Network+ N10-008 Notes

TEST DETAILS

Number of questions: Maximum of 90

Types of questions: Multiple choice and performance-based
Length of test: 90 minutes
Passing score: 720 (on a scale of 100—900)

EXAM OBJECTIVE PERCENTAGE OF EXAMINATION

1.0 Networking Fundamentals 24%
2.0 Network Implementations 19%
3.0 Network Operations 16%
4.0 Network Security 19%
5.0 Network Troubleshooting 22%

Open-Systems Interconnection Model:

● Physical- physical topology (moves bits between devices, specifies voltage, wire speed, and pin-
out cables)
● Data link- framing (combines packets into bytes and bytes into frames, provides access to media
using MAC addresses, performs error detection -not correction-)
● Network- routing (provides logical addressing, which routers use for path determination)
● Transport- end-to-end connection (provides reliable (TCP) or unreliable delivery (UDP),
performs error correction before re-transmit) -flow control
● Session- dialog control (keeps different applications’ data separate)
● Presentation- data encryption, compression, and translation services (presents data and
handles processing such as encryption)
● Application- file, print, message, database, and application services (provides a user interface)

Physical Topology Types:

● Bus
● Star
● Ring
● Mesh
● Point-to-point
● P-to-Multipoint
● Hybrid

Physical Media:
● RG-8 - thicknet; 10Base5; solid copper
● RG-58 A/U – thinnet; 10Base2; stranded copper
● RG-59 – cable television (low cost/short distance)
● RG-6 – cable TV, cable modems (longer distance and some power implementations)
● RG-62 – ARCnet (obsolete)
Wiring Standards – 568A and 568B
straight-through; crossover; rolled
Carrier Sense Multiple Access with Collision Detection (CSMA/CD)- a media access control method,
used with ethernet networking, that helps devices share the bandwidth evenly without having two
devices transmit at the same time on the network medium; this protocol is disabled when full duplex is
enabled on devices capable of running full duplex
Wiring Media Data Transfer Distance Additional Notes
Standard Rate

10Base5 Coax 10Mbps 300 meters “Thicknet”

10Base2 Coax 10Mbps 185 meters “Thinnet”

10BaseT UTP 10Mbps 100 meters Cat3 and prior

10BaseFL fiber 10Mbps 500-2000 meters Ethernet over fiber optics

to a desktop

100BaseTX UTP, STP 100Mbps 100 meters Cat5

100BaseFX MMF 100Mbps 2000 meters

1000BaseTX UTP 1Gbps 100 meters Cat 5e or higher

1000BaseSX UTP 1Gbps 100 meters Cat 5e or higher

1000BaseCX Balanced/shielded 1Gbps 25 meters Uses the HSSDC special

copper connector

1000BaseLX MMF, SMF 1Gbps 500-2000 meters Longer wavelength than

1000BaseSX

10GBaseT UTP 10Gbps 100 meters

10GBaseSR MMF 10Gbps 300 meters 850 nm laser

10GBaseLR SMF 10Gbps 10 km 1,310 nm laser

10GBaseER SMF 10Gbps 40 km 1,550 nm laser

10GBaseSW MMF 10Gbps 300 meters 850 nm laser transceiver

10GBaseLW SMF 10Gbps 10 km Typically used with SONET

10GBaseEW SMF 10Gbps 40 km 1,550 nm optical laser

non-plenum-rated shielding (i.e. PVC) is a fire hazard; Teflon is a plenum-rated type of shielding

Internet Protocol
● Telnet (23)
 ● FTP (20, 21)
● Secure FTP (SFTP) (22)
● Trivial File Transfer Protocol (TFTP) (69)
● SMTP (25) – sends emails only
● Post Office Protocol (POP(3)) (110) – receives emails only
● Internet Message Access Protocol v. 4 (IMAP) (143)
● RDP (3389)
● Transport Layer Security (TLS)/Secure Sockets Layer (SSL) (995/465) – cryptographic protocols
that facilitate enabling secure online data-transfer activities like web browsing, IM’ing, Internet
faxing, etc.
● Session Initiation Protocol (SIP) (VoIP) (5060/5061)
● Real-time Transport Protocol (RTP) (VoIP) (5004/5005)
● Media Gateway Control Protocol (MGCP) (multimedia) (2427/2727)
● H.323 (video) (1720)
● Simple Network Management Protocol (SNMP) (161)
● LDAPS (636)
● SSH (22)
● HTTP (80)
● HTTPS (443)
● Network Time Protocol (NTP) (123)
● Lightweight Directory Access Protocol (LDAP) (389)
● DNS (53)
● Server Message Block (SMB) (445)
● NetBIOS (137-139)
● DHCP/Bootstrap Protocol (BootP) (67/68)
Ports that use UDP: SNMPv1/2 (161); TFTP (69); DNS (53); BootP/DHCP (67, 68)
ICMP – used to send messages such as: destination unreachable, hops, ping and traceroute info, buffer
full, etc.
ARP/Reverse ARP

Networking Devices
DHCP Servers:
DHCP scope- the pool of available IP addresses that can be dynamically dispersed to host devices
IP address management (IPAM)- monitors and reports on IP address shortages
DHCP lease- the time that is allotted for a host device to use an IP address; the lease time is typically 23
hours by default, but the time is typically renewed automatically hours before the lease expires; if the
lease on a connected host is about to expire (or does expire) it could be a sign that the DHCP server is
down
DHCP Reservation- permanent IP address assignment from a DHCP server
DHCP Options- additional DHCP configuration settings that are passed onto DHCP clients on a network;
can include configuration info such as the default gateway IP address, or DNS server IP address
Automatic Private IP Address (APIPA)- (169.254.x.x) (No DHCP server present, or the host is having
issues connecting to the server); allows local subnet communication only
A DHCP relay agent is a service that captures a BOOTP or DHCP broadcast and forwards it through the
router as a unicast transmission to the DHCP server on another subnet.
DNS Servers:
Domain Name Service Server- a server that resolves IP address into domain names
hostname- typically the name of a device that has a specific IP address; on the Internet, it is part of what
is known as a fully qualified domain name (FQDN)
fully qualified domain name (FQDN)- consists of a hostname and a domain name
name resolution- the process of finding the IP address for any given hostname; can be performed using
HOSTS files (meaning you statically type in all names and IP addresses on each and every host), sending
a request broadcast on the local network, DNS, and Microsoft’s Windows Internet Naming Services
(WINS); domains are arranged in a hierarchical tree structure
.com= commercial; .org= non-profit; .int= international organization; .net= network organization
Host (A) (A-record)- resolves hostnames to IP addresses
AAAA record- the IPv6 equivalent of an A-record
pointer record (PTR)- resolve IP address into hostnames; used when you want to retrieve the MAC
address of a device when you know its IP address; exists in the reverse lookup zone (or table) in the DNS
server and are used when an IP address is known but not a name
mail exchanger records (MX)- records typically found on DNS servers; MX records are used to translate
mail records; it points to the mail exchanger for a particular host, a feature that provides a higher
probability that email will arrive at its intended destination; the records are listed in ordered of the
record, with a priority code that indicates the order in which they should be accessed by the other mail-
delivery systems; if the first-priority mail exchanger doesn’t respond in a given amount of time, the mail-
delivery system tries the second on, and so on; can only be created manually
canonical name record (CNAME)- alias record; allows hosts to have more than one name (p. 148); can
only be created manually
SRV record- a resource record that is used to identify computers that host specific services; they are
used to locate domain controllers for AD
NS record- used to delegate a subdomain to a set of name servers
TXT record- used to provide the ability to associate arbitrary text with a host or other name, such as
human readable information about a server, network, data center, or other accounting information
Sender Policy Framework (SPF)- a method of fighting spam, it is a TXT record that is part of a domain’s
DNS zone file; the TXT record specifies a list of authorized host names/IP addresses that mail can
originate from for a given domain name
Domain Keys Identified Mail (DKIM)- an email authentication method designed to detect email
spoofing; it allows the receiver to check that an email claimed to have come from a specific domain was
indeed authorized by the owner of that domain; it requires the addition of public keys into a DNS zone;
the key is either inserted directly into a zone as a TXT record or it will be a CNAME pointing to the key in
your provider’s DNS; unlike SPF, you can maintain many DKIM records for various sending sources
Dynamic DNS- works in concert with DHCP, hosts register their names with the DNS server as they
receive their IP address configuration from the DHCP server; some older OSs are not capable of self-
registration (such as Windows NT), but the DHCP server can even be configured to perform registration
on behalf of these clients with the DNS server
proxy server- a type of server that handles its client-machine requests by forwarding them onto other
servers while allowing granular control over the traffic between the local LAN and the Internet; when it
receives a request, the proxy will then connect to the specific server that can fulfill the request for the
client that wants it; sometimes the proxy modifies the client’s request or a server’s response to it- or
even handles the client’s request itself; it will actually cache, or “remember,” the specific server that
would have normally been contacted for the request in case it’s needed another time, which speeds up
the networks’ function, thereby optimizing its performance; proxy servers can also limit the availability
of the types of sites that users on a LAN have access to, which is a benefit for an administrator of the
network if users are constantly connected to non-work sites, consuming all the WAN bandwidth
Access VPNs are used to provide tunneling services to individual users through common subscriber lines
such as cable, dial-up, or ISDN.
Intranet VPNs are used to connect different sections of a corporate network.
Extranet VPNs connect networks that belong to different companies for the purposes of sharing
resources.
SSL VPNs are just a form of VPNs that operate through a web browser, and do not require the
installation of a separate client.
Port forwarding (also referred to as port mapping) enables a permanent translation entry that maps a
protocol port on a gateway to an IP address and protocol port on a private LAN.
PAT is a subset of dynamic NAT functionality that maps either one or more unregistered addresses to a
single registered address using multiple ports.
Authoritative Name Servers (ANSs) differ from a default DNS server because they possess an actual copy
of the records for a zone, rather than caching a lookup

IP Addressing
Dotted decimal example of an IP address: 172.16.30.56
binary of that same IP address: 10101100.00010000.00011110.00111000
hexadecimal of that address: AC.10.1E.38
Class A: network.host.host.host
Class B: network.network.host.host
Class C: network.network.network.host
Class D: multicast
Class E: research
● Class A Range: 1.0.0.1 - 126.255.255.254
● Class B Range: 128.1.0.0 - 191.255.255.254
● Class C Range: 192.0.1.1 - 233.255.254.254
● Class D Range: 224.0.0.0 - 239.255.255.255
● Class E Range: 240.0.0.0 - 254.255.255.255
Network address of all 0’s: 0.0.0.0 – broadcast within a network
Network address of all 1’s: 255.255.255.255 – broadcast to all networks
Host address of all 0’s – interpreted to mean “network address” or any host on a specified network
Host of all 1’s – interpreted to mean “all hosts” on a specified network
127.0.0.1 – reserved for loopback tests – *ping this address on a host PC if the workstation is having
issues connecting to the network
IPv6 addressing: global prefix| subnet | interface ID
Example: 2001:0db8:3c4d:0012:0000:0000:1234:56ab
Extended unique identifier (EUI)-64- allows a host to automatically assign itself a unique 64-bit IPv6
interface identifier without the need for manual configuration or DHCP

IP Subnetting and NAT

Default subnet masks

● Class A: network.host.host.host 255.0.0.0

● Class B: network.network.host.host 255.255.0.0
 ● Class C: network.network.network.host 255.255.255.0
255.0.0.0 = 11111111.0000000.0000000.00000000 = /8
8 bits are turned on (network=8 bits; host=24 bits)
Switching to 255.255.255.0 as a subnet mask for a class A address allows for more subnets and less
wasted IP addresses (using the class A default subnet mask would lead to a subnet that could host
millions of subnets, which is impractical and would lead to potentially millions of wasted subnets); with
255.255.255.0, you get 11111111.11111111.11111111.00000000, which would yield the 16 bits that are
now turned on as the subnet (subnet=16 bits), while leaving the host with 8 bits, and the network
address remains the same with 8 bits.
The Power of Two Subnetting tables:
28 27 26 25 24 23 22 21

256 128 64 32 16 8 4 2

216 215 214 213 212 211 210 29

65,536 32,768 16,384 8,192 4,096 2,048 1,024 512

2x=number of subnets; x= the number of subnet bits (or 1’s).

