Product
HiroNewf / Network-Plus-Notes
Code
Issues
Pull requests
Solutions
Open Source
Pricing
Sign in
Search
Public
Notifications
Actions
main
Sign up
Projects
Security
Insights
Network-Plus-Notes / README.md
Go to file
HiroNewf Update README.md
Latest commit 887366f on Jun 17, 2022
1 contributor
2610 lines (2431 sloc)
122 KB
Raw
Blame
Github Pages Version
https://hironewf.github.io/Network-Plus-Notes/ I think this version is more visually pleasing but the table of contents will not work properly
when using the github pages version.
Table of contents
The table of contents will take you right to the section you click on and the links for the headers of each section will take you to the Professor
Messer video for that section. This probably isn't really going to help anyone else because it is for the 007 version of Network+ but it is here
anyways
Also there are some spelling errors that I will try and fix soon, but I can't be bothered too right now. On top of that at times you will find that I
never typed the spelled out version for a certain acronym, this is either because I already knew the spelled out version or because I didn't feel
like it was all that important to write down. Perhaps at some points I will go through this again and add all of the spelled out versions, but that
is not important to me right now.
1.0 Networking Concepts (23% of the exam)
1.1 Introduction to IP
1.1 Common Ports
1.2 Understand the OSI Model
1.3 Introduction to Ethernet
1.3 Network Switching Overview
1.3 Broadcast and Collision Domains
1.3 Unicasts, Broadcasts and Multicasts
1.3 Protocol Data Units
1.3 Network Segmentation
1.3 Spanning Tree Protocol
1.3 Switch Interface Properties
1.3 Static and Dynamic Routing
1.3 IGP and EGP
1.3 Dynamic Routing Protocols
1.3 IPv4 and IPv6 Addressing
1.3 Configuring IPv6
1.3 Prioritizing Traffic
1.3 Network Address Translation
1.3 Access Control Lists
1.3 Circuit Switching and Packet Switching
1.3 Software Defined Networking
1.4 Binary Math
1.4 IPv4 Addresses
1.4 Classful Subnetting
1.4 IPv4 Subnet Masks
1.4 IPv6 Subnet Masks
1.4 Calculating IPv4 Subnets and Hosts
1.4 Seven Second Subnetting
1.4 Assigning IPv4 Addresses
1.4 Assigning IPv6 Addresses
1.5 Network Topologies
1.5 Common Network Types
1.5 Internet Of Things Topologies
1.6 Wireless Standards
1.6 Cellular Network Standards
1.6 Wireless Network Topologies
1.7 Cloud Services and Delivery Models
1.8 An Overview of DNS
1.8 DNS Record Types
1.8 DHCP Addressing Overview
1.8 Configuring DHCP
1.8 An Overview of NTP
2.0 Infrastructure (18% of the exam)
2.1 Copper Cabling
2.1 Copper Connectors
2.1 Optical Fiber
2.1 Optical Fiber Connectors
2.1 Copper Termination Standards
2.1 Network Termination Points
2.1 Network Transceivers
2.1 Ethernet Standards
2.2 Networking Devices
2.3 Advanced Networking Devices
2.4 Virtual Networking
2.4 Network Storage
2.5 WAN Services
2.5 WAN Transmission Mediums
2.5 WAN Technolgies
2.5 WAN Termination
3.0 Network Operations (17% of the exam)
3.1 Network Documentation
3.2 Availability Concepts
3.2 Power Management
3.2 Backup and Recovery
3.3 Process Monitoring
3.3 Event Management
3.3 Performance Metrics
3.4 Remote Access
3.5 Policies and Best Practices
4.0 Network Security (20% of the exam)
4.1 Physical Security
4.2 Authorization, Authentication, and Accounting
4.2 Multi-factor Authentication
4.2 Access Control
4.3 Wireless Encryption
4.3 Wireless Authentication and Security
4.4 Denial of Service
4.4 Social Engineering
4.4 Insider Threats
4.4 Loigc Bombs
4.4 Rogue Access Points
4.4 Wardriving
4.4 Phishing
4.4 Ransomware
4.4 DNS Poisoning
4.4 Spoofing
4.4 Wireless Deauthentication
4.4 Brute Force Attacks
4.4 VLAN Hopping
4.4 Man-In-The_Middle
4.4 Vulnerabilities and Exploits
4.5 Device Hardening
4.6 Mitigation Techniques
4.6 Switch Port Protection
4.6 Network Segmentation
5.0 Network Troubleshooting and Tools (22% of the exam)
5.1 Network Troubleshooting Methodology
5.2 Hardware Tools
5.2 Software Tools
5.2 Command Line Tools
5.3 Wired Network Troubleshooting
5.4 Wireless Network Troubleshooting
5.5 Network Service Troubleshooting
1.0
Introduction to IP
TCP and UDP for moving data across the network
Frames have many things inside them including headers and data
Lots of encapsulation when getting a frame ready to move across the network
TCP is layer 4
Uses the TCP handshake
A connection based protocol
Good when you need to make sure you get all of the data
UDP is layer 4
Does not verify that data has been received
Faster but less reliable (Connection less protocol)
Good for real time purposes like voice/video calls, ect
IP addresses and port numbers is what is used so the routers and other devices know where to direct the frame/data so that the right
person may get their information
Many different applications have their own ports
SHH - 22
HTTPS 443
ect
All of this routing data like source and destination IP and ports will be stored in the frame
0-1023 are permanent port numbers while 1,024-65535 are non permanent port numbers
TCP ports and UDP ports are different things
ICMP (Internet Control Message Protocol)
Used to check in and see if a device is functioning properly
Admin use mainly
Also can be used for devices to alert others when they are not working properly
Could alert that a packet timed out and did not reach its destination
Common Ports
Telnet TCP 23
Remote login via console
Not encrypted so not at all secure
Not used often
SHH TCP 22
Encrypted remote login via console
Better than Telnet
DNS UDP 53
Converts names of websites to IP addresses
Very important, if they aren’t working they whole network will have trouble
SMTP TCP 25
Server to server email transfer
Send from a device to a mail server
SFTP TCP 22
Uses SSH to make secure file transfer
Full featured file transfer protocol
FTP TCP 20 (active mode data) TCP 21 (Control)
An unencrypted file transfer protocol
Username and password needed
Full featured
TFTP TCP 69
No authentication or encryption
Just read and write files, very basic
DHCP UDP 67 and UDP 68
Automatically configures IP address, default gateway, subnet mask, ect
DHCP could be stand alone or more commonly for houses in the router
There is a lease time for IP addresses, you only get it for a certain amount of time
Reservations can make it so certain devices always get the same IP addresses
HTTP TCP 80
Unencrypted protocol commonly used via a browser
HTTPS 443
Encrypted browser protocol
SNMP UDP 161
Managing network devices, gathering logs and statistics from the devices
V1 & V2 not encrypted, V3 is encrypted, has integrity, authentication and authorization
RDP TCP 3389
Remotely share a desktop (or just an application)
Common for Windows
Can use other OS for this as well
NTP UDP 123
Sync all the clocks
Very accurate
SIP TCP 5060-5061
Voice over IP
Setups up and ends calls
Adds features as well
SMB also called CIFS, TCP 445
Used by Windows
Files sharing, printer sharing, ect
POP3 TCP 110
Receive emails from a mail server
Basic
IMAP4 TCP 143
More common today
Receive emails from a mail server
More features than POP3
LDAP TCP 389
Directory access protocol
Store and retrieve info in a network directory
LDAPS TCP 636
LDAP but over SSL, so secure
H.323 TCP 1720
Another VoIP signaling protocol
Call, ring, hangup
Early VoIP protocol, but still used quite a lot today
Understanding the OSI Model
Open Systems Interconnection Reference Model
7 Layers
Layer 7 Application (The layer we see, HTTP, FTP, POP3, ect)
Layer 6 Presentation (encoding and encryption, often combined with layer 7)
Layer 5 Session (Communication management between devices, control protocols and tunneling protocols)
Layer 4 Transport (TCP, UDP, ect)
Layer 3 Network (Routing layer, routers, IP, Packets, Layer 3 switches, frame fragmentation)
Frame fragmentation is when you break a frame into smaller pieces so the data can be sent across the network
Layer 2 Data Link (MAC, Frames, Switches, Bridges)
Layer 1 Physical (Signaling, cabling, connectors, hubs, bits, ect)
Certain protocols and processes exist at each layer
Packet capture tools like Wireshark are where you really start to see OSI model in the real world
Introduction to Ethernet
Enterprise networks have the same base functionality as a home network
There is just a ton more data and hardware
May even be many buildings connected to each other
MAC addresses
Physical unique address
48 bits long, displayed in hexadecimal
First half is the Organizationally Unique Identifier (the manufacturer)
Second half is Network Interface Controller Specific (serial number)
Half duplex
Cannot send and receive at the same time (like hubs or switches if configured as so)
Prone to collisions
CSMA/CD Can tell when there is a collision and wait a random amount of time before continuing to send data
CSMA/CD can see if any data is currently being transmitted or if the case is clear
Full duplex
Can send and receive at the same time
Need to make sure the switch and devices support full duplex
Much more intelligent in many ways (Knows where the data needs to go instead of just sending it to everyone on the network)
CSMA/CA
Collision Avoidance, like CD but for wireless networks
Can’t hear the other devices so they will ask if the network is in the clear before sending data
Network Switching Overview
The switch is much smarter than the hub
Forward or drop frames based on the MAC addresses
Has a table MAC addresses
Keeping the environment loop free with STP
Frame switching
Has a table of MAC addresses to output interface
Only knows the next step, just keeps passing the packet on until it gets to its location or its TTL expires
Always adding to its table when it comes across something new
If it doesn’t know where to send the data it floods the data to all of the devices
When the data finds the right person the switch gets a response and adds the information to it’s table
ARP
Determine MAC address based on a IP address
Can be captured with a packet capture tool
arp -a to view the arp table on your computer
Broadcast Domains and Collision Domains
Collision domains CSMA/CD
Hard to find these days because of full duplex
Only one station can talk at a time
The collision domains are separated by switches
Broadcast domains
There are some cases where you need to broadcast something (a necessary evil)
Broadcasts can go through switches and bridges but they stop at a router
Unicasts, Broadcasts, and Multicast
Unicast = one to one (most common, HTTPS, FTP, IMAP3, ect)
Multicast = one to many (things like live voice calls with many people, streams, ect)
Broadcast = one to all (arp requests, routing updates, ect)
Protocol Data Units
Unit of transmission (Frame, packet, bits, TCP, UDP, ect)
Lots of headers are needed so each devices service can see the information they need
Frame are encapsulated in headers as they move down the OSI model and de-encapsulated as they move back up the OSI model
when they reach their destination
MTU
Maximum size of a IP packet that you can transmit
All devices need be able to support the MTU that you have set
A high MTU can greatly increase speeds
1500 bytes is the standard MTU for IP packets
Some of this packet is the headers not all of it is your payload (only 1472 bytes is the payload)
If the DF bit is set it means that the data cannot be fragmented
Network Segmentation
LANs = Local Area Network
Virtual LANs
Separated logically instead of physically
