TEST OBJECTIVES for Course 606 TCP/IP For Networking Professionals

606 – TCP/IP for Networking Professionals

Author: Maureen Fitzgerald Maureen.Fitzgerald@us.origin-it.com

Obj #		Objective Text
1	Identify the layers of the DoD model and how they relate to the TCP/IP stack. Process Application = Acts as the interface for the user. Provides applications that transfer data between hosts. OSI Model - Application/Presentation/Session TCP/IP Suite – -Telnet = terminal emulation -FTP (File Transfer Protocol) and TFTP (Trivial File Transfer Protocol = file transfer -NFS (Network File System) = file sharing -Xwindows = application sharing -SMTP (Simple mail Transfer Protocol) = electronic mail -LPD (Local Print Daemon) and RPR (Remote Printing)=printing -SNMP (Simple Network Management Protocol=network mgmt Host-To-Host = TCP only: Maintains data integrity and sets up reliable, end-to-end communication between hosts. Ensures error-free delivery of data units in proper sequence and with no loss or duplication. OSI Model – Transport Layer TCP/IP Suite – -TCP (Transmission Control Protocol)= establishes a virtual circuit, provides a reliable connection, and sends packets that are sequenced and acknowledged. (like a telephone conversation) -UDP (User Datagram Protocol)= connectionless/unreliable, but less overhead Is used by any protocol that uses broadcasts. (like sending a letter) Internet = Routes data packets between difference hosts or networks. The Internet Layer is the foundation of the TCP/IP protocol suite. OSI Model - Network Layer TCP/IP Suite – IP = (Internet Protocol) handles packet routing, fragmentation, and reassembly between hosts. ICMP = (Internet Control Message Protocol) used to send error and control messages to hosts and routers. BOOTP = (used by workstations to discover 3 items: 1. their IP address 2. the IP address of the server 3. the name of a file loaded into memory that is executed at ARP = (Address Resolution Protocol) = translates a software address to a hardware (MAC) address RARP = (Remote Adddress Protocol) = used by diskless Workstations to translate their hardware (MAC) address to A software address. Network Access = defines physical interconnection between hosts. OSI Model - DataLink/Physical Layers TCP/IP Suite – Ethernet, Token Ring, FDDI, and Others
1 (cont) 2	The TCP/IP Protocol Suite specifies functions above the Network Access Layer of the DOD Model and above the DataLink Layer of the OSI Model. TCP (Transmission Control Protocol) = responsible for establishing communication between 2 hosts. IP (Internet Protocol) = responsible for the transfer of data. ------------------------------------------------------------------------------------------------------------------------ Describe TCP/IP addressing concepts. 32-bit Internet address value 4-bytes long identifies IP network and node 1^st byte determines class each host must have a unique host number each byte of a node address falls in the range of 0 to 255 0 and 255 are usually not used in addressing (reserved for broadcasting packets) 8-bits in an octet use Windows calculator on desktop to convert binary number to decimal
3	List TCP/IP addressing classes and characteristics. Class A = 0 – 127 first byte Network last 3 bytes Host first bit must be zero up to 12 classes created each having 16+Million hosts. Class B = 128 – 191 first 2 bytes Network last 2 bytes Host first 2 bits of first byte are 1 and 0. Possible 16,384 class B networks each having up to 65,584 hosts. Class C = 192 – 223 first three bytes Network last byte Host First 3 bits of first byte are 1, 1, and 0. Possible 2+Million class C networks each having up to 255 hosts. Class D = 224 – 239 (MultiCast) First 4 bits of first byte are 1, 1, 1, and 0. Use for multicast packets Multicast packets are used by a host to transmit messages to a specific group of hosts on network Packets exchanged between routers only Class E = 240 – 255 (Reserved for Experimental or Broadcast First 5 bits of byte are 1, 1, 1, 1, and 0. Reserved for experimental use and potential future addressing modem Class E addresses typically used for broadcasts.
