Networking Notes
You've got this!
Table of Contents
Understanding the OSI Model
The Open Systems Interconnection reference model is a guide to help you understand how data traverses systems. It is not the same as the OSI protocol suite.
Layer
Description
Mnemonic
1 - Physical
This layer concerns physical connections such as cables and connectors as well as the signals themselves. Troubleshooting physical layer problems may include fixing cabling, punch-down blocks, running loopback tests, or swapping adapter cards.
Please
2 - Data Link
This layer is also known as the MAC address layer because MAC addresses are relevant to this layer. Network switches operate at this layer because they utilize mac addresses. It's also associated with frames and EUI-48/64.
Do
3 - Networking
Also knowns as the routing layer. This layer concerns the IP address, routers, and packets. At this layer, frames can be fragmented to fit through the network.
Not
4 - Transport
The "post office" layer. TCP and UDP frequently are operated at this layer. Packets are sent at this layer.
Throw
5 - Session
This layer is all about communication management between devices--starting, stopping, and restarting communication. It concerns control and tunneling protocols.
Sausage
6 - Presentation
This layer prepares data for human perception. This includes character encoding and application encryption. This layer is often combines with the Application layer.
Pizza
7 - Application
The application layer is the layer users see. Some protocols that operate at this layer are HTTP(S), FTP, DNS, and POP3.
Away
TCP/IP Basics
Binary/Decimal Conversions
To convert binary to decimal, remember the number 128. Make a row of numbers starting with 128, then half of that, then half of that, until you have 1. Then you can make a row below that with your binary number. Each column of that row should be a 1 or 0. Now, for every column with 1, add the corresponding number in the first row.
128
64
32
16
8
4
2
1
Decimal
1
0
1
1
0
0
0
0
= 176
0
0
1
1
1
0
1
1
= 59
Converting decimal numbers to binary is quite similar. Start with the same row of numbers as the previous technique. Then take your decimal number, and you're going to go through each column and determine if that number is smaller than your decimal number. If it can, subtract that number from the decimal number and mark a 1 in the row below. If not, just mark a 0 and go to the next number. Remember that for each subsequent number in the first row, you want to assess using the decimal number that has been subtracted, not the original.
Decimal
128
64
32
16
8
4
2
1
185 =
1
0
1
1
1
0
0
1
Subnetting
Let's say you're an ISP and you want to lease IP addresses to a company or home that doesn't need 254 IP addresses (this is the number of IP addresses you get when using a subnet of 255.255.255.0 or /24). To get a mask that has less IP addresses than that, you would use a process called subnetting. This process is easier to understand if you think of the subnet mask in binary form, so 255.255.255.0 becomes 11111111 11111111 11111111 00000000. If you change the subnet mask to 11111111 11111111 11111111 10000000, or 255.255.255.128 (remember to check out the binary/decimal conversion section if that part confuses you), you will now have only 126 available IP addresses and a CIDR block of /25. As you can see, subnetting is basically just adding extra ones to your subnet mask in order to get a smaller number of IP addresses.
In order to calculate the IP address range of a subnet mask, use the formula 2z = a, where z is the number of zeros in the subnet mask and a is the number of IP addresses. To calculate the number of usable IP addresses, subtract two from this number. The reason for this is that 1 is for the default gateway and the highest number is the broadcast address.
Instead of calculating this information manually each time, you should try to memorize CIDR blocks and their corresponding available IP addresses in order to be quick. This is also helpful for the Comptia Network+ exam, where you may not have access to a calculator.
Decimal Subnet Mask
CIDR Block
Available IPs
255.255.255.0
/24
254
255.255.255.128
/25
126
255.255.255.192
/26
62
255.255.255.224
/27
30
255.255.255.240
/28
14
255.255.255.248
/29
6
255.255.255.252
/30
2
Networking Devices
Name
Description
OSI Layer
Router
Routers are used to route traffic through two different LANs or IP subnets. Routers inside of switches are sometimes called "layer 3 switches."
3 - Network
Switch
Used to bridge network segments.
2 - Data Link (or 3 if includes routing capabilities)
Firewall
Filter traffic by factors such as port number or application. Can also encrypt traffic.