Can have many on a single switch (or use many switches)
You could run a cable for each VLAN when connecting switches in order to keep the traffic separate or you could use one cable
for all of the VLANs with VLAN trunking
This is known as a 802.1Q trunk, it adds a header to the frame that notes what VLAN the traffic came from so that it can be
routed, once it reaches the end of the trunk the header is removed and the frame is forwarded to the correct VLAN
Spanning Tree Protocol
Used to prevent loops in networks
Loops will easily overwhelm your network so you need to stop them from happening
802.1D standard
There are a few port states for ports using STP
Blocking = not forwarding to prevent a loop
Listening = not forwarding and cleaning the MAC table
Learning = not forwarding and adding to the MAC table
Forwarding = data passes through
Disable = admin turned off the port
Root switch
One per network
STP will label ports as “root port” if that is the way to get to the root switch
The designated ports are the other ports that lead to other spots in the network
Blocked ports are well closed ports that traffic cannot go through
STP may make a route to a certain device a little bit longer, but this is worth it
STP can automatically change the port states if a device fails and you need a new path to get somewhere
RSTP is 802.1W
Faster than STP
Backwards compatible
Switch Interface Properties
Speed and duplex settings
The most basic settings you need to config or have config automatically
IP addresses may also be needed
Switches need to be assigned a VLAN as well
Trunk interfaces need to be config-ed too
DMZ Demilitarized zone
Between the internet and your intranet
Security
POE (802.3af)
Ethernet and power in one cable
Endspans is what you call a switch with built in POE
Midpsans is what you call it when you use a power injector with your switch for POE
Mode A = POE on the wires that are used for data
Mode B = POE on unused wires
15.4 watts DC power
Max current of 350 mA
POE+ (802.3at)
Improved POE
25.5 watts DC power
Max current of 600 mA
Port mirroring
Connect a monitoring device so you can copy what is happening on the device (switch) and send a copy to your device
Static and Dynamic Routing
Each router only knows the next step
Routing table tells them where to send packets
Static routing
Manually add the routes
Good for small networks / bad for large networks
More secure
No overhead for routing protocols
Easy to mess up and make a loop
Have to manually update routes when there is a change
Dynamic routing
Routing tables are updated automatically in almost real time
Good for large and complicated networks
Has some router overhead
Still has some initial configuration that is needed
Default route
The way of last resort
Great when there is only one way in and out of the network
Can make things a lot simpler depending on your network
IGP and EGP
AS
Autonomous System
A network of nearly any size with a single routing policy
Within your control
IGP
Used within a single AS
IPv4 dynamic routing
OSPFv2 (Open shortest path first)
RIPv2 (Routing information protocol version 2)
EIGRP (Enhanced interior gateway routing protocol)
IPv6 dynamic routing
OSPFv3
EIGRP for IPv6
RIPng (RIP next gen)
EGP
Used for routing between AS
BGP (Border gateway protocol
Very common
Dynamic Routing Protocols
Automatically communicate between routers so they are always updating their routing tables
Needs a formula to determine the best routes
Distance vectoring routing protocols
How many “hops” (number of routers) away is another network
Does not care about the speed of the link only the distance
Very little config as it is quite simple
Not great for large networks
Many different protocols use this
RIP
RIPv2
EIGRP
Link-state routing protocols
Care more for the speed of the link than the distance
A ton better for large networks
OSPF (very common for large networks)
Hybrid routing protocols
Combining Link state and distance vectoring
BGP
IPv4 and IPv6 Addressing
Every device needs an IP address
Subnet mask is also needed
Subnet masks tells you which part of the IP address is the network ID and which part is the host ID
IPv4 address
32 bits / 4 bytes / 4 octets long
Lowest number is 0 highest is 255
IPv6 address
128 bit / 16 bytes / 16 octets long
Displayed in hexadecimal
Hard to memorize this type of addresses so DNS is even more important
IPv6 can be shortened
Leading 0’s are optional
Groups of 0’s can be replaced with :: (but only once per address)
So 2001:0000:0000:CD30:0000:0000:0000:0000
is now 2001:0:0:CD30::
Configuring IPv6
Dual-stack routing
v4 and v6 in one network (Have both types of addresses for a single device)
Most modern networks can understand both versions of IP
Tunneling IPv6
6to4 addressing
Can send IPv6 between devices that have a IPv4 connection
No NAT support
Needs relay routers
4in6 tunneling
V4 tunneled in a v6 network
Teredo/Miredo tunnel
IPv6 through IPv4
No special hardware needed
Teredo is Microsoft | Miredo is Linux, Mac OS, ect (Open Source)
NDP (Neighbor Discovery Protocol)
Sends multicast with ICMPv6
Replaced IPv4 ARP
Finds other devices MAC addresses
SLAAC - automatically config IP address without DHCP servers
DAD - No duplicate IPs
Discover routers with RS and RA
NS and NA
NS = Neighbor Solicitation
Sent as a multicast
One workstation searching for the MAC of another workstation
NA = Neighbor advertisement
The response to a NS with the needed info
Prioritizing Traffic
Many different apps and devices with many different requirements
Some types of traffic are more important than others
Packet Shaping
Control bandwidth and data rates
Some apps have higher priority
QoS
The process of controlling traffic flows
Many different methods
CoS
Layer 2
In a 802.1Q trunk
DiffServ
Layer 3
QoS is set in the IPv4 header
Network Address Translation
All of the IPv4 addresses are used up
Private IP addresses
For inside a Intranet only
Not rout-able across the internet
These are the private addresses range
10.0.0.0-10.255.255.255
172.16.0.0-172.31.255.255
192.169.0.0-192.168.255.255
NAT changes these private addresses into public addresses (The routers own address which is rout-able across the internet)
Each router directly connected to the internet has its own IPv4 address
Port numbers are used so the router can tell where on the intranet to send internet traffic (Since it can’t use IP addresses due to the
changes being made to them)
Port forwarding
Someone on the outside gets access to the inside of your network
Maps External IP and port number to an internal IP and port number
Also known as Static NAT or Destination NAT
Does not timeout or expire
Access Control Lists
Allow or deny traffic
Commonly sits on the outer limits of the network where traffic is going in and out
Can evaluate on many different types of criteria
Source IP, Destination IP, Port numbers, ICMP, time of day, application, ect
Works from top to bottom
Looks at first rule to see if there is a match there if not it keeps moving down the list of rules
Most specific rules tend to be at the top
At the bottom tends to be a implicit deny rule
If it matches no other rules than it is denied and can’t come through
Circuit Switching and Packet Switching
Circuit switching
Circuit is established before data passes through
Nobody else can use it when it is idle
Not an efficient use of resources
Connection is always there and it is all yours
Examples
POTS (Plain Old Telephone Service)
T1, T3, E1, and E3
ISDN
Packet Switching
Grouping data into packets and sending it across a network
The media is shared
If you aren’t using it, someone else is
More efficient
Examples
SONET
ATM
DSL
Frame Relay
MPLS
Cable Modem
Satellite
Wireless
Software-Defined Networking
Control Plane
Administration and ongoing servicing
Data plane
Transferring data
Directly programmable
Make changes at any time (Dynamically if needed)
Centrally managed
Vendor neutral
Virtualize things with distributed switching
Servers can be far away from each other while on the same VLAN
Don't need to worry about moving the servers
Binary Math
This is kinda hard to write out without any charts or something but here we go
All 0’s and 1’s
Each digit is a bit
8 bits is a byte/octet
Each bit represents a number
0 means that digit is not included in the number while 1 means that digit is included in the number
00000000
128 64 32 16 8 4 2 1
Every time there is a 0 bring down a 0 every time there is a 1 bring down the number associated with the bit then add them all together
So for 10010100
We have 3 1’s in this binary and they are associated with the numbers 128, 16, and 4
So if we simply add all 3 of those numbers together we get 148
This can be done in reverse so say we have 186 and needed to make it in binary
First we ask if there is a 128? if so the first number is a 1 (we also now subtract 128 from 186 to get 58)
Now we ask if there is 64 in the remaining number of 58 - there is not so that is a 0
Next is 32 which there is so that is 1 and now we have 26 left
Next is 16 which there is so that is also a 1 and we have 10 left
Next is 8 which there again is so that is 1 and we have 2 left
There is no 4 so that is a 0
There is a 2 so that is a 1 and now we have 0 Left
So this is now 0
In the end we have 10111010 = 186
IPv4 Addresses
Every device needs one | like 182.23.46.2
Also need a subnet mask like 255.255.0.0 or 255.240.0.0
Default gateway is needed to talk outside of the local subnet
Loopback address is a way to send traffic to yourself
127.0.0.1-127.255.255.254
Reserved addresses are set aside for future use
240.0.0.1-255.255.255.254
Virtual IP addresses
Not for a physical device
Classful Subnetting
Class A
Leading bits of 1-126
8 network bits and 24 remaining bits
like 255.0.0.0
Class B
Leading bits of 128-191
16 network bits and 16 remaining bits
255.255.0.0
Class C
Leading bits of 192-223
24 network bits and 8 remaining bits
Class D (Multicast)
Leading bits of 224-239
Nothing else is defined for class D
Class E (reserved)
Leading bits of 240-254
Nothing else is defined for class E
For each subnet there are host addresses, network address and broadcast address
The first address in a subnet is the host address
The last address in a subnet is the broadcast address
All of the other addresses are host addresses
For actually calculating all of these addresses scroll down to the 7 second subnetting section (I will add it soon)
IPv4 Subnet Masks
Subnet masks could be written in binary with ones all lined up on the left and zeros all on the right
Something like 11111111.11111111.0.0 or 255.255.0.0 or /16
Or 11111111.11100000.00000000.00000000 or 255.224.0.0 or /11
These / followed by a number are the CIDR notation, it is a way to display what the subnet mask is
just simply used Professor Messer’s chart for converting between CIDR notions, binary and decimal for the subnet masks and I am too lazy
to make my own chart ATM so nothing goes here
IPv6 Subnet Masks
IANA (Internet Assigned Numbers Authority provides addresses to RIRs (Regional Internet Registries
RIRs assign smaller blocks to ISps (Internet Service Providers)
Then that provider will give you a /48 subnet
First 48 bits is the Global Routing Prefix
The next 16 bits tend to be the different subnets
Those 16 bits give you 65,536 total subnets
The last 64 bits tend to be Host ID’s on that subnet
Those 64 bits give you about 18 million trillion hosts per subnet (So much more than the total IPv4 address range)