4	Define TCP/IP addressing types. Unicast Includes addresses that allow for communication between one source sending data and one source receiving it. The single interface, is specified by the destination address. Communication between any 2 hosts in the shared network doesn’t affect any of the other hosts. Multicast Includes addresses that refer to a group of hosts by using a single IP address; identified by Ipv4 class D addresses. Simply, a subnet of the PCs on a network agree to listen to a given multicast address. Every PC in this multicast group can be reached with a single packet transmission. Broadcast Includes messages that are transmitted to every host on the network. 255.255.255.255 used to identify a broadcast message. the message is directed to all hosts on the network from which it originated. routers do not typically forward broadcast messages to other networks. Anycast similar to multicast; references a group of systems. Transmits data by finding the closest member of a group and sends messages only to that member. Only available with Ipv6.
5	Identify the purpose of subnets. Subnet Masking – process of creating subnets on the network. All hosts and networks must have a unique address. Subnet Mask – is an extension of the IP addressing scheme that allows a site to use a single network address for multiple physical networks. Purpose of subnets: To expand the network – by adding routers and creating subnets To reduce congestion – by splitting single network into smaller, separate subnets reducing bandwidth problems and number of hosts. To reduce CPU use – more hosts on network causes more broadcasts on network. Each host must listen to every broadcast before accepting or discarding it. Uses CPU capabilities. To isolate network problems – by splitting larger networks into smaller networks, limit the impact of one subnet’s problems on another. To improve security – by restricting sensitive network traffic to only one network, other users on other subnets can be prevented from accessing secure data. Subnets also ensure that network structure is never visible outside organization’s private network. To use multiple media – allows you to combine different media by putting each type of media on a different subnet.
6	Determine an appropriate subnet mask. A subnet mask is a 4-byte number that is logically “ANDed” with an IP address to identify the network and host address of a host. TCP/IP requires that all IP addresses be assigned a subnet mask even if the network is not segmented into subnets. Any bit that is part of the network address is assigned a value of “1” in the mask. Any bit that is part of the host address is assigned a value of “0” in the mask. Subnet mask is defined using part of the host portion of the IP address. The host portion used depends on the class of the network address you were assigned.
7	Choose a subnet address given a subnet mask. The subnet mask depends on how many bits you choose to use for subnet addressing
8	Demonstrate the ability to use subnet masks to divide a network. Classful Hierarchy – the standard IP address conforms to a standard number of bits for the network address and host address for each type of class. Classless Hierarchy – when you add a subnet address to the IP address, the host address is divided into a subnet address and a host address. The number of bits used by the subnet address and the host address can vary. Assigning Subnet Addresses After the subnet value has been assigned to a network, you must assign IP addresses to each device using the following rules: Each address must be unique The network and subnet numbers must be the same for all devices on the same network The host (physical) portion of the address must not be set to all 1’s or all 0’s/ When you create subnet addresses, you need to Plan for growth Avoid using IP addresses reserved for special use To prepare for possible changes in the number of subnets required, RFC 1219 suggests that you assign subnet addresses from the left-most bit of the subnet address field, and that you assign hosts in numeric order from the right-most bit of the host address field. To create a subnet, you must Determine the number of subnets you need When you are deciding how many subnets your network needs, you must take into account future network growth. Determine your subnet mask and subnet addresses To assign subnet mask and address values, complete the following: 1) determine the number of available subnet address values and the number of available host address values per subnet. 2) calculate the subnet address values: identify the rightmost [1] bit in the subnet mask and convert its binary value to decimal. The number you obtain is referred to as ‘delta’. Assign IP addresses to each host on the subnet
9	Define supernetting and identify the number of hosts available on a network that uses supernetting. Developed in 1993 to extend the lifetime of a 32-bit IP address Working with Ipv6, a new version of IP with larger addresses. To accommodate growth until Ipv6 is standardized and adopted, supernetting used as a temporary solution. Opposite of subnet addressing; (instead of using a single IP network address for multiple physical networks in an organization, it uses many IP network address for a single organization). Number of bits used for the subnet mask is “reduced” to increase the number of available hosts. Number of hosts available on a Class C Network – 510
10	Describe the TCP/IP communication process. Connection-oriented Reliable communications 2 hosts using TCP must establish a TCP connection with each other before they can exchange data 1) server’s OS delivers the raw data to TCP in a byte stream. 2) If data stream too large for lower-layer protocols, TCP divided the stream into segments, adds sequence numbers, and passes each segment to IP. 3) IF forms IP datagrams by adding source and destination logical addresses to each segment. 4) Through ARP, the physical address of the destination or next immediate device is determined and passed, with the IP datagrams, to the DataLink Layer. 5) Based upon the DataLink Layer chosen, several other steps are performed until the DataLink frames reach the client device. When an internetwork is involved, several additional IP encodings and decodings occur with each hop to determine the next IP address in the route. 6) The client DataLink Layer receives the frames and passes its data to the client IP. 7) The client IP discards the IP header and passes the IP datagrams to the client TCP. 8) TCP acknowledges receipt if each datagram. 9) TCP combines the datagrams into one continuous byte stream by examining the sequence numbers and reordering the segments. 10) The service requester’s application receives the same byte stream that was submitted by the server’s OS, as if it were directly connected.
