Networking Flashcards
TCP
-Transmission Control Protocol
-Connection-Oriented
–a formal connection setup and close
-‘Reliable’ delivery
–Recovery from errors
–Can manage out-of-order messages or retransmissions
-Flow control
–The receiver can manage how much data is sent
UDP
-User Datagram Protocol
-Connectionless (no formal open or close to the connection)
-“Unreliable” delivery
–No error recovery
–No reordering of data or retransmissions
-No flow control
–Sender determines the amount of data transmitted
Why would you ever use UDP?
-Real-time communication
-There’s no way to stop and resend the data
-Time doesn’t stop for your network
-DHCP (Dynamic Host Configuration Protocol)
-TFTP (Trivial File Transfer Protocol)
Communications that use TCP and why
-Connection-oriented protocols prefer a ‘return receipt’
-HTTPS (Hypertext Transfer Protocol Secure)
-SSH (Secure Shell)
-The application doesn’t worry about out-of-order frames or missing data
-TCP handles all of the communication overhead
Non-ephemeral ports
-Permanent port numbers
-Ports 0-1023
-Usually on a server or service
Ephemeral ports
-Temporary port numbers
-Ports 1024 through 65,535
-Determined in real time by the client
Port Numbers
-TCP and UDP ports can be any number between 0-65,535
-Most servers use non-ephemeral port number
-Port numbers are for communication not security
-Service port numbers need to be well-known
-Important for firewall rules (port-based security)
FTP
-File Transfer Protocol
-tcp/20 = active mode data
-tcp/21 = control
-Transfers files between systems
-Authenticates with a username and password
-Some systems use a generic/anonymous login
SSH
-Secure Shell
-Encrypted communication link
-tcp/22
-Looks and acts the same as Telnet
Telnet
-Telecommunication Network
-tcp/23
-Login to devices remotely (console access)
SMTP
-Simple Mail Transfer Protocol
-Server t server email transfer
-tcp/25
-Also used to send mail from a device to a mail server
Other protocols are used for clients to receive emails (IMAP, POP3)
DNS
-Domain Name System
-Converts names to IP addresses
-upd/53
DHCP
-Dynamic Host Configuration Protocol
-Automated configuration of IP address, subment mask, and other options
-udp/167, udp/168
-Requires a DHCP server
DHCP Dynamic/Pooled
-IP addresses are assigned in real-time from a pool
-Each system is given a lease and must renew at a set interval
DHCP Reservation
-Addresses are assigned by MAC address in the DHCP server
-Manage addresses from one location
HTTP
-Hypertext Transfer Protocol
-Communication in the browser and by other applications
-tcp/80
HTTPS
-Hypertext Transfer Protocol Secure
-Secure communication in the browser
-Encrypted
-tcp/443
POP3
-Post Office Protocol version 3
-Receive emails from an email server
-Authenticate and transfer
-tcp/110
-Basic mail transfer functionality
IMAP
-Internet Message Access Protocol v4
-tcp/143
-Receive emails from an email server
-includes management of email inbox from multiple clients
SMB
-Server Message Block
-Protocol used by Microsoft Windows
-File sharing, printer sharing
-“CIFS” - Common Internet File System
-using NetBIOS over TCP/IP (Network Basic Input/Output System)
–udp/137 = NetBIOS name services (nbname)
–tcp/139 = NetBIOS session service (nbsession)
-Direct over tcp/445 (NetBIOS-less) (Direct SMB connection over TCP w/o the NetBIOS transport
SNMP
-Simple Network Management Protocol
-Gather statistics from network devices
-udp/161 = queries
-udp/162 = traps
LDAP
-Lightweight Directory Access Protocol
-tcp/389
-Store and retrieve information in a network directory
-Commonly used in Microsoft Active Directory
RDP
-Remote Desktop Access Protocol
-Share a desktop from a remote location
-tcp/3389
-Can connect to an entire desktop or just an application
-Clients for Windows, macOS, Linux, UNIX, iPhone, Android, and others
Routers
-Routes traffic between IP subnets
–Makes forwarding decisions based on IP address
-Often connects diverse network types (LAN, WAN, copper, fiber)
Switches
-Bridging done in hardware
–Application-Specific Integrated Circuit (ASIC)
–Forwards traffic based on data link address
-The core of an enterprise network
-May provide Power over Ethernet (PoE)
Multilayer switch
-Switch that includes routing functionality
Unmanaged switches
-Very few configuration options (plug and play)
-Fixed configuration (no VLANs)
-Very little integration with other devices (no management protocols)
-Cheaper
Managed switches
-VLAN support
(Interconnect with other switches via 802.1Q)