2x-2=number of hosts per subnet. X= the number of unmasked bits, 0s.
Subnetting example: 10.1.1.0 /24
Write out the bits: 11111111.11111111.11111111.00000000 (24 bits turned on as specified in the /
notation)
Since it’s a class A address, the first 8 bits are dedicated to the network address
the rest of the bits that are turned on are dedicated to the subnet; so, the total subnets=16 bits.
16 bits= 216= 65,536 possible networks that can be created.
From there, calculate the number of hosts that can be used for each subnet.
So, hosts per subnet = 8 bits. 8 bits = 28-2 = 256-2 = 254 hosts per subnet.
Another subnetting example: 192.168.11.0 /26
11111111.11111111.11111111.11000000
22 = 4 subnets
26-2 = 64-2 = 62 hosts per subnet

Subnet 0 128

First host 1 129

Last Host 126 254

Broadcast 127 255

*example for a two-subnet network

CIDR value Mask #of Bits activated Block Size #of Subnets and Hosts
/25 128-mask 1 bit on (1000000) 128 2 subnets, each with 126 hosts

/26 192-mask 2 bits on (1100000) 64 4 subnets, each with 62 hosts

/27 224-mask 3 bits on (11100000) 32 8 subnets, each with 30 hosts

/28 240-mask 4 bits on (11110000) 16 16 subnets, each with 14 hosts

/29 248-mask 5 bits on (11111000) 8 32 subnets, each with 6 hosts

/30 252-mask 6 bits on (11111100) 4 64 subnets, each with 2 hosts

Subnet Mask CIDR value Binary Decimal

255.0.0.0 /8 00000000 0

255.128.0.0 /9 10000000 128

255.192.0.0 /10 11000000 192

255.224.0.0 /11 11100000 220

255.240.0.0 /12 11110000 240

255.248.0.0 /13 11111000 248

255.252.0.0 /14 11111100 252

255.254.0.0 /15 11111110 254

255.255.0.0 /16 00000000 0

255.255.128.0 /17 10000000 128

255.255.192.0 /18 11000000 192

255.255.224.0 /19 11100000 220

255.255.240.0 /20 11110000 240

255.255.248.0 /21 11111000 248

255.255.252.0 /22 11111100 252

255.255.254.0 /23 11111110 254

255.255.255.0 /24 00000000 0

255.255.255.128 /25 10000000 128

255.255.255.192 /26 11000000 192

255.255.255.224 /27 11100000 220

 255.255.255.240 /28 11110000 240

255.255.255.248 /29 11111000 248

255.255.255.252 /30 11111100 252

IP Routing & Routing Protocols

show ip route (or: sh ip route) – entered on a router will show the routing table (map of the
internetwork)
show ip arp (or: sh ip arp) – displays the ARP cache on a router

Routing

Static Routing Dynamic Routing

EGP
IGP Protocol:BGP

Distance Vector Link State

Protocols: RIPv1 & Protocols: OSPF, IS-IS (intermediate
2, IGRP system-to-intermediate system)

Hybrid
Protocols: EIGRP/BGP

Routing Description
Protocol (by
class)

Distance Finds the best path to a remote network by judging distance (hops) This includes
Vector RIP, RIPv2, and IGRP

Routing Sends the routing table to all active interfaces every 30 seconds. Hop count is the only
Information determinant to determine the best way to route to a remote network; has a max hop
 Protocol count of 15 hops, due to routing loop issues; uses classful routing only (all devices on
(RIP) the network must be in the same subnet mask for each specific address class);
broadcast based; no VLSM network support; no authentication; no support for
discontiguous networks; uses the Bellman-Ford algorithm; uses a flat network (non-
hierarchical)

RIPv2 Allows for classless routing; uses the same timers and loop-avoidance schemes as
RIPv1; also has a 15-hop limit; uses multicast 224.0.0.9; supports VLSM networks and
discontiguous networks

Link State A classless protocol that maintains two additional tables aside from the routing
table: the neighbor table (maintained through the use of hello packets that are
exchanged by all routers to determine which other routers are available to
exchange routing data with; all routers that can share routing data are stored in this
table), and the topology table (built and sustained through the use of link state
advertisements or packets (LSAs or LSPs) and includes a listing for every destination
network plus every neighbor (route) through which it can be reached; essentially,
it’s a map of the entire internetwork). With all this data compiled, the routing
protocol runs the Shortest Path First (SPF) algorithm to compare it all and
determine the best paths to each of the destination networks.

OSPF An open-standard (multi-vendor deployable) routing protocol that works by using the
Dijkstra algorithm. First, a shortest-path tree is constructed, then the routing table is
populated with the resulting best paths. It converges quickly (not as fast as EIGRP),
and supports multiple, equal-cost routes to the same destination. It supports IPv4 and
IPv6, but separate databases and routing tables must be maintained. It has an
unlimited hop count, supports VLSM/CIDR, highly scalable, minimizes routing update
traffic, and uses a loopback (logical) interface. OSPF uses bandwidth as the path
metric rather than hops, and uses a hierarchical network (using areas). The areas
created separate the larger internetwork into smaller internetworks. It can also
connect multiple AS’s, using a router called an autonomous system boarder router
(ASBR).

Intermediate A link state routing protocol, meaning it operates by reliably flooding topology
State-to- information throughout a network of routers. Each router then independently builds
Intermediate a picture of the network’s topology, just as they do with OSPF. Packets or datagrams
State (IS-IS) are forwarded based on the best topological path through the network to the
destination. Unlike OSPF, IS-IS uses Connectionless Network Service (CLNS) to provide
connectionless delivery of data packets between routers, and it also doesn’t require
an area 0 like OSPF does. OSPF uses IP to communicate between routers instead. An
advantage of CLNS is that it can easily send information about multiple routed
protocols (IPv4 & IPv6). It’s also converges quickly, and supports VLSM. It is preferred
over OSPF by ISP’s because of its ability to run IPv4 and IPv6 without creating a
separate database for each protocol, making it more efficient for larger networks.

Hybrid Routing protocols that use a combination of elements from the distance vector and
 link state routing protocol classes.

EIGRP A classless, enhanced distance vector; EIGRP uses the concept of an AS to describe
the set of contiguous routers that run the same routing protocol and share routing
information, but unlike IGRP, EIGRP includes the subnet mask in its route updates. It
sends traditional vector distance vector updates, but it has link state characteristics,
too: it synchronizes routing tables between neighbors at startup, then sends specific
updates only when topology changes occur, making EIGRP suitable for very large
networks; it also supports IPv6, CIDR/VLSM, discontiguous networks; communication
via Reliable Transport Protocol (RTP), and best path selection via Diffusing Update
Algorithm (DUAL). EIGRP also maintains additional tables instead of just the routing
table (like distance vectors). The tables are: neighbor table, topology table, and
routing table.

BGP (EGP & The core routing protocol of the Internet. It’s an EGP, but can also be used within
Hybrid) AS’s. It’s also known as a hybrid because it is considered a path vector protocol
instead of a distance vector. ISPs use this protocol. It is used to bridge AS’s. BGP tells
about any/all networks reachable at the end of the path, and dives detailed
information on the BGP AS numbers hop by hop (called an AS path) required to reach
a specific destination network. BGP does not broadcast its entire routing table like
RIP; it updates more like OSPF. The routing table with BGP is called Routing
Information Base (RIB). It also gives a history of how the networks at the end of the
path were introduced into BGP in the first place, known as the origin code attribute.

First Hop Redundancy protocols (FHRPs) – work by giving you a way to configure more than one
physical router to appear as if they were only a single logical one.
Hot Standby Router Protocol (HSRP) – a Cisco proprietary protocol that provides a redundant gateway
for hosts on a local subnet. It allows for the configuration of two or more routers into a standby group
that shares an IP address and MAC address; uses an active router, a standby router, a virtual router, and
any other routers attached to a subnet; uses a virtual MAC address; timers: hello timer, active timer, and
a standby timer
Virtual Router Redundancy Protocol (VRRP) – also provides a redundant gateway for hosts on a local
subnet; open-standard
Variable length subnet masks (VLSMs) – allows classless routing, meaning that the routing protocol
sends subnet-mask information with route updates
Autonomous System (AS) – a collection of networks or subnets that are in the same administrative
domain; i.e. administrative domain within a company’s network. IGP operates within an AS, while EGP
operates outside or between more than one AS.
Administrative distance (AD) – used to rate the trustworthiness of routing information received on one
router from its neighboring router. It’s an integer from 0 to 255, where 0 equals the most trusted route,
and 255 essentially means “no traffic is allowed to be passed via this route”
Route Source Default AD

Connected interface 0

Static route 1
External BGP 20

Internal EIGRP 90

IGRP 100

OSPF 110

ISIS 115

RIP 120

External EIGRB 170

Internal BGP 200

Unknown 255 (this route will never be used)

Distribution routers- designed to collect data from end-user locations and redistribute them to an
enterprise location such as a company’s headquarters
Shortest Path Bridging (SPB) combines an Ethernet data path with an IS-IS link state control protocol
running between Shortest Path bridges. It is a replacement for STP that simplifies the creation and
configuration of networks, while enabling multipath routing.

Switching and VLANs

In store-and-forward switching, the switch calculates the CRC value for the packet's data and compares
it to the value included in the packet. This is the slowest type of switching mode, since the switch must
receive the entire frame before the first bit of the frame is forwarded.
In cut-through switching, the switch forwards a data packet as soon as it receives it. No error checking
or processing of the packet is performed.
In fragment-free switching, the switch scans the first 64 bytes of each packet for evidence of damage by
a collision.
Content switches are capable of making intelligent decisions about data by analyzing data packets in
real time, and understand the criticality and type of the request.
Both bridges and switches forward layer 2 broadcasts. Switches are hardware based due to using
application-specific integrated circuit (ASIC) chips to help make filtering decisions, while bridges are
software based.
Switches employ address learning, forward/filter decisions, and loop avoidance.
● Address learning- switches remember the source hardware address of each frame received on
an interface and enter this information into a MAC database known as a forward/filter table;
this allows for point-to-point connections to be made between two devices within the same
broadcast domain
● Forward/filter decisions- when a frame arrives at a switch interface, the destination hardware
address is compared to the forward/filter MAC database and the switch makes a forward/filter
decision; if the destination hardware address of a frame is known, the frame is only sent out of
the specified exit interface (called frame filtering, which preserves bandwidth); if not known (i.e.
 the device is not listed in the MAC database yet), then the frame is broadcast on all active
interfaces except the one that the frame was received from.
● Loop avoidance- redundant links can be implemented on switches for network failure
prevention, but can result in broadcast storms, thrashing the MAC (a switch that is constantly
updating the MAC filter table, preventing it from forwarding frames), and more. Spanning Tree
protocol is used to prevent these issues on layer 2 devices.
Spanning Tree Protocol (STP) (802.1d)- monitors the network to find all links and makes sure that no
loops occur by shutting down any redundant links on layer 2 devices. STP uses the spanning-tree
algorithm (STA) to first create a topology database, then it searches out and destroys redundant links.
Frames will be forwarded only on the STP-picked links. Switches transmit Bridge Protocol Data Units
(BPDUs) out all ports so that all links between switches can be found. The ports on the switches or
bridges have five different states.
● Blocking- a blocked port won’t forward frames, it just listens to BPDUs and will drop all other
frames; all ports are in a blocking state when a switch is powered up
● Listening- the port listens to BPDUs to make sure no loops occur on the network before passing
data frames; a port in listening state prepares to forward data frames without populating the
MAC address able
● Learning-the switch port listens to BPDUs and learns all the paths in the switched network; a
port in this state populates the MAC address table, but doesn’t forward data frames; forward
delay is the time it takes for a port to transition from listening to leaning mode, and is set to 15
seconds by default
● Forwarding- the port sends and receives all data frames on the bridged port
● Disabled-a non-operational port that is disabled administratively, it does not participate in STP
● STP convergence- the time it takes for all ports to have transitioned to either forwarding or
blocking modes. During this phase, no data will be forwarded until the convergence event is
complete
● Rapid STP (RSTP) (802.1w)- STP with much quicker convergence times. Under RSTP, the
disabled, blocking, and listening modes are now defined as discarding. The learning and
forwarding states remain unchanged
VLANs are used to break up broadcast domains in a pure switched internetwork, creating multiple
broadcast domains within a switch, using different ports on the switch as separate broadcast
domains. VLAN1 is the default VLAN and is typically used for VLAN management.
Access link- an access port belongs to and carries the traffic of only one VLAN. Anything arriving on
an access port is simply assumed to belong to the VLAN assigned to the port. Any device attached to
an access link is unaware of a VLAN membership- the device just assumes it’s part of the same
broadcast domain. Switches remove any VLAN info from the frame before it’s forwarded out to an
access-link device. Access-link devices can’t communicate with devices outside their VLAN unless the
packet is routed. And you can only create a switch port to be either an access port, or a trunk port.
Trunk ports- ports that can carry multiple VLANs at a time. A trunk link is a 100Mbps or 1000Mbps
point-to-point link between two switches, a switch and router, or even a switch and server, and it
carries the traffic of multiple VLANs – from 1 to 4,094 VLANs at a time. Trunking can allow you to
make a single port part of a bunch of different VLANs at the same time. This allows the potential to
set ports up to have a server in two separate broadcast domains simultaneously so users don’t have
to cross a layer 3 device to access it. Trunking also allows for information from multiple VLANs to be
carried across trunk links, but this only occurs if the switch is configured to do so. This is proprietary
to Cisco.
 Inter-Switch Link (ISL)- a way of explicitly tagging VLAN information onto an Ethernet frame. This
tagging info allows VLANs to be multiplexed over a trunk link through an external encapsulation
method (ISL), which allows the switch to identify the VLAN membership of a frame over the trunked
link. ISL functions at layer 2 by encapsulating a data frame with a new header and cyclic redundancy
check (CRC). This allows for the interconnecting of multiple switches while still maintaining VLAN
info as traffic travels between switches on trunk links. The ISL frame is removed if an access link is
used.
802.1q- created by IEEE as a standard method of frame tagging, IEEE 802.1q works inserting a field
into the frame to identify the VLAN. This is the only option to trunk between a Cisco switched link
and that of another brand. Unlike ISL, which encapsulates a frame with control information, 802.1q
inserts an 802.1q field along with tag control information. The 802.1q frame is also removed if an
access link is used.
VLAN Trunking Protocol- The basic goals of VLAN Trunking protocol are to manage all configured
networks across a switched internetwork and to maintain consistency throughout that network. VTP
allows you to add, delete, and rename VLANs- and information about those actions is then
propagated to all other switches in the VTP domain. Some features of VTP include:
● Consistent VLAN configuration across all switches in the network
● Accurate tracking and monitoring of VLANs
● Dynamic reporting of added VLANs to all switches in the VTP domain
● Adding VLANs using plug-and -play
Virtual trunk protocol alternate definition- VTP allows the synchronization of VLAN information
(like VLAN ID) with switches inside the same VTP domain. It propagates the definition of VLANs on
the whole LAN. To do this, VTP carries VLAN information to all switches in a VTP domain. VTP
advertisements can be sent over 802.1Q and ISL (inter-switch link) trunks
*VTP requires a VTP server
VTP transparent mode- gives the ability to configure switches to forward VTP info through trunk
ports, but not to accept info updates or update their VTP databases
hypervisor or virtual machine monitor (VMM)- computer software, firmware or hardware that
creates and runs virtual machines; the PC that runs the hypervisor software is the host machine, and
each virtual machine is called a guest machine