Layer 3, 4, and/or 7
IDS/IPS
Both of these devices watch network traffic. They will detect exploits against the OS or applications, vulnerabilities such as xss, and more. The difference is that the Intrusion Detection System (IDS) will only produce an alert when detecting these issues, while the Intrusion Prevention System (IPS) will prevent them from reaching the network.
Many options, depends on the device
Load Balancer
This device manages multiple servers that provide the same functions. This is helpful for managing traffic, redundancy, and sometimes performance.
4 or 7
Proxy Server
This device sits between users and the external network. It receives user requests and performs them on their behalf. It's useful for caching, access authorization, URL and packet filtering.
Access point
This device allows users to connect to a 802.11 network. Not be mistaken with a wireless router, which is a router and access point combined into one device.
2 - Data Link
Wireless LAN Controller
This device allows you to manage access points from one device. You can deploy new access points, monitor performance and security, and configure/deploy any changes you need to make. These systems are often propietary
1 and 2
NAS vs. SAN
A Network Attached Storage (NAS) device is a storage device that's shared across the network. It provides file-level access, requiring you to copy the entire file just to make changes to it.
A Storage Area Network, on the other hand, looks and feels like a local storage device. It provides block-level access, making it very efficient for reading and writing alike.
Both NAS and SAN need a lot of bandwidth, so you may want to use and isolated network and high-speed network technologies such as fiber optics.
A Storage Area Network, on the other hand, looks and feels like a local storage device. It provides block-level access, making it very efficient for reading and writing alike.
Both NAS and SAN need a lot of bandwidth, so you may want to use and isolated network and high-speed network technologies such as fiber optics.
Wireless Security
Wireless Encryption
Without wireless encryption, anyone can join a wireless network and snoop on potentially sensitive information. The purpose of wireless encryption is to authenticate users before granting them access to the network and encrypt messages so that anyone who intercepts them is unable to read them. It also provides a message integrity check (or MIC), meaning that incoming messages will be checked to ensure they weren't tampered with.
Name
Cipher mode
Description
Wi-Fi Protected Access II (WPA2)
CCMP
WPA2 uses CCMP. CCMP allows for data confidentiality with AES encryption and MIC with CBC-MAC. WPA2 uses a pre-shared key (PSK) to authenticate users. This means that it has one password that everyone uses to connect to the network. This is a security vulnerability because the PSK's hash is sent over the network, and if an attacker managed to get a hold of that hash, they can use it for a brute-force attack and gain access to the network.
Wi-Fi Protected Access III (WPA3)
GCMP
WPA3 uses a more powerful form of encryption called GCMP. GCMP provides data confidentiality with AES and MIC with GMAC. WPA3 is more secure, especially in work environments, because it has a different PSK authentication process. It uses a method called Simultaneous Authentication of Equals, or SAE, which does not require a hash to be sent over the network, therefore preventing brute-force attacks. With SAE, everyone gets their own session key (which is not sent across the network) despite using the same PSK.
These encryption methods also have Enterprise variants, identifiable by a suffic of "Enterprise" or "802.1X" rather than "Personal" or "PSK." These variants have users authenticate via a server (such as RADIUS) individually rather than using a PSK.
SSO with Kerberos
Kerberos provides SSO functionality, meaning the user only needs to sign in once, and will then be automatically authenticated into a variety of services. When a user signs into a Windows domain, there is a certain process detailed below.
- The user logs into the domain. The client computer sends an authentication request to the Kerberos server's authentication service (AS). This request contains the user's username and a timestamp which is encrypted with the user's password.
- The AS confirms that the user is listed in its database, then uses the user's password stored in its database to decrypt the timestamp. If it's successful, The AS generates a session key and encrypts it with the user's password, as well as a ticket-granting ticket (TGT), which is encrypted with a KDC key and will expire after a specified time (such as 10 hours.) The AS sends the TGT to the client.
- The client decrypts the session key using the user's password, and if successful, sends the TGT to the ticket-granting service (TGS) along with the user's name and a time stamp, both of which are encrypted using the session key.
- The TGS validates the request's contents and creates a ticket which will allow the user to access a network service. This ticket includes the name of the service, a time stamp, and the service's session key, all encrypted with the client's session key. It also includes information intended only for the service, including the client's session key, and this content is encrypted with a key that only the service has access to.
