Session 1

Introduction
What is Network+ ?!
Targets

****** Network Definition ******

At Least 2 Computers with Physical & Logical Connection with goal of sharing
resources
Network Infra Structure & Application Infra Structure
Network Infra:
Switch: connecting devices inside the network (location: middle)
Router: connecting different networks (location: edge of nw)
Firewall: stops unauthorized access to service providers (location: anywhere)
...
=> Network = Data Transfer Infrastructure
What's for?
Client & Server (Service & Resource Sharing)
Being a Server is relative. device can give service and get service.
Each server only 1 service.
Virtulization: dividing resources of a single server to many smaller servers.
Active Or Passive?!
Active device is anything that connects to power and you can configure it.

****** OSI Layers ******

Network History -> ARPA(DOD) -> Xerox,DEC,Xerox,Intel,IBM

Total Solution -> Technology + Topology + Device (Equipment)
What's the problem?!

ISO -> OSI (Open System interconnection)

1-Physical (Signal)
2-Datalink (Frame)
3-Network (Packet)
4-Transport (Segment)
5-Session (Data)
6-Presentation (Data)
7-Application (Data)
PDU : Protocol Data Unit

****** Physical Layer ******

1-Signaling: Bit to Signal

Signal?
Signal type is based on media type. (fiber=light signal)

2-Clock Syncronization -> Bit Slip

cable: (0 -> -5 v) (1 -> +5 v)
a standard time we agree to send the voltage.

What is Topology? How to layout your network.

Types of Topology
Bus /Ring /Star / Mesh (Full or Partial)

Types of Networks in Terms of Geographical Extent

What is LAN or WAN? ---> (PAN,CAN,SAN,...)
Scale,Ownership,Technology
LAN Topologies or WAN Topologies?

Topology -> BUS

Backbone , Coaxial (Thin,Thick) ,BNC ,T-Connector ,Terminator ,Barrel
Disadvantages:
you hear your own signal
Bouncing -> Terminator (50 ‫)اهم‬
Attenuation -> Repeater
low scalability & Flexibility -> HUB -> Star-Bus
Shared Bus on HUB -> Collision: first check media. if no signal is on media
(idle) send your signal. if collision happens first node to know(sender knows
first) send a scream signal(jam signal which is 7 volt) to all and everyone has to
wait a certain time then resume sending signal
Uplink: connection between 2 hubs

****** Datalink Layer ******

1- Arbitration: mechanism of collision prevention

Xerox: Technology -> Ethernet

Topology -> BUS
Arbitration -> CSMA/CD (collision detect)
Device HUB

IBM: Technology -> Token Ring

Topology -> Ring
Arbitration -> Token Passing CSMA/CA (collision avoidence)
Device -> Media Access Unit

Transmission Types
Unicast(1 audience) /Multicast(group of audience) /Broadcast(audience is
everyone) (for Unknown Destination)

CSMA/CD Problems & Solutions:

only 1 person speaks
you can only hear or speak at a time
Collision Domain: is the whole network (so 1 collision domain)
Bus (Time) Sharing: means only 1 node can use the media at a time.

Negotiation
Speed & Duplex
Simplex (1 sender 1 receiver) / Half Duplex (both can send and receive but
turn based) / Full Duplex -> Rx & Tx
Twisted Pair -> Category, Class
MDI, MDIX, Auto MDIX
Star-Star

How many Collision & Broadcast domain in switch?

1 collision domain in star bus
in switch collision domain is equal to port count.