11	Compare and contrast the IPv4 and IPv6 protocols. IPv4= established late 1960’s Defines a 32-bit address Decreasing ability to route traffic between an increasing number of networks and the Internet Is a 20-byte header and has 12 required fields and 1 optional field IPv6= being developed and implemented to resolve the short comings of IPv4 Designed to address the current growth trends affecting TCP/IP-based networks. Is one solution that will be deployed to deal with issues of addressing and routing. Benefits: Expanded routing and addressing capabilities Header format simplification Improve support for options Quality-of-service capabilities Authentication and privacy capabilities Is a 40-byte (fixed) header and has 8 fields of information Interoperate Similar language Embedded address communication Allow checksum Migration Strategies from IPv4 to IPv6: Dual Stack – have both loaded/bound to NIC boards. Communicates regardless of which stack being used. Tunneling – Encapsulate IPv6 datagram inside IPv4 datagrams. Allows IPv6 to cross over IPv4 network segments. Header Translation – Software on routers connecting both network segments, strips headers, replace with one appropriate for network segment entering. 2 Types of IPv6 addresses can be embedded: IPv4-compatible = understand IPv6 IPv4-mapped = do not understand IPv6
12	Describe utilizing private network addresses to overcome the IPv4 address shortage. 10-Netting = using private network address to overcome shortages Approach Addresses reserved for private networks are filtered out by Internet routers and do not conflict with registered addresses. Private Address Blocks Class A = 10.0.0.0 ßà 10.255.255.255 Class B = 172.16.0.0 ßà 172.31.255.255 Class C = 192.168.0.0 ßà 192.168.255.255 Implement 10-netting by assigning hosts on the private, internal part of network IP address and placing a router between the private internal network and the public network (Internet). Private interface on router assigned address from private network Public interface on router assigned registered IP address. Router runs network address translation (NAT) software, which translates addresses when packets pass through from private to public network. Advantages If the 10.0.0.0 range selected, private network can have entire Class A network address. Only 1 registered IP address is required for entire private network Security is increased because entire private network appears to have only 1 IP address on the public network.
13	Identify the role of TCP/IP ports. IP Port number assigned to a service running on an IP host number used to link incoming data to correct service Divided into 3 Ranges: Well-Known Ports = 0 - 1023 Registered Ports = 1024 – 49151 Dynamic or Private Ports = 49152 – 65535 Well-Known Ports are standard port numbers used by everyone. Assigned by the IANA (internet Assigned Numbers Authority) and on most systems can only be used by system processes or by programs executed by privileged users. See chart, page 1-40 for Well-Known Port number assignments.
14	List sources of TCP/IP information. RFCs Request for Comments Series of technical reports about the Internet Discuss different aspects of computing, including new and revised protocols, standards, procedures and programs. Defined documents of the Internet protocol suite (standards) by the IETF. ARIN American Registry for Internet Numbers Non-profit organization created to manage IP address space for assigned territories Similar to RIPE and APNIC, pleased management of IP space under user control (ISPs, corporate entities, colleges, and individuals) APNIC Asia-Pacific Network Information Center 1 of 3 regional Internet Registries (IRs) of the IANA Serves the Asia-Pacific area Allocates Internet resources, including IP addresses, autonomous systems (AS) numbers, and domain delegations ICANN Internet Corporation for Assigned Names and Numbers Supercedes the IANA Has authority over all number spaces used in Internet Allocates parts of the Internet address space to 3 regional IRs. Responsible for managing Internet address, domain names, and protocol parameters IETF Internet Engineering Task Force Group dedicated to identifying problems on and proposing technical solutions for the Internet InterNIC Internet Network Information Center 1 of 3 regional IRs of the IANA serves North America and handles Internet domain name registration managed by Network Solutions, Inc. (NSI) RIPE NCC Reseaux IP Europeans Network Coordination Center Is 1 of 3 regional IRs of IANA Handles internet domain name registration for Europe.