So all in all this is quite similar to how subnet masks for IPv4 work there is just so many more subnets and host addresses to work with
Calculating IPv4 Subnets and Hosts
VLSM (Variable Length Subnet Masks)
Allows network admins to define their own subnets (not classful)
So many more options and flexibility comes from this
2 to the power of the number of subnet bits you have would allow you to calculate the total numbers of subnets you have
2 to the power of the number of host bits that you have would allow you to calculate the total numbers of hosts you have per subnet
(make sure to subtract 2 from that number for the network address and broadcast address)
Look at the first number of the IPv4 address to see what range it is in (Class A, B, ect) and that will tell you have many bits are the network
ID in this case lets say is Class A, so 8 network bits, then you look at your CIDR notation and see it is for example /24 meaning there are still
16 bits left that are not host IDs but indeed subnet ID’s. The remaining 8 bits are then your hosts ID’s, this is how you get your numbers for
the for the equations above
Seven Second Subnetting
Assigning IPv4 Addresses
This used to be completely manual
BOOTP
Automatically define some things but not everything
Didn’t know when leases were up
DHCP
Automatically configured most settings and works with nearly every device
Your IP will expire and you will get a new one every now and then
But you can set it so you always have the same IP if you desire
A DHCP reservation where you tie a MAC address to a IP address
APIPA
When you use DHCP but no address is available you can use a link local address to communicate within your subnet
169.254.0.1-169.254.255.254
First and last 256 addresses are reserved
Your device will pick a link-local address then send an ARP request to make sure that said address is not in use by anyone else, then it
assigns it to itself if it is available
Assigning IPv6 Addresses
DHCPv6
Every device already has a link-local address without the need for DHCP
So your DHCP request can be sent with multicast instead of broadcast
Process of getting an address is a lot like IPv4
Solicit | Advertise | Request | Reply
A static IP address with a modified EUI-64 (64 bits)
A modified MAC address (48 bits)
To make this address first split the MAC address in half
Now place FFFE in the middle of the MAC address (the missing 16 bits)
Now invert the 7th bit (The U/L bit aka the Universal/local bit)
This is the second character in the address and it switches like so (They work both ways to while 1 will become a 3, if you
simply started with a 3 that will then be a 1)
0 to 2 | 1 to 3 | 4 to 6 | 5 to 7 | 8 to A | 9 to B | C to E | D to F
Examples
MAC of 8c:2d:aa:4b:98:a7 to EUI-64 of 8e2d:aaff:fe4b:98a7
MAC of a0:21:b7:63:40:3f to EUI-64 of a221:b7ff:fe63:403f
Network Topologies
Physical network map
All of the physical devices and cable connections
Physical maps of the racks and the components inside them
Logical network map
For virtual devices or high level overview of the network
Visio, OmniGraffle, Gliffy.com
Good for planning and sharing with 3rd parties
Star network
A switch in the middle with everything connected to that switch
Ring network
All of the devices are connected to each other in a ring form
Used in MANs and WANs
Sometimes you have 2 rings for fault tolerance
Mesh network
Many redundant links, sometimes all of the devices are connected to all of the other devices
Redundant, fault tolerant, load balancing
Used in WANs
Bus network
Single cable with every device connected to that cable
Easy to implement, very horrible for fault tolerance
CAN (in your car) is a modern bus network
Wireless Topologies
Infrastructure
All devices communicate through an AP
Most common
Ad hoc networking
No pre existing hardware
Just configure both devices to communicate directly with each other
Mesh
Ad hoc devices working together to create a mesh “cloud”
Self form and self heal
Common Network Types
LAN = local area network
A single building, group of buildings, ect
High speed and small
WLAN = Wireless local area network
Same thing as LAN but wireless
Can be extended with more AP’s
MAN = metropolitan area network
Between the side of a LAN and a WAN
Size of like a city or something
Often owned by governments
WAN = Wide area network
Spanning around the globe
Tends to be slower in speeds
CAN = Campus Area network
Many buildings owned by a company or a college | group of buildings close to each other
LAN technologies are very high speed (many times fiber)
SAN = Software area network
Looks and feels like a local storage device
Block level access (More efficient)
NAS = Network attached storage
Remote storage device
File level access
PAN = personal area network
Bluetooth, IR, NFC
Common inside a house or car (Audio, Mobile phone, workout/health devices, ect)
Internet of Things Topologies
Wearable tech, home automation, ect
Z-Wave
Mainly for home automation
Control lights, locks, garage doors
Wireless mesh network
ANT / ANT+
Fitness devices, heart monitors, ect
Uses 2.4GHZ so it could be jammed
Optional encryption
Bluetooth
Uses PAN
Wireless headphones, smart phones, smart watches, tethering, ect
NFC (near field communication)
Common on phones
2 way communication (commonly for payments)
Can help with Bluetooth pairing
Could also use it as an access token
IR (Infrared)
Included on phones and much more
Control entertainment center with your phone (most common use case)
RFID (Radio-frequency Identification)
Tracking, access badges, ect
Not usually powered devices
IEEE 802.11 wireless networks
Most common IoT networks
Always being updating
Wireless Standards
802.11a (one of the first standards)
5GHZ range
54 Mbit/s
802.11b (also one of the first standards)
2.4 GHZ range
11 Mbit/s
Better range than 802.11a
More conflict with other devices
802.11g
“upgrade of 802.11b”
2.4GHZ range
54 Mbit/s
Backwards compatible with 802.11b
802.11n
5 or 2.4GHZ range
Much more bandwidth
600 Mbit/s
Uses MIMO (Multiple input multiple output)
802.11ac
5GHZ range
Can use channel bonding for large channel bandwidths
6.8 Gbit/s
Uses 8MU-MIMO
Cellular Network Standards
Separate land into cells
One antenna per cell
2G networks
GSM (Global System for Mobile Communications)
CDMA (Code division multiple access)
Poor data support
GSM
90% of the market for a while (AT&T, Tmobile)
Could move SIM from phone to phone
Uses TDMA (Everyone gets a little slice of time)
Streams are combined into a single stream then broken out again when they reach the location
CDMA
Everyone is using the same frequency, but they have their own code
Verizon and Sprint used this
4G LTE
Converged standard
Based on GSM and EDGE
Downloads of 300Mbit/s for LTE-A (150 Mbit/s for normal LTE)
Wireless Network Technologies
Channels
Not overlapping channels is necessary (When using many AP)
So many more channels with 5GHz
For 2.4 GHz channels 1, 6, and 11 are likely what you will want to use
Different bandwidths are used
802.11a 20MHz
802.11b 22MHz
802.11g 20MHz
802.11n 20 or 40MHz (2 20MHz channels)
802.11ac 40MHz (for 802.11n stations), 80MHz for 802.11ac stations or 160MHz also for 802.11ac
Antennas
802.11n added MIMO which allowed us to send many streams at once on the same frequency
802.11ac improved upon this
This relied on the number of antennas you have
Information is displayed like this (Antennas on the AP) x (antennas on the client): number of streams
Like 2x2:2 or 3x3:2 or 4x4:4
MIMO could still only send to one device at a single time but this all changed with MU-MIMO which can send to many clients at the same
time
Power level controls
Set it as low as you can while still getting the coverage you need
Control the distance covered by your AP or router
Omnidirectional antennas
Most common on AP
Sends the signal in all directions evenly
Directional antenna
Focus the signal
Send the signal from building to building
Yagi antenna
Parabolic antenna
Wireless survey tools
Need to know signal coverage and interference
Many built in tools can help with this as well as 3rd party tools
Spectrum analyzer will give you very detailed information
Cloud Services and Delivery Models
SaaS
On demand software
Nothing is stored locally
Your data is out there, not in your control
Stuff like Google Mail
IaaS
Your provided with the hardware but nothing more
Your data is still in the cloud but you have a bit more control
PaaS
Nothing physical in your environment (OS is not handled by you)
You just handle the development process
Gives you a sandbox to build your own application
Cloud types
Private cloud
Everything is within your control (hardware, software, all of it)
Public cloud
3rd party data server
Hybrid cloud
Both public and private combined
Community cloud
A group of people get together and share a cloud
On-premise
You control everything and it is all owned by you
Hosted
Not in your building, you may not even own the servers
Cloud
More modular (can add and remove resources and data very quickly)
Connecting to the cloud
SSL or TLS for browser access
VPN for a encrypted private way to access your cloud data
Direction connection is the more secure but also the most costly
Cloud policies
Use a CASB for security policies and controls for data on the cloud
Visibility
Make sure the right people are seeing the right things and have the right authority to access things
Compliance
Are you complying with laws and other things
Threat Prevention
Make sure people are authorized
Data Security
Encryption, protect transfers of data with DLP
An Overview of DNS
Translate human readable names into computer readable names
Has a hierarchy
At the top is the .com, .net, .org, ect
Next up is a name like .professor messer or .youtube
Then is the web sever something like www or mail
You could even have another level down lower for certain sections of your website
A huge distributed databases with so many servers and server clusters
You likely need to ask many different servers before you can find the IP address you need
i. Client queries local name server
ii. Local name server queries root server
iii. Root server replies to local name server
iv. Local name server queries .com name server
v. .com name server replies to local name server
vi. Local name server queries ProfessorMesser.com name server
vii. Professermesser.com name server replies to local name server
viii. Local name server gives the client the info and logs the data into a cache
Internal DNS
Managed on internal network and has the internet routing information that you don’t want anyone else to be able to see
External DNS
Like Google or Quad9
Won’t have local information but they can help with external DNS queries
Third-party DNS
Middle ground between internet and external
Good for large environments
Run in the cloud
May have more features compared to internal DNS servers
DNS Record Types
RR (resource records)
Database records of domain name servers
Configure the DNS and the lookups will simply take place in a text file
A or AAAA
Name with an IP address
A for IPv4
AAAA for IPv6
CNAME record
Alias of another name
Make it so www.youtube.com could be just “videos” or something along that line
Service record (SRV)
Find a certain service on the network
find the Windows Domain Controller, or the messing server, or the VoIP controller, ect
Mail exchange record (MX)
