signals through glass core at speeds of between 100 Mbps
5. Ethernet Specifications
58 thinnet coaxial cable
BNC T Connector
185 meters (607 f
Thicknet coaxial cable
500 meters (1640 ft)
Category 3, 4, or 5 UTP cable
100 meters (328 ft)
Category 5 UTP cable
100 meters (328 ft)
6. Signal Transmissions
gital signaling over a single frequency. Transmits bi
Uses analog signaling over a range of frequencies. Transmits unidirectionally and uses
amplifiers for signal regeneration.
7. OSI Model
ications to use the network. Handles network access, flow control and error
Translates data into a form usable by the application layer. The redirector operates
here. Responsible for protocol conversion, translating and enc
rypting data, and managing data compression.
Allows applications on connecting systems to establish a session. Provides synchronization
between communicating computers.
Responsible for packet handling. Ensures error
ee delivery. Repackages messages
into smaller packets, and handles error handling.
Translates system names into addresses. Responsible for addressing, determining
routes for sending, managing network traffic problems, packet switching, r
outing, data congestion, and
Data Link Layer
Sends data from network layer to physical layer. Manages physical layer
communications between connecting systems.
(802.2) Manages link control and defines SAP's (Service Access P
oints). Checks ACK, CRC
(802.3, 802.4, 802.5, 802.12) Communicates with adapter card. Responsible for Carrier Sense
and Token Passing
Transmits data over a physical medium. Defines cables, cards, and physical aspects.
Protocols residing here
TCP, SPX, NWLink, NetBEUI
P, IPX, NetBEUI, DLC, DecNET
IEEE 802 Specifications
Logical Link Control)
Token Bus LAN
Token Ring LAN
MAN (Metropolitan Area Network)
Broadband Technical Advisory Group
Optic Technical Advisory Group
Integrated Voice/Data Netwo
Demand Priority Access LAN, 100 Base VG
. LAN Enhancement Components
regenerates signals for retransmission. Moves packets from one physical media to another.
pass broadcast storms. Cannot connect different network topologies or access methods.
are used to segment networks. They forward packets based on address of destination node.
Uses RAM to build a routing table based on hardware addresses. Will
connect dissimilar network topologies.
Will forward all protocols. Regenerates the signal at the packet level.
packets across multiple networks. Uses RAM to build a routing table based on network
addresses (i.e. TCP address). Shares status and
routing information to other routers to provide better traffic
management and bypass slow connections. Will not pass broadcast traffic. Are slower than bridges due to
complex functions. Strips off Data Link Layer source and destination addresses and then r
ecreates them for
packets. Routers can accommodate multiple active paths between LAN segments. Will not pass unroutable
Will act as a router for specified protocols and as a bridge for other specified protocols.
communications between different NOS's (i.e. Windows NT and IBM SNA). Takes
the packet, strips off the old protocol and repackages it for the receiving network.
Basically converts data
between incompatible sstems for different networks.
that can divide transmissions into two or more channels.
Hub with bridging capabilities. Switch filters traffic through MAC addresses. Creates sessions
on ports within the hub. Used when upgrading to 100mb Fast Ethernet.
Data Link (MAC Sublayer)
Remote Bridge Data Link (MAC Sublayer)
Data Link and Network
Transport, Session, Presentation and Application
Spanning Tree Algorithm
was developed for bridges to determine the most efficient network in path when there
are multiple paths to choose from.
Several signals from different sources are collected into the component and are fed into one cable
TCP/IP, IPX/SPX, OSI, AppleTalk, DecNET, XNS. Non
Microsoft protocol designed for small LANs; non
routable. Not compatible with UNIX networks.
Fast protocol for small and large Novell
networks; is routable. Also known in NT as NWLink.
Internet protocol; is routable. Used by UNIX networks. Remember IP is connectionless
Defines communications over FDDI MANs; is routable.
Apple protocol designed for sma
ll LAN file and print sharing; is routable.
RIP (Routing Information Protocol)
Routers use this to communicate with each other to determine the least
busy and shortest network routes.
NDIS (Microsoft) and ODI (Novell) are used to bind multiple protocol
s to a network adapter.
SLIP (Serial Line IP)
up communications, but is unable to simultaneously transfer multiple
Performs dynamic IP addressing, multi
protocol support, password login and
Common TCP/IP problems are caused by incorrect subnet masks and default gateways.
Incorrect frame types will cause problems between two systems using IPX/SPX.