15	Identify the purpose of the Internet Protocol (IP). Used in packet-switched networks (CATENET) Transmits blocks of data, called datagrams, from sources to destinations. Sources and destinations are hosts identified by fixed-length addresses. Can also fragment and reassemble long datagrams, if necessary, for transmission through small-packet networks Does not provide end-to-end data reliability, flow control, sequencing, or other services commonly found in host-to-host protocols. Relies on the services of its supporting networks to provide various types and qualities of services.
16	Identify the fields that compose the IP header and the function of each. Version – indicates the format of the IP header IHL – (Internet Header Length) indicates the length of the IP in 32-bit words, and thus points to the beginning of data. The minimum value for a correct header is 5. Type of Service – specifies the treatment of the datagram during its transmission through the Internet system. Total Length – length of datagram measured in octets, including Internet Header and data. This field allows the length of a datagram to be up to 65,535 octets (whether they arrive whole or in fragments.) Identification –an identifying value assigned by the sender to aid in assembling the fragments of a datagram. Flags –identifies the amount a packet is fragmented. Fragments Offset – indicates where in the datagram this fragment belongs. Time To Live (TTL) – indicates the maximum time the datagram can remain in the Internet system. Protocol – indicates the next-level protocol used in the data portion of the IP datagram. Header Checksum –displays a checksum of the header only. Source Address –displays the source address of the datagram. Destination Address –displays the destination address of the datagram. Options –displays options that might appear in datagrams. Padding –used to ensure that the Internet header ends on a 32-bit boundary. the padding is zero. IP provides 2 basic functions: Addressing Fragmentation IP sees the addresses carried in the header to transmit datagrams to their destination. IP uses fields in the header to fragment and reassemble Internet datagrams for transmission through small-packet networks. 4 Key features in providing its services: Type of Service Indicates the quality of the service wanted. Type of service provides a generalized set of parameters that characterize the service choices provided in the network that make up the Internet Time To Live Indicates an upper boundary on the lifetime of an Internet datagram It is set by the sender of the datagram and reduced at the points along the route where it is processed Can be thought of as a self-destruct time limit. Options Provides control functions that might be useful in some situations but that are unnecessary for the most common communication Options include functions for time stamps security, and special routing. Header Checksum Verifies that the information used in processing the Internet datagram has been transmitted correctly.
17	Identify the purpose of Transmission Control Protocol (TCP). Highly reliable Host-to-Host protocol in packet-switched networks and internetworks Provides process-to-process communications in multi-network environments Interacts between user or application processes and a lower-level protocol such as IP. Provides a set of calls for manipulating data. Can also communicate with application programs asynchronously. Designed to work in a very general environment of interconnected networks
18	Identify the purpose of User Datagram Protocol (UDP). Provides a datagram mode of packet-switching in an internetwork Assumes that IP is used as the underlying protocol Allows application programs to send messages to other programs with a minimum of protocol mechanism. Is transaction oriented; duplicate and delivery protection are not guaranteed. Offers a minimal transport service-non-guaranteed datagram delivery—and gives applications direct access to the datagram service of the IP layer. The only services UDP provides over IP are check summing of data and multiplexing by port number. Does not maintain end-t-end connection with the remove UDP module; it only pushes the datagram out on the network and accepts incoming datagrams off the network. Used by application that do not require level of service provided by TCP or applications that want to use communications services (such as multicast or broadcast delivery) not available from TCP. NFS (Network File System) and SNMP (Simple Network Management Protocol) use UDP. The service is little more than an interface to IP. Cannot provide: Retransmission for reliably delivery Packetization and reassembly Flow control Congestion avoidance 1 of 2 main protocols that resides on top of IP
19	Identify the purpose of Internet Control Message Protocol (ICMP) and the types of ICMP messages. Although layered on IP, ICMP is a control protocol that is an integral part of IP. Provides error reporting, congestion reporting, and first-hop gateway redirection ICMP messages are grouped into 2 classes: Error messages Destination unreachable Redirect Source quench Time exceeded Parameter problem Query messages Echo Information Time stamp Address mask If an ICMP message of unknown type is received, it is silently discarded.