Wireless Networking
IEEE Frequency Data Notes
Committee Transfer rate

802.11a 5GHz 54Mbps

802.11ac 5GHz 1Gbps

802.11b 2.4GHz 5.5Mbps & Enhancements to 802.11 to support 5.5Mbps and

11Mbps 11Mbps

802.11e - Quality of Service

802.11f - Inter-access point protocol

802.11g 2.4GHz 54Mbps backward compatible with 802.11b

802.11h 5GHz 54Mbps Dynamic Frequency Selection (DFS) and Transmit Power
Control (TPC) additions to 802.11a

802.11n 2.4GHz & 54Mbps Higher throughput improvements via multiple-input,

5GHz multiple-output (MIMO)-multiple transmitters and
receiver antennas to increase data throughput

802.11u - Internetworking with non-802.11 networks (i.e. cellular)

*Think 802.11b/g to remember the correct frequency | *Range Comparisons on p. 390

Security Protocol Explanation

Wired Equivalent Privacy (WEP) A key (typically static) of 40-128 bits, using the
RC4 algorithm

Remote Authentication Dial-in User Service Provides authorization, centralized access, and
(RADIUS) (802.11x) accounting supervision; once RADIUS has
authenticated a user, it allows us to specify the
type of rights a user or workstation has (AAA)

Temporal Key Integrity Protocol (TKIP) (802.11i) Upgrades the WEP key to 128-bit encryption,
(WPA) Wi-fi Protected Access (WPA) or WPA2 each packet sent has a unique key by placing a
Pre-shared key 48-bit packet serial number on each packet; the
base key also changes; 802.11i (WPA2) uses AES-
CCMP encryption (Advanced Encryption
Standard-Counter Mode CBC-MAC Protocol),
allowing confidentiality (encryption) and data
integrity

Extensible Authentication Protocol-Transport EAS is a framework that enhances the existing

Layer Security (EAP-TLS) 802.1x framework, and can be used by WPA2.
This framework describes a basic set of actions
the will take place, each EAP type differs. These
variables include things like whether they use
passwords or certificates, as well as the ultimate
level of security provided. EAP-TLS is the most
secure method, but requires installing a
certificate on both the authentication server and
the client, and requires a public key
infrastructure (PKI)

Authentication and Access Control

Public Key Infrastructure (PKI)- a system that links users to public keys and verifies a user’s identity by
using a certificate authority (CA)
Kerberos- an entire security system that establishes a user’s identity when they first log on to a system
that’s running it; it employs strong encryption for all transactions and communication; the source code
for Kerberos can be freely downloaded online; it works by issuing tickets to users who log in, which
expire quickly, but are automatically refreshed as long as you remain logged in; all systems participating
in a Kerberos domain must have synchronized clocks; having redundant servers when running Kerberos
is vital
Authentication, Authorization, and Accounting (AAA)- systematized, conceptual models for managing
network security through one central location; two common implementations for this and AAAA are
RADIUS and TACACS+
Authentication, Authorization, Accounting, and Auditing (AAAA)- it is more robust than AAA
Remote authentication dial in user service (RADIUS)- an authentication and accounting service that’s
used for verifying users over various types of links, including dial-up and more; many ISPs use a RADIUS
server to store the usernames and passwords of their clients in a central spot through which
connections are configured to pass authentication requests; RADIUS servers are client-server-based
authentication and encryption services maintaining user profiles in a central database; RADIUS is also
used in firewalls; purposed that way, when a user wants to access a particular TCP/IP port, they must
provide a username and a password, the firewall then contacts the RADIUS server to verify the
credentials given; uses UDP
Terminal Access Controller Access-Control System Plus (TACACS+)- an AAA protocol and an alternative
to RADIUS; like RADIUS, it is capable of performing authentication on behalf of multiple wireless APs,
RAS servers, or even LAN switches that are 802.1x capable; TACACS+ separates user authentication and
authorization into two profiles, rather than one combined profile like RADIUS does; TACACS+ utilizes the
connection-based TCP protocol, but RADIUS uses UDP instead; TACACS+ is not compatible with TACACS;
TACACS+ is considered more secure and stable than RADIUS
HTTPS- wraps the entire communication within SSL; S-HTTP encrypts the served page data and the
submitted data like POST fields
Unified Voice Services- combines phone network with IP data traffic and video traffic; it takes voice and
video information and encapsulates it within IP packets to be transmitted on the data network; VoIP and
video streaming are two examples of this
Network Controllers- typically refers to a NIC; sometimes this term is used to describe a device that
controls admission or access to a network
Network Access Control (NAC)- a method of securing network hosts before they’re allowed to access a
network; most commonly used in wireless networking, where nodes are often added to and removed
from the network freely; one of the most common forms of NAC is IEEE 802.1x; 802.1x is an open
framework that’s designed to support multiple authentication schemes; before a client (called a
supplicant) can communicate on a wireless network, it asks the AP (or authenticator) for permission to
join and then provides its credentials; the information is then passed onto a centralized authentication
server for verification
Challenge Handshake Authentication Protocol (CHAP)- a secure authentication protocol that prevents
the username and password from crossing any wires; instead, both the client and server are configured
with the same text phrase that’s known as a shared secret; when a client sends out an authentication
request, the server responds by sending a random value (called a nonce) plus an ID value back to the
client. The client takes these two strings, sequences them with the shared secret, then generates a one-
way hash value using the MD5 encryption algorithm, the hash value is transmitted back to the server,
which performs the same algorithm using the same values and shared secret, the client gets
authenticated if the hash values match throughout this process
MS-CHAP- Microsoft’s version of CHAP that works the same way, except the shared secret is encrypted
locally; MS-CHAPv2 also allows the server to be verified by the client as well, rather than just the client
being authenticated by the server
Extensible Authentication Protocol (EAP)- an extension to PPP that provides a host of additional
authentication methods for remote-access clients; some examples include smart cards, certificates,
Kerberos, and biometric scanners
Hashes- hashing is a cryptographic process that uses an algorithm to derive a value from a set of clear
text to verify that the information came from where it says and that it has not changed, providing data
integrity and origin authentication; two of the most well-known hashing algorithms are:
Message-Digest 5 (MD5)- known to have flaws, but is still used, MD5 is a message-digest algorithm; the
hash is created from the clear text and then sent along with the clear-tax message; at the other end, a
second hash of the clear-text data is created using the same algorithm, and if the two hashes match, the
data is deemed to be unchanged
Secure Hash Algorithm (SHA)- SHA is published by the National Institute of Standards and Technology
(NIST) as a US Federal Information Processing Standard (FIPS). It operates as any hash does and is
considered superior to MD5
checksum- a count of the number of bits in a transmission unit that is included with the unit so that the
receiver can check to see whether the same number of bits arrived. If the counts match, it's assumed
that the complete transmission was received. Both TCP and UDP provide a checksum count and
verification
IPSec- in Tunnel mode, IPsec is often used with Layer Two Tunneling Protocol (L2TP). IPSec uses DES or
3DES encryption to provide data confidentiality.
Microsoft Point-to-Point Encryption (MPPE)- is often used with Point-to-Point Tunneling Protocol
(PPTP). It provides both strong (128-bit key) and standard (40- or 56-bit key) data encryptions. MPPE
requires the use of MS-CHAP, MS-CHAPv2, or EAP remote authentication, because the keys used for
MPPE encryption are derived from the authentication method
A RAS server is a combination dial-up and VPN server that can accept multiple client connections. It can
also terminate client VPN tunnels and route client traffic into the private network.

Network Threats and Mitigation

Denial of Service (DoS)- prevents users from access the network; some types are listed below
Ping of Death- a very large ICMP (rather than the standard four normal-sized ICMP packets sent during
ping requests to test if a device is responding to IP requests) packet is sent to the remote host victim,
totally flooding the victim’s buffer and causing the system to reboot or just hang; patches are available
for most OSs to prevent this attack
Unreachable Gateway- an attacker attempts to make a host’s default gateway unreachable; the end
game is to get the host to change their gateway default address to that of one controlled by the attacker
to accomplish a man-in-the-middle attack
Distributed Denial of Service (DDoS)- an amplified DoS attack, some terms pertaining to DDoS are
below:
Botnet- a group of programs connected on the Internet for the purpose of performing a task in a
coordinated manner, some botnets, such as those created to maintain control of Internet Relay Chat
(IRC) channels are legal, while other are illegally created to foist a DDoS
Traffic Spike; Coordinated Attack; SYN Flood
Smurf- a version of a DoS attack that floods its victim with spoofed broadcast ping messages
Spoofing- IP spoofing is the process of changing a source IP address so that one computer appears to be
a different computer; it’s usually done to get traffic though a firewall that would normally not be
allowed; it may also be used to access a server to which the hacker would normally be disallowed access
by their IP address; ARP spoofing (ARP Cache Poisoning), referrer spoofing (changing of an HTTP
packet), email spoofing (changing the from field) are other types of common spoofing attacks
Worm- a type of malware that does not require user assistance to spread, unlike viruses
Zero Day Attacks- antivirus files use definition files that identify known malware, and these definitions
must be constantly updated to be able to identify new viruses; new virus that have just emerged and
infect a computer are Zero Day attacks; the term can also be used for OS bugs that have not been
corrected
TEMPEST/RF Emanation- an NSA specification and NATO certification that addresses methods of spying
used on information systems, and how to protect against them
Man-in-the-Middle- attacks that happen when someone intercepts packets intended for one computer
and reads the data
Active Detection- involves constantly scanning the network for possible break-ins
Passive Detection- involves logging all network events to a file; a video camera is an example of a
passive intrusion-detection system; the counterpart to this example in networking are files that log
events occurring on the network; these systems work by examining files and data, then calculating the
checksums for each, which are stored in the log files
Proactive Defense- involves using tools to shore up network walls against attacks
Basic Forensic Concepts-
Patches and Upgrades-
Firmware Updates-
Anti-malware

