Training Day 3 and 4 - Network +

The last two days has been intense... A lot of info has been presented and there is much more too come! Here's additional data for the topics presented on Day 3 and 4. I pretty much copied and pasted from various sources but it encompasses most of what was taught.

Useful Troubleshooting Commands:

(Linux) netstat -r
(Linux) netstat -tulpw
(Linux)ifconfig
(UNIX) sockstat -4

(windows) ipconfig
(windows) route print
(windows) netstat -nao
(windows) - route print
(windows) - nbtstat

arp -d - deletes all entries in the cache
arp -a - displays all entries in the cache
ping
tracert
traceroute

MAC Address
All devices connected to an Ethernet LAN have MAC-addressed interfaces. Different hardware and software manufacturers might represent the MAC address in different hexadecimal formats. The address formats might be similar to 00-05-9A-3C-78-00, 00:05:9A:3C:78:00, or 0005.9A3C.7800. MAC addresses are assigned to any device that must originate and/or receive data on the network.

Unicast
A unicast MAC address is the unique address used when a frame is sent from a single transmitting device to single destination device.

In the example shown in the figure, a host with IP address 192.168.1.5 (source) requests a web page from the server at IP address 192.168.1.200. For a unicast packet to be sent and received, a destination IP address must be in the IP packet header. A corresponding destination MAC address must also be present in the Ethernet frame header. The IP address and MAC address combine to deliver data to one specific destination host.

Multicast
Recall that multicast addresses allow a source device to send a packet to a group of devices. Devices that belong to a multicast group are assigned a multicast group IP address. The range of multicast addresses is from 224.0.0.0 to 239.255.255.255. Because multicast addresses represent a group of addresses (sometimes called a host group), they can only be used as the destination of a packet. The source will always have a unicast address.

Examples of where multicast addresses would be used are in remote gaming, where many players are connected remotely but playing the same game, and distance learning through video conferencing, where many students are connected to the same class.

Broadcast
With a broadcast, the packet contains a destination IP address that has all ones (1s) in the host portion. This numbering in the address means that all hosts on that local network (broadcast domain) will receive and process the packet. Many network protocols, such as Dynamic Host Configuration Protocol (DHCP) and Address Resolution Protocol (ARP), use broadcasts.

Resolving IPv4 Addresses to MAC Addresses
For a frame to be placed on the LAN media, it must have a destination MAC address. When a packet is sent to the Data Link layer to be encapsulated into a frame, the node refers to a table in its memory to find the Data Link layer address that is mapped to the destination IPv4 address. This table is called the ARP table or the ARP cache. The ARP table is stored in the RAM of the device.

What does a node do when it needs to create a frame and the ARP cache does not contain a map of an IP address to a destination MAC address? When ARP receives a request to map an IPv4 address to a MAC address, it looks for the cached map in its ARP table. If an entry is not found, the encapsulation of the IPv4 packet fails and the Layer 2 processes notify ARP that it needs a map.

The ARP processes then send out an ARP request packet to discover the MAC address of the destination device on the local network. If a device receiving the request has the destination IP address, it responds with an ARP reply. A map is created in the ARP table. Packets for that IPv4 address can now be encapsulated in frames.

If no device responds to the ARP request, the packet is dropped because a frame cannot be created. This encapsulation failure is reported to the upper layers of the device. If the device is an intermediary device, like a router, the upper layers may choose to respond to the source host with an error in an ICMPv4 packet.

Network Topologies
Computer networks employ many different topologies, or ways of connecting computers together.

historical topologies—bus, ring, and star
modern topologies—hybrid, mesh, point-to-multipoint, and point-to-point.

A bus topology uses a single bus cable that connects all of the computers in line.
A network using a bus topology needs termination at each end of the cable to prevent a signal sent from one computer from reflecting at the ends of the cable, creating unnecessary traffic.

A ring topology connects all computers on the network with a central ring of cable.
In a ring topology network, in contrast, data traffic moves in a circle from one computer to the next in the same direction. With no end of the cable, ring networks require no termination.

The star topology uses a central connection for all the computers on the network. Star topology had a huge benefit over ring and bus by offering fault tolerance—if one of the cables broke, all of the other computers could still communicate.

We call any form of networking technology that combines a physical topology with a signaling topology a hybrid topology. Hybrid topologies have come and gone since the earliest days of networking. Only two hybrid topologies, star-ring and star-bus, ever saw any amount of popularity.

In a mesh topology network, every computer connects to every other computer via two or more routes. Some of the routes between two computers may require traversing through another member of the mesh network.
There are two types of meshed topologies: partially meshed and fully meshed. In a partially meshed topology network, at least two machines have redundant connections. Every machine doesn’t have to connect to every other machine. In a fully meshed topology network, every device connects directly to every other device.

In a point-to-multipoint topology, a single system acts as a common source through which all members of the point-to-multipoint network converse.

In a point-to-point topology network, two computers connect directly together with no need for a central hub or box of any kind.

CAT 5 - 100 Mbps
CAT5e - 1000 Mbpa
CAT6 - 10000 Mbps

1000BASE-X
1000BASE-X is used in industry to refer to gigabit Ethernet transmission over fiber, where options include 1000BASE-CX, 1000BASE-LX, and 1000BASE-SX, 1000BASE-LX10, 1000BASE-BX10 or the non-standard -ZX implementations.

1000BASE-CX
1000BASE-CX is an initial standard for gigabit Ethernet connections over twinaxial cabling with maximum distances of 25 meters using balanced shielded twisted pair and either DE-9 or 8P8C connector.