Determines the host name for the name server (not IP the NAME)
Name server records (NS)
Points to the name of the name server
Pointer record (PTR)
Reverse of A or AAAA records
You give it an IP and it gives you the name
Text record (TXT)
Human readable information
Likely valuable to 3rd parties viewing your DNS
Things like SPF to prevent mail spoofing
Or DKIM to digitally sign outgoing mail
DHCP Addressing Overview
Starts as a broadcast (Discover message)
Stops at a router of course
Next the DHCP will offer an IP (if it got the broadcast)
If many offers were given (more than one DHCP server) then the computer will pick one and send them a DHCP Request
Finally the DHCP will send an acknowledgment that that said address is now for your computer
Large organizations DHCP
Routers stop the traffic (could config a DHCP relay so that the traffic would not stop at the router but be turned into a unicast and
sent to the DHCP server)
Multiple servers likely needed for redundancy
Ability to scale well is also a good thing to have
IPAM
Manage IP addressing (plan, track and config DHCP)
Reports on all sorts of things
Lots of controls you can use
IPv4 and IPv6 on one console
Configuring DHCP
Scope properties
A list of IP addresses that will be available for a certain subnet
Subnet masks info as well
Lease duration
ect
Pools
Grouping of IP addresses that will be leased out by the DHCP server
Pools are inside the scope (scope if larger and contains other data including the pool)
Dynamic allocations
IP addresses are reclaimed after a lease period
May or may not get the same address each time
Automatic allocations
You will always get the same address (if it can, but since the IP may not be reserved the same IP may not be available for you to have)
Ties IP addresses to MAC addresses
Static Allocations
Admin configs it
Always have the same IP address
Tying the IP to the MAC address
DHCP leases
Temporary IP addresses
You get the IP for a certain amount of time
You could also manually release the IP address if you wanted
T1 timer
When the devices will try to renew the IP address (50% of the lease time)
T2 timer
If the original DHCP server is down it will try to keep the IP address by talking to another DHCP server around (87.5% of the lease
time)
An Overview of NTP
Sync all of the clocks (everything has a clock and syncing them is important)
Automatically happens with NTP
And very accurate as well
You have lots of control on how this will work
May have an NTP server
In charge of the clock for all the devices
NTP client may request the time from the NTP server and get updates for their clocks
Devices could be both a client and a server at once
Stratum layers
Lower is better
The number 0 is the original reference clock
Next closest clock is number 1 (synced to number 0)
2 is synced to 1, ect
May use many NTP servers for redundancy
If there is a choice between which clock to sync yourself with the device will choose to sync with the lowest number
2.0
Copper Cabling
There are twisted pairs inside the cable
One of the signals will be positive and one will be negative
Twist helps to stop interference
The different pairs in the cable will have different twist rates
UTP
UnShielded Twisted pairs (No shielding anywhere)
STP
Shielded twisted pairs (shielding around the whole cable or the individual pairs)
Has a grounding wire
Abbreviations
U = Unshielded
S = Shielded with braided shield
F = Foil shield
(Over cable shielding) / (Individual pairs shielding)TP
Like U/STP (No whole cable shielded but braided shield around each pair)
EIA set a lot of these cabling standards
TIA also set standards as well as ISO/IEC
Cable specs
Cat 3 = 10Base-T at 100m
Cat 5 = 100BASE-TX or 1000BASE-T at 100m
Cat 5e = 100BASE-TX or 1000BASE-T at 100m
Cat 6 = 10GBASE-T at 37-55m
Cat 6a = 10GBASE-T at 100m
Cat 7 = 10GBASE-T at 100m
The plenum
A non circulating air space above the ceiling is a non plenum
If the air ducts go into a shared air space in the ceiling that is a plenum
There are fire regulations for this area
You also need to make sure your cable inside the plenum need to be plenum rated cable
May not be as flexible as other cables
Coaxial cables
Wire conductor right in center with an insulator around that, metal shielding around all of that, and finally a plastic jacket on the
outside
For TV and modems mostly
Copper Connectors
RJ11 connector
Cable (6P2C) for telephones and modems
RJ45 connector
For our Ethernet (8P8C) cable
BNC connector
Commonly used on WAN connections like DX3
Bulky and hard to work with
DB-9 and DB-25
Serial connections
Early on they were used for almost anything
Still today the 9 pin one is sometime used for a console connection
F-connector
Cable televisions or modem
RG-6 cable
Optical Fiber
Communication using light wavelengths (LED or laser)
Over km of distance
No external interference or tapping
You have a core, cladding and coating on a fiber cable
Multi mode fiber
For short distances, 2 km or less (often with an LED)
More than one signal at once
Signal mode fiber
For long distances, up to 100km
More expensive with lazers
UPC
Ultra polished connector
0 degree angle connection
High return loss
APC
Angled polished connector
8 degree angle connection
Lower return loss, little higher insertion loss
Optical Fiber Connectors
ST connector
Straight tip connector
Bayonet connector
Round at the end
SC connector
Subscriber connector
Square connector
Have a plastic key on the side
LC
Lucent connector
Little connector
The connectors are getting smaller and smaller
MT-RJ
Mechanical Transfer Registered Jack
Smallest connector
About the same size as an RJ-45 connector
Copper Termination Standards
Cable tester can verify the termination is done properly
Don't mix and match the cable pin outs on a single cables
T568A
i. White and Green
ii. Green
iii. White and Orange
iv. Blue
v. White and Blue
vi. Orange
vii. White and Brown
viii. Brown
T568B
i. Orange and White
ii. Orange
iii. Green and White
iv. Blue
v. Blue and White
vi. Green
vii. Brown and White
viii. Brown
Straight through cables
Pin 1 is connected to pin 1
2 is connected to 2, ect
Crossover cable
For connecting like devices together
Pin 1 no longer goes to pin one it goes to pin 3
Pin 2 to pin 6, ect
May not need to do the crossover on the physical cable because if your device supports Auto-MDI-X the device can do the crossover
digitally
Does not deal with 568A or 568B standards
Network Termination Points
Patch panels
Take the connections from say office cubicles punching them down then on the other end have a RJ45 connection that goes into your
networking equipment (switch)
If someone changes desk locations you can simply change the small cable length from the patch panel to the switch instead of having
to run a completely new cable
66 block is used for older standards
110 block is more common for modern networks
Wire to wire patch panel
For cat 5 or 6 cables
Distribution panels for fiber
Patch panel at both ends at times
Need to watch the bend radius of the cable
Leave some cable slack for future changes
Network Transceivers
Transmit and receive mostly in a single device
Modular interface
Most often there are two fibers, one for transmit and one for receive
You could also have both transmit and receive in one cable with BiDi transceivers
GBIC
Early standard
Something like an SC connector
Copper and fiber support
Rather large though
SFP
Replaced GBIC for the most part
1G fiber or copper connections
Much smaller form factor
SFP+
Much faster than SFP (16Gib)
QSFP or QSFP+
4 SFP or SFP+ in one connector that is not that much bigger
Crazy speeds
Saves money because there is less fiber and equipment needed
Ethernet Standards
Most of this was already covered in the Copper Cabling video so like hardly anything is here because I am not writing it again
100BASE-T used 2 pairs of wires
1000BASE-T uses all 4 pairs of wires
1000BASE-SX = multi mode fiber of 220-500m distance
1000BASE-LX = Multi mode fiber of 550m or single mode fiber for 5km distances
10GBASE-T = Much higher frequency (500 MHZ)
Networking Devices
Hub
Layer 1
Very basic (Sends data out of every single port because it doesn’t know where it needs to go)
Everything is half duplex
Not efficient at all
Bridge
Basically a switch with 2 ports on (Bridging 2 networks together)
Forwarding decision made via software
Layer 2 device (Forwards based on MAC addresses)
Today's WAPs are bridges (Bridging between Ethernet and wireless networks)
Switch
Layer 2 device
Forwarding decision made in the hardware (ASIC)
Modern ones have many more features such a PoE
Router
Layer 3
Forwarding decisions based on IP addresses
Can connect different types of networks together
Firewall
Layer 4 (Could be layer 3 or 7 as well)
Allows or denies traffic based on certain criteria (TCP/UDP)
Modern firewalls could even look at the application information and see rather or not that would be allowed into the network (Layer 7)
May also be an VPN endpoint
Can proxy traffic
WAP
Not a wireless router (this is just the wireless part)
Layer 2 device
Modem
Converts analog sounds to digital signals
On traditional phone lines
Allow you to POTS as a backup way of communicating if everything else fails
Can be used for internet access if they are ADSL modems
Converting media
Layer 1
Signal conversion (Copper to fiber, or fiber to copper)
Helpful for extending the range of your connection
Almost always a powered device
Wireless range extender
A wireless repeater
VoIP endpoint
Some people still use voice for some reason
Can be used like POTS or on some sort of software like modern phones
Advanced Networking Devices
Multilayer switch
A switch and a router in a single device
Switching still happens at layer 2 and the routing happens at level 3
Wireless networks
Many AP to manage
Security controls
Should be easy for your users
Wireless LAN controllers
Centralized management of all of your WAP’s (on single console)
Make changes to all of the WAP easily
Monitor and reports on the WAP
Balancing the load (Load balancer)
Many servers sharing the load of one task
Used for large scale implementations
Could be used for fault tolerance
The load balancer decides which server will handle which request
TCP offload, SSL off load, caching, and many more features
Prioritizing QoS at times, content switching
IDS
Intrusion detection system
Looking for security events
Will simply alert when it detects something
IPS
Intrusion prevention system
Looking for security event
Will actually prevent the harmful traffic from entering your network
Identification technologies
Signature based
Looking for an exact match
Anomaly based
Build a baseline of what is normal and notify you of anything odd
Behavior based
Observe and report certain actions
Heuristics
Uses AI to determine if traffic flow is malicious
Proxy
Sits between the users and the external network
Makes requests and accepts data on the users behalf (So it can examine things to make sure nothing dangerous is going on)
Can filter through data
Application proxies
Understands maybe only one application
VPN concentrator
Allows you support VPNs
Could be a stand alone device or be part of a firewall
Could also be simply software
The client will need software for this to work
very common to config VPN to be always on
AAA framework
Identification
Username most often
Authentication
Prove you are who you say you are (password)
Authorization
What level of access do you have?