- The client decrypts the information it needs from the service ticket using the session key, then creates a service request containing the information that the TGS encrypted with the service's secret key, which is still encrypted, as well as the username and a time stamp encrypted with the client's session key.
- Finally, the service decrypts both parts of the message, verifies the user by contacting the KDC, and allows access to the user.
Authentication Methods
Name
Description
RADIUS (Remote Authentication Dial-in User Service
RADIUS is a pretty common AAA protocol. It's widely supported on various platforms and devices, partly due to its age.
TACACS
A remote authentication protocol. Its most recent version, TACACS+, is an open standard that supports more authentication requests and response codes. Despite being an open standard, it is especially common with cisco devices.
Kerberos
This network authentication protocol supports single-sign on (SSO.) It uses mutual authentication: the client and server authenticate each other, therefore preventing on-path or replay attacks. It gained a boost of popularity when Microsoft first introduced it to Windows 2000. Now, Kerberos is the method used to authenticate users signing into a Windows domain.
DNS Records
Name
Description
Example
A
A record for assigning a FQDN to an IPv4 address.
www.professermesser.com IN A 162.159.246.164AAAA
A record for assigning a FQDN to an IPv6 address.
www.professermesser.com IN AAAA 1b:2121:18cdMX
A record that defines a server as a mail exchanger via FQDN. To work properly, there must also be an A or AAAA record for the mail server.
IN MX mail.professermesser.comSPF
A TXT record that lists all servers authorized to send emails for the domain. Servers which receive an email supposedly from a certain domain will query that domain and confirm if the sender is authorized to send emails under that domain using the SPF record.
professermesser.com 300 IN TXT "v=spf1 include:mailgun.org ~all"DKIM
A TXT record containing a public key used to digitally sign a domain's outgoing mail.
5456686746.professermesser._domainkey.professermesser.com. IN 300 TXT "v=DKIM1;t=s;p=HKJGFHSDGYITFYG&E^5675865"DMARC
A TXT record which defines what happens when an email cannot be verified with SPF or DKIM. For example, the email could be accepted, rejected, or sent to spam.
professermesser.com IN TXT "v=DMARC1;p=none; sp=quarantine; pct=100; rua=mailto:dmarcreports@example.com;Internet Connection Types
Name
Description
Pros
Cons
Satellite
This is when a satellite is used to communicate with another satellite in low orbit in order to communicate with the internet.
- Comes in handy in areas where other types of connections are impossible
- High cost relative to terrestrial networking
- Slow speeds (around 5Mbps download, 3Mbps upload)
- Remote sites are difficult to service
- High latency
- Susceptable to rain fade
- Slow speeds (around 5Mbps download, 3Mbps upload)
- Remote sites are difficult to service
- High latency
- Susceptable to rain fade
Fiber
When using fiber optic cables in order to connect.
- High speed
- Can be used over long distances
- Can be used over long distances
- More expensive to install
- More expensive to repair
- More expensive to repair
Cable broadband
Communication over the same coaxial cables that would be used for cable TV.
- Can transmit various traffic types
- High speed is possible
- High speed is possible
DSL
Uses existing telephone lines.
- Faster speeds may be possible if closer to the CO
- With ADSL, the most common form of DSL, upstream is much slower than downstream
- ~10,000 foot limitation from the CO
- ~10,000 foot limitation from the CO
Cellular
Uses the same cellular networks that phones use for calls
- Phones can often be used as hotspots
- Tethering and hotspot may be limited by phone carrier
WISP
When an ISP sends data to customers wirelessly using grounded stations.
- Accessible in rural areas
Optical Fiber
SMF vs. MMF
Single-mode Fiber
Multimode Fiber
Suitable for long-range communication (Up to 100 km without processing)
Best for short-range communication (Up to 2 km)
Expensive light source (such as lasers)
Relatively inexpensive light source (such as LED)
Connector Types
Local Connector
Straight-tip Connector
Subscriber Connector
Typically, the connectors are in a pair. One transmits and one receives.
Usually is its own singular connector.
Also commonly comes in pairs.
Has a long latch thingy
Named after its long ferrule that sticks out.
Often referred to as a "square connector" due to its square shape.