-Traffic prioritization (voice traffic gets a higher priority)
-Redundancy support (Spanning Tree Protocol - STP)
-Port mirroring (capture packets)
-External management (Simple Network Management Protocol - SNMP)
Access Point
-A bridge
-Extends the wired network onto the wireless network
-Makes forwarding decisions based on MAC address
-Not a wireless router
Wireless Router
- a router and an access point in a single device
Patch panels
-Combination of punch-down blocks and RJ-45 connectors
-Run from desks are made once (permanently punched down to patch panel)
-Patch panel to switch can be easily changed (no special tools - use existing cables)
Firewalls
-Filters traffic by port number
–OSI layer 4 (TCP/UDP)
–Some firewalls can filter by application
-Can encrypt traffic into/out of the network
-Can proxy traffic - a common security technique
-Most firewalls can be layer 3 devices (routers)
PoE
-Power over Ethernet
-Power provided on an Ethernet cable
-one wire for both network and electricity (ex phones, cameras, wireless APs)
-Useful in difficult-to-power areas
-Power provided at the switch
–Built-in power=endspans
–In-line power injector=midspans
PoE (2003)
-IEEE 802.3af
-The original PoE specification
-Now part of the 802.3 standard
-15.4 watts DC power, 350mA max current
PoE+ (2009)
-IEEE 802.3at
-Now part of the 802.3 standard
-25.5 watts DC power, 600 mA max current
PoE++ (2018)
-IEEE 802.3bt
-51W (type 3), 600mA max current
-71.3 W (type 4), 960mA max current
-PoE w/ 10GBASE-T
Hub
-‘Multi-port repeater’
–Traffic going in one port is repeated to every other port
-Everything is half-duplex
-Becomes less effiecent as network traffic increases
-10 megabit/100 megabit
-Difficult to find today
Cable Modem
-Broadband
–Transmission across multiple frequencies
–Different traffic type
-Data on the cable network
(DOCSIS=Data Over Cable Service Interface Specification)
-High-speed networking
(speeds up to 1 gigabit/s are available)
-Multiple services (data, voice, video)
DSL Modem
-ADSL (Asymmetric Digital Subscriber Line) - uses telephone lines
-Download speed is faster that the upload speed (asymmetric)
– ~10,000 ft limitation from the central office (CO)
– 52Mbit/s downstream / 16Mbit/s upstream are common
ONT
-Optical Network Terminal
(fiber to the premises)
-Connect the ISP fiber network to the copper network
–Demarcation point (demarc) in the data center
– Terminal box on the side of the building
-Line of responsibility
– One side of the box is ISP
– Other side of the box is your network
NIC
-Network Interface Card
-Every device on the network has a NIC
-Specific to the network type (Ethernet, WAN, wireless, etc)
-Often built-in to the motherboard or added as an expansion card
SDN
-Software Defined Networking
-Networking devices have different functional planes of operation (data, control, and management planes)
-Split the functions into separate logical units
–extend the functionality and management of a single device
–Perfectly built for the cloud
SDN Infrastructure layer/data plane
-Process the network frames and packets
-Forwarding, trunking, encryption, NAT
SDN Control layer/control plane
-Manages the actions of the data plane
-Routing tables, session tables, NAT tables
-Dynamic routing protocol updates
SDN Application layer/management plane
-Configure and manage the device
-SSH, browser, API
Wireless Networking
-802.11
-Managed by the IEEE LAN/MAN Standards Committee (IEEE 802)
802.11a
-One of the original 802.11 wireless standards
-Operates in the 5 GHz range (or other frequencies with special licensing)
-54 Mbit/s
-Smaller range than 802.11b (higher frequency is absorbed by objects in the way)
-Not commonly seen today
802.11b
-Also an original 802.11 standard
-Operates in the 2.4 GHz range
-11 Mbit/s
-Better range than 802.11a
-More frequency conflict(baby monitors, cordless phones, microwave ovens, bluetooth)
-Not common today
802.11g
-Operated in the 2.4 GHz range
-54Mbit/s
-Backwards-compatible w/ 802.11b
-Same 2.4 GHz frequency conflict problems as 802.11b
802.11n
-WiFi 4
-The upgrade to 802.11g, b, and a
-Operates at 5 GHz &/or 2.4 Gbit/s (can be simultaneously) (40MHz channel widths)
-600Mbit/s (40 MHz mode and 4 antennas)
-Uses MIMO
–Multiple-Input Multiple-Output
–Multiple transmit and receive antennas
802.11ac
-WiFi 5
-Operates in the 5GHz band (Less crowded, more frequencies - up to 160 MHz channel bandwith)
-Increased channel bonding (larger bandwidth usage)
-Denser signaling modulation = faster data transfers
-Eight MU-MIMO downlink streams