Accounting
Logging times, data transfers, ect
RADIUS
Common service for the AAA framework
can be used as authentication for almost any type of device
UTM (unified threat management)
An all in one security appliance
Filtering, inspection, spam filter, CSU/DSU, routing and switching, firewall, IDS/IPS, bandwidth shaping, VPN endpoint, so much stuff in
one device
NGFW (Next gen firewalls)
Layer 7 firewalls (inspect application layer information)
Looking at every frame and making security decisions based on all of that data
Can get very detailed and specific with their understanding
VoIP tech
PBX
For analog phones
Connects phone to provider
VoIP PBX
Integrate all VoIP devices to work over a normal network
No need for extra cables
VoIP gateway
Convert VoIP information into something that the normal PSTN network can understand
Content filtering
Could detect if sensitive information is being shared across the network
Could look for inappropriate content
Can detect malware
Filtering out what you don't want
Virtual Networking
Make 100 physical devices seem like one single logical device virtually
Still need to be able to communicate to the physical world
This is done via a hypervisor
Your hardware (CPU) needs to support this
Networking requirements
Has their own private network for all of the VMs
Likely uses a shared networking address with NAT for outside communication
They could also all have their own IP address
Or could have a private address
Virtualization
Much more flexible
Can add and remove things very easily
Network Storage
NAS
Remote access to a file server
File level access
SAN
More efficient
Block level access
Jumbo frames
More than 1500 bytes of a payload
Up to 9,216 (9,000 is the norm) bytes in a single frame
Increase network speeds
All of your devices need to support this option
Fibre Channel (FC)
Built for SANs
Up to 16Gbit/s
Fiber or copper
Uses SCSI, SAS, or SATA commands
FCoE (Fibre channel over Ethernet)
No new hardware needed
Can’t go through a router
FCIP
FC encapsulated into IP packets
Can go through routers to other subnets
iSCSI
Send SCSI commands over an IP network
Make remote drives look and feel like a local drive
Managed well in software
Infiniband
High speed
Has its own hardware
Copper or fiber
Popular for supercomputers and the likes
200Gbit/s speeds are quite common
WAN Services
ISDN
Can use BRI
Two 64 kbit/s bearer channels (for the data)
One 16kbit/s signaling channel (Setting up the ending the call)
PRI
T1 or E1 line
T1 has 23 Bearer channels and one signaling channel
E1 has 30 bearer channels, one signaling channel and one alarm channel
Common for old phone network and the likes (not used that often though)
T1
NA, Japan, South Korea
1.544Mbit/s over 24 channels
E1
Europe
32 channels for a total of 2.048Mbit/s
T3
Also known as DS3
On coax mostly
28 T1 circuits
44.736Mbit
E3
16 E1 circuits
34.36Mbit/s
OC (packet switching instead of the T and E stuff that was circuit switching)
The new and more used today stuff
SONET
Have different line rates (speeds)
OC-3 = 155.52Mbit/sec
OC-12 = 622.08Mbit/sec
OC-48 = 2.49Gbit/sec | 2.5G
OC-192 = 9.95Gbit/sec | 10G
DLS and ADLS (Digital subscriber line)
Common for our homes
WAN network that uses phone lines
Downloads are faster than uploads
10,000 feet distance limitation
Metro Ethernet
A single city
Connect with Ethernet on a WAN (Not common)
Often is running over a different topology
Broadband
Many frequencies
DOCSIS
Data over the cable network
4-250Mbit/sec (maybe even a gig of speed)
Dial-up
Using the existing voice lines for digital signals
Very slow speeds 56kbit/sec
hard to scale
WAN Transmission Mediums
Satellite
Into space
Slow and expensive
50 Mbit/s down and 3 Mbit/s up
For hard to reach sites
High latency 250ms up and down
High frequency around 2GHz
Rain and other things and interfere with the connection
Copper
Cheap and easy to install and maintain
Not as fast as fiber (often combined with fiber)
Very popular
Fiber
High speeds
Higher costs than fiber
Long distances
Common for the core of the WAN
Becoming much more popular for end users
Wireless
Mobile providers
Roaming communication
Limited coverage and speed (remote areas don't tend to work well)
WAN Technologies
Frame relay
Cost effective WAN types
Part of the departure of T1’s
Frames are passed through the cloud and appear on the other side
64 Kbit/sec through 45Mbit/sec speeds
Replaced by MPLS nowadays
ATM
Common for SONET
No frames or packets, it uses cells that were 53 bytes large
High speeds, low latency
Max speeds of 10Gbit/s
MPLS (Multi protocol layer switching)
Best of ATM and frame relay
Traffic through the WAN are labeled
Supports many types of traffic
Common for WANs
Labels are pushing onto packets as they enter the MPLS cloud
Labels are popped off on the way out of the cloud
PPP (Point to point protocol)
Connect 2 devices
Works almost anywhere
Supports authentication, compression, error detection, and multilink for larger speeds
PPPoE (PPP over Ethernet)
Common on DSL networks
Easy to implement, supported in most OS out of the box
DMVPN (Dynamic Multipoint VPN)
VPN builds itself as it is needed
A dynamic mesh
SIP trunking
Control protocol for VoIP
Using a VoIP connection to an IP-PBX
Most efficient and gives you more control over the bandwidth and other things
WAN Termination
Demarc point
Where you connect to the outside world
Used everywhere
On one side is your ISP’s hardware and on the other side is your own hardware
CSU/DSU
Sits between your router and the demarc
Commonly providers the conversion between your provider and your own equipment
Could be built into a router
Many types of connections are used for these devices
Smarjack
More intelligent than just a cable hand off
Owned by the provider
Could provide diagnostics, alarms, re-configuration, ect
3.0
Network Documentation
Operations procedures
Downtime notifications, facilities issues, ect
Software upgrades
Testing and change control
Document everything in a way that is easy to reference
Mapping the network
Both physical and logical maps
This is important and very useful to everyone involved
Logical network maps is a broad perspective of the network
Shows how things move across the network but not the physical hardware
Physical network maps shows all the physical cables and hardware and how they connect
Show interferences, IP addressing, server racks, ect
Change management
The process of how and when to make a change
Documentation, fall back plans, installation process, ect
This can be hard to implement in a organization that is not already using it
Managing your cables
The ANSI/TIA/EIA 606 is the standard for documenting the network
Identifiers and labeling are needed
Color coding, bar coding, ect
A centralized database is nice and common to have now a days
System labeling
Unique system ID for every device
Asset tag, name, serial number, ect
This should be clearly visible and for the server as whole along with each component
Circuit labeling
WAN circuits that are coming into the building
Document all companies of these WAN circuits
Want to know the circuit ID, WAN provider phone number and other information to be able to communicate with them
May want to put into place a monitoring system
Patch panel labeling
Be able to see which port on the floor matches with which port on the patch panel
Usually uses numbers
Baselines
What the normal operation for the network is
You can use this to spot abnormalities and predict when to upgrade what
Inventory management
A record of every asset
Make/model, config, purchase data, location, ect
Have an asset tag with a barcode, RFID, tracking number, ect
Inventory management software
A centralized database of all of you assets
May also have help desk and reporting functions
Availability Concepts
Fault tolerance
If a problem occurs, then what?