Physical Security and Risk

Network-Based Firewalls- protects the entire corporate private network from the public network, it’s
typically a combination of hardware and software
Host-Based Firewalls- implemented on a single machine, usually a software implementation; host-based
solutions are not as secure as network firewalls
Next-Generation Firewall (NGFW) (Layer 7 Firewall)- part of the third generation of firewall technology,
it combines the traditional firewall with other network device functionalities, such as an application
firewall using in-line deep packet inspection (DPI) and IPS; the goal of NGFWs is to include more layers of
the OSI model, improving filtering of network traffic that is dependent on the packet contents; it can be
hardware or software based, and it is able to detect and block sophisticated attacks by enforcing
security policies at the application level, as well as at the port and protocol level
Access Control Lists (ACLs)- the first line of defense for any network connected to the internet; ACLs
reside on routers and determine by IP addresses which machines are allowed to use those routers and
in what direction; they are essentially lists of conditions that categorize packets
Port Security- Layer 2 security on the switches in the network; can be used to define a set of MAC
addresses that are allowed to access a port where a sensitive device is located; another use is to set
unused ports to only be available to a pre-configured set of MAC addresses
Demilitarized Zone- a network segment that isn’t public or local, but halfway between the two; FTP
servers, mail relay servers, and web servers are typically located in the DMZ; a standard setup typically
has two or three network cards in the firewall computer, the first goes to the internet, the second goes
to the network segment where the commonly targeted servers exist, and the third connects to the
intranet
Protocol Switching- protects data on the inside of the firewall (used to be more popular but a decreased
in popularity due to the increasing power of firewalls);
Packet filtering- firewalls look at incoming packets and apply them against a set of rules in the ACL(s); if
a packet passes, it gets sent on; if it fails, it is discarded
Dynamic Packet Filtering- packet filtering refers to the ability of a router or firewall to discard packets
that don’t meet the right criteria; firewalls use dynamic packet filtering to ensure that the packets they
forward match sessions initiated on their private side by something called a dynamic state list or state
table, which keeps track of all communication sessions between stations from inside and outside the
firewall; the list changes as sessions are added and deleted
Proxy Services- can be implemented by a firewall, making them a proxy server; proxies act on behalf of
the whole network to completely separate packets from internal and external hosts; so, if an internal
employee sends a request to an external host on the internet, the packets will go to the proxy server
first, where they are broken down, examined, and handled by an application that will create a new
packet requesting information from the external server (this occurs between applications at the
Application layer);
IP Proxy- hides the IP addresses of all the devices on the internal network by exchanging its IP address
for the address of any requesting station; sometimes called NAT Proxies
Web (HTTP) Proxy- handles HTTP requests on behalf of the sending workstation; a client’s web browser
asks a web server on the internet for a web page using an HTTP request; because the browser is
configured to make HTTP requests using an HTTP proxy, the browser sends the request to the proxy
server; the proxy server changes the From address of the HTTP request to its own network address and
sends it to the Internet web server ; the response HTTP request goes directly to the proxy; the proxy
sever then replaces its address with the address of the original sender, and the response is delivered to
the original sender
FTP Proxy- handle the uploading and downloading of files from a server on behalf of a workstation;
operates similar to HTTP proxies; like other proxies, it can filter out viruses and the like
SMTP proxy- handles internet email
Stateful Network Layer Firewalls- Network layer firewalls that keep track of the various data streams
passing through it; works by using the TCP three-way handshake; first, a client sends a packet with the
SYN bit set to the firewall, the firewall interprets this as a new connection and passes the request to the
appropriate service provider on the internal network, next the service responds with a packet that has
both the SYN and ACK bits set, finally, the client responds with a packet with only the ACK bit set; at that
point, the connection is considered established and the firewall will only allow packets in that have the
same connection identification; the established connection is logged in the state table; if there is no
data on the connection for a specified period of time, the connection will time out in the state table, any
new communication will need to be re-established based on the ACL rules; if a packet that is part of an
established connection hits the firewall, it’s passed through; new packets are subjected to the rules as
specified in the ACL; tends to be slower to establish the initial connection, but tends to work faster than
stateless firewalls from that point; these types of firewalls are better at preventing network attacks that
look to exploit existing connection, or DoS attacks;
Stateless Network Layer Firewalls- Network layer firewalls that do not monitor the status of the
connections passing through it (i.e. when packets are examined, the firewall is not aware of whether the
packet is a standalone, or if it is part of a bigger data stream); tend to be susceptible to various DoS
attacks and IP spoofing; its advantage over stateful firewalls is that it uses less memory; best suited for
use in internal networks where security threats are lower and there are fewer expectations
Application Layer Firewalls- work by inspecting more than just data in the IP header, they read data at
the Application layer; they will know whether a packet is FRP, SNMP, HTTP, or any other Application
layer protocol; the major disadvantage of this type of firewall is speed due to having to read more info;
these devices also let one set proxy rules for multiple applications on the same firewall; also handles
complex protocols such as H.323 (used for VoIP) much better than Network layer firewalls
Content Filtering- blocking data based on the content of the data rather than the source of the data;
most commonly used to filter email and website access; some content filtering categories include:
attachments, Bayesian, content-encoding, email headers, language, phrases, proximity of words to each
other, and URLs
Signature Identification- firewalls can stop attacks and problems through this process; many viruses,
network attacks, spyware, worms, and other software bugs often have signatures
Context Awareness- firewalls that have the ability to detect different applications, users, and devices,
rather than just IP addresses
Virtual Wire- an approach to controlling communications between segments; the firewall is connected
between a trusted and untrusted section of a network; to the devices connected to the firewall, it
appears that only one wire is connected between them; virtual wire firewalls do not need IP addresses;
security zones are defined on the physical interfaces of the virtual wire pair; virtual wire does neither
routing nor switching; it examines the traffic flow to perform deep packet inspection and enforces the
firewall policy
Rounded Wire- an approach to controlling communications between segments by controlling traffic
between Layer 3 segments
Zones- an individual area of a network that has been configured with a specific level of trust; firewalls
are ideal devices to regulate the flow of traffic between zones
IDS- made up of several components including one or more sensors to detect events, a console to
control and configure the sensors and monitor events, and a database that records the events; the three
elements can be on the same or multiple devices
Network-Based IDS (NIDS)- the most common implementation of a detection system; with active IDS
systems, a state called deceiving the attacker can be imposed during an attack, tricking a hacker into
thinking an attack is working, when in reality, the system is logging information to pinpoint who is
behind the attack, and what methods they are using to impose the attack
MD-IDS (misuse-detection IDS)- IDS that detects attacks or intrusions by monitoring the signature of an
intrusion
AD-IDS (anomaly-detection IDS)- looks for anomalies in the network; learns on the go and builds a
history of a network; most IDS devices today are a combination of two types of detection systems
Host-Based IDS (HIDS)- software installed on a workstation to detect abnormalities by monitoring
applications, system logs, and event logs rather than motoring network traffic; typically implemented on
servers due to the increased time it would take to manage IDSs on so many different devices
Vulnerability scanners- one of the most effective ways to determine if security holes exist in the
network is to scan systems in the eyes of a hacker to determine potential flaws in security
Nessus- a propriety vulnerability scanning program that requires a license to use commercially, yet it’s
the single most popular scanning program in use; it operates by performing a port scan, then follows up
with more specific tests and scans based on the ports open; it’s normally executed from the command
line because it can be included in batch files that can automate its operation on a schedule; its output
can be reported in many formats including: plain text, HTML, and XML; it can also perform active attacks
like DoS or dictionary attacks
Network Mapper (NMAP)- originally intended to simply identify devices on the network for creating
network diagrams, it has evolved and can perform port scanning, identify versions of network services in
operation on the network, and identify operating systems; it can also be used from the command line,
but can be used with web-based interfaces as well for remote control
Unified Threat Management (UTM)- devices that perform multiple security functions within the same
appliance including: network firewalling, network intrusion prevention, gateway antivirus, gateway anti-
spam, VPN, content filtering, load balancing, data leak prevention, and on-appliance reporting;
preferred by some due to the ability to administer many functions of multiple systems in one; some
prefer the having multiple layers of security on multiple devices, preventing having just one failure point
like with UTM
VPN Concentrators- a device that creates remote access for VPNs either for users logging in remotely, or
for a large site-to-site VPN

Wide Area Networks

WAN Connection Types-

● Dedicated (Leased) Lines- point-to-point, dedicated connections; a pre-established WAN

communications path that goes from the customer premises equipment (CPE) through the data
circuit-terminating equipment (DCE) switch and then over to the CPE of the remote site; it uses
synchronous serial lines up to 45Mbps; high-level data link control (HDLC) and point-to-point
protocol (PPP) encapsulations are frequently used on leased lines
● Circuit Switching- like phone calls, you only pay for the time you use; no data can be transferred
without an end-to-end connection being established first; dial-up modems or integrated services
digital network (ISDN) are used and circuit switching is used for low-bandwidth data transfers;
uses asynchronous serial
● Packet Switching- not ideal for continuous data transfers, packet switching works like dedicated
lines, but with the price charging of circuit switching; ideal for burst transfers; Frame Relay and
the old X.25 are packet switching technologies with speeds ranging from 56Kbps up to T3
(45Mbps); also uses synchronous serial

Synchronous serial- a serial communication protocol in which data is sent in a continuous stream at a
constant rate; it requires the clocks used in transmitting and receiving devices are synchronized so the
receiver can sample the signal at the same time intervals used by the transmitter; no start or stop bits
are requires
Asynchronous serial- the data stream contains synchronization information in the form of start and stop
signals, before and after each unit of transmission
T-Series Connections: digital connections that you can lease from the telephone company; they can use
copper pairs (like regular phone lines), or they can be brought in as part of a backbone (which is called a
trunk line); they use time-division multiplexing (TDM) to divide the bandwidth into channels of equal bit
rate

Connection Maximum Speed DS0 Channels

T1 1.544Mbps 24

T1C 3.152Mbps

T2 6.312Mbps

T3 44.736Mbps 672

T4 274.176Mbps

E-Series connections: the European equivalent to T-Series connection. One T3 is 28 T1’s, one E3 is 16
E1’s; E1 uses 32 64Kbps channels (32 DS0s)

Connection Maximum Speed

E1 2.048Mbps

E3 34.368Mbps

Connection Maximum Speed

J1 1.544Mbps

J3 32.064

T1 Connection- uses Digital Signal 1 (DS1) bit patterns to transmit packets; aggregates 24 discrete,
64Kbps channels that use DS0, which refers to the time slots within a channel; every channel can carry
either voice or data
T3 Connection- uses DS3, which is generally delivered over fiber-optic cables; typically used by large
multinational companies and next-tier ISPs
SONET: Synchronous Optical Network- the standard for synchronous data transmission on optical fiber
in the US (the international equivalent is Synchronous Digital Hierarchy (SDH)); defines a base data rate
of 51.84Mbps, and multiples of this rate are known as optical carrier (OC) levels
Common optical carrier levels (OC-x):