20	Identify the purpose of Internet Group Management Protocol (IGMP). Used by hosts and gateways on a single network to establish hosts’ membership in particular multicast groups Gateways use this information with a multicast routing protocol to support IP multicasting across the Internet. Implementation of IGMP is optional A host can still participate in multicasting local to its connected networks without IGMP.
21	Identify the purpose of Network Time Protocol (NTP). Synchronizes a set of network clocks using a set of distributed clients and servers. Is built on the UDP, which provides a connectionless transport mechanism. Specifies the precision and estimated error of both the local clock and reference clock it might be synchronized to. Designed to connect a few primary reference clocks to centrally accessible resources such as gateways. Provides information that can be used to organize this hierarchy on the basis of precision or estimated error.
22	Describe TELNET and identify its purpose. Provides a remote login capability on TCP. The operation and appearance is similar to keyboard dialing through a telephone switch. Works very well Its an old application and has widespread interoperability. Implementations of TELNET usually work between different operating systems Is TCP/IP’s virtual terminal protocol Allows a user from one host to log in to another host while appearing to be directly attached to the terminal at the remote system. This TCP/IPs definition of a virtual terminal. Very powerful tool Can use TELNET to access a remote client and provide the same functionality as local client software. Can do this by specifying a port number with the TELNET command. TELNET [IP_address\hostname][port]
23	Describe Hypertext Transport Protocol (HTTP) and identify its purpose. Allows basic hypermedia access to resources available from diverse applications Is an application-level protocol that can be used to transport, retrieve, search for, update, and annotate information that is distributed and collaborative, and that includes hypermedia. Provides an open-ended set of methods and headers that indicate the purpose of a request. Is based on the Uniform Resource Identifier (URI). Uses a Uniform Resource Locator (URL) or Uniform Resource Name (URN) to indicate the resource that a process should be applied to. Also used as a generic protocol for communication between user agents and proxies or gateways to other Internet systems, including those supported by the SMTP, NNTP, FTP, Gopher, and WAIS protocols.
24	Identify the purpose of File Transfer Protocol (FTP) and the functionality of some FTP commands. Useful and powerful TCP/IP utility for general user. Allows you to upload and download files between local and remote hosts. Commonly available at file archive sites to allow users to access files without having to pre-establish an account at the remote host. FTP [IP_address\host_name] Commands: HELP ? = used to obtain a list of available FTP commands and help topics TYPE = used to specify the file type when you transfer a binary or executable file DIR = used to see a directory listing of the files in the current directory at the Remote host CD = change directory SHOW = see what directory you are in Other commands: GET, QUIT, CLOSE, OPEN, and PUT (or SEND)
25	Identify the purpose of Trivial File Transfer Protocol (TFTP). Simple protocol used to transfer files Runs on top of the Internet UDP and is used to move files between machines on different networks implementing UDP. Designed to be small and easy to implement. Lacks most of the features of a regular FTP. Only services it provides are reading and writing files and sending mail to and from a remote server. Passes 8-bit bytes of data, cannot list directories or provide user authentication. Supports 3 modes of transfer: NETASCII Octet Mail Errors caused by 3 types of events: Not being able to satisfy the request Receiving a packet that cannot be explained by a delay or duplication in the network Losing access to a necessary resource Protocol very restrictive
26	Describe TFTP operation. A transfer begins with a request to read or write a file. If the server grants request, the connection is opened and file sent. File divided into packets. If packet gets lost, intended receiver times out and retransmits last packet (acknowledgement) Sender of lost packet retransmits lost packet Sender keeps 1 packet on hand for retransmission.
27	Match the TCP/IP protocols with their definitions.
28	List sources of TCP/IP security information. CERT Computer Emergency Response Team Is part of the Survivable Systems Initiative at the Software Engineering Institute Publishes advisories addressing current security threats and ways to counteract them CSRS Computer Security Resource Clearinghouse Provided information or network security issues CIAC Computer Incident Advisory Capability Responsible for protecting DOE computer networks
29	Identify the purpose of firewalls. Is to create a system that prevents unauthorized users from accessing proprietary information Is a combination of hardware and software that reduces the risk of a security breach into a private TCP/IP network Provide security for services, such as email Also protect hosts Effective firewall between the private network and the Internet, or between private network segments, enforces corporate security and access control policies Also helps regulate the type of traffic that can access the private network and provides information about that traffic to the Administrator.
