Core Concept Protocols Flashcards
First Hop Redundancy
Provides redundant gateway services for the LAN.
Is an important part of network failover and disaster recovery
Supported on routers and layer 3 switches
Layer 3 switches share a virtual IP address and a virtual mac address with a standby router
Standby routers picks up the virtual ip and mac address if the active gateway fails
First Hop Redundancy Protocols
HSRP Hot Standby Router Protocol
VRRP Virtual Router Redundancy Protocol
GLBP Gateway Load Balancing Protocol
CARP Common Address Redundancy Protocol
HSRP
Hot Standby Router Protocol
Allows you to configure two or more routers as standby routers and only a single router as an active router at a time
Establishes a fault tolerant default gateway.
Cisco Proprietary, popular and easy to configure
VRRP
Virtual Router Redundancy Protocol
Open Source. Functions similarly to HSRP
GLBP
Gateway Load Balancing Protocol
Can present multiple gateways in a single instance and provides load balancing across the gateways
Cisco Propriety
CARP
Common Address Redundancy Protocol
Similar to HSRP and VRRP
NAT
Network Address Translation
Performed by routers and firewalls
Simplest form, NAT is just a one to one address mapping
Static NAT
single specific internet address to a single specific internal address
Dynamic NAT
uses a pool of internet addresses to provide to internal devices
PAT
Port Address Translation
Tracks the NAT sessions by using random TCP port numbers for each session
Number one use is to translate a group of private addresses into a public address that is routable on the internet
SNAT
Source NAT
SNAT is the same as NAT
changes the source address of the packets passing through the router
DNAT
Destination NAT
Changes the destination address of the packets passing through the router
Port Forwarding
Any traffic arriving on a specific TCP or UDP port will be forwarded to a defined internal host and port
Examples of when to use this, for Web Servers for ports 80 (HTTP) and 443 (HTTPS), for a Mail Server port 25 (SMTP), for an IP camera so it’s not hogging the web port 80
Used to access servers or systems that are behind a firewall
Can restrict allowed network resources for added security
DNS
Domain Naming System
Resolves IP (Internet Protocol) addresses based on Fully Qualified Domain Names (FQDN)
FQDN
Fully Qualified Domain Name
Identifies the specific server or host at the domain
Root Domain
.
Literally a dot, a period whatever you wanna call it. It’s invisible, at the very end of the url, but you can type it and it will bring you to the correct website
Top Level Domain
Last part of the website
.com, .gov, .org, .edu
Second Level Domain
The name of the website, coming before the top level domain
google.com with google being the second level domain
Host Domain
The beginning of the website
www. world wide web
mail. mail.google.com
web. something.com
URL
Uniform Resource Locator
Includes the FQDN and protocols such as http, https, and ftp
Public DNS Server
Resolves public FQDNs to IP addresses
Free to use DNS server on the public internet
Ex: Google DNS
Private DNS Server
Private DNS names are associated with an organization/s private IP Addresses
Not part of the public DNS
Split Horizon DNS
Split Brain.
A mechanism for DNS servers to supply different results based on the source
The organization may need the internal DNS lookups for the website to map to an internal private IP address, while DNS lookups from the public internet would map to the public IP address
Forward Lookup Zone
Resolves FQDNs to IP Addresses
Reverse Lookup Zone
Resolves IP addresses to FQDNs
SOA
Start of Authority Record
The authoritative name server for a domain. Only one exists per Forward Lookup Zone
NS
Name Server Record
Provides for quick FQDN to IP Address resolution
At least one NS is specified per Lookup Zone. Can have multiple NS records for secondary servers
A Record
Host record
Simply and FQDN and an Ipv4 address
AAA Record
Host reconrd
FQDN and IPv6 address
CNAME
Alias Record
www.example.com == example.com
MX
Mail Exchange Record
Used to point to a mail server, needs FQDN and ipv4 address
Usually points to an A Record
SRV
Service Location Record
Defines the location of various servers
Not used as much as the rest
DDNS
Dynamic DNS
Let’s you use a dynamically assigned public IP address with a public DNS record
DNS
Domain Naming System
Resolves FQDNs to IP addresses. Requires static ip addresses
SSH
Secure Shell
Command line access to routers, switches, firewalls, and servers
Encrypted session – TCP port 22
More secure than Telnet
Telnet
Command line access to routers, switches, firewalls, and servers
Clear text/plain text – TCP port 23
Should be disabled for best practice
ICMP
Internet Control Message Protocol
Allows us to test IP connectivity on the network with things like Ping and Traceroute
Echo Reply and Echo Request are part of ICMP
FTP
File Transfer Protocol
TCP ports 20 and 21
Connection oriented. Retrieves files from an FTP server on the network. Used to transfer files to routers, switches, firewalls, servers, and hosts
TFTP
Trivial File Transfer Protocol
UDP Port 69
Connectionless. Less Reliable. Retrieves files from an FTP server on the network. Used to transfer files to routers, switches, firewalls, servers, and hosts
Command Line Tools
Microsoft uses Command Prompt or PowerShell
Mac/Linux uses the Bash Terminal
IPCONFIG
Windows
Displays the IP address
ipconfig/all includes the MAC address as well