Level Data Rate

OC-1 51.84Mbps
OC-3 155.52Mbps

OC-12 622.08Mbps

OC-48 2.488Gbps

OC-192 9.953Gbps

Channel Service Unit/Data service unit (CSU/DSU)- a Layer 1 device that connects the serial ports on
your router to the provider’s network and connects directly to the demarcation point; these devices can
be external, or they can be internal cards on the router; the CSU/DSU provides clocking of the line to the
CPE (typically a router); and provides important options, like voltage regulation
Demarcation point- a demarc is the precise spot where the service provider’s or local exchange carrier’s
responsibility ends, and the CPE begins; it’s generally a device in a telecommunications closet owned
and installed by the telecommunications company (telco); it is your responsibility to cable (called
extended demarc) from this box to the CPE, which is usually a connection to a CSU/DSU or ISDN
interface
Local Loop- a cable consisting of a pair of copper wires called the local loop connects the demark to the
closest switching office (central office or CO)
Toll Network- a trunk line inside a WAN provider’s network; it’s a collection of switches and facilities
owned by the ISP
Multiplexing- a method by which multiple analog or digital signals are combined into one signal over a
shared medium
Wavelength Division Multiplexing (WDM)- a technology that multiplexes several optical carriers on a
single optical fiber by using different wavelengths (the use of different wavelengths of the light
spectrum is somewhat similar to using different frequencies in a radio wave)
Dense Wavelength Division Multiplexing (DWDM)- multiplexes within a specific band (1550 nm),
allowing for the use of erbium-doped fiber amplifiers (EDFAs) that boost signal; this allows for upgrading
the bit rate of a single strand line by simply replacing equipment at either end of the line. The system
consists of: a DWDM terminal multiplexer, and intermediate line repeater (every 80-100 km),
intermediate terminal multiplexer (remote amplification site), and a DWDM terminal de-multiplexer; fits
40-plus channels into one line of transmission; measured/defined in frequencies
Coarse Wavelength Division Multiplexing (CWDM)- uses larger chunks of the light spectrum, and is
defined by wavelengths, whereas DWDM is defined by frequencies and fits 40-plus channels into the
same frequency range used by just 2 CWDM channels; CWDM is useful because it can match the basic
capabilities of DWDM at a lower capacity at a significant discount
Passive Optical Network (PON)- also called fiber to the premises, PON is a point-to-multipoint
technology with a single fiber strand used for multiple premises (typically 16-28); unpowered optical
splitters are used in the process and are the reason for using the term passive; the system consists of an
optical line termination (OLT) at the telco’s office and a number of optical network units (ONUs) near
end users; these systems typically have downlink speeds of 155Mbps to 655Mbps and uplink bursts to
155Mbps
digital subscriber line (DSL) technology- a physical layer transmission technology like dial-up, cable, or
wireless; deployed in the last mile (basically the same as a local loop and defines the physical connection
from the customer to the first aggregation device of the provider network) of a local telephone network
or local loop
digital subscriber line access multiplexer (DSLAM)- a device located at the provider’s CO that
concentrates connections from multiple DSL subscribers
xDSL- a family of technologies that have become popular for data transmission over phone lines because
it uses regular PSTN phone wires to transmit digital signals; it’s extremely inexpensive; the x refers to
different DSL types; xDSLs use high-frequency signals, whereas regular phone calls use low-frequency
signals over the same lines; communicating via xDSL requires an interface to a PC. All xDSL
configurations require a DSL modem (an endpoint) and a NIC
High Bit-Rate Digital Subscriber Line (HDSL)- the first DSL technology to use a higher-frequency
spectrum of copper twisted-pair cables; it was typically used to interconnect local-exchange carrier
systems and to carry high-speed corporate data links and voice channels using T1 lines; it was developed
as a better technology for high-speed, synchronous circuits
Symmetric (same upload and download speed) Digital Subscriber Line (SDSL)- provides T1/E1 types
speeds symmetrically for both uploading and downloading data. But doesn’t allow low-frequency phone
calls on the same line as asymmetric digital DSL (ADSL) does; typically used by small to medium-sized
business that don’t require the higher performance of a leased line for connecting to a server
Very High Bit-Rate Digital Subscriber Line (VDSL)- provides faster data transmission over single, flat,
untwisted or twisted copper wire pairs; it is capable of supporting high-bandwidth applications like
HDTV and telephone services like VoIP and general Internet access over a single connection; it’s
deployed over existing wiring using POTS and lower-speed DSL connections; VDSL2 utilize bandwidths of
up to 30MHz to provide data rates exceeding 100Mbps both upstream and downstream; the maximum
bit rate achieved at a range of about 300 meters
Asymmetric digital subscriber line (ADSL)- has become the most popular xDSL because it focuses on
providing reasonably fast upstream transmission speeds (768Kbps) and very fast downstream
transmission speeds of up to 9Mbps (ADSL2+ can get up to 20Mbps); ADSL works on a single phone line
without losing voice call capability due to a splitter that enables the use of multiple frequencies on a
POTS line
Cable Modems- refers to being able to provide voice and data, plus analog and digital video; typically
provides a max of 20Mbps (sometimes sold at a theoretical rate of 50Mbps); the connection and band
width is shared with other subscribers; the connections typically are shared with 2,046 to 4,094 hosts
per cable network connection (the IP address for cable connections is typically in the /20 or /21 subnet
mask of a Class B address); Cable Internet access requires the installation of a cable television
connection and a cable modem to provide users with high-speed Internet access. Cable is a contention-
based medium, which means that bandwidth is impacted by the number of nodes within the group. If a
lot of people are using the Internet at the same time, speed is usually affected.
Headend- the place where all cable signals are received, processed, and formatted; the signals are then
transmitted over the distribution network from the headend
Distribution Network- relatively small service areas that usually range from 100 to 2,000 customers;
typically composed of a mixed, fiber-coaxial, or hybrid fiber-coaxial (HFC) architecture, with optical fiber
substituting for the distribution network’s trunk portion; the fiber forms both the connection from the
headend and an optical node that changes light to radio frequency (RF) signals that are then distributed
through a coaxial cable throughout the specific service area (i.e. a SOHO)
Data over Cable Service Interface Specifications (DOCSIS)- provides the interface requirements for a
data-over-cable system, including that of high-speed data transfer to a existing cable TV system; all cable
modems and similar devices have to measure up to this standard
Metro Ethernet- a MAN that’s based on Ethernet standards and can connect a customer to a larger
network and the Internet; if available, businesses can use Metro Ethernet to connect their offices
together, MPLS-based Metro Ethernet networks use MPLS in the ISP by providing an Ethernet or fiber
cable to the customer as a connection; from the customer, it leaves the Ethernet cable, jumps onto
MPLS, and then Ethernet again on the remote side
Integrated Services Digital Network (ISDN)- a digital, point-to-point, dial-up WAN technology capable of
maximum transmission speeds of about 2Mbps (primary rate interface (PRI)), although speeds of
128Kbps (basic rate interface(BRI)) are more the reality within a SOHO environment; uses the same UTP
wiring as POTS, yet it can transmit data at much higher speeds, but instead of carrying an analog voice
signal, ISDN carries digital signals; a terminal adapter (TA) is required; it has two types of channels, the
data is carried on Bearer Channels (B channels) which can carry 64Kbps of data. A BRI ISDN line has 2 B
channels, and a PRI ISDN has 23. Via TDM, one channel can be used for voice, while another can be used
for data transmission; the other type of channel in ISDN is also multiplexed onto only one copper pair,
it’s used for call setup and link management and is known as the signaling channel, D channel, or Delta
channel. It only has 16Kbps of bandwidth for BRI and 64Kbps in PRI. To maximize throughput, the two B
channels are often combined into one data connection for a total bandwidth of 128Kbps, known as
Bandwidth on Demand Interoperability Group (BONDING) or inverse multiplexing. It’s outdated and
obsolete to DSL or Cable, and is more expensive than POTS
Frame Relay- a technology in which variable-length packets are transmitted by switching; packet-
switching involves breaking messages into chunks at the sending device
Bandwidth specifications for Frame Relay:
Access rate- the maximum speed at which the Frame Relay interface can transmit
Committed Information Rate (CIR)- the maximum bandwidth of data guaranteed to be delivered; in
reality, it’s the average amount that the service provider will allow you to transmit, based upon what
you purchased
Frame Relay (continued)- if the Access rate and the CIR are the same, the Frame Relay connection is
pretty much just like a leased line; Frame Relay uses virtual circuit as opposed to the actual circuits that
leased lines use, these virtual circuits are what link together the thousands of devices connected to the
provider’s “cloud”; Frame relay is a WAN protocol that functions at the Physical and Data Link layers
(Layers 1 and 2) of the OSI model. It is a packet-switched technology that allows transmission of data
over a shared network medium and bandwidth using virtual circuits. As virtual circuits consume
bandwidth only when they transport data, each device can use more bandwidth and transmit data at
higher speeds. Frame relay provides reliable communication lines and efficient error-handling
mechanisms that discard erroneous data frames. Frame relay uses traffic shaping and congestion
management techniques, with upstream routers (configured as frame relay switches) matching the
speed of the next hop, and even discarding lower priority traffic, if necessary. Because of its “bursty”
nature, frame relay was not originally suited for real-time voice or video, although later developments
sought to remedy this. Frame relay can still be found in some networks, but has largely been replaced by
MPLS VPNs.
Point-to-Point Protocol- a data link layer protocol that can be used over either asynchronous serial (dial-
up) or synchronous serial (ISDN) media; it relies on Link Control Protocol (LCP) to build and maintain
data-link connections; network Control Protocol (NCP) enables multiple network layer protocols (routed
protocols) to be used on a point-to-point connection; the basic purpose of PPP is to transport layer 3
packets across a Data Link layer point-to-point link, and it’s nonproprietary; PPP protocol stack is
specified at the Physical and Data Link layers only. NCP is used to allow communication of multiple
Network layer protocols by identifying and encapsulating the protocols across a PPP data link
PPP Protocol Stack elements:
EIA/TIA-232-C, V.24, V.35, and ISDN: a physical layer international standard for serial communication
HDLC: a method for encapsulating datagrams over serial links
LCP: a method of establishing, configuring, maintaining, and terminating the point-to-point connection;
also provides authentication, compression, error detection, multilink. And PPP callback
NCP: a method of establishing and configuring different Network layer protocols for transport across the
PPP link; it’s designed to allow the simultaneous use of multiple Network layer protocols; two examples
are internet protocol control protocol (IPCP) and Cisco Discovery Protocol Control Protocol (CDPCP)
Asynchronous Transfer Mode (ATM)- designed to be a high-speed communications protocol that
doesn’t depend on any specific LAN topology. It uses a high-speed cell-switching technology that can
handle data as well as real-time voice and video. This protocol breaks up transmitted data into 53-byte
cells (a cell is analogous to a packet or frame, except that an ATM cell is always fixed in length and is
relatively small and fast, whereas a frame’s length can vary); ATM switches cells through an ATM
network by setting up a virtual connection between the source and destination nodes; the cells may go
through multiple switching points before ultimately arriving at their final destinations; like Frame Relay,
ATM is a connection-oriented service, in contrast to most data link protocols; data rates are scalable and
start at 1.5Mbps, with speeds of 25, 51, 100, 155.52Mbps and higher.
Multiprotocol label switching (MPLS)- a data-carrying mechanism that emulates some properties of a
circuit-switched network over a packet-switched network; it’s a switching mechanism that imposes
labels (numbers) to packets and then uses them to forward the packets; the labels usually correspond to
a path to layer 3 destination addresses, which is on par with IP destination-based routing; MPLS was
designed to support the forwarding of protocols other than TCP/IP; in larger networks, the result of
MPLS labeling is that only the edge routers perform a routing lookup, all the core routers forward
packets based on the labels, which makes forwarding the packets through the service provider network
faster (this is a big reason for most companies replacing their Frame Relay networks with MPLS ones);
you can use ethernet with MPLS to connect to a WAN, called Ethernet over MPLS, or EoMPLS
Global System for Mobile Communications (GSM)- a standard developed by the European
Telecommunications Standards Institute (ETSI); it’s the default global standard for mobile
communications and enjoys over 90 percent market share; 2G is available in over 219 countries; 1G was
a voice-only analog network; 2G marked the switch to digital, and allowed for voice and text; 4G allows
for high-speed voice and data
Code division multiple access (CDMA)- a channel access method that’s used by various radio
communication technologies; CDMA offers multiple access, where several transmitters can send
information simultaneously over a single communication channel, allowing several users to share a band
of frequencies; to make this work without a bunch of interference between users, CDMA relies upon
spread-spectrum technology and a special coding scheme in which each transmitter is assigned a unique
code; takes the entire allocated frequency range for a given service and multiplexes information for all
users across the spectrum range at the same time
Time division multiple access (TDMA)- divides each cellular channel into three time slots in order to
increase the amount of data than can be carried
Evolved High Speed Packet Access (HSPA+)- considered a 3.5 generation technology; it includes an all-IP
architecture, which is one of 4G’s requirements; has downlink speeds of 3Mbps to 4Mbps and uplink
speeds of 1Mbps to 2Mbps
World Wide Interoperability for Microwave Access (WiMAX)- considered a true 4G technology, and it’s
based on the IEEE 802.16 standard; it supports both fixed, tower-to-tower applications and mobile
applications; it was originally designed as a last-mile technology to deliver Internet to areas where
implementing landlines wasn’t possible as an alternative to DSL and cable; it’s not compatible with 2G
and 3G; it’s also pricey and requires lots of power; it also lags behind LTE in speed; it has downlink
speeds of 5Mbps to 6Mbps, and uplink speeds of 2Mbps to 3Mbps
Long Term Evolution (LTE)- the most promising of the emerging 4G technologies; it uses an all-IP-based
core, offers the highest data rates, and is compatible with 3G and WiMAX; has the best indoor coverage
while maintaining high data rates all the way to the edge of the coverage cell; it can also accommodate
more devices in a given area; it has downlink speeds of 7Mbps to 12Mbps, and has downlinks speeds of
3Mbps to 5Mbps; LTE is a radio technology for wireless broadband access. It offers data rates about 100
times faster than 3G networks, a downlink rate that exceeds 100 Mbps, and an uplink rate of more than
50 Mbps. LTE is backwards compatible with GSM and HSPA. LTE is a radio technology, and does not
transmit over satellites or fiber optic cabling.
Internet of Things (IoT):
Advanced and Adaptive Networking Technology (ANT+)- part of the PAN, it is a wireless protocol for
monitoring sensor data such as a person’s heart rate or a bicycle’s tire pressure, as well as the control of
systems like indoor lighting or a TV set; it’s designed for collection and transfer of sensor data and the
integration of remote control systems; it’s based on the ANT protocol, and it is designed and maintained
by the ANT+ Alliance, which is owned by Garmin; the nodes in the network can act as transmitters,
receivers, or transceivers to route traffic to other nodes; they can also determine when to transmit
based on the activity of neighboring nodes; it uses the 2.4 GHz frequency (same as Bluetooth), but the
data transfer rate is slower; it’s designed for low bit-rate and low power sensor networks, and it works
at short distances (typically less than 5 ft.); Bluetooth, on the other hand, was designed for relatively
high bit-rate, higher battery consumption applications such as those for streaming sound
Z-Wave- a wireless communication technology that is used in security systems and also business and
home automation; it is often used in locks, security systems, lighting, heating, and cooling home
appliances; Z-wave communications use low-poer radio signals in the 900 MHz range, separated from
Wi-Fi; the system supports automatic discovery of up to 230 devices per controller, and multiple
controllers can also communicate with one another and pass commands to support additional devices; it
is optimized for low latency, with data rates of up to 100KBps