1000BASE-SX
1000BASE-SX is a fiber optic gigabit Ethernet standard for operation over multi-mode fiber using a 770 to 860 nanometer, near infrared (NIR) light wavelength. The standard specifies a distance capability between 220 metres (62.5/125 µm fiber with low modal bandwidth) and 550 metres (50/125 µm fiber with high modal bandwidth). This standard is highly popular for intra-building links in large office buildings, co-location facilities and carrier neutral internet exchanges.

1000BASE-LX
1000BASE-LX is a fiber optic gigabit Ethernet standard specified in IEEE 802.3 Clause 38 which uses a long wavelength laser (1,270–1,355 nm), and a maximum RMS spectral width of 4 nm. 1000BASE-LX is specified to work over a distance of up to 5 km over 10 µm single-mode fiber.

1000BASE-LX10
1000BASE-LX10 was standardized six years after the initial gigabit fiber versions as part of the Ethernet in the First Mile task group. It is very similar to 1000BASE-LX, but achieves longer distances up to 10 km over a pair of single-mode fiber due to higher quality optics.

1000BASE-ZX
1000BASE-ZX is a non-standard but industry accepted[citation needed] term to refer to gigabit Ethernet transmission using 1,550 nm wavelength to achieve distances of at least 70 km over single-mode fiber.

1000BASE-T
Each 1000BASE-T network segment can be a maximum length of 100 meters (328 feet), and must use Category 5 cable or better. Category 5e cable or Category 6 cable may also be used.

IP Address
IP addresses are a string of 32 binary digits values which is broken down into four groups of eight. Each of these 8-bit values is in turn converted into a decimal number between 0 and 255.

00000000 = 0
00000001 = 1
00000010 = 2
00000011 = 3
00000100 = 4
00000101 = 5
00000110 = 6
00000111 = 7
00001000 = 8
(skip a bunch in the middle)
11111000 = 248
11111001 = 249
11111010 = 250
11111011 = 251
11111100 = 252
11111101 = 253
11111110 = 254
11111111 = 255

OSI Layers
Application (Layer 7)
This layer supports application and end-user processes. Communication partners are identified, quality of service is identified, user authentication and privacy are considered, and any constraints on data syntax are identified. Everything at this layer is application-specific. This layer provides application services for file transfers, e-mail, and other network software services. Telnet and FTP are applications that exist entirely in the application level. Tiered application architectures are part of this layer.

Presentation (Layer 6)
This layer provides independence from differences in data representation (e.g., encryption) by translating from application to network format, and vice versa. The presentation layer works to transform data into the form that the application layer can accept. This layer formats and encrypts data to be sent across a network, providing freedom from compatibility problems. It is sometimes called the syntax layer.

Session (Layer 5)
This layer establishes, manages and terminates connections between applications. The session layer sets up, coordinates, and terminates conversations, exchanges, and dialogues between the applications at each end. It deals with session and connection coordination.

Transport (Layer 4)
This layer provides transparent transfer of data between end systems, or hosts, and is responsible for end-to-end error recovery and flow control. It ensures complete data transfer.

Network (Layer 3)
This layer provides switching and routing technologies, creating logical paths, known as virtual circuits, for transmitting data from node to node. Routing and forwarding are functions of this layer, as well as addressing, internetworking, error handling, congestion control and packet sequencing.

Data Link (Layer 2)
At this layer, data packets are encoded and decoded into bits. It furnishes transmission protocol knowledge and management and handles errors in the physical layer, flow control and frame synchronization. The data link layer is divided into two sub layers: The Media Access Control (MAC) layer and the Logical Link Control (LLC) layer. The MAC sub layer controls how a computer on the network gains access to the data and permission to transmit it. The LLC layer controls frame synchronization, flow control and error checking.

Physical (Layer 1)
This layer conveys the bit stream - electrical impulse, light or radio signal -- through the network at the electrical and mechanical level. It provides the hardware means of sending and receiving data on a carrier, including defining cables, cards and physical aspects. Fast Ethernet, RS232, and ATM are protocols with physical layer components.

Protocols
TCP is connection-oriented protocol. When a file or message send it will get delivered unless connections fails. If connection lost, the server will request the lost part. There is no corruption while transferring a message. TCP uses a three way hand shake to establish a connection.

UDP is connectionless protocol. When you a send a data or message, you don't know if it'll get there, it could get lost on the way. There may be corruption while transferring a message.

Common Ports
FTP: 20, 21
SSH: 22
Telnet: 23
SMTP: 25
DNS: 53
BOOTP: 67, 68
HTTP: 80
POP3: 110
NTP: 123
Netbios: 137
SNMP: 161
BGP: 179
LDAP: 389
HTTPS: 443
SMB: 445
H.323: 1720
MySQL: 3306
RDP: 3389
SIP: 5060

Hubs and Collision Domains
Hubs were created as intermediary network devices that enable more nodes to connect to the shared media. Also known as multi-port repeaters, hubs retransmit received data signals to all connected devices, except the one from which it received the signals. Hubs do not perform network functions such as directing data based on addresses.

Hubs and repeaters are intermediary devices that extend the distance that Ethernet cables can reach. Because hubs operate at the Physical layer, dealing only with the signals on the media, collisions can occur between the devices they connect and within the hubs themselves.

Further, using hubs to provide network access to more users reduces the performance for each user because the fixed capacity of the media has to be shared between more and more devices.

The connected devices that access a common media via a hub or series of directly connected hubs make up what is known as a collision domain. A collision domain is also referred to as a network segment. Hubs and repeaters therefore have the effect of increasing the size of the collision domain.

Switch
In the last few years, switches have quickly become a fundamental part of most networks. Switches allow the segmentation of the LAN into separate collision domains. Each port of the switch represents a separate collision domain and provides the full media bandwidth to the node or nodes connected on that port. With fewer nodes in each collision domain, there is an increase in the average bandwidth available to each node, and collisions are reduced.