Protocols within TCP/IP
Simple Mail Transfer Proto
this is a “stateless” protocol meaning each command is executed independently
it is mail delivery ONLY
it does not handle sending messages. Port 110
, uses PING
need to allow DHCP relay agents in order to send broadcasts over routers (which by design do not
normally accept ANY broadcasts). Basically DHCP is a form of broadcast Remember DORA which stands for
the lease process and
menas Discover, Offer, Request, ACK NOTE: DHCP uses ARP to assign IP addresses to
Simple Network Management Protocol
consists of two components, an agent and SNMP mgmt
console (according to a MIB). Uses READ, WRITE, TAVERSAL and TRAP comma
nds. These are set up with
GET requests (GET is actually a READ command)Most common way of security in SNMP is community names.
Port 161 and 162
Consists of three elements:
1. SNMP Mgmt Console (OpenView, Tivoli, etc)
9. Computer Name
DNS (Domain Name Services)
Used to translate a host name to an IP address. Default gateways and sbnets
can also be assigned by DNS. Remember that FQDN is fully qualified domain
WINS (Windows Internet Naming Service)
Used to resolve NetBIOS
computer name to an IP address. Similari
to DNS except that it only works on a Microsoft network. WINS can be combined with DNS. WINS has both a
server and a client component
File which contains mappings between DNS host names and their IP addresse
File which contains mappings between NetBIOS computer names and their IP addresses.
Packets are relayed across network along the best route available.
Computers are used to detect network faults, then transmit
the fault signal to the server.
Packet Switching Networks
(sent in burst over the network in asynchronus
meaning not in any order). QoS is nearly non
Designed to connect remote terminals to mainf
rame host systems. Is very slow due to constant
point system which uses digital leased lines. Will provide bandwidth as needed.
Requires frame relay capable bridge or router for transmission. Frame is roughly equivalent
to ISDN in
performance. This is a connectionless service
OPERATES AT DATA LINK LAYER and is connection
oriented Advanced implementation of
packet switching. Asynchronus Transfer Mode. Transmits at speeds of 155Mbps to 622Mbps with capabilities of
her speeds. Transmits data in 53 byte (48 application, 5 header) cells. Uses switches as multiplexers to
permit several computers to simultaneously transmit data on a network. Great for voice and video
communications. ATM can prioritize data
ts at 128k/sec. Has three data channels
2 B channels @ 64k/sec & 1 D channel @
16k/sec. The B channels carry data while the D channel performs link management and signaling. PRI is
roughly equivalent to T
1 One D channel and 23 B channels
passing ring network which uses fiber
optic media. Uses a dual
for redundancy and in case of ring failure. Each ring is capable of connecting 500 computers over 100
kilometers (62 miles). Can be used as a network backbone. Uses beaconin
g for ring troubleshooting.
Cable and DSL
Cable modems are not really modems at all. They use coax cable. DSL has a max distance of
18,000ft with the most popular flavor of DSL bing ADSL
se ONE consistent circuit. Can be either
a physical circuit or a virtual circuit. ISDN
is a virtual circuit
The communication is usually a DEDICATED circuit.
10. Network Diagnostic Tools
Digital Volt Meters (DVM)
Measures voltage passing through a resistance
. Primarily used for network
Domain Reflectors (TDRs)
like pulses to look for breaks, shorts or crimps in cables. Can
locate a break within a few feet of actual fault.
Measures amount of sig
nal voltage per unit of time. Displays crimps, shorts,
Examines packet types, errors and traffic to and from each computer on a
Look inside the packet to determine cause of problem. Contains built
Domain Port Scanner
Scans for open TCP/UDP ports
Multiple Disk Sets
Fault Tolerant Systems protect data by duplicating data or by placing data in different physical sources.
Divides data into 64k blo
cks and spreads it equally among all disks in the array. Is
not fault tolerant.
Duplicates a partition on another physical disk.
Duplicates a partition on another physical disk that is connected to anothe
Hard Drive Controller.
Disk Striping w/ECC
Data blocks are broken up and distributed across all drives in array
with error checking.
Disk Striping w/ ECC stored as parity
Data blocks are broken up and distributed across all
s in array with one drive dedicated to storing parity data.
Disk Striping with large blocks
Complete blocks of data are distributed across all drives in the
Disk Striping with parity
Distributes data and parity information acr
oss all disks in the array.