30	Identify the types of firewalls and features of each. Screening Routers Basic type of firewall, uses only the packet-filtering capability to control and monitor network traffic that passes through the border. Can block traffic between networks or to and from specific hosts on an IP port level. Bastion Hosts Represents private network on the Internet Host is point of contact for incoming traffic from the Internet Acts as a proxy server to allow internal network clients access to external services Runs few services – email, FTP, DNS, or Web Services Does not require authentication Does not store any sensitive data Screened Hosts Combination of Bastion Host and Screening Routers Adds security by using Internet access to deny or permit certain traffic from the Bastion Host. First stop for traffic, which can continue only if the Screening Router lets it through Dual-Homed Hosts Based on a server with at least 2 network interfaces. Host acts as a router between the network and the interfaces to which it is attached Host blocks direct traffic between the private network and the Internet Screened Subnets Variation of Screen Host. In screened subnetting, the Bastion Host is placed on its own subnetwork. 2 screening routers used to do this: 1 between the subnet and the private network and the other between the subnet and the Internet. Tri-Homed Hosts combines elements of a Screening Router and a Screened Host; thereby overcoming the limitations of each. Security is centered on the screening routers by using interfaces for the Internet, the private network, and the subnets that contain the Bastion Hosts and application servers.
31	Describe encryption and its role in a TCP/IP network. Securing a network because information sent over a TCP/IP internetwork can pass through numerous other routers and hosts before it reaches its destination Code your information Three (3) Encryption Issues: Eavesdropping Modification Impersonation – pretending “spoofing” Public Key Private Key Secure Socket Layer (SSL) provides safeguard against threats: Confidentiality Integrity Authentication Transforms information so it cannot be decrypted or read by anyone but the intended recipient. Ciphertext – disguised information Symmetric Encryption – like a combination lock; anyone who uncovers code can access it
32	Describe denial of service attacks and how to defend against them. DoS = most threatening security flaw DoS attack is an assult that floods a network with so much traffic that normal network activities and slowed dramatically or stopped altogether. Usually does not corrupt network file systems Three (3) groups of attacks: TCP/IP Implementation Based attacks Exploits a weakness in a specific TCP/IP stack Ping of Death Tear Drop TCP/IP Standard Based attacks Exploits a weakness in the TCP/IP standard itself SYN attack Land Brute-Force Attack Creates excess traffic on a network SMURF UDP Flood – known as “Pepsi”
33	Describe snooping. Capturing of all packets being transmitted on a network Can be used for a variety of purposes using a number of different tools Password Capture Port Scanning
34	Describe routing fundamentals. IP is the portion of TCP/IP that provides addressing and connectionless services for packet forwarding. It also provides packet-switching services. Autonomous Systems Group of networks administered as a whole system by a single authority. IGP Interior Gateway Protocol Routing protocol that manages routing information within a Autonomous System EGP Exterior Gateway Protocol Autonomous Systems are interconnected using an Exterior Gateway Protocol BGP Border Gateway Protocol Enhancement of EGP New interdomain routing protocol
35	Describe Routing Information Protocol (RIP) RIP Developed to provide consistent routing and reachability information between PCs on a LAN In small networks, RIP uses very little bandwidth and configuration and management time Very easy to implement Allows hosts and gateways to exchange info for computing routes through an IP-based network Any host using RIP should have interfaces to one or more networks. These networks are referred to as Directly Connected Networks Relies on access to certain information about each of these networks. The most important information about a network is its metric cost. The metric cost is between 1 and 15. 16 is considered unreachable. Is the TCP/IPs suite distance vector routing protocol. Disadvantages: Amount of time it takes for routers to synchronize their databases when change occurs to network (‘convergence’) Count-to-infinity – slow convergence Split horizon – decreases the amount of RIP traffic on network, but increases convergence time. Poison reverse – all routes learned from network are advertised back to same network with cost of 16. RIP II Provide support for: Authentication Subnet masks Next hop addresses Multicast packets