–Twice as many streams as 802.11n
–Nearly 7 gigabits per second
802.11ax
-WiFi 6
-Operates at 5GHz &/or 2.4 GHz
–20, 40, 80, 160 MHz channel widths
-1,201 Mbit/s channel
–Relatively small increase in throughput
–Eight bi-directional MU-MIMO streams
-OFDMA (Orthogonal Frequency-Division Multiple Access
–Works similar to cellular communication
–Improves high-density installations
DL MU-MIMO
Downloadable Multi-User Multiple-Input Multiple-Output
DL and UL
Downloadable and Uploadable
RFID
-Radio-Frequency Identification
-Access badges, pet id, assembly line tracking
-Radio technology
-Radio energy transmitted to the tag
RF powers the tag, ID is transmitted back
-Bidirectional communication
- Some tag formats can be active/powered
NFC
-Near Field Communication
-Two-way wireless communication
-Builds on RFID
-Payment systems (online wallets), bootstrap for other wireless (NFC helps with bluetooth pairing), access token, identity ‘card’ (short range w/ encryption support)
Wireless Network: Channels
-Groups of frequencies, numbered by the IEEE
-Non-overlapping channels would be ideal
Wireless Network: Regulations
-Most countries have regulations to manage frequency use
-Spectrum use, power output, interference requirements, etc.
Bluetooth
-Remove the wires
-Uses the 2.4 GHz range
–Unlicensed ISM (Industrial, Scientific, and Medical) band - same as 802.11
-Short-range
–Most consumer devices operate to about 10 meters
–Industrial Bluetooth devices can communicate over 100 meters
DNS Server
-Domain Name System
-Convert names to IP addresses (and vice versa)
-Distributed naming system
–The load is balanced across many different servers
-Usually managed by the ISP or enterprise IT department (a critical resource)
DHCP Server
-Dynamic Host Configuration Protocol
-Automatic IP address configuration
File Server
-Centralized storage of documents, spreadsheets, videos, pictures, and any other files
-A file share
-Standard system of file management (SMB-Server Message Block, AFP - Apple Filing Protocol, etc.)
-The front-end hides the protocol (copy, delete, rename, etc.)
Print Server
-Connect a printer to the network
–Provide printing services for all netowrk devices
-May be software in a computer - computer is connected to the printer
-May be built-in to the printer - network adapter and software
-Uses standard printing printing protocols (SMB, IPP - Internet Printing Protocol, LPD - Line Printer Daemon)
Mail Server
-Store your incoming mail and send your outgoing mail
-Usually managed by the ISP and the enterprise IT department (a complex set of requirements)
Syslog
-Standard for message logging (diverse systems, consolidated log)
-Usually a central logging receiver
–Integrated into the SIEM
Web Server
-Respond to browser requests
-Using standard web browsing protocols - HTTP/HTTPS
-Pages are built w/ HTML, HTML5
-Web pages are stored on the server
–Downloaded to the browser
–Static pages are built dynamically in real-time
Authentication Server
-Login authentication to resources
–Centralized management
-Almost always an enterprise service (not required on a home network)
-Usually a set of redundant servers (always available)
Load balancer
-Distribute the load between multiple servers
–Invisible to the end-user
Proxy Server
-An intermediate server
-Client makes the request to the proxy
-The proxy performs the actual request
-The proxy provides results back to the client
-Some features include access control, caching, URL filtering, content scanning
SCADA/ICS
-Supervisory Control And Data Acquisition System
-Large-scale, multi-site Industrial Control Systems (ICS)
-PC manages equipment
–Power generation, refining, manufacturing equipment
–Facilities, industrial, energy, logistics
-Distributed control systems
–Real-time information
–System control
-Requires extensive segmentation
–No access from the outside
Legacy systems
-Another expression for “really old”
Embedded systems
-Purpose-built device
-Not usual to have direct access to the operating system
-Alarm system, door security, time card system
IoT devices
-“internet of Things”
-Anything that connects to the internet
-May require a segmented network - limit any security breaches
IP addressing
-IPv4 is the primary protocol for everything we do
–Included in almost all configurations
-IPv6 is now part of all major operating systems
–And the backbone of our Internet infrastructure
IPv4 addresses
-Internet Protocol version 4
-OSI Layer 3 address
-Since one byte is 8 bits, the maximum decimal value for each byte is 255
IPv6 addresses