The data and the
arity information are arranged so they are always on separate disks. A parity stripe block
exists for each row across the disk. The parity stripe is used for disk reconstru
ction in case of a failed disk.
ts a minimum of three disks and a maximum of thirty
Windows NT supports RAID Levels 0, 1, and 5.
Automatically adds sector
recovery capabilities to the files system while the computer
is running. Available when using RAID method
s. Only available with SCSI drives.
12. Upgrading the network
To upgrade a network to 100 mbps Ethernet, you must perform the following:
Upgrade all hubs to switches or 100 mbps hubs.
Upgrade the wiring to CAT 5 UTP/STP.
Upgrade all network c
ards to 100 mbps.
13. Reliable Packet Delivery
Methods and Checks
you add an additional BIT to both ends
CRC (Cyclical Redundancy Check)
Error Detection and Correction
is the signal sent by recvg n
ode to slow down transmission of data from sender
14. TCP Command Line Utilities
Arp.exe is used to resolve an IP address to its hardware (MAC address). Local Arp cache is checked first
before initiating an ARP request broadcast
View the contents of the local ARP cache table
Add a static Arp entry for frequent accessed hosts
Delete a entry
The ipconfig is a command line tool for NT that shows how the computer's IP stack is
Extra information is revealed; IP host name, DNS, WINS server
If DHCP is enabled, you release the lease with this switch.
The renew switch will update and renew DHCP lease information from the DHCP Server.
inipcfg is a GUI version for ipconfig
The netstat tool displays protocol statistics and the state of current TCP/IP connections
Displays protocol statistics and current TCP/IP network connections.
p proto] [
a Displays all connections and listening ports.
e Displays Ethernet statistics. This may be combined with the
n Displays addresses and port numbers in numeri
p proto Shows connections for the protocol specified by proto; proto may be TCP or UDP. If used with the
s option to display per
protocol statistics, proto may be TCP, UDP, or IP.
r Displays the routing table.
protocol statistics. By default, statistics are
hown for TCP, UDP and IP; the
may be used to specify a subset of the default.
interval Redisplays selected statistics, pausing interval seconds between each display. Press CTRL
stop redisplaying statistics. If omitted, netstat will print the current
configuration information once.
nbtstat The nbtstat checks the state of NetBIOS over TCP/IP connections and returns NetBIOS session and
name resolution statistics. This tool c
an also be used to update the local NetBIOS name cache.
Displays protocol statistics and current TCP/IP connections using NBT(NetBIOS over TCP/IP).
a RemoteName] [
A IP address] [
s] [S] [interval] ]
a (adapter status)
Lists the remote machine's name table given its name
A (Adapter status)
Lists the remote machine's name table given its IP address.
Lists the remote name cache including the IP addresses
Lists local N
Lists names resolved by broadcast and via WINS
Purges and reloads the remote cache name table
Lists sessions table with the destination IP addresses
Lists sessions table converting destination IP addresses to host names via the hosts
Remote host machine name.
Dotted decimal representation of the IP address.
Redisplays selected statistics, p
ausing interval seconds between each display.
Press Ctrl+C to stop redisplaying statistics.
Note: Netstat works for TCP/IP connections, and Nbtstat works for NetBIOS connections.
nslookup The Nslookup tool is used to trace DNS queries from start to fini
Ping.exe verifies configurations and tests connectivity
If you can ping a hostname but cannot connect to a
share point in Explorer, then the LMHOST file does not have an entry
for that hostname or WINS is not working.
Conversely, if you CAN connect to a share in Explorer yet cannot ping the hostname, then either the HOST file
entry is wrong or DNS is not working.
problems are due to problems with WINS or LMHOST file.
problems are due to HOST file errors or DNS server problems.
The tracert tool shows the route a packet will take over a network from one computer to another.
NTP(network time prot) 1723
PPTP (Microsoft VPN)
16. Address Classes:
22.214.171.124 network is reserved for “loopback” testing of the TCP/IP Stack within your system.