Troubleshooting Tools
*entering the /? Switch after a command gives information on all the switches available for that
command*
ipconfig (ifconfig in Unix)- displays the current TCP/IP configuration on a given workstation including the
IP address, DNS configuration, WINS configuration, and default gateway; /all can display much more info
including the DHCP lease times, DNS addresses, MAC addresses about each interface; /renew renews
the IP configuration and is valuable in getting updated IP configuration info if you change networks as it
will connect you to a different DHCP sever that’s available; /release will release your IP configuration
information given from a DHCP server, sometimes necessary if you try to renew the workstation’s IP
configuration after changing network locations, but it doesn’t update after using the /renew switch
ping- -t for continuous ping, -a resolve IP address to host name
arp- -a displays the workstation’s ARP table; -g is the same as -a; useful for resolving duplicate IP
addresses; you should not see IP addresses in the ARP table for a given interface that aren’t members of
the same IP subnet as the interface;
nslookup (dig in Unix)- allows you to query a name server and quickly find out which name resolves to
which IP address
HOSTS table- similar to DNS, except its entries are static for each and every host and server
mtr (pathping)- mtr, or my traceroute, is a computer program that combines the functions of the
tracerout and ping utilities in a single network diagnostic tool; it also adds round-trip time and packet
loss to the output; mtr probes routers on the route path by limiting the number of hops individual
packets are allowed to travers and listening to news of their termination; only installed on Unix or Linux
PCs, 3rd party apps are required to run this program on a Windows PC; Windows version of mtr is
pathping
route print- the biggest reason for manipulating the routing table on a Windows server is to create a
firewall; this command displays the routing table on a host device, and its switches allow one to
manually add, modify, and delete route
nbtstat- NetBIOS statistics; allows one to track NetBIOS over TCP/IP statistics, display the details of
incoming and outgoing NetBIOS over TCP/IP connections, and resolve NetBIOS names; proprietary to
Windows machines; the switches are listed below (the lowercase switches deal with NetBIOS names of
hosts and the uppercase ones deal with the TCP/IP addresses of hosts):
-a switch- will give one a remote machine’s NetBIOS name table consisting of a list of every NetBIOS
name the machine from which you’ve deployed the switch knows of
-A switch- works the same as the -a switch, but the host’s IP address is entered with the command
instead of its NetBIOS name
-c switch- displays the local NetBIOS name cache on the workstation it’s running on
-n switch- gives the local NetBIOS name table on a Windows device
-r switch- tells exactly how many NetBIOS names have been resolved to TCP/IP addresses; likely the
switch to be used most with this command; comes in handy when you want to determine how a
workstation is resolving NetBIOS names and whether WINS is configured correctly, when WINS isn’t
configured correctly or not being used, the resolved/registered by name server fields will always be zero
-R switch- used to purge the NetBIOS name table cache and reload the LMHOSTS file into memory; ideal
for a situation where you have a bad name in the NetBIOS name cache, nut the right name is in the
LMHOSTS file instead (the LMHOSTS file contains NetBIOS names of stations and their associated IP
addresses)
-S switch- displays the NetBIOS sessions table that lists all NetBIOS sessions to and from the host from
which you issued the command; displays both workstation and server sessions, but lists remote
addresses by IP address only
-s switch- produces the same output as nbtstsat -S except that it will also attempt to resolve remote-
host IP addresses into hostnames
netstat- good for looking at the inbound and outbound TCP/IP connections on a machine, can also bbe
used to view packet statistics like how many packets have been sent and received, the number of errors,
and so on;
-a switch- displays all connections and listening ports
-e switch- displays ethernet statistics; can be combined with the -s switch
-r switch- displays the current route table for a workstation
- s switch- displays a variety of TCP, UDP, IP, and ICMP protocol statistic
-p switch- a modifier that’s usually used wit the -s switch to specify which protocol statistics to list in the
output (IP, TCP, UDP, or ICMP): i.e: netstat -s -p ICMP or netstat -s -p IPV6
-n switch- a modifier for the other switches; when used with them, it reverses the natural tendency of
netstat to used names instead of network addresses
ftp command-
telnet utility- telnet a virtual terminal protocol utility that allows you to make connections to remote
devices, gather information, and run programs; in today’s Windows environments, Telnet is a basic
command-line tool for testing TCP connections; you can Telnet to any TCP port to see if it’s responding-
something that’s especially useful when checking SMTP and HTTP ports; SSH should be used instead of
Telnet
Software and Hardware Troubleshooting
Baseline- the standard level of performance of a certain device or to the normal operating capacity for a
whole network
SNMP- used to gather information from and send settings to devices that are SNMP compatible; gathers
data by polling the devices on the network from a management station at fixed or random intervals;
uses UDP to transfer messages back and forth between the management system and the agents running
on the managed devices; inside the packets
SNMP has three versions
SNMPv1- supports plaintext authentication with community strings and uses only UDP
SNMPv2c- Supports plaintext authentication with MD5 or SHA with no encryption, but provides GET
BULK, which is a way to gather many types of information at once and minimize the number of GET
requests. It offers a more detailed error message reporting method, but it’s not more secure than v1. It
uses UDP even though it can be configured to use TCP.
SNMPv3- Supports strong authentication with MD5 or SHA, providing confidentiality (encryption) and
data integrity of messages via DES or DES-256 encryption between agents and managers. GET BULK is a
supported feature of SNMPv3, and this version also uses TCP
syslog- a syslog server stores messages from you and can time-stamp and sequence log messages, it’s
the best way to see what’s going on with a company’s network at a particular time; reading system
messages from a switch’s or a router’s internal buffer is the most popular and efficient method of seeing
what going on with the network at a particular time; syslog allows one to display, store, and search
messages
Security information and event management (SIEM)- a term for software products and services
combining security information management (SIM) (used to describe long-term storage, analysis, and
reporting of log data) and security event management (SEM) (SEM is typically used to describe the
management that deals with real-time monitoring and correlation of events, notifications, and console
views); SIEM technology provides real-time analysis of security alerts generated by network hardware
and applications; can be a software solution or a hardware appliance, or even sold as managed services;
SIEM can collect useful data about data aggregation, correlation, alerting, dashboards, compliance,
retention, and forensic analysis
looking glass sites- looking glass (LG) servers can be accessed remotely to view routing information; they
are servers on the internet that run Looking Glass software that is available to the public; the servers are
essentially read-only portals to the router belonging to the organizations running them; this essentially
just provides a ping or traceroute from a remote location for you
loopback plug- a loopback test is a diagnostic procedure in which a signal is transmitted and returned to
the sending device after passing through all or a portion of a network or circuit, the returned signal is
compared with the transmitted signal to evaluate the integrity of the equipment or transmission path; a
computer needs a loopback plug that is inserted into a port in order to perform a loopback test; they are
made for both ethernet and fiber applications
wire-map tester- a device that transmits signals through each wire in a copper twisted-pair cable to
determine if it’s connected to the correct pin at the other end; it’s the most basic test for twisted-pair
cables because the eight separate wire connections involved in each cable run are a common source of
installation errors; they detect transposed wires, opens (broken or unconnected wires), and shorts
(wires or pins improperly connected to each other); it essentially consists of a remote unit that you
attach to the far end of a connection and a battery-operated, handheld main unit that displays the
results
continuity test (line tester)- even simpler and less expensive that a wire-map tester; it’s designed to
check a copper cable connection for basic installation problems like opens, shorts, or crossed pairs
protocol analyzer- analyzes protocols and can actually help you troubleshoot problems, unlike packet
sniffers, which just provide information for you to decipher by looking at all traffic on a network
segment; protocol analyzers can help detect and identify malware, help troubleshoot hard-to-solve
problems, help gather information such as baseline traffic patterns and network-utilization metrics, help
identify unused protocols so that they can be removed from the network, provide a traffic generator for
penetration testing, and even possible work with an IDS
certifiers (certification testers)- used to determine whether your network meets specific International
Organization for Standardization (ISO) or Telecommunication Industry Association (TIA) standards (cat
5e, 6, or 7); it’s a combination cable tester and network analyzer; they will typically test the performance
and response times of network resources like web, file, email, and even DNS and DHCP servers
time-domain reflectometer (TDR)- a tool that finds and describes faults in metallic cables like twisted
pair and coaxial cables; for optical fiber, an optical TDR (OTDR) is needed; it works similar to radar, it
transmits a short rise time pulse along the conductor, and if it turns out to be a uniform impedance and
properly terminated, the entire transmitted pulse is absorbed in the far-end termination; no signal is
reflected back to the TDR; any impedance interruptions will cause some of the incident signal to be sent
back toward the source, indicating an issue; it can be used to verify speed and condition of the cable,
how long it takes to send a signal down a cable and how long it takes to come back, cable impedance
characteristics, splice and connector locations and their associated loss amounts, and estimated cable
lengths; it’s measured in time
OTDR- works like a TDR; works by putting out a series of optical pulses into the specific fiber you want to
test; from the same end that sent these impulses, it collects and measures the light that is scattered and
reflected along the length of the fiber; it then records the change in the amount of refraction at various
points; it gives info on the fiber’s estimated length, the overall attenuation, including splice and mated-
connector losses, and the location faults, such as breaks
toner probe (tone generator)- a simple copper cable tester that is be used to trace a wire in the wall; it
is a two-piece unit that’s basically a tone generator and probe; it consists of one part that is connected
to a cable with a standard jack, or an individual wire with alligator clips that transmit a signal over the
cable or wire, and another part that a pen-like probe that emits an audible tone when it touches the
other end of a cable, wire, or even its insulating sheath
butt set- a portable telephone that allows you to test analog wet or dry lines and is used to monitor
those lines (often used by telco guys on the telephone poles; another tool that will take the place of a
butt set is a hound (a device that is nothing more than an inductively coupled amplifier with a small
speaker in a handheld tool; it’s used to monitor the audio on a given line to verify that you have the
right pair before connecting it and it’s typically used with a toner probe)
punch-down tool- used to terminate twisted-pair cable; it punches down the wire into some kind of
insulation displacement connector (IDC); IDCs make contact by cutting through, or displacing, the
insulation around a single conductor inside a twisted-pair cable

Network Troubleshooting
SSS checklist- check to ensure login procedures and rights, look for link lights and collision lights, check
all power switches, cords, and adapters, look for user errors
Copper Cabling issues: incorrect termination/bad wiring/bad connector, crosstalk (signal bleed
between two adjacent wires that are carrying a current), near-end/fare-end crosstalk (crosstalk that
relates to the EMI bled from a wire to adjoining wires where the current originates; this point has the
strongest potential to create crosstalk issues because the crosstalk signal itself degrades as it moves
down the wire), attenuation/DB loss/distance limitation (much worse for copper than optical fiber),
collisions, shorts ( happens when the current flows through a different path within a circuit than it’s
supposed to; usually caused by some type of physical fault in the cable), open impendence mismatch
(echo), interference/cable placement (EMI and RFI-radio interference occur when signals interfere with
the normal operation of electronic circuits, this can occur due to lighting, TVs, two-way radios, cell
phones, and radio transmitters), split pairs (a wring error where two connections that are supposed to
be connected using the two wires of a twisted pair are instead connected using two wires from different
pairs), Tx/Rx reverse (pertains to how the wire is set up when connecting a PC to a switch, which
requires that the pins on the PC end use 1 and 2 to transmit, and 3 and 6 for receiving a digital signal,
which must be reversed on a switch)
Fiber cable issues: SFP (small form-factor pluggable- a compact, hot-pluggable transceiver used to
interface a network device motherboard for a switch, router, media converter, etc. to a fiber optic or
copper cable; smaller than the GBIC and )/GBIC (gigabit interface converter; obsolete to the SFP) cable
mismatch; bad SFP/GBIC (cable or transceiver); wavelength mismatch (occurs when two different fiber
transmitters at each end of the cable are using either a longer or shorter wavelength; they must match
on both sides); fiber type mismatch (can cause wavelength issues, massive attenuation, and Db loss);
dirty connectors; connector mismatch; bend radius limitations; distance limitations
Wireless issues: interference; device saturation/bandwidth saturation; simultaneous wired/wireless
connections; configurations (incorrect encryption; incorrect, overlapping, or mismatched channels;
incorrect frequency/incompatibilities; essid mismatch; wireless standard mismatch; untested
updates); distance/signal strength/power levels; latency; bounce; incorrect antenna or switch
placement; environmental factors
Troubleshooting steps:

1. Identify the problem.

2. Establish a theory of probable cause.
3. Test the theory to determine cause.
 4. Establish a plan of action to resolve the problem and identify potential effects.
5. Implement the solution or escalate as necessary.
6. Verify full system functionality, and if applicable, implement preventative measures.
7. Document findings, actions, and outcomes.