-Internet Protocol version 6
-128-bit address
-First 64 bits is generally the network prefix (164)
-Last 64 bits in then the host network address
Subnet mask
-225.225.225.0
-Used by the local device to determine what subnet it’s on
-Not usually transmitted across the network
Default gateway
-192.168.1.1
-The router that allows you to communicate outside of your local subnet
-The default gateway must be an IP address on the local server
DNS Servers
-Domain Name System
-Translates between names and IP addresses
BOOTP
-Bootstrap Protocol
-Wasn’t able to automatically define everything - some manual configurations were still required
-Also didn’t know when an IP address might be available again
DHCP
-Dynamic Host Configuration Protocol
-Provides automatic address/IP configuration for almost all devices
-Assigns an IP address from the first available from a large pool of addresses
-Your IP address will occasionally change
DHCP Process
-DORA
-A four-step process:
1. Discover: Find a DHCP Server
2. Offer: Get an offer
3. Request: Lock in the offer
4. Acknowledge: DHCP server configuration
-This process happens ever time a device connects to the network and needs to obtain an IP address from a DHCP server
Static IP Address
-Want the IP address of a device to stay the same
-Disable DHCP on the device
–Configure the IP address info manually
–Requires additional administration
-Configure an IP reservation on the DHCP server
–Associate a specific MAC address with an IT address
APIPA
-Automatic Private IP Addressing
-Enables a Dynamic Host Configuration Protocol client to automatically assign an IP address to itself when there’s no DHCP server available to perform that function
-Uses ARP to confirm the address isn’t currently in use
ARP
-Address Resolution Protocol
-A procedure for mapping a dynamic IP address to a permanent physical machine address in a local area network (LAN)
DNS Hierarchy
Root -> (.)
Top Level Domains=> (.com)(.net)(.edu)(.org)
2nd Level Domains=>(google)(?)(lsu)(SPCA)
3rd Level Domains=> (www)(mail)(east)(west)
DNS Records
-Resource Records (RR)
-The database records of domain name services
-IP addresses, Certificates, Host Alias Names, etc.
Address Records
-(A) (AAAA)
-Defines the IP address of a host
-An A record points your domain to the IP address of the server where your website is hosted
-This is the most popular query
-A records are for IPv4 addresses
–Modify the A record to change the host name to IP address resolution
-AAAA records are for IPv6 addresses
–The same DNS server, different records
TTL
-Time to Live
-TTL is specifying how long an end station will remember this match between fully qualified domain name and IP address
Example: 15 mins TTL means that a device will make that request to a DNS server and store/cache that info for 15mins. After 15 mins, the device will have to request the IP address from the server again
MX
-Mail Exchange record
-Determines the host name for the mail server
–This isn’t and IP address, its a name
-a type of certified and verified resource record in the Domain Name System that specifies a mail server responsible for accepting email messages on behalf of a recipient’s domain, and a preference value used to prioritize mail delivery if multiple mail servers are available
TXT
-Text records
-Human-readable text info
–Useful public info
–Was originally designed for informal info
-Can be used for verification purposes
SPF Protocol
-Sender Policy Framework
-A list of all servers authorized to send emails for this domain
-Prevent mail spoofing
-Mail servers perform a check to see if incoming mail really did come from an authorized host
DKIM
-Domain Keys Identified Mail
-Digitally sign a domain’s outgoing mail
–Validated by mail servers, not usually seen by the end user
-The public key is in the DKIM TXT record
DMARC
-Domain-based Message Authentication, Reporting, and Conformance
-Prevent unauthorized email use (spoofing)
–An extension of SPF and DKIM
-You decide what external email servers should do with emails that don’t validate through SPF or DKIM
–That policy is written into a DMARC TXT record
–Accept all, send to spam, or reject the email
–Compliance reports can be sent to the email/administrator
DHCP Pools
-Grouping of IP addresses
-Each subnet has its own scope
–scope= a single contiguous pool of IP addresses
-DHCP exceptions can be made inside of the scope
DHCP Dynamic Address Assignment
- DHCP server has a big pool of addresses to give out
-Addresses are reclaimed after a lease period