Adds complexity and costs to the network
Redundant everything, load balancing, RAID, ect
Redundancy
An additional device to replace a failed device
Power supplies, two completely different servers, RAID, UPS, ect
High availability
Redundant doesn’t always mean available right away
When you can't afford to have any down time you need a redundancy that is always on and always available
Always watch out for single points of failure
Costs a lot more
Load balancing
Spread the load between different servers or devices
If one server is down the others can still perform the action needed
NIC teaming
Load balancing on network cards / connections
Redundant paths and aggregate bandwidth
Done inside the OS
Uses multicasts to do health checks with the other NICs
Power Management
UPS
Uninterruptible power supply
Good for blackouts, brownouts, power surge
Generators
A long term power source that runs on fuel
Could run the entire building or just part of it
Can take some time to get up to speed (can run off the UPSs during this time)
Dual-power supplies
Each one can handle 100% of the load so as long as one is working you are good
Hot swappable
Recovery Sites
Cold site
No hardware, just an empty building
You bring everything including staff
Warm site
Room and rack space, you bring the rest or maybe they even have the hardware there
Hot site
An exact replica of everything
Very costly
Always updated with the latest information
Usually automatic
Very easy to move over to the hot site
Backup and Recovery
The archive attribute
Be able to tell if a file change been changed since the last backup
Full backup
Backup everything
Change all of the archive bits to off afterwards
Long time to backup, very quick to restore
Incremental backup
Backup all of the files changed since the last incremental backup
Quick to backup, but slow to restore
Differential backup
Backup all files changed since the last full backup
Medium amount of time to backup, medium amount of time to restore
Process Monitoring
Log management
Usually sent via syslog to a central log server
Massive storage requirement
Rolling up the data becomes important
Take samples every minute for the day
At the end of that day now keep 5 minute samples
After 30 days start keeping 1 hour samples times, ect
Data graphing
Raw logs or summarized logs
Often managed through SIEM
Turning reports into something visual (Graphs)
Can require a lot of computing resources
Port scanning
Nmap (network mapper)
Find devices and open ports
Can also do a lot more, find OS, find services, ect
Use NSE for more options
Vulnerability scanning
Not that invasive
See what is open and finding unknown devices
Test from the inside and the outside
Vulnerability scan results
Can find lack of security controls
Can find misconfigurations
Can also just find real vulnerabilities
Patch management
Service packs
Many patches at once
Monthly updates are also important
Emergency updates for Zero-day patches
Rollback options
Go back to the previous version (known to work)
Baseline review
See what is normal in your network so you can find what is abnormal
Protocol analyzers
Get into the details of what applications are doing
Capture packets from wired or wireless networks
Make it very easy to see everything that is happening on the network
Might need a lot of storage for this
Event Management
Interface monitoring
Up or Down? (Green is good, red is bad)
Alarming and alerting when something fails
Short term and long term reports
SIEM
Security information and event management
Monitoring and reporting on tons of logs from all over
Can send out security alerts based on this info
Short and long term reports
Correlation between different data types
Very good for forensic analysis
Syslog
The standard for message logging and consolidating logs
Usually logs are sent back to a centralized SIEM using syslog
Lots of disk space required
SIEM logs
Look at all the events that you may need to see in one place
SIEM dashboard
A broader view of what is happening in the logs
Uses lots of graphs
SNMP
Provides queries to devices for more information
v3 is the only one that is encrypted so use that if your devices support it
Can be very detailed so access should be limited
Graphing with SNMP
Uptime, response time, traffic transfers, ect
Many tools can be used to browse or walk the SNMP
Performance Metrics
Monitoring the interface
Trying to find the signs that will hint at a possible failure currently or in the future
Can be monitored with SNMP
MIB-II are where most metrics are
See the error rate, utilization, packet drops, interface resets, speed, duplex and more
Remote Access
IP sec
Security for OSI layer 3
Authenication and ecryption for packets
Also has confidentiality and integity
Uses AH and ESP
Sit-to-site VPNs
The common place to use IPsec
Uses existing connections (often with VPN applicances)
SSL VPN
Common for end user VPN access
Client to site VPN
Uses SSL/TLS protocol
Often built into the OS (or browser)
Can authenticate users
TCP based
DTLS VPN
Datagram transport layer security
UDP based
For real time needs
Remote desktop access
Share a desktop from a remote location
RDP is commong for this
VNC is also quite common for this
Some versions are free and open source
Can be used for troubleshooting or often by scammers
SSH
Encrypted console communication
Good for connecting to network devices for many reasons
Web based Mangement console
All in your browser
Uses HTTPS for encryption
May still need the command line for things not support via the browser’
Transferring files
FTP, SFTP, TFTP, ect
SFTP
FTP with SSH
FTPS
FTP over SSL
Out of band management
The network or device isn’t avaible what do you do?
Most devices hav e a separate management interface
Could connect a moden to this so you can do things remotely
Management network not tied to or relying on the hardware of the normal network
Policies and Best Practices
PUA (Privaledge user agreement)
Exspectations when dealing with data and devices
A signed agreement at times
Password policies
A written policy of what is expsected in a password and how to change / deal with passwords
The recovery process should be difficult to avoid other people gaining access
On-boarding
The process of adding a new employee and setting up all the physical and digital things that they need
Off-baording
The process of getting rid of a former employee and all of their hardware and digital accounts need to be reassigned, deleted,
archived, ect
Licsensing restrictions
There are so many licsenes to manage
Need to make sure you have aviability
Need to have intergrity
Watch out these expiring and how that would affect the company
International export controls
Equipment, information, data and more being exporing to other countries
Processes, procudures, laws and more
Data loss prevention (DLP)
Where is your data?
Detailed polcies to define what is and isn’t allowed with the data
DLP and watch out for and notify you when it finds a policy violation
Remote access policies
Hard to control external communication at times
A policy for everyone included 3rd parties
Very specific requirements to keep things safe
Security incidents
How to handle something going wrong with security
Incident response policies
How should you identify the incident
How should you catagorize the incident
Who needs to respond to the incident
What process needs to be followed
BTOD
Managing employee owned devices and how they can use them
These can be hard to secure
AUP (acceptable use policy)
What is the acceptable ways to use company assets
Should cover all assets and the policies for them
Good for limited the leagal liability of a company when something goes wrong
NDA
Confidentialilty agreement
Internally to proctect the company from exployees
Externally to make sure two companies dont disclose each others information
System life cycle
Managing the disposal of assets
Make sure to completely destroy important information so no one else can see it
Make sure to follow the laws when doing this
Physical destruction
Shredder / pulverizer
driller / hammer
Electromagnetic
Incinerating
Safty procedures and policies
Equipment safty
Personal safty
Enviromental safty
Toxic waste, batteries and the likes
Local government regulations need to be known and followed
4.0
Physical Security
CCTV / IP cameras
Video surveillance
Need to get the right specs (Depth of field, illumination requirements, focal length, ect)
Networked together and recorded over time
Motion detection for alerts
Asset tracking tags
Record of every single asset
Good for financial records, audits, deprecation, ect
Barcode, RFID, tracking number, ect
Tamper detection
Have systems be able to monitor themselves
Sensors, firewalls, ect
Asset tags that could provide tamper notification
ID badge
Can help track who has been where and give you access to certain things
Bio-metrics
Tied to a certain person (fingerprint, iris, voice print)
Useful for 2FA
Hard to change (Could be duplicated though)
Not foolproof but still pretty good
Tokens and cards
Smart card, USB token, hardware or software tokens, key fobs, SMS code to your phone
Door access controls
Lock and key, electronic locks, deadbolt
Token based locks with a card or the likes
Multi factor (smart card and pin)
Authorization, Authentication, and Accounting
AAA framework
Identification
Who you say you are (username)
Authentication
Prove you are who you say you are (Passwords or other)
Authorization
Make sure you get access to what you need to and don't have access to what you should not
Accounting
Tracking information and logging everything
RADIUS
More common AAA protocol
Centralized authentication for users
Works on almost any OS
TACACS
Alternative to RADIUS
For dial-up lines
XTACACS
Made by Cisco
Added more accounting and auditing to TACACS
TACACS+
Latest version of TACACS
Works with many OS and services
Kerberos
Authentication protocol
A one and done login
Protects against man in the middle attacks
Works with many OS’s
SSO with Kerberos
Uses cryptographic tickets
No constant username and password input
Not everything works with Kerberos
LDAP
Read and write information to a directory
DAP was an early version of LDAP
Uses attributes to describe data in the directory
CN = Common name
O = Organization
L = Locality
C = Country
ect (there are more)
Makes a tree of information
Local Authentication
Most devices have an initial account (make sure to change the password for this)
Hard to scale local accounts with large networks
Useful as a backup if AAA is down
Certificate based authentication
Private keys stored somewhere (like a smart card)
PIV cards are used by US federal government
CAC is used by the Department of Defense
Could also be stored on a laptop, USB fob, ect
Auditing
Logs of everything
Who logged in, what did they do, when did they do it
Network usage
Security logs
Multi-factor Authentication
Something you are (Bio-metrics, ex: fingerprint, iris scan, voiceprint)
Something you have (smart card, key fob, USB stick, phone for SMS)
Something you know (Password, pin)
Somewhere you are (location)
Something you do (hand writing, typing style)
Some of this can be expensive, others can be quite cheap
Access Control
NAC (Network Access Control) 802.1X
You don't get access until you authenticate
Port access (Physical ports)
Makes use of EAP and either RADIUS or TACACS
Disable unused ports, check for duplicate MAC
Port security
Prevent unauthorized users from connecting to a switch
Based on the MAC address of the connecting device
Can setup your own rules for this
Setup how many MAC and which MAC addresses can connect to each physical port
MAC filtering
Allow or deny based on the MAC
Easy through packet captures (Can also be easily spoofed)
Captive Portals
Common for wireless networks
Has a list of allowed devices and if you are not on that list it gives you a login screen
Once you login you now have access to the network
ACL
Looks at the packets of allow or disallow traffic
Can filter on very specific criteria
On routers or switches (for ingress or egress)
Wireless Encryption
Wireless Encryption
Anyone can listen in so this needs to be encrypted
WPA and WPA2 (you need the password to listen)
WPA
Upgrade to WEP
Short term bridge between WEP and the new standard
Uses TKIP
Combined the secret key with the IV
64 bit message integrity check to prevent tampering
Still had its own set of issues
WPA2
Uses CCMP for encryption (replaced TKIP)
Uses AES for data confidentiality
More advanced encryption
The long term standard
Wireless Authentication and Security
EAP (Extensible Authentication protocol)
Authenticate framework
WPA and WPA2 use EAP
LEAP
Used with WEP
EAP-FAST
Lightweight
More security
EAP-TLS
Strong security
Lots of people use it
EAP-TTLS
Other types of authenticate through the TLS tunnel
PEAP
EAP within a TLS tunnel
Open system
No authentication
WPA2-Personal / WPA2PSK
Has a pre shared key that you need to login
WPA2-Enterprise / WPA-802.1X
Authenticates users individually
MAC filtering
Can do it on wireless networks as well
Can use a wireless analyzer to help with this (but can be spoofed)
Geo-fencing
Using the GPS to determine rather or not to give someone access
Authentication method
Denial of Service
Force a service to fail by overloading it
Could take advantage of a vulnerability
Could just turn off the power
Could be a smoke screen for other attacks
Could happen accidentally
Network loop or bandwidth limitation, ect
DDOS
The attack is coming from many places at once
At botnet
Make a small attack into a big attack
A small request is now a large response overloading servers
Social Engineering
Manipulate people as they are weakest point in security
Authority
Act like they are in charge so it's okay to do what they say
Intimidation
Bad things will happen if you don't help
Consensus
Convince someone this is what is normally done
“your co-worker did this last week but is out today, could you help?”