Probable causes to network issues: port speed (pertains to the rated speed of the NIC and the device a
workstation is connected to), port duplex mismatch (full, auto, or half duplex; in environments where
hubs are not used, running full duplex on capable devices is fine; if switches are present, collisions will
result because CSMA/CD protocol is disable when running full duplex), mismatched MTU (maximum
transmission unit- the largest size packet that Is allowed across a segment; typically 1,500 bytes) (can
cause issues between routers if there is a mismatch in the configurations, resulting in a link failing to
pass traffic due to communication issues; interface is the command entered on a router to display MTU
configuration), incorrect VLAN (occurs when a port on a switch is assigned to the wrong VLAN),
incorrect IP address/duplicate IP address, wrong gateway, wrong DNS, wrong subnet mask, incorrect
interface/interface misconfiguration
Issues that likely require escalation: switching loops, missing routes, routing loops, routing problems
MTU black hole, bad modules, proxy ARP, broadcast storms, NIC teaming misconfiguration (NIC
teaming, aka load balancing/failover (LBFO) allows multiple network interfaces to be placed into a team
for the purposes of bandwidth aggregation and/or traffic failover to prevent connectivity loss in the
event of a network component failure), power failures/ power anomalies

Management, Monitoring, and Optimization

Baseline- refers to the standard level of performance of a certain device, or to normal operating
capacity for a whole network; four key components are included in baselines: processors, memory,
hard-disks (or other storage) subsystems, and network adapters or subsystems
Statement of Work (SOW)- this document spells out all details concerning what work is to be
performed, deliverables, and the timeline a vendor must execute in performance of specified work
Memorandum of Understanding (MOU)- an agreement between two or more organizations that details
a common line of action; it is often used in cases where partied do not have a legal commitment or in
situations where the parties cannot create a legally enforceable agreement; it is sometimes referred to
as a letter of intent
Master License Agreement (MLA)- an agreement whereby one party is agreeing to pay another party
for the use of a piece of software for a period of time
Service-Level Agreement (SLA)- an agreement that defines the allowable time in which a party must
respond to issues on behalf of the other party; most service contracts are accompanied by an SLA, which
often include security priorities, responsibilities, guarantees, and warranties
grounding- the electrical term for providing a path for an electrical charge to follow to return to earth;
to prevent injury to yourself when you are working with equipment, you should ensure that you are
grounded; equipment should also be grounded to prevent damage to devices
Electrostatic discharge (ESD)- the technical term for what happens whenever two objects of dismal
charge come in contact (such as walking across a carpeted floor);
Rack unit (RU) or (U)- the standard size of a rack unit is 1.75” (44.45mm); network switches range from
1U to 2U, servers can range from 1U to 4U. blade servers can be anywhere from 5U to 10U or more
Industrial control system (ICS)- a general term that encompasses several types of control systems used
in industrial productions
Supervisory Control and Data Acquisition (SCADA)- a system operating with coded signals over
communication channels to provide control of remote equipment; it includes the following components:
sensors (which typically have digital or analog I/O), remote terminal units (RTUs) (which connect to the
sensors and convert sensor data to digital data; includes telemetry hardware), programmable logic
controllers (PLCs) (which connect to the sensors and convert sensor data to digital data; does not
include telemetry hardware), telemetry systems (which connect RTUs and PLCs to control centers and
the Enterprise), a human interface, and an ICS server (also called a data acquisition server, which uses
coded signals over communication channels to acquire information about the status of the remote
equipment for display or for recording functions; the distributed control system (DCS) network should
be a closed network, meaning it should be securely segregated from other networks; SCADA systems are
used in situations where sites are at great geographical distances from one another. A SCADA control
center monitors and manages remote sites by collecting and processing data and then sending
supervisory commands to the remote station's control devices. In DCSs, as the name suggests, control is
not as centralized as in a SCADA system. In most instances, each main process is broken down into a
series of sub-processes, each of which is assigned an acceptable tolerance level.
medianets- networks primarily devoted to VoIP and video data that often require segmentation from
the rest of the network at some layer; this is done to 1) ensure the security of the data and 1) to ensure
that the network delivers the high performance and low latency required by these applications
Differentiated services code point (DSCP) (diffserv)- uses a 6-bit differentiated services code point
(DSHP) in the 8-bit differentiated services field (DS field) in the IP header for packet classification; this
allows for the creation of traffic classes that can be used to assign priorities to various traffic classes; it’s
one of the methods that can be used for classifying and managing network traffic and providing QoS
traffic shaping (packet shaping)- a form of bandwidth optimization that works by delaying packets that
meet a certain criteria to guarantee usable bandwidth for other applications; essentially you’re just
delaying attention to some traffic so other traffic gets A-listed though; it uses bandwidth throttling to
ensure that certain data streams don’t send too much data in a specified period of time as well as rate
limiting to control the rate at which traffic is sent
cache engine- a cache is a collection of data that duplicates key pieces of original data; a cache engine is
basically a database on a server that stores info people need to access fast; most popularly used with
web servers and proxy servers, but caching engines are also used on internal networks to speed up
access to things like database services
common access redundancy protocol (CARP)- provides IP-based redundancy , allowing a group of hosts
on the same network segment (referred to as a redundancy group) to share an IP address; one host is
designated the master and the rest are backups; the master host responds to any traffic or ARP requests
directed toward it; each host may belong to more than one redundancy group at a time; one of its most
common uses is to provide redundancy for devices such as firewalls or routers; the virtual IP address
(shared group IP address) will be shared by a group of routers or firewalls; the client machines use the
virtual IP address as their default gateway; in the event that the master router suffers a failure, the IP
will move to one of the backups; this is similar to VRRP and HSRP
virtualization- the concept is like this: instead of dedicating a physical piece of hardware to every server,
run multiple instances of the server OS, each in its own virtual environment on the same physical piece
of equipment, saving powered, maximizing the use of memory and CPU resources, and helping to hide
the physical location of each virtual server; clouds can be thought of as virtual computing environments
where virtual servers and desktops live and can be accessed by users; a public cloud is one in which this
environment is provided to the enterprise by a third party for a fee; a private cloud is one that is owned
and managed by one company solely for that company’s use; a hybrid cloud is a combination (for
example, a company uses the facilities of the provider, but still manages the data itself; a community
cloud is one that is owned and manage by a group of organizations that create the cloud for a common
purpose
virtual servers, virtual switches (within the physical server), and virtual NICs are all components
necessary for virtualization
Infrastructure as a service (IaaS)- made available through a cloud deployment, the vendor provides the
hardware platform or data center, and the company installs and manages its own operating systems and
application systems
Platform as a service (PaaS)- made available through a cloud deployment, the vendor provides the
hardware platform or data center and the software running on the platform
Software as a service (SaaS)- made available through a cloud deployment, the vendor provides the
entire solution; this includes the OS, infrastructure software, and the application
Network as a service (NaaS)- a network hosted and managed by a third party on behalf of the company
storage area network (SAN)- comprise high-capacity storage devices that are connected by a high-speed
private network (separate from the LAN) using a storage-specific switch
internet small computer system interface (iSCSI)- an IP-based networking storage standard method of
encapsulating SCSI commands (which are used with storage area network) within IP packets, allowing
the use of the same network for storage as is used for the balance of the network
fibre channel (FC)- a high-speed network technology (commonly running are 2-, 4-, 8-, and 16-gigabit
per second rates) primarily used to connect computer data storage; it operates on an optical network
that is not compatible with the regular IP-based data network; fibre-channel over Ethernet (FCoE)
encapsulates Fibre channel traffic within Ethernet frames much like iSCSI encapsulates SCSI commands
in IP packets; however, unlike iSCSI, it does not use IP at all; it does allow this traffic on the IP network
InfiniBand- a computer-networking communications standard used in high-performance computing that
features very high throughput and very low latency; it is used for data interconnection both among, and
within, computers; it is also used as either a direct or switched interconnect between servers and
storage systems, as well as an interconnect between storage systems; it’s highest data rates are about
40Gbps; but the system is layerable, it implements P-to-P and bidirectional serial links, which can be
aggregated in units of 4 (4x) and 12 (12x) to achieve combined useful data throughput rates of up to
300Gbps with a maximum 4K packet size utilized throughout; the most commonly used interconnect in
supercomputers
jumbo frame- Ethernet frames with more than 1,500 bytes of payload; jumbo frames or 9000-byte
payload frames have the potential to reduce overhead and CPU cycles; A jumbo frame is an Ethernet
frame with a payload greater than the standard MTU of 1,500 bytes. Jumbo frames can be as large as
9,000 bytes, and are used on Local Area Networks (LANs) that support at least 1 Gbps.
network attached storage (NAS)- serves the same function as SAN, but clients access the storage in a
different way; in an NAS configuration, almost any machine that can connect to the LAN (or is
interconnected to the LAN through a WAN) can use protocols such as NFS, CIFS, and HTTP to connect to
the NAS and share files; in a SAN configuration, only devices that can use the Fibre Channel SCSI network
can access the data, so it’s typically done through a server with this capability; Fibre Channel is a
technology for transmitting data between computer devices at data rates of up to 16 Gbps. Optical fiber
is not required for Fibre Channel. It works by using coaxial cable and ordinary telephone twisted pair.
Main distribution frame (MDF)- a practice for managing data centers or server room equipment; the
MDF connects equipment (inside plant) to cables and subscribers carrier equipment (outside plant); it
also terminates cables that run to intermediate distribution frames distributed throughout the facility
Intermediate distribution frame (IDF)- serves as a distribution point for cables from the MDF to
individual cables connected to equipment in areas remote from these frames

Table with answers to where the following equipment should be positioned in the network for
maximum performance and security: firewall, patch server, MDF, IDF, public web server
 Device Position

Firewall In the DMZ

Patch Server Just after the Internet router

MDF In the server room or closet on each floor

IDF Inside the LAN

Public web server In the server room or closet that is connected to

the service provider

ANSWERS BELOW

Firewall Just after the Internet router

Patch Server Inside the LAN

MDF In the server room or closet that is connected to

the service provider

IDF In the server room or closet on each floor

Public web server In the DMZ

With crossover cabling for 10BaseT and 100BaseTX cables (i.e. T-568A to T-568B), the 1st and 2nd pins
are crossed with the 3rd and 6th pin
With 1000Base TX, crossover cabling requires that the 1st and 2nd pins are crossed with the 3rd and 6th
pins, and the 4th and 5th pins are crossed with the 7th and 8th pins
A rolled/rollover cable switches all pins in inverse order when crossing (i.e. the 1st pin is crossed with the
8th pin; the 2nd pin is crossed over with the 7th pin; and so forth)

IEEE Standard Notes

802.1d STP

802.1w RSTP

802.1q The non-proprietary VLAN Tagging standard

802.3af PoE
802.3at PoE+ (provides higher wattage throughput than PoE)

802.11x RADIUS security for WLANs

When writing out my cheat sheet at the start of the exam, include the powers of two table, the IEEE
standards list, the IP class ranges, the switch functions for CLI commands, and the OSI layers along
with brief descriptions of what takes place at each layer for reference throughout the exam.