36	Describe the Open Shortest Path First (OSPF) protocol. Link State protocol most commonly used on IP internetworks Responsible for establishing and maintaining neighbor relationships, or adjacencies, between routers connected to the same segment Hello Packet = each router advertising itself send periodic multicasting hello packets Flooding = when router detects changes, it distributes new information to all routers Learning Routes identifying neighboring OSPF routers synchronizing link state advertisement databases OSPF Terms Autonomous Systems – group of routers exchange routing information using common routing protocols in single administrative unit Autonomous System Border Router (ASBR) – router that exchanges routing information with routers belonging to other AS systems. Area – small/medium networks Backbone – logical area where areas are connected. Address always 0.0.0.0. Stub Area – only one Area Border Router (ABR) is defined Transit Area – areas containing more than one ABR
37	Describe Exterior Gateway Protocol (EGP) and Border Gateway Protocol (BGP). EGP Exterior Gateways Protocol supported by software Exchange information between different Autonomous Systems Usually used only when connecting different companies or commercial services EGP routers are called external routers Exterior or interior neighbors Cannot support a looped topology Can only advertise one route to a given network Difficult to switch to an alternate route if the primary route fails BGP Made EGP obsolete Is an inter-AS routing protocol that exchanges network reachability information with other BGP speakers Can support any policy conforming to the hop-by-hop routing paradigm Implementation should allow an AS to: Control announcements of the BGP learned routes to adjacent Ass Prefer a particular path to a destination Ignore routes with certain Ass in the AS_PATH path attribute
38	Describe other routing configurations. Static Routing Configuration Provides a means of explicitly defining the next hop from a router for a particular destination Support following: Type of service Subnet mask Prefix length Metric specific to a given routing protocol that can input the route Directed Broadcast Forwarding Allows a remote system to send a single packet that will be broadcast on the network.
39	Compare RIP and OSPF. OSPF considered superior to RIP for following reasons: Support for large networks Variable-length subnetting Rapid convergence Reduced internetwork traffic
40	Identify TCP/IP network design criteria. Network Design Drawn up in a diagram in form of logical network topology Include design for hardware, connectivity, and services Must also take into account for communications, functions, and security unique to IP protocol Purpose of design: Serves as a vehicle for planning ahead before setting up an IP network For evaluating an existing network, so you can avoid problems and limitations Allows you to ensure that your IP network will have: Manageable IP addressing Efficient routing Scalability Overall management An appropriate level of network security Remote network access, if necessary Parts of an IP Network Design Should contain diagrams indicating placement of servers, DHCP servers, workstations, printers, cabling, switches, hubs, and routers If connected to Internet, include firewalls, web servers, and DNS servers The IP addressing scheme must also be indicated on design A Design Approach Top-Down First concern is business needs network being built on
41	Identify IP address management issues when planning a network design. Assigning a Static IP Address Always stays with the same node Generally, preferred when a node is a router or server or another service-providing device Subnetting Creates extra level of control over address management Supernetting Rarely used in local network level Helps contain routing table explosion due to excess Class C networks Host Name Management Made necessary to manage distribution of domain names and static host files DHCP Provides functions and reduced administrative workload: Automatic allocation – assigns permanent address to host Dynamic allocation – leased IP address assigned to node for limit of time Manual allocation – host address manually configured by Network Administrator DNS Servers included in design: Primary Name Server – maintains data for the zone it has authority over and answers queries for data. Secondary Name Server – does not maintain data for zone, but copies data from Primary Server at startup, and gets updates.