Fiber Ethernet Standards
Name
Max Throughput
Max distance per segment
Physical media
Description
100BASE-SX
100Mbps
Up to 300 meters
Multimode Fiber
A low-cost solution for fast ethernet which uses a short 850-nanometer wavelength light signal. It's named SX because the wavelength is about equal to the width of six carbon atoms in a row.
100BASE-FX
100Mbps
Up to 2 kilometers
Multimode Fiber
The F stands for fast ethernet. It uses a longer wavelength of 1300 nanometers.
1000BASE-SX
1Gbps
Up to 550 meters
Multimode Fiber
As the S in the name suggests, it uses a wavelength of 850 nanometers and is best suited for short runs, such as connecting a data center and data closet within the same building.
1000BASE-LX
1Gbps
550m for MMF, 5000m for SMF
Multimode fiber or single-mode fiber
It's a common fiber version of gigabit ethernet. It uses a long wavelength, hence the L in it's name, of 1300 nanometers. It's useful for long backbone connections, such as connecting an ISP with its telecommunications carrier.
10GBASE-SR
10Gbps
Up to 300 meters
Multimode fiber
The SR stands for "short range." It uses a wavelength of 850 nanometers.
10GBASE-LR
10Gbps
10 kilometers
Single-mode fiber
The LR stands for "long range." It uses a wavelength of 1310 nanometers.
Twisted-pair Cabling
Twisted-pair cabling standards
Name
Speed
Range
Notes
Category 3 (CAT3)
16 Mbps
100 meters
Not used for modern computer connections, should now only be used for telephone connections.
Category 5 (CAT5)
100Mbps
100 meters
Minimum required standard for Fast Ethernet.
Enhanced category 5 (CAT 5e)
1000 Mbps
100 meters
A higher quality version of CAT 5, boasting high-quality copper, higher twist ratio, and more advanced methods for reducing crosstalk.
Category 6 (CAT6)
1 Gbps or 10Gbps at short distances
100 meters or significantly less for 10Gbps.
Has a plastic core to reduce crosstalk.
Augemented category 6 (CAT6a)
10Gbps
100 meters
Further reduces crosstalk and attenuation.
Category 7
10Gbps or 100Gbps at short distances.
100 meters
Is able to function at higher frequencies thanks to STP technology as well as additional shielding inside the sheath. Requires the use of either GG45, a connector compatible with RJ-45, or TERA, to utilize its full potential. Rarely used.
Augmented category 7 (Cat 7a)
40-100Gbps at very short distances
100 meters or much less for the maximum speed.
Has the same requirements as Cat 7 but is capable of higher speeds.
Category 8 (Cat 8)
25Gbps or 40Gbps at longer distances compared to Cat 7
30 meters for 40Gbps, otherwise 100meters.
Quite new technology. It relies on extensive shielding and is best for short-distance and/or backbone connections.
Networking cable termination types
Name
Purpose
Description
Straight-through/Patch cable
Used for the majority of network connection types, such as connecting a workstation to a switch or a switch to a router.
This type of cable is created by terminating both end of the ethernet cable using the exact sane TIA 568 standard.
Crossover cable
Used for older devices that do not support gigabit ethernet, but only when connecting two like devices, such as two switches.
Created by using the TIA 568A standard on one end and the TIA 568B standard on the other end.
Console/Rollover cables
Used to connect a computer to the console port of a router.
Created by mirroring the order of the pins that the wires are connected to on one end when terminating the cable.
Ethernet standards
Name
Maximumum throughput
Maximum distance per segment
Physical media
Pairs of wires used
Power over Ethernet PoE
Depends on which physical media is used
Depends on physical media.
Category 5 or better copper cable
4 pairs
10BASE-T
10Mbps
100 meters
Cat 3 or better UTP
2 pairs
100BASE-T
100Mbps
100 meters
Cat 5 or better
2 pairs
100BASE-TX
100Mbps
100 meters
Cat 6 or better
2 pairs
1000BASE-T
1Gbps
100 meters
Cat 5 or better
4 pairs
10GBASE-T
10Gbps
100 meters
Cat 6a or Cat 7
4 pairs
40GBASE-T
40Gbps
30 meters
Cat 8
4 pairs