2- Physical Addressing: ---MTU---

to enter the physical address of destination and source in the header of layer 2
Header (DA(6 byte) + SA(6 byte) + PTF or Ether Type(2 byte)) + Payload (Packet- 46
to 1500 byte) + Footer or Trailer (FCS-4 byte) -> Frame (64 to 1518 byte)
Max Packet Size: 9000 byte -> Jumbo Frame

MAC Address (Burn-in Address or physical address) -> Unique /48bits /OUI (ieee
lookup) + Device ID / Hex (0 to F)
 Binary to Decimal/ Decimal to Binary / Binary to HEX
Min & Max MAC Address -> Braodcast MAC Address
How to See/change MAC Address? (why??)
bit 7 = 0 -> Burn in Address
7 = 1 -> Manually Change
8 = 0 -> Unicast
8 = 1 -> Is not Unicast
all bits 1 -> broadcast
3-Error Checking (Detection): preventing error in header of the frame.
FCS -> CRC

4-Encapsulation/Decapsulation

Switch (Layer 2)
Plug & Play
in the middle of network
Just one type of interface / by many interfaces (ports)
Rackmount
Managable/Un-Managable
Transparent

Switching (Different with hub) :

forwarding package from input port to output port using the D.A using MAC Table
Port forwarding with MAC Table
How to fill MAC Table?
Static or Dynamic
Listening & Learning
flood
Backplane & Attack on switch by MAC Address (Port Security)

****** Network Layer ******

1- Logical Addressing : to enter the logical address of source and destination in

header of layer 3
Why Logical Address?
Protocol: IP V4.0 & IP V6.0

2- Routing: finding the best route based on the parameters we set.

3- Error Checking
4- Encapsulation & Decapsulation

Header Layer 3: S.a/D.a/Checksum/Protocol

IP Address -> 32 Bits (4 Octets)

How to See/Change?
Address: Group Address + Object Address
Ip Address: Net ID + Host ID
Subnet Mask -> a parameter that show how much of the ip is for group and how
much is object
bits left to subnet maske : net id
bits right to subnet maske : Host id
start with 1 and when you put first 0 can not put 1 any more 111.....0000
How Many IP Address?

IP Address Confilict

Example for Netid/Hostid (by binary to decimal table):

1) 192.168.25.10
 255.255.224.0

2) 172.16.8.200 /22

3) 10.10.10.43 /16

Network Address:(hostid=0 ) & Broadcast Address (Hostid=1)

Example for NA/BA:

1) 192.168.20.120/19
2) 172.16.25.45/13
3) 172.16.100.10/27
4) 192.168.200.53/3
5) 100.192.10.12/10
6) 85.100.49.12/30
7) 192.168.200.1/26
8) 192.168.10.25/28
9) 192.168.10.45/30

IP Address Classification:
First Octet ->
A: 0-127 -> /8
B: 128-191 -> /16
C: 192-223 -> /24
D: 224-239 -> Without Subnet Mask

Loopback Range: 127.X.Y.Z -> 2^24

What is Loopback IP Address for?
Broadcast IP Address: 255.255.255.255
All the Bits of Host ID = 1

Classfull: A:8/B:16/C:24
Classless
127: Loopback
0.0.0.0: unspecific IP Address
169.254.0.0/16: Automatic Private IP Address

IP Public or Private
Private: 10.0.0.0 /8
172.16.0.0 to 172.31.0.0 /16
192.168.0.0 /16
Public
Internet

How to Assign IP Address To Computer Devices?

Static or Manual -> For Servers
Dynamic or DHCP
APIPA -> 169.254.X.Y
Alternate Configuration

Example:
192.168.0.2/30
--> is this ip's in a Network?
192.168.0.10/28

****** Routing ******

Router: Layer 3 / location:Boundary / Not Plug & Play: config / more interface /
Less port
Routing: Packet forwarding from input interface to output interface based on
destination ip address by Routing Table
Routing Table: Network Destination / Netmask / Gateway / Interface / Metric
Dynamic or Static

Example for Netmask:

10.10.0.0
00001010.00001010.00000000.00000000
255.255.255.128
11111111.11111111.11111111.10000000
Rang : 10.10.0.0 - 10.10.0.127
----------------------------------------------------
192.168.0.0
11000000.10101000.00000000.00000000
255.255.248.0
11111111.11111111.11111000.00000000
Range : 192.168.0.0 - 192.168.7.255
----------------------------------------------------
172.16.0.0
10101100.00010000.00000000.00000000
255.255.224.0
11111111.11111111.11100000.00000000
Range : 172.16.0.0 - 172.16.31.255
----------------------------------------------------
172.16.32.0
10101100.00010000.00100000.00000000
255.255.248.0
11111111.11111111.11111000.00000000
Range : 172.16.32.0 - 172.16.39.255
----------------------------------------------------
192.168.100.10
11000000.10101000.01100100.00001010
255.255.255.255
11111111.11111111.11111111.11111111
Range : only 1 IP : 192.168.100.10
----------------------------------------------------
192.168.100.1
11000000.10101000.01100100.00000001
255.255.255.0
11111111.11111111.11111111.00000000
Range : 192.168.100.0 - 192.168.100.255

Note: output interface & gateway should connect by layer1/2 link

Explain how to fill routing table by example

Route
Metric
Special route
Default route (Last route)

ARP (Request & Reply)

Cache ARP

Routing Scenario
Host routing
Router Routing

Logical Address -> end to end Addressing

Phisycal address -> Next-Hop Addressing

Broadcast Domain?
How to Devide a Switch to multiple Broadcast Domain?
Valnning
Broadcast problem
Inter-Vlan Routing -> L3 Switch (MLS)
Access Layer / Distribute layer / Core layer

Ping -> App -> TCP/IP Connections -> ICMP -> Echo request & Echo Reply
ncpa.cpl
IPconfig
Ipconfig /?
IPconfig /all
Route Print

Transmit Failed. General Failure -> no packet created -> No suitable route : there
is no route in host routt table and there is no gateway.

Destination Host Unreachable -> No ARP Reply : there is a way in router table then
made made a ARP reply and sent to know the MAC of gateway but the gateway is not
accessible so there is no ARP Reply

Request Time Out -> No Echo Reply -> Drop -> Enable Routing & Remote Access

Destination Net Unreachable -> No suitable route on router

Ping /?
-n
-t
-l
Bytes & RTT &

TTL=time to live / every time routed, minus one TTL / to prevent packets from going
forever

Tracert : makes a packet with TTL=1 and sends, keeps doing that till it reaches the
destination. each times knows wich routher is where.

****** Layer 4:Transport ******

Endpointing (Multiplexing) -> Port Number

Error Checking (Detection) -> Segment
Error recovery (Correction) -> Ack (Retransmission)
Encapsulation/Decapsulation

Example for Endpointing:

A Server with Multiple Service
Port:
2 Bytes -> 2^16 -> 65536

Port Types:
1- Well-Known ports (0-1023)
2- Registered ports (1024-49151)
3- Dynamic Ports (49152-65535)

Netstat (-n/-a/interval)
netstat -na 3 | findstr x
FTP:21
File Transfer Protocol

Telnet:23
a network protocol used to virtually access a computer and provide a two-way,
collaborative and text-based communication channel between two machines.

SSH:22
Secure Socket Shell, is a network protocol that gives users, particularly system
administrators, a secure way to access a computer over an unsecured network.

Kerberos:88
Kerberos is a protocol for authenticating service requests between trusted hosts
across an untrusted network, such as the internet. Kerberos support is built in to
all major computer operating systems, including Microsoft Windows, Apple macOS,
FreeBSD and Linux.

POP3:110
Post Office Protocol 3, or POP3, is the most commonly used protocol for receiving
email over the internet. This standard protocol, which most email servers and their
clients support, is used to receive emails from a remote server and send to a local
client.
POP3 is not intended to support email manipulation or synchronization on the
server, since the email is meant to be downloaded to the client and then deleted
from the server. For these use cases, the more advanced and complex Internet
Message Access Protocol (IMAP) is used.

IMAP4:143
Internet Message Access Protocol, or IMAP, is a standard email retrieval (incoming)
protocol. It stores email messages on a mail server and enables the recipient to
view and manipulate them as though they were stored locally on their device(s).

NTP:123
Network Time Protocol (NTP) is an internet protocol used to synchronize with
computer clock time sources in a network.