Network+ Proposed Hardware and Software list -

Equipment
Optical and copper patch panels- serves as a static switchboard, using cables to interconnect network
computers within a LAN and to outside lines including the internet or other WANs
Media converters- simple networking devices that makes it possible to connect two dissimilar media
types, such as twisted pair with fiber optic cabling
Configuration terminal (with Telnet and SSH)
VoIP system (including a phone)
KVM switch (keyboard, video, and mouse switch)- allows one to control multiple computers
Coaxial cable spool
F-connectors- coaxial RF connector for cable modems and TV; usually with RG-6/U or RG-59/U cable
Fiber connectors- SC (standard connector), ST connector, LC (lucent connector)
Console cables- crossover cable
Tools
Optical power meter
Software
Spectrum analyzer- The spectrum analyzer is an electronic device that is used for measuring the
magnitude of the input signal against the frequency in an instrument. It does this in the entire range of
the instrument's frequency bandwidth.
Other
Sample network documentation
Sample logs
Defective cables
Sample malware viruses

Notes from practice exams on missed questions: -

Virtual Network Computing (VNC) is a platform-independent desktop sharing system. A VNC viewer on
a Linux system can connect to a VNC server on a Microsoft system and vice-versa.
The Citrix ICA protocol is a remote terminal protocol used by Citrix WinFrame and Citrix Presentation
Server software as an add-on to Microsoft Terminal Services.
Current X Window systems are based on the X11 protocol and normally used on UNIX- and Linux-based
systems to display local applications.
Cat 6 at 55m can reach speeds of 10Gbps; any longer, and the max throughput is 1Gbps
A coax connector type is a 75-ohm cable used to connect both cable television and satellite television, as
well as cable modems. (the F connector)
Category 6 cables are terminated with RJ-45 connector.
A serial cable is a type of bounded network media that transfers information between two devices by
using serial transmission.
Broadband over power lines (BPL) is a technology that allows broadband transmission over domestic
power lines.
MT-RJ, also known as Fiber Jack, is a compact snap-to-lock connector used with multimode fiber. It is
similar in size to an RJ-45 connector.
A biconic connector is a screw-on type connector with a tapered sleeve that is fixed against guided
rings.
A subminiature (SMA) connector is similar to a Straight Tip (ST) connector and is typically used where
water or other environmental factors necessitate a waterproof connection, unlike a bayonet-style
connector.
A Ferrule Connector (FC) is a tubular structure made of ceramic or metal that supports the fiber.
ST connectors have a straight, ceramic center pin and bayonet lug lockdown. They are often used in
network patch panels.
An SC uses box-shaped connectors that snap into a Receptacle, and is used with a singlemode fiber.
An LC uses an RJ-45–type latching and can be used to transition installations from twisted pair copper
cabling to fiber.
A drop cable runs from the wall jack to the patch panel in the closet.
A serial cable is a type of bounded network media that transfers information between two devices by
using serial transmission. The term "serial" usually refers to the RS-232 serial communication standard
that uses DE-9 and DB-25 connectors. The DB-9 connector is almost always synonymous with a DE-9
connector and is usually a misstatement of the DE-9 connector's shell size (the letter following the "D").
In other words, DE-9 and DB-9 are often interchangeable in meaning.
Though there are adapters, a DE-15 connector, generally referred to as a Video Graphics Array (VGA)
connector, would not typically be included on a cable following the RS-232 standard.
In a physical star-logical bus topology, even though nodes connect to a central switch and resemble a
star, data appears to flow in a single, continuous stream from the sending node to all other nodes
through the switch. Nodes receive the data transmitted all at the same time, regardless of the physical
wiring layout of the network.
In a full mesh topology, all nodes on the network are directly connected to each other on the network.
This means that all computers have dedicated lines to all other computers.
A partial mesh topology is a variant in which only some nodes have direct links to all other nodes. This
helps reduce the complexity and cost of a full mesh setup, and also involves fewer redundancies.
MAC addresses contain 48 bits; IPv6 addresses contain 128 bits; IPv4 address contain 32-bits
In the tunneling process, a data packet is enveloped in a form that is acceptable to the carrier. To make
sure the packets can travel across all Internet service providers (ISPs), the client encapsulates the IP
version 6 (IPv6) packets into IPv4. This is allowed by Teredo tunneling on Windows operating systems,
and by Miredo on Linux and Macintosh operating systems.
Desktop sharing is an example of a real-time Unified Communications technology because it allows for
instant, synchronous communication between users.
Distance-vector routing is used on packet-switched networks to automatically calculate route costs and
routing table entries. In essence, distance-vector routing is trying to determine how far the destination
is, and in what direction. The goal is to reach the destination in the fewest number of hops.
Straight-through cables (also known as patch cables) are used to connect unlike devices. All wire pairs
are in the same order at each end of the cable.
Active monitoring includes injecting test traffic to measure performance
snmpwalk- a command line utility that allows you to display a list of all results based on a single OID
A wireless analyzer is piece of software or hardware that is used to analyze the physical aspects of
wireless networks. This includes items such as: spectrum analysis, finding WAPs, reporting service set
identifiers (SSIDs), channel usage, signal strength, and identifying noise sources. Though users can hide
their SSID, there are a variety of tools open to the public to quickly and easily discover hidden SSIDs.
The Management Information Base (MIB) is best understood as what type of structure? A top-down
hierarchical tree
Traffic shaping, also known as bandwidth shaping is a mechanism in Quality of Service (QoS) for
introducing some amount of delay in traffic that exceeds an administratively defined rate.
Identifying the different types of traffic on your network and shaping the network through the use of
traffic profiles is the most effective method of limiting bandwidth for non-business or low-priority
traffic.
Power monitoring tools increase your awareness of power quality issues and the ability to address
them. Power monitoring tools can provide reliable information about power quality, demand, and flow.
Most power monitoring tools allow you to perform remote monitoring, optimize energy consuming
equipment, and perform regular remote maintenance routines and emergency service.
Tcpdump is a packet capture tool that allows you to intercept and capture packets passing through a
network interface. It will help to monitor the packet flow, packet flow responses, packet drop, and ARP
information.
Syslog is not a native Windows application, even in Windows Server 2012. You’ll have to download and
install the syslog agent for Windows operating systems.
What does the message “No Gbic” mean for switch ports Gi1/1 and Gi1/2? The Gbic modules are
missing on those ports.
You actually collect all traffic during a network capture, but you can filter for ARP-only traffic. Once you
clear the filter, you’ll be able to see all the captured packets.
Also known as network maps, network diagrams provide location and routing information for network
devices.
VLAN pooling is a mechanism whereby wireless access points can choose from among several different
available VLANs to assign incoming client connections.
Unmanaged switches don’t require any configuration. Rack mounting is optional for any device, but it
has nothing to do with whether the switch is managed or unmanaged.
The common practice is to assign each VLAN its own set of IP addresses (IP subnet).
Goodput is the application-level throughput, i.e. the number of useful informational bits delivered by
the network to a certain destination per unit of time.
VLAN pooling is a mechanism whereby wireless access points can choose among several different
available VLANs to assign to incoming client connections. This strategy distributes and load balances
wireless client traffic among multiple VLANs so that no single network segment is overwhelmed by
too many wireless client connections.
An infrastructure network is one that uses an access point to extend a wired LAN to include wireless
devices and can include multiple wireless access points that provide wireless coverage for larger areas
beyond a home or small office. The topology's name is derived from the access point, which are not
mobile and must stay connected to the network's wired infrastructure.
A SOHO network is a small network that can comprise up to 10 nodes. SOHO networks can either be
wired or wireless. The upper limit of 10 nodes is the generally accepted limit, but you might encounter
SOHO networks that include more than 10 nodes.
The 802.11b and g specifications define 14 channels within the Industrial, Scientific, and Medical (ISM)
2.4 GHz band.
Critical systems should have a redundant system as a failover in case the primary fails. A redundant or
mirrored node
First responders arrive on the scene initially to assess the damage and to begin restoring service. A first
responder is not a particular type of person or job description, but is a role for senior-level system
administrators, security administrators, network administrators, and management teams.
ICMP Echo Request attacks (Smurf Attack) can be considered one form of reflected attack, as the
flooding hosts send Echo Requests to the broadcast addresses of mis-configured networks, thereby
enticing hosts to send Echo Reply packets to the victim.
Why is it difficult to identify the attacker in a reflection attack? Packets appear to come from the
victims and are sent to the host reflecting the attack.
An unintentional DoS is one that is the result of a sudden, unexpected, non-malicious traffic spike that
effectively mimics an intentional DoS attack.
A botnet is a group of computers that has been compromised by malware to act as an attack source
against corporate networks or websites.
NTP amplification attacks have produced the highest volume and highest bandwidth attacks ever
witnessed by many security firms.
A smurf attack attempts to overload the network and crash a system
A permanent DoS attack often requires reimaging or reinstalling the operating system and all
configurations due to the low-level hack that has taken place. Often, the system’s firmware has been
removed or replaced with a damaged one.
An attacker with the intent of using ARP-related security flaws will first have to gain access to the
target network.
Aircrack and NetStumbler are used in war driving to locate vulnerable wireless access points.
Radio frequency emanation is a feature or flaw of electronic equipment that allows the equipment to
emit unintentional radio signals that can be picked up with eavesdropping equipment and reconstructed
into usable data.
You should disable any open ports that provide limited functionality or that the system’s users won’t
explicitly use in production.
Correct order for implementing a network-based firewall: Internet>Router>Firewall>Switch
Block all traffic; create exceptions as required
Internet > Firewall > DMZ > Firewall > Switch
Know the troubleshooting steps
Port labeling is a simple practice that will help keep your connections in order. Labeling isn't just for
ports though and can be extended to cables, circuits, patch panels, and systems to help keep them in
order and easily and quickly identifiable.
2U servers are sufficiently heavy to require four-post rack installation. Two-post racks are designed for
lightweight equipment such as switches. Four-post racks are designed for heavier equipment such as
servers. These racks are typically bolted to the floor for stability and security.
An inverter or power inverter is a device that converts DC current to AC current. For networking, you
need an inverter that supplies a stable AC power source so that there are as few power fluctuations as
possible, which could harm networking equipment.
The 19-inch rack format is the industry standard.
Another workaround to the count-to-infinity problem is called a poison reverse. Unlike in split horizon,
routers using poison reverse broadcast routes back to the router from which they calculated their
location. Instead of giving a true hop count, to discourage use of the route, the router broadcasts a hop
count of 16 as a warning not to use the value specified and as an intimation that the route was learned
from router 1.
One workaround to the count-to-infinity problem is the split horizon method, where a router does not
include any routes to the router from which it discovered its own location in its broadcasts.
 buffer overflow takes advantage of inherent weaknesses in the programming language that Linux® and
Windows operating systems are created from. When programmers do not put good input controls in
their code, malicious software can inject too much input, causing the service or application to run out of
its allocated memory, or buffer. As the compromised system pushes out the legitimate code to make
room for the malicious code, the malicious code can then inject payloads that run at system or service
level privilege.
A smurf attack is a type of distributed denial-of-service (DDoS) attack in which a large number of
ICMP packets with a victim's spoofed source IP are broadcast to a computer network using an IP
broadcast address.
ARP inspection validates ARP packets in a network. ARP inspection determines the validity of packets by
performing an IP-to-MAC address binding inspection before forwarding the packet to the appropriate
destination. ARP packets with invalid IP-to-MAC address bindings that fail the inspection are dropped.
Multifactor authentication is any authentication scheme that requires validation of at least two of the
possible authentication factors. It can be any combination of who you are, what you have, and what you
know. Multifactor can be more than two authentication methods.
DHCP snooping uses information from the DHCP server to track the physical location of hosts, ensure
that hosts only use the IP addresses assigned to them, and ensure that only authorized DHCP servers are
accessible.
IP filtering operates mainly at Layer 2, the Internet layer, of the TCP/IP protocol stack and is generally
performed by a screening router, although other network devices can also perform IP filtering. This layer
is responsible for adding IP addresses stating where the data is from and where it is going.
A controller area network (CAN) is designed to allow communication between microcontrollers and
devices. CANs use bus, star, and ring topologies.
In a logical ring topology, messages travel to each device in turn. If the message is not intended for that
device, the message is forwarded to the next device on the network.
Messages sent using a physical bus topology are broadcast to all devices in the network. The device in
the middle of the star, which is typically a hub, receives the message and forwards it on to all other
devices.
In ring topologies, each device on the network acts as a repeater for sending the signal to the next
device.
Cat 6 cables include a solid plastic core that keeps the twisted pairs separated and prevents the cable
from being bent too tightly.
GG45 are used with Cat 7 cabling.
Single-mode fiber optic cabling provides one path (or mode) for the light to travel. It supports longer
transmission distances than multi-mode fiber optic cable, and it's also more expensive. Single-mode
cabling also has a central core that is much smaller than standard multi-mode fiber optic cabling core.
MTRJ connectors can be used with either multi-mode or single-mode fiber optic cabling. The connector
is made from plastic and uses metal guide pins to ensure that it is properly aligned in the jack.
ST and SC connectors hold a single strand of fiber optic cable. A cable using either connector has two
connectors on each end.
Use a notched blade for a 110 block; use a straight blade for a 66-block
A 110-block uses metal clips placed over plastic slots to connect individual copper wires
A 66-block uses metal pins to connect wires; wires are placed in the pins, and within a row are
electrically connected