Scarcity
Limited amount of time so we have to act fast
Urgency
Make things move faster
Don't think about it or ask others if it is okay
Familiarity
Become your friend and talk with you
Trust
Someone who is safe and can fix the issues
Insider Threats
Someone from within the organization with knowledge and access about the network
Usually causes more harm than other types of attacks
Can harm reputation
Could be accidental or intentional
Logic Bombs
When a event occurs the attack goes off
Time and date or a certain event
Often deleting things from systems
Hard to identify
Need processes to procedures
Lots of monitoring
Auditing
Rogue Access Points
A backdoor into your network
Simply buy an AP and plug it into the network
Needs to be monitored to prevent
Require everyone to Authenticate before using the network
Wireless Evil Twin
This one is config just like all the other WAP
Get other users to use their WAP not the legitimate WAPs
Wardriving
Driving down the street and gathering information about different wireless networks around you
All of this is free with certain applications
Also works on drones or bikes
Phishing
Social engineering with a touch of spoofing
Often done via email then sends you a fake website to login
Check the URL to see if it checks out
Or just don't click links from emails
Vishing
Phishing over the phone
Spear Phishing
Customize the attacks for a certain person or group of people
Spear phishing against the CEO is called Whaling
Ransomware
Take control of your data on your computer until you give them the money they want
Could be fake ransomware where just trying to trick you
Crypto-malware
Ransomware that asked for crypto to unlock
Can protect against this with a backup on a different computer (ideally offline)
DNS Poisoning
Modify the DNS server
To send someone to a different IP address
Send a fake response to a valid DNS request
Modify the workstation files
Spoofing
Pretend to be something you are not
Fake web server, fake DNS, fake MAC address, fake email addresses, fake caller ID, fake IP address, ect
Man in the middle attack uses ARP spoofing to sit between the conversation of 2 devices
Wireless Deauthentication
Keep connecting and dropping off a wireless network
Significant DoS attack
802.11 management frames that make everything work
Some wireless networks don’t protect these management frames
So attackers can make their own management frames and send them through the network to your devices
802.11w addressed this problem by making the management frame encrypted
Still not everything is encrypted
Is required for 802.11ac and all versions going forward
Brute Force Attacks
Dictionary attacks
Using a word list in order to try and crack a password
Start with the easy and most common words
Catch the low hanging fruit / the bad password people
Brute force attacks
You try every possible combination of characters
Very slow and most systems will not allow this many attempts
Best if you can find the hashed password and try to crack that offline where you don't have a limited number of attempts
Lots of computing power required for this
VLAN Hopping
You should only have access to your VLAN
You may be able to hop to another VLAN
Switch spoofing
You pretend to be a switch
Setup trunks so you can now send a receive from any VLANs
Switch admins should disable trunk negotiation so this can’t happen
Double tagging
When a switch sees a frame with a 802.1Q header and the header specified the current native VLAN, and that frame must be
forwarded out of a trunk interface then the switch will remove the header
If you had 2 headers on that frame and the first one was then removed your second header is what the second switch would see
and that is where it would route the traffic allowing you to talk with other VLANs
Man-in-the-Middle
Get in the middle of a conversation of 2 devices
Neither end station knows someone is watching their communication
Arp poisoning
Arp has no security
Arp maps IP’s to MAC address so if you modify the arp table in a device you could make it send traffic to a different MAC address
This man in the middle would then continue to send the traffic to the right location in order to keep both devices from noticing
something is wrong, so that the man in the middle can keep spying and gathering intel
Often done from inside the browser where it will send the traffic to the attacker
The attacker does not need to be on your local network
Requires malware on your machine
Vulnerabilities and Exploits
Vulnerabilities
A weakness that allows bad guys to gain access to things that they shouldn’t have access too
Some are never discovered
Many different types of vulnerabilities
Exploits
Takes advantage of a vulnerability
Many different methods to exploit a vulnerability
Can get quite complex
Zero Day attacks
When someone finds a brand new vulnerability they could notify the organization that has the vulnerability or if they are bad guys
they could trade them or exploit that vulnerability
Zero-day vulnerability are when it has been discovered that there is a vulnerability but it is yet to be patched
If they are exploited then it is a Zero-Day attacks
Device Hardening
Changing default credentials
The default username and password can be easily found by anyone so don't use them!
Avoid common passwords
Something that you can’t find in the dictionary is best
Longer is better and special characters/numbers are very good to use
Upgrading Firmware
To a version that does not have any known vulnerabilities
Make a plan for the new security risks and issues you may run into
Patch management
Security fixed, system stability, ect
Monthly updates or emergency updates for important security issues
File hashing
A way to keep your data security and not in the clear
Allows you to do some integrity checks to make sure the data has not been changed
Disabling unnecessary services
Hard to tell which are unnecessary at times, but every service is a potential risk
requires a lot of research and trial and error
Watching the network
It is quite easy to steal wireless data that is going across a network
Use encrypted protocols and technologies to try and avoid this
Secure protocols
SSH instead of Telnet
HTTPS instead of HTTP
SFTP instead of FTP
SNMPv3 because v3 is the only encrypted version
IPsec encrypt everything at the IP packet level
Generating new keys
Encrypted data requires a key
Need to make sure no one gains access to these keys
Update or change these keys if you have a default key
Disabling unused TCP and UDP ports
If you don’t need the port, why take the risk?
Add this type of filtering on a firewall or appliance
Disabling unused interfaces
The physical ports that are unused should be disabled
More effort to maintain but much more secure
Could also use NAC to help mitigate the risk of unused ports
Mitigation Techniques
IPS signature management
Determine what happens when unwanted traffic appears
Thousands of rules and you need to determine the outcome for these rules
Can be done one by one or by groups
This can take a lot of time to get just right
Device hardening
Use harden guides for your services and platforms
From the manufacture or a 3rd party
Native VLAN
When you are sending traffic across a trunk and the traffic belongs to the native VLAN then it does not need a header
You may want to change this value to separate management traffic from other types of traffic
Privileged accounts
Admin or Root
Needs to be highly secure
User accounts need to have limited access, don't give them more than they need
FIM (File integrity Monitoring)
Some files should NEVER change
Monitor to see when important files change
Windows can check its files with SFC
Linux can check its files with Tripwire
Many other host based options
Restricting access with ACLs
Drop all traffic except for admins when accessing management devices
Different for ACL for application access
Honeypots
Trap the bad guys into a fake network that looks real
Could be a single device or a whole network (honeynet)
Make them look as real as possible
Penetration testing
Simulate an attack to find vulnerabilities
Can be done yourself or from a hired 3rd party
Often these penetration tests are required
Switch Port Protection
At the MAC address layer there is no way to count how many times a frame has been sent around
This leads to loops if config the network incorrectly
The IEEE 802.1D standard is the STP protocol and is used everywhere
STP
This was already talked about somewhere above but
Root Ports are ports that lead to the root switch
Designated ports are other open ports
Blocked ports are blocked to prevent a loop
BPDU Guard
Is the protocol used to communicate between STP devices (switches)
Can't let non offical devices tells your stp switches what to do so you stop that from happening with a BPDU gaurd
Root Guard
One switch will also be the root switch (or bridge)
Can be set manually
Flood guard
Config a maximum number of MAC addresses on a interface
Could be a single MAC or a group of MAC addresses
When this maximum number is exceeded the port will be disbaled
Prevents people from flooding the network with MAC addresses
DHCP snooping
Switch becomes a DHCP firewall
Filters out trusted DHCP servers as trusted and everything else is untrusted
Makes a table of this information and filter things through
Network Segmentation
Physical, logical, virtual
Could increase the performance and security
Physical segmentation
Completely separate devices that are not connected in any way
Could keep different applications separate, custom information separate, ect
Logically segmentation with VLANs
On the same hardware but still separated logically
Can make it so they cant talk to each other
DMZ
Additional security between the internet and you
Public access to local resources
5.0
Network Troubleshooting Methodology
1. Identify the problem
i. Perhaps see if you can duplicate the problem
ii. Identify symptoms
iii. Question the users experiencing the issues
iv. See if any changes have taken place
v. Some of the problems might not be related to each other
2. Establish a theory
i. Start with the most simple explanation
ii. Consider everything
iii. List all of the possible causes
3. Test the theory
i. Go into a lab and try and recreate the problem to test your theories on
ii. You may run out of theories
4. Create a plan of action
i. Correct the issues with minimum impact on the users
ii. Identify that possible side effects of fixing the issue
iii. Have a backup plan
5. Implement the solution
i. Probably done during non production times
ii. May need other people's assistance
6. Verify full system functionality
i. Ask users and customers that everything is all good
ii. Check yourself for the problem
iii. Implement preventive measure so it does not happen again
7. Document findings
i. Write down everything, as much as possible
ii. Consider having a formal database for these types of documents
Hardware Tools
Cable crimpers
Pinch connector to a wire
Good for ethernet cables and other types as well
Wirestrippers and cable snips are also needed for installing these cables
Cable testers
Continuity test
Make sure pin 1 is connected to pin 1
2 to pin 2, ect
Simple devices, will simple readouts
TDR and OTDR
TDR for copper
OTDR for fiber
Lots of information
Estimated cable lengths
Find splice locations
Cable impedance information
Signal loss
Certify cable installations
Log everything
Locate breaks
Can be very costly
Need a person that knows how to properly use the tool
Punch down tools
Punch a wire into a wiring block (66 or 110 block)
Each wire must be punched down on its own
Can take time
Keep things organized
Make sure to keep the twists as close as possible to the block itself, don't do a lot of untwisting
Light meter
For fiber to see how much light is making it all the way through the fiber run
Very useful for testing very long fiber runs
Tone generator
Sends a tone down the cable so you can easily find the other end of the cable
Useful when working with large amounts of cabling
Loopback plug
Loop the signal coming out of a device back into the same device
Can test all types of connections
This is not a crossover cable
Multimeters
Check AC and DC voltage
Continuity tests to see if connections are working