IFCONFIG
Mac/Linux
Displays the IP Address
ifconfig -a displays the MAC address as well
Ping
Lets us test layer 3 connectivity to a host via ip address
arp
command displays our arp cache
Can enter static arp entries or delete them as well
Tracert
Windows
Traceroute – in Linux Mac
Shows us all the hops in a path between the host and the destination ip address
Displays all layer 3 hops between the computer and destination can see all router hops
Pathping
Windows and Mac/Linux
Similar to traceroute but also shows more statics about each hop in the path
nslookup
Windows and Mac/Linux
Performs a domain name lookup on a host name, finds the ip address of that host name
netstat
Windows and Mac/Linux
Lets us view all the currently active TCP/UDP sessions on our host
nbtstat
Displays information related to Windows NetBIOS
Windows Only
Remote Desktop Access
Allows for logging into a computer’s desktop from a remote location
Remote Desktop Protocol
Microsoft RDP
Remote Desktop Connection (RDP Client)
Remote Desktop Server
VNC
Web-based software - teamviewer
VNC
VNC (Virtual network computing) Allows for the same type of service and available for a wide range of operating systems
Terminal Emulation Software
Provides an interface for connecting to local consoles ports and SSH or Telnet sessions
Ex: Putty
Protocol Analyzers
Capture traffic from a network interface card (NIC) and lets us dissect the contents of Frames and Packets
Ex: Wireshark
Looking Glass Sites
Let us check the routing tables and routes on national and global services providers networks
Ex: Troubleshooting connectivity on public internet
Troubleshooting
What, Why, How to fix it
Troubleshooting Network Layer
Missing route to a specific location, or ip address issues
Troubleshooting Physical Layer
Cable of physical connection
Troubleshooting Data Link Layer
NIC settings, switchport, speed/duplex mismatch, VLANS
Troubleshooting Transport Layer
Firewalls, TCP/UDP ports blocked
Troubleshooting Methodology
1-7 points
- Identify the Problem
- Establish a Theory of Probable Cause
- Test the Theory
- Establish a Resolution Plan + identify Effects
- Implement the Solution (or Escalate)
- Verify full system functionality
- Document all Findings, Actions, and Outcomes
- Identify the Problem
Gather information
Duplicate the problem if possible
Question Users
- Establish a Theory of Probable Cause
Question the obvious
Consider multiple approaches
Top to bottom / bottom to top OSI Model
Divide and Conquer method may be used in this step
- Test the Theory
Once theory is confirmed determine next steps to resolve the issue
If theory is not confirmed, establish a new theory or escalate
- Establish a Resolution Plan + Identify Effects
Identify the possible side effects of the resolution plan
- Implement the Solution (or Escalate)
Implement the solution if you’re able to or escalate to someone who can implement
- Verify full system functionality
Double check the system works as expected
Take Preventative measures where possible
Think: Is there a way we can stop this from happening again?
- Document all Findings, Actions, and Outcomes
If the fix was successful then after documenting the fix you are done
If the fix was not successful, escalate
Half Split Method
Divide and Conquer
Divide the circuit or topology in half and test
Continue to divide the failed parts in half until the problem component is identified
Troubleshoot the problem component
End to End Connectivity issues
Use tracecroute, the divide and conquer method, and check layers 1-3 in OSI
Wrong IP configuration/default gateway issue
Check and update ip settings on the host, layer 2 in osi
Misconfigured DHCP issue
Check the DHCP server scope settings, OSI layer 3
Duplicate IP Address issue
Track down the hosts with the duplicate ip addresses and update the ip settings, osi layer 3
Speed and DUplex Mismatch issue
Check the host NIC and or router/switch interface speed duplex. Hard set the speed/duplex to the correct setting. OSI layer 2
Wrong VLAN assignment issue
Check the switch port for correct VLAN assignment, osi layer 2 issue
Broadcast storms/switching loop
Check the switch logs for MAC address flapping as that is a sign of a loop. Identify the loop source and disconnect it until a proper fix is in place. OSI layer 2 issue
Hardware Failure
Replace device, OSI layer 2 or 3 depending on the device
Incorrect router interface or interface misconfigured issue
Identify the network or interface having a problem and check the interface IP configuration and cable placement, OSI layer 3
Routing loop issue
User traceroute to identify the loop and check the routing tables, static routes and dynamic routes on the routers. OSI layer 3
Simultaneous wired and wireless connections issue
The host needs to be connected to either the wired or wireless network, not both at the same time. OSI layers 1-3
Missing IP routes issue
Check the routing tables on the routers involved and ensure there is a route, OSI layer 3
MTU / MTU Blackhole
Some network nodes may require larger MTU than the standard 1500 Bytes. Make sure the MTU configured on the routers and switches meets the requirements of the hosts/nodes, OSI layer 2. MTU size settings refer to Frame sizes and Frames work at the data link layer
NIC Teaming misconfiguration issue
Identify the machine causing the loop and disable NIC teaming in the OC, OSI layer 1 and 2, NICs function at DAta link layer and physical alyers