Class D is used for Multicast
Class E is reserved for experimental purposes
17. Routing Algorithms
Only allows f
or up to 15 routers in a network
Transfers its entire table to its neighbors
translates the WHOLE table
adds 6 diff metrics over RIP
a. Larger metrics
b. Allows for thousands of routers (actually 65,5
c. “Helo” packerts every 30 seconds
d. Rapds convergence
18. Data Link Protocols for Point to Point Links
SLIP (Serial Line IP)
Support ONLY IP (not IPX)
not much else
PPP (Point to Point Protocol)
has error detection
Successor to SLIP. Uses a serial connection
Used for dial
in and high speed routers
HDLC (High Level Data Link)
Default protocol for serical links on Cisco routers
NAT is a router function which enables hosts on a private network to communicate w
ith hosts on internet. Used
for pooling of addresses. The “duh” of it all says that it connects multiple computers to other IP networks using
only ONE single IP address.
5 segments, 4 repeaters and 3 nodes
Default gateway itself
Always REMEMBER: “If it’s broke, it’s probably DNS”
filtering firewalls (transparent , cost
effective, no user authentication
application based firewalls (clients do not c
onnect directly to outside network, has user authen, all transaction
however this is not cost effective for small networks
REMEMBER: a packet filtering firewall looks at the source address AND the port number of a packet
20. VPN and Tunneling
combines PPP from Microsoft and L2F from Cisco. Uses LNS and LAC
enables remote users to log in to a secure server. It will seem like the network is accessed by local
means since it hides the routing and switching process from users
. Provides security for file transfer via
IPSec (IP Security)
implemted at Network layer
like SSL and L2TP but does not require IPSec aware
applications. The IPSec SUBprotocols are AH(auth header) and ESP(encapsulating security protocol). I
to authenticate clients and servers IPSec uses and automated key
management system called IKE (internet key
CHAP (challenge handshake authentication
Remote Access Service for Windws NT/2000
The actual VPN protocols are: GRE, L2F,
PPTP, L2TP (used for IPSec), MPPE (used for Windows dial
networks ONLY) and IPSec
you can configure
21. Digital Carrier Services
OPTICAL Carrier Services
Independent Computing Architecture (CITRIX)
Thin client computing. The ICA protocol uses less than 20K. The thin clients connect ot a server and that server
starts the application
executes the app
transfers only the apps interface to the client
Uses a boot ROM to attach to server
Needs a network connection
Emulates complete PC environment
OS is embedded in a ROM
23. Security Protocols
repudiation (spoofing) handled by digital s
Make the distinction between ciphers (arrangement of codes) and codes
which are just 1’s and 0’s
Two types of cryptography, Secure key and PKI
Digital Encrypt in 64k blocks
PK and sessio
uses PKI and SSL
defined as a connection from a client to an endpoint
SSL is the main protocol that uses sockets. Runs at network layer
SSL is NOT and encryption method
it IS a security PROTOCOL
SSL uses BOTH public
key and secret
Tunnels are actually big sockets
Has two sub
protocols: SSL record protocol and SSL handshake protocol
uses a ticketing system
24. Network Operating Systems
Two types :Client/Server and Peer to Peer
Windows and Linux can operate
as Peer to Peer but Netware cannot
all NOS use Administrator, root (or superuser) to signifiy Admin users
Directory services and X.500
the X.500 Dir Services is called the global white pages
NetWare ALERT: netware is a network oper
ating systems ONLY
it has NO client version EXAM tip
Multiprocessor kernel, NLM’s (netware loadable modules), PCI Hotplus
Netware 3.x has a bindery feature
a big database, which ea user needed a login for EACH server!
NetWare PROTOCOLS: IPX (inter
network packet exchange) similair to IP in that it is connectionless
and SPX(sequenced packert exchange) similair to TCP in that it is connectioned oriented
EXAM Netware File Attirbutes: Archive(A), Execute Only(X), Hidden (H), Read
Multipupose operating system meaning it is considered both a client and a network operating
It has protected multitasking, POSIX (portable operating system interface) compliance, shell interface, suppo
for dumb terminals
EXAM tip: versions f UNIX: HP
UX, AIX, Solaris, IRIX, Redhat, Slackware, SuSE, Debian GNU
UNIX Basics (EXAM tip)
root user is all powerful. U is user who owns, g is group, r read access, w is write
access and x is execution permissi
on. So basically if you have RWX it grants permission to do everything.
UNIX protocols: UDP, ICMP, NIS, LDAP
25. Network Implementation
Domains and Controllers: Windows uses an organizational concept called domains to spearate
members of a ne
twork, including users, printers and servers. Domain organization is logical, the physical
location DOESN’T matter.