Wire mapping
Spectrum analyzers
Examine all of the frequencies coming from wireless networks in the area
Helps when checking for interference
Software Tools
Protocol analyzer
Gathers every frame on the network
Wireshark
Or even built-in tools
Solve complex application issues
Good for finding security issues as well
Port scanner
Scan for IP addresses and open ports
OS and service information as well
Nmap is the most popular one
And Zenmap
Can graphically see the results on some port scanners
Good for finding rogue devices
Wireless packet analysis
Wireless networks are very easy to monitor
You can't hear the network if you are transmitting so turn that off
Need the right hardware to capture this information
Gather lots of data from the network
Speed test sites
Bandwidth testing, or ping testing
Very easy to use
Useful when comparing the impact of changes you made
Command Line Tools
Ping
See if a device is reachable using ICMP
Determine round trip time between devices
Traceroute / tracert
Map the entire path to a device
Uses ICMP
Many different options and control over how exactly this happens
NS lookup and Dig
Look up information from DNS servers
Names, ip addresses, cache timers, ect
NS look up is on almost any OS
Not really used anymore
DIg
More advanced than NS look up
Much more common today
Ipconfig and ifconfig
ipconfig for windows and ifconfig for linux and mac
Lots of IP details can be seen here
iptables
A stateful firewall for linux
Advanced filtering by all sorts of things
IP address, port, application, content, ect
netstat
Network statistics for many OS
-a shows all active connections
-b shows binaries (windows)
tcpdump
Capture packets from the command line
Included in linux and mac and windows has its own version called windump
Apply filters and view in real time
Save the data to use later
Readable by things like wireshark
Lots of data to shift through
Pathping
For windows
Both ping and traceroute in one (also adds a few things)
All of this happens in 2 phases
First phases run a traceroute
Second phase measures the round trip time and packet loss at each hop along the way
Nmap
Network mapper, port scanner, OS sanners, services scan
It is all types of things in one with tons of options of what you can do
NSE is a scripting language you can use to extend its capabilities
Route / route print
View the devices routing table
arp
Determine MAC address based on IP address
arp
arp -a
Wired Network Troubleshooting
Signal loss
Signal strength diminishes over distance
This is signal attenuation
Happens with wireless networking, copper, and fiber
dB is the measurement of signal strength
Common symptoms
No connectivity
Intermittent connectivity
Poor performance
Good to have a TDR or OTDR for troubleshooting this
Latency
Waiting time (some is normal)
Examine the response time of an application with all types of tools
Packet captures, protocol analyzers, ect
Jitter
When data does not arrive at regular intervals
Really bad for real time information because if the packet is dropped it is gone forever
Jitter itself is the time between frames
A high number can lead to a choppy voice call
Troubleshooting it
Confirm that you have enough bandwidth
Make sure your hardware is fast enough for real time interaction
Make sure to use QoS to help with jitter
Crosstalk (XT)
Signals on one circuit affect another in a bad way
Causes interference
Measure it with a TDR
NEXT is near end crosstalk
Crosstalk at the transmitting end
FEXT Far end crosstalk
At the receiving end
Troubleshooting it
Almost always a wiring issues
Maintain twists
Check your crimp
Use a shielded cable if needed
6A for increased cable diameter
Always test and certify your installations
EMI and interference
Cable handling
Don't twist, pull, or stretch cables too much
Watch your bend radius
Don't use staples
EMI is anywhere there is a power source
Always test with a TDR after installation
Open and Shorts
Short circuits
When two connections are touching
Some communication may still occur (inconsistently)
Open circuits
When the cable is broken completely
No communication can occur
Troubleshooting them
May be hard to find where the problem is
Replace the cable (hard to repair)
TDR helps find the location of the issue
Pin-outs
When they are incorrect, you may have a slow link or a link that does not work at all
Cable testers are good for verifying the pinouts
2 popular ways of doing pinouts
T568A
T568B
Incorrect cable type
Outside of the cable is likely labeled with some helpful information
TDR is also good for making sure the labing is correct and getting more info
Troubleshooting interfaces
Interface errors may indicate a hardware issue
Verifying the configurations to make sure they are set correctly
Verify two way traffic connectivity
Transceiver mismatch
Transceivers need to match the fiber type (single mode, multi mode) and the wavelength
Check across the entire link that you have the right transceiver
Reversing transmit and receive
Wiring mistake
Easy problem to catch (visually or with a cable tester)
Some internet hardware can automatically fix this in software so everything still works (Auto-MDIX)
Damaged cables
Cables can be out in the open and easily damaged
Hard to see inside the cable so you may need a TDR
Bottlenecks
One or more of the devices in the network are much slower than the others bring down the performance significantly
Must continue to monitor all of these to find the slowest ones
A baseline is good to help with find abnormality
Interface configuration problems
Could cause poor throughput or no connectivity at all (with or without link lights)
Some people prefer to set this up manually instead of automatically
Settings need to match on both sides for it to work properly
VLAN configuration
May have a link light no internet surfing
Automatically IP’s have the wrong subnet and manual assignment won’t work
Check the VLAN config on the switch itself
Duplex and speed mismatch
Incorrect speed will lead to performance issues, slowing down everything
Incorrect duplex will also cause significant slowdowns
Wireless Network Troubleshooting
Reflection
Signals can bounce off some surfaces
Too much of this and the signal will be weaker
Changing the location of the antennas and where they are pointed could help solve this
Not as big of a problem when using MIMI in 802.11n or 802.11 ac
Refraction
Signal passes through an object and exits the object at a different angle
Can affect data rates
For long links the most
Absorption
Passes through an object and loses a bit of signal
Changes how much this happens based on the material it is passing through and the frequency used
Put the antennas on the ceiling to try and avoid most walls
Latency and Jitter
The delay between transmitting and receiving the response is latency
Jitter is an unpredictable data stream and inconsistent intervals
There is more interference and signal issues on wireless networks because everything could conflict with everything else
May run into these problems when there are too many people on the network
Attenuation
Signal gets weaker as you move away from the AP
Measured with a WI-FI analyzer
Control the power output if it is an option
Use a higher gain antenna
Move closer to the antenna
Interference
Something else is using the same frequency
Can be predictable or unpredictable
Multi tenant buildings are very unpredictable
Use netstat -s or performance monitor in windows to measure this
Incorrect antenna type
Must fit the room and the situation
Omnidirectional
Good on the ceiling, poor between buildings
Directional
Good for connecting two points together, or for a wall mounted AP
Incorrect antenna placement
Don't put AP too close to each other
Don't put AP too far away from your users
Make sure to check frequencies and channels you are using
Hard to make sure channels don't overlap in 2.4GHZ because there are only so many channels to work with
Overcapacity
Hitting the limit of devices you can use
5GHZ can help with this
Bandwidth saturation
Not enough bandwidth
Large environments suffer from this a lot more
Frequency mismatch
Devices need to match the AP
May not operate properly
Mixing standards can cause issues with performance
SSID (Service set identifier)
Indicates the name of the wireless network
Make sure to connect to the correct one
Wrong passphrase
Wireless authentication through many methods
A single shared passphrase may get you into the network (not common on large enterprise networks)
For enterprise things like 802.1X would authenticate you to the network
Different credentials for each person
Security type mismatch
Encryption on wireless networks is very important
Make sure the client matches the AP
Much easier these days since most things use WPA2 for this
Signal to noise ratio
What to you to what you don't want ratio
A very large ration is best
Equal amounts of each would be terrible
Network Service Troubleshooting
Names not resolving
Web browsing and other applications will not work
Try to ping IP addresses to make sure it is not a connection issue
Check all of your IP settings (IP, subnet mask, default gateway, DNS server IP addresses, ect)
Use nslookup or dig to test if you can get a response from the DNS server
IP configuration issues
Can’t communicate outside the subnet, no communication at all, or can only communicate to some IP addresses on your subnet
Assure that you have the correct information (Ip address, subnet masks, gateway, ect)
Traceroute and ping to try and see if the issue is you or something else in your infrastructure
Duplicate IP addresses
Static assignment must be the very organized
DHCP could make a mistake, overlap, or be rogue causing issues
Most modern OS have systems in place to prevent duplicate IPs
Troubleshooting them
Check the manually configured ones first
Ping the IP addresses
Capture the DHCP process
Duplicate MAC addresses
Not common
Could be someone messed up a manual config
Could be a manufacturing error but that is VERY rare
Could be man in the middle attack
Likely causes intermittent connectivity
Expired IP address
A device failed to be able to renew its IP address
Could be a issue with a DHCP server
Not functioning right
No available IP addresses
Rogue DHCP server
Could make someone have an invalid or duplicate IP address
Enable security on your switch to stop this
DHCP snooping
Authorized DHCP servers in Active Directory
Disable any Rogue DHCP you find and make sure to not keep any IP addresses they may have assigned
Untrusted SSL certificate
Browsers don’t trust the certificate
Look at the Certificate details for the issuing CA and compare it to the trusted list of CA’s on your computer
Incorrect time
Lots of things, especially security is time sensitive
Kerberos, Active Directory and more
Exhausted DHCP scope
No more addresses in the pool so you get an APIPA address
Add more addresses if possible to avoid this
IPAM can report and monitor on IP address shortages
Lowering the lease time can also help if you have a lot of users coming and going from your network
Blocked TCP/UDP ports
Applications not working because the traffic can’t get through
Especially new applications may have issues
Confirm this is the issue with a packet capture
Could run a traceroute tool to see how far your packet can go to find where the filtering is occuring
Incorrect host-based firewall setting
Also will cause applications to not work
Filtering on your device
Check the settings of your firewall (might need to be done by an admin)
Could be centrally administered
Packet capture from an external device could give you more information on the firewall and its filtering
Incorrect ACL settings
Only some IP addresses may be accessible
Confirm with packet capture that this is indeed the issue
Tracerout could also help with identifying the point of no return
Unresponsive service
No answer at all
Make sure your port number and protocol is correct
Confirm that there is connectivity
Ping or traceroute
Could try and use Telnet to see if it responds
Hardware failure
No response
Confirm connectivity
Ping and traceroute likely won't work
Check the server itself
© 2023 GitHub, Inc.
Terms
Privacy
Security
Status
Docs
Contact GitHub
Pricing
API
Training
Blog
About
History
Fork
1
Star
1