Section 14: Network Configurations Flashcards
OBJ 2.1, 2.5, 2.6
TCP/IP
Transmission Control Protocol / Internet Protocol Suite
Link/Network Interface Layer
Responsible for putting frames in the physical network’s transmission media
Media could be twisted pair cable, fiber optic, or radio waves
In this layer, data can only travel through the LAN
Internet Layer
“Where to send those packets”
Used to address packets and route them across the network
Transport Layer
“How to send the packets”
Shows how to send the packets
Application Layer
Contains all the protocols that perform higher level functions, such as email, file transfers, encryption, and others
Transmission Control Protocol (TCP)
can have a connection oriented method of sending packets but slower than UDP
User Datagram Protocol (UDP)
connectionless protocol with lower overhead so its faster than TCP, but the delivery is not guaranteed
Layers of TCP/IP
- Application Layer : what to do with the data
3.Transport Layer: how to send the data (TCP or UDP) - Internet Layer: where to send the data
- Link/Network Interface Layer: sends data across the LAN
Internet Protocol version 4 (IPv4)
formed out of 4 numbers (each called an octet), in a dotted-decimal notation from 0-255
Subnet Mask
Formatted like an IPv4 address.
A portion is the network bits, other portion is the host bits
Example:
192.168. 1 .4
192.168. 1 .50
255.255.255.0
Because the first 3 octets in the subnet mask are 255, it tells us the last octet contains the host bit for the IPv4 addresses, so 1 and 50 are the host bits. That means they are on the same network
IPv4 Classes
To identify the class for a IPv4, look at the first octet
Class| 1st Octet | Default Subnet Mask | Possible Hosts
___________________________________________________________
A | 1-127 | 255.255.255.0 N.H.H.H | 16.7 million (256^3)
B | 128-191 | 255.255.0.0 N.N.H.H | 65,536 (256^2)
C | 192-223 | 255.255.255.0 N.N.N.H | 256
D | 224-239 | N/A Multicast Address | N/A
E | 240-255 | N/A R&D purposes | 268 million
Multicast Address
A logical identifier for a group of hosts in a computer network
Classful Mask
Default subnet mask for a given class of IP addresses
Classless Inter-Domain Routing (CIDR)
Allows for borrowing some of the host bits and reassigning them to the network portion
CIDR Notation:
The number of consecutive 1s
192.168.1.4 255.255.255.0 -> 192.168.1.4/24
192.168.1.4 255.255.255.192 -> 192.168.1.4/26
24 turns into 26 because 2 bits borrowed from host bits
CIDR Notation for classes:
A: /8
B: /16
C: /24
Subnetting
Allows you to use a classless subnet mask to create smaller networks with fewer hosts in each of those networks than you could if you had a classful subnet mask by itself
Public IP (Routable)
Can be accessed over the internet and is assigned to the network by an ISP
Private IP (Non-routable)
Can be used by anyone any time, but only within their own LANs
Start with either 10, 172, or 192
A | 10 | 10.0.0.0 - 10.255.255.255 | 16.7 million
B | 172.16-172.31 | 172.16.0.0 - 172.31.255.255 | 1.05 million
C | 192.168 | 192.168.0.0 - 192.168.255.255 | 65,536
Network Address Translation (NAT)
allows for routing of private IPs through a public IP
Loopback Address (127.0.0.1)
Creates a loopback to the host and is often used in troubleshooting and testing network protocols on a system
All IPs in the range of 127.0.0.0 to 127.255.255.255 are loopback addresses
localhost always resolves to 127.0.0.1
Automatic Private IP Addresses (APIPA)
Used when a device does not have a static IP address or cannot reach a DHCP server
Looks like 192.254.x.x
Static Assignment
Manually type the IP address for the host, its subnet mask, default gateway, and DNS server
Impractical on large scale intranets
Dynamic Assignment
Dynamic allocation of IP addresses
Done automatically by the network’s DHCP server
Domain Name System (DNS)
Used to convert human readable web addresses into machine readable IP addresses
The internet’s version of a phone book
Windows Internet Name Service (WINS)
Identifies NETBIOS systems on a TCP/IP network and converts those NETBIOS names to IP addresses
Used in LANs, like a DNS but only works in a Windows domain system
Bootstrap Protocol (BOOTP)
Dynamically assigns IP addresses and allows a workstation to load a copy of boot image to network
Oldest system
When a client booted up their system, it would send its MAC address to the server and it would receive its preassigned IP address
Dynamic Host Configuration Protocol (DHCP)
Assigns an IP based on an assignable scope or addresses and provides the ability to configure other options
Each IP is leased for a period of time and returns to the pool when the lease expires
Automatically configures the IP address, subnet mask, default gateway, and DNS/WINS server.
Eliminates configuration errors
Zero Configuration (ZeroConf)
New technology that provides the same functionality as APIPA but has more features, such as:
Assigning an IPv4 link-local address, a form of non-local IP, but can now resolve computer names to IP addresses without the need for DNS using mDNS (multicast DNS). It can also perform service discovery on the network to find systems available for use.