It involves PDC’s and BDC’s (primary and backup domain controllers)
The PDC stores the SAM (Security Accounts Manager)
irectory becomes available which can handle parent/child domain
AD sets trust relationships
Apple abandon AppleTalk after Mac OS8 in favor of TCP/IP
VLANS 802.1q: A logical LAN within a physical LAN
Benefits and Basics
olated by groups
Can overlap one another
Three Major Types of VLANS
based VLANS (if a repeater is installed in any place it segments by repeater
based VLANS (routed by MAC address
based VLANS (Layer 3 Based)
The IEEE 802.1q stand
ard defines VLAN’s using explicit technology rather than implicit. Meaning, that explicit
VLAN’s are either port
based or protocol based (NOT Mac
Network Attached Storage
be able to note the main characteristics.
TAPE: DAT (Digital A
udio), DLT (Digital Linear), DDS (Digital Data Sortage)
Storage Controller Interfaces:
a. IDE (Integrated Data Environment) slave/master dive relationship,
b. SCSI (higher transfer rates than IDE). Note that SCSI has tweo possible types of terminators
(Passive and Active)
Fiber Channel (faster than SCSI has transfer rates up to 4gbps)
1. Benefits of NAS:
platforms file sharing, Easy backups (using RAID
and NAS can support at least RAID 5)
How NAS operates:
a. Operates on client/server premise
access granted via Ethernet
b. NAS devices are usually hard disks using SCSI
26. Data Availability
Fault tolerance concepts
Load balancing: one way is to route each request to a different, identicial server host address in a DNS table
n time between failures
Redundant Array of Inexpensive Disks
Parity: a bit in the data to determine if it is corrupt
Striping: basically a way of partitioning raid disks into what appears to be the operating systems as on logical
IPED data is written in order and NOT randomly
Disk duplexing: also known as AKA RAID 1 involves storing (“mirrored”) data on not just diff disks BUT also on
RAID 1 = duplexing, RAID 2 = striping with error correction(rearely used
striping with Parity on a
single drive, RAID 4 = block by block on multiple drives and RAID 5 = striping with parity AND supported by
EXAM tip: When trying to remember how many disk with each RAID just remember that RAID 3 is the FIRST
lass that requires 3 disks
all others above it also require at least 3 and the ones below it require two
27. Configuring Remote Connectivity
RAS Connection methods:
SLIP (mainly used with UNIX) does require a static IP
Microsoft RAS protocol
on: RAS uses CHAP
CHAP uses MD5 (message diget) for Hash
Installing and Configuring RAS
Hardware req’d: NIC with NDIS driver, Modem,
If you need more than 254 addresses you’ll need to span across subnets
You can configure up to 16,384 ports
L2F encapsulates packets into PPP b/4 transmitting them
Remember that PAP just send stuff in cleartext so is is pretty USELESS
Remember that netsh ras add registeredserver is the COMMAND to addRAS and IAS to Windows Active
Firewalls, Proxy Ser
vers and Security
Methods: Packet filters (low security), Application Gateways (aka proxy server firewalls
good security), circuit
level (poorest security) and Stateful Inspection(good security)
A note on Stateful
it keeps a state
table of connections
whereby it monitors the state of a TCP connection and
allows traffic accordingly
One of the more popular proxy servers is Wingate and the other (for Linus) is
28. Network Configuration Settin
DLC (data Link Control : for printers), NetBEUI
Windows Internet Naming Service (WINS)
used with Microsoft NetBIOS. Enables clients to register NetBIOS
names at startup, and request name resolution
it is a hierarchical naming system. Resolves hotnames to an IP address
automagically assigns IP addresses and cal also provide the addresses of routers, WINS servers, DNS
servers , etc
Uses a form of BOOTP (BOOTPAS protocol)
29. Private IP address
these are not routable addresses thru the Internet
Network Files System
this command kills the running process on the computer
Can configure it for both IP and IPX
(gateway services for Netware) enables Win NT/2000
.Troubleshooting by Topology
Ring: one error can bring down the entire ring
Star: the main error issues reside in cabling
Bus: must ensure that cabl
e is properly terminated if a computer/device i
s brought out of the network.
Assigning IP addresses
1. All devices on subnet must have the same Network ID
2. Node ID’s on local subnet must be unique
3. 127.0.0.1 is
4. Node addresses cannot be all 1’s or 0’s
What is masking used for?
It masks what you don’t want to touch (if you have a car, you “mask” the chrome to avoid painting it)
If a user tells you the IP address without the subnet you have nothing
local or remote addresses