DHCP Automatic Address Assignment
-Similar to dynamic allocation
-DHCP server keeps a list of past assignments
-You’ll always get the same IP address
DHCP Renewal
-T1 Timer
–Check in with the lending DHCP server to renew the IP address (50% of the lease time - by default)
-T2 Timer
–If the original DHCP server is down, try rebinding with any DHCP server (87.5% of the lease time)
LANs
-Local Area Networks
-A group of devices in the same broadcast domain
-High-speed connectivity
-Ethernet and 802.11 wireless (any slower and it isn’t ‘local’)
VLANs
-Virtual LANs
-A group of devices in the same broadcast domain
-Separated logically instead of physically
VPNs
-Virtual Private Networks
-Encrypted (private) data traversing a public network
VPN Concentrator
-Encryption/decryption access device
-Often integrated into a firewall
Client-to-site VPN
-On-demand access from a remote device
-Software connects to a VPN concentrator
-Some software can be configured as always on
Satellite Networking
-Communication to a satellite
-High cost relative to terrestrial networking
-50Mbit/s down, 3Mbit/s up are common
–Remote sites, difficult-to-network sites
-High latency (250ms up, 250ms down)
-High frequency - 2GHz
Fiber
-High speed data communication
–Frequencies of light
-Higher installation cost than copper
–Equipment is more costly, more difficult to repair, communicate over long distances
-Large installation in the WAN core
-Supports very high data rates
-SONET, wavelength division multiplexing
DOCSIS
-Data Over Cable Service Interface Specifications
Broadband
-Transmission across multiple frequencies
-Different traffic types
Cable Broadband
-High-speed networking
-50Mbit/s through 1000+ Mbit/s are common
-Multiple services (data, voice, video)
DSL
-Asymmetric Digital Subscriber Line (ADSL)
-Download speed is faster than the upload speed (asymmetric)
-200Mbit/s downstream/20 Mbit/s upstream are common
- ~10,000 ft limitation from the central office (CO)
-Faster speeds may be possible if closer to the CO
Cellular Networks
-Separate land into ‘cells’
-Antenna coverages a cell with certain frequencies
Tethering
-Turn your phone into a wireless router
Mobile hotspot
-Standalone devices
-Use your phone for other things
WISP
-Wireless Internet Service Provider
-Terrestrial internet access using wireless
-Connect rural or remote locations
-Many different deployment types (Meshed 802.11, 5G home internet, proprietary wireless)
-Need an outdoor antenna (speeds can range from ~10 to 1,000 Mbit/s
WAN
-Wide Area Network
-Spanning the globe
-Generally connects LANs across a distance and generally slower than LAN
Types of WAN technologies
Point-to-point serial
MPLS
Terrestrial and non-terrestrial
PAN
-Personal Area Network
-Your own private network (bluetooth, IR, NFC)
MAN
-Metropolitan Area Network
-A network in your city
-Larger than a LAN, often smaller than a WAN
-Historically MAN-specific topologies (Metro Ethernet)
SAN
-Storage Area Network
–Looks like a local storage device
–Block-level access
–Very efficient reading and writing
-Requires a lot of bandwidth
- a specialized, high-speed network that provides network access to storage devices. SANs are typically composed of hosts, switches, storage elements, and storage devices that are interconnected using a variety of technologies, topologies, and protocols. SANs may span multiple sites.
WLAN
-Wireless LAN
-802.11 technologies
-Mobility within a building/in a limited geographical area
-Expand coverage with additional access points (downtown area, large campus)
Cable crimpers
-“Pinch” the connectors onto a wire
-Connect the modular connector to the Ethernet cable (final step of the process)
-Metal prongs are pushed through the insulation (the plug is also permanently pressed onto the cable sheath)
Wifi Analyzer
-Purpose-built hardware or mobile device add-on (specializes in 802.11 analysis)
-Identify errors and interference
-Validate antenna location and installation
Tone generator
-Toner probe
-Where does that wire go?
-Follow the tone
Punch down tool
-“Punch” a wire into a wiring block
Cable testers
-Continuity test (a simple wire map)
-Can identify missing pins or crossed wires
Loopback Plugs
-Useful for testing physical ports or fooling your applications
Taps
–Intercept network traffic
-Send a copy to a packet capture device
-Disconnect the link, put a tap in the middle
-Can be an active or passive tap
Port Mirror
-Port redirection, SPAN (Switched Port Analyzer)
-Software-based tap
-Limited functionality, but can work well in a pinch