RDP:3389
Remote desktop protocol (RDP) is a secure network communications protocol developed
by Microsoft.

LDAP:389 LDAPS:636
LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling
anyone to locate data about organizations, individuals and other resources such as
files and devices in a network -- whether on the public internet or a corporate
intranet.

SMTP:25
SMTP (Simple Mail Transfer Protocol) is a TCP/IP protocol used in sending and
receiving email between mail servers.

SMB:445
The Server Message Block protocol (SMB protocol) is a client-server communication
protocol used for sharing access to files, printers, serial ports and other
resources on a network.

DNS:53

NBT:137,138,139
NetBIOS over TCP/IP
SNMP:161
Simple Network Management Protocol (SNMP) is an application-layer protocol for
monitoring and managing network devices on a local area network (LAN) or wide area
network (WAN).

The purpose of SNMP is to provide network devices, such as routers, servers and
printers, with a common language for sharing information with a network management
system (NMS).

DHCP:67,68
DHCP (Dynamic Host Configuration Protocol) is a network management protocol used to
dynamically assign an IP address to any device, or node, on a network so it can
communicate using IP.

HTTP:80 HTTPS:443

Types of connections
Connection-less
Speed -> for question -> UDP
Connection Oriented
Quality -> for Encryption -> TCP

TCP:
Connection Negotiation (3-Way Hand shaking)
Sequencing / Window Size
Connection Maintenance
Ack / Selective Ack / Nack
Connection Termination
Fin

what is Protocol Stack?

TCP/IP
Application
Host to Host (Session)
Internet
Access

IPX/SPX -> Novell -> Netware

Apple Talk -> Apple
Netbeui

NAT: Network Address Translation

NAT Table (S.ip/D.ip/My.ip)
Private to Public: Source NAT
Public to Private: Destination NAT
PAT

Subnetting & Supernetting

Example:
SlSM -> 192.168.10.0/24 (6 Networks)
2^H-2>= ‫ تعداد‬IP
2^H = IP Range
N = 32-H

VLSM -> 192.168.10.0/24 (40,23,60,12,20,2 Hosts)

Dynamic Route
Layer 5: Session
Authentication/Authorization
Duplexing/Speed
Termination/Restoration
Quality Control

Layer 6: Presentation
Encryption/Decryption
Compression/Decompression
File Formatting
Encoding

Layer 7: Application
Determining the exchange protocol
GUI
Specify the destination address

****** Types of Networks in terms of Access & Permissions ******

Example: File Server

Logon (Interactive or Remote):
1- Authentication
Authentication Method & Protocol
Username: Clear / Password: Cipher -> Encryption -> Algorithm + Key
(Symmetric or Asymmetric)
Key length, Key lifetime
Local SAM -> User Account

2- Authorization
Permission/Right/Access

3- Accounting
Qouta/Credit

Logon -> Authenticated or Anonymous

Example: Web Server & Web Client

Same user account

workgroup advantages & disadvantage
Domain Model
GSD/DSD
DNS Server
AAA Server (DC)

Packet capture
the action of capturing Internet Protocol (IP) packets for review or analysis.

Network TAP (Terminal Access Point)

Network TAPs create a “copy” of the traffic, enabling various monitoring devices
access to that information without interfering with the original flow of data
packets.

Differentiated Services Code Point (DSCP)

a 6-bit field in the IP header, enabling the identification of up to 64 distinct
traffic classes. This classification system allows network administrators to manage
and categorize network traffic based on Quality of Service requirements and
priority levels.

------------------------------------
DHCP

whoever ask for IP uses port 68

whoever gives IP uses port 67

1. client broadcast "DHCP Discover"

12*F
255.255.255.255 is the standard broadcast ip address

2. DHCP server broadcast "DHCP Offer"

12*F
4*255

3. client ARPs the IP given to be sure it is not conflict

client broadcast "DHCP Request" to say i want this IP

4. DHCP server broadcast "DHCP Ack" i gave you this IP