Bonjour on Apple
Link-Local Multicast Name Resolution (LLMNR) on Windows
SystemD on Linux
Scope
list of valid IP addresses available for assignment or lease to a client computer or endpoint device on a given subnet
DHCP Reservation
excludes some IP addresses from being handed to devices unless they meet a certain condition
DHCP steps
D-O-R-A
Discover an IP address
Offer an address from a scope
Request to take the IP
Acknowledge the IP will be taken
Fully-Qualified Domain Name (FQDN)
Domain name under a top-level provider
(service).(domain name).(top level domain)
www.diontraining.com
ftp.diontraining.com
DNS Heirarchy
Root: Answers requests in the root zone
Top-Level Domain: ex: .uk .com .net
Second-Level domain: ex: diontraining
Subdomain: ex: support.diontraining.com
Host: refers toa specific machine server
Uniform Resource Locator (URL)
contains the FQDN with the method of accessing information
DNS Records
A | Address | Links a hostname to an IPv4 address
AAAA | Address | Links a hostname to an IPv6 address
CNAME| Canonical Name| Points a domain to another domain or subdomain
MX | Mail Exchange | Directs emails to a mail server
TXT | Text | Adds text into the DNS
NS | Nameserver | Indicates which DNS nameserver has the authority
Sender Policy Framework (SPF)
DNS record that identifies the host authorized to send mail for the domain
DomainKeys Identified Mail (DKIM)
Provides the cryptographic authentication mechanism for mail using a public key published as a DNS record
Domain-based Message Authentication, Reporting & Conformance (DMARC)
Framework that is used for proper application of SPF and DKIM, utilizing a policy that’s published as a DNS record
can use SPF or DKIM or both
Nameserver
Type of DNS server that stores all the DNS records for a given domain
Internal DNS
allows cloud instances on the same network to access each other using internal DNS names
External DNS
Records created around the domain names from a central authority and used on the public internet
Time to Live (TTL)
tells the DNS resolver how long to cache a query before requesting a new one
basically telling a computer how long to remember a DNS record before requesting it again
DNS Resolver/DNS Cache
Makes a local copy of every DNS entry it resolves when connecting to websites
Recursive Lookup
DNS server communicates with several other DNS servers to hunt down the IP address and return it to the client
Iterative Lookup
Each DNS server responds directly to the client with a DNS server that may have the correct IP address
Virtual Local Area Network (VLAN)
Allows different logical networks to share the same physical hardware and provides added security and efficiency
VLAN Trunking (802.1q)
Multiple VLANs transmitted over the same physical cable
Each VLAN is identified using a 4 byte identifier
4-byte Identifier
Tag Protocol Identifier (TPI)
Tag Control Identifier (TCI)
Virtual Private Network (VPN)
Extends a private network across a public network and enables sending and receiving data across shared or public networks
Site to site: connect two offices together
Client to site: connect a remote user to a corporate network
Clientless: used for web browsing
Full Tunnel VPN
Better security
Routes and encrypts all network requests through the VPN connection back to the headquarters
Split Tunnel VPN
Better performance
Routes and encrypts only the traffic bound for the headquarters over the VPN, and sends the rest of the traffic to the regular internet
Clientless VPN
Creates a secure remote-access VPN tunnel using a web browser without requiring a software or hardware client
Secure Socket Layer (SSL)
provides cryptography and reliability using the upper layers of the OSI model (Layers 5, 6, 7)
Transport Layer Security (TLS)
provides secure web browsing over HTTPS
Address Exhaustion
Running out of network addresses in IPv4
IPv6
Larger address space
Removes IPv4’s broadcast data flow type
No packet or datagram fragmentation
Simplified header
Uses hexadecimal digits to allow the use of shorthand notation
made up of eight segments separated by a colon
Dual Stack
simultaneously runs both the IPv4 and IPv6 protocols on the same network devices
Tunneling
Allows an existing IPv4 router to carry IPv6 traffic
Unicast Addresses
Used to identify a single interface
Globally-routed: similar to IPv4’s unicast Class A, B, and C addresses and beings with 2000-3fff
Link-local: Used like a private IP in IPv4 that can only be used on the LAN and begins with FE80
Stateless Address Autoconfiguration (SLAAC)
Eliminates the need to obtain addresses or other config information from a central server
Uses a process called Extended Unique Identifier (EUI) to allow a host to assign itself a unique 64-bit IPv6 interface identifier called a EUI-64
Multicast Addresses
Used to identify a set of interfaces and begins with FF
Anycast Address
Used to identify a set of interfaces so that a packet can be sent to any member of a set
DHCPv6 Protocol
Allows DHCP to automatically assign addresses from a DHCPv6 server
Neighbor Discovery Protocol
Used to determine the Layer 2 addresses (MAC addresses) that are on a given network