42	Identify network design considerations involving routers. Incorporate if you: Need to connect dissimilar networks Either topology or IP network address are connected via router. If not, use a bridge Can Improve your design with routing Network should be modular in design to allow scalability, performance, and manageability Essentially comprised of smaller networks connected by routers Can use routing to satisfy security needs Can use routers to filter unwelcome traffic Security check functions done at Network Layer Need to connect networks over a WAN If you have LANs distantly located away from central corporate Can only be connected over a WAN link through a router Distance Vector Protocol Used with RIP/RIP II Builds own routing table; broadcasts to neighbors Finds lower-cost path (hops) Overhead, slow convergence Simple to implement Requires little management Link State Protocol Used with OSPF Only exchanges new information with routers Ease to implement on larger internetworks Fast convergence Better performance
43	Identify scalability issues when planning a network design. Physical Topology Designed around users and types of things they need to be able to do View your network as a collection of small and medium networks Logical Topology How you plan to assign addresses on your network Modular approach Public & Private Networks (Public) – presents one IP address to the worldwide (Private) – world cannot see IP address 10-Netting Is a Class A Network address Contains 16+ million addresses Reserved for private use Adds security Address is 10.0.0.0 NAT Network address translation Manages outbound traffic from host on private network by removing source IP address and replacing it with an official address that is permitted on Internet Inbound traffic goes through reverse process
44	Identify network management issues involved with planning a network design. Low Traffic One purpose of creating a network design before creating the network is avoiding network traffic congestion, often blamed on limited bandwidth By using Top-Down design approach and a Modular Topology, you can accomplish goal High Availability & Reliability Must include both physical and logical redundancy in your design Physical Redundancy Most costly to provide because it requires redundant hardware (routers and switches) and redundant connectivity. Can be expensive Build a backbone with redundant switches and connections. Logical Redundancy Provided by using an appropriate routing protocol with re-routing capability OSPF is used Use in STAR or MESH topology
45	Identify remote network access methods. Three (3) basic types: Remote Application Packages Application package that has remote access support built-in Remote Control Access User uses remote (offsite) PC as a long-distance clone of a PC or host in the office Applications appear to be running on remote PC, but actually executing on the office PC Only keyboard and screen updates being sent over phone lines Remote Node Access Remote PC becomes a workstation on the network, connected over a phone line by modem rather than NIC card. Very slow Hybrid Solutions Combine remote control and remote node PROS CONS Remote Application Simple Limited to communications Low Cost within the application Remote Control Good performance High Cost With many apps limited security features Remote Node Cost effective Poor performance with Scalable data-intensive applications
46	Identify the symptoms and causes of various TCP/IP network errors. ARP Problems Used to resolve MAC address problems ARP communication failed No ARP reply ARP values interpreted incorrectly DNS Problems Used to resolve processes using DNS servers Wrong DNS server DNS server down or unreachable Incorrect entries in DNS Host Table DNS/DHCP contradictions DHCP Problems Key components in creating dynamically configured TCP/IP network Relay Agent requirement Multiple DHCP Servers Non-standard DHCP implementations DHCP Server Down Windows 95 Specific Address-Caching issues DHCP Security problems Unsupported DHCP Options SLP Problems Service Location Protocol Provides service location through User Agents (UA), Service Agents (SA), and Directory Agents (DA) Winsock version problems Isolated User Agents Incorrectly Identified Directory Agents IP Problems Addressing system used in IP networks IP addressing problems: Communication cannot be established The client cannot initialize on the network Routes are lost or unavailable Bandwidth is wasted on unnecessary or misdirected traffic Fragmentation not allowed Time to Live (TTL) Faults Unsupported Options NTP Problems Defines a cross-platform time synchronization system with a Primary Server synchronized to UTC via Global Positioning Service (GPS) receiver. Time cannot be established Time Is Out of Synchronization NAT Problems Enables you to maintain separate set of addresses and translate between those addresses when accessing the Internet Dynamic Private Clients are Isolated Configured improperly Cannot communicate with NAT router Router cannot communicate with publish network Router is not default gateway for the client Private Device Is Inaccessible Local Network Services are Inaccessible Security Problems Many protocols in TCP/IP suite are open because of their trusting, unsecured, and unencrypted nature Denial of Service Eavesdropping Impersonation Packet modification and replay Mixed Environment Problems Non-standard stack implementations Firewall Problems Packet filtering drop-packets with destination port or address trouble Over-reactive filtering Improper filters
47	List the steps for TCP/IP error resolution. Step 1 – Examine the communication process Step 2 – Identify the possible points of failure Step 3 – Develop a plan of action Step 4 – Test your solution Step 5 – Record your solution
48	Identify the purpose and functionality of troubleshooting tools. Network Tools Help gather information about the network configuration, status of communications and links within an internetwork TCPCON – general TCP/IP stack configuration and performance statistics PING – end-to-end connectivity test (menu-driven) TPING – end-to-end connectivity test (command line) IPTRACE – trace rout path test DEBUG – communication dumps/recordings Windows 95/98 & NT Tools Basic tools used to isolate problems on network WINIPCFG – local configuration information; enables refresh of IP address or renewal IPCONFIG – NT equivalent of WINIPCFG, same functions PING – used to query another IP device ROUTE – looks at client, route tables to determine how to route packets to a remote destination ARP – view local device’s ARP cache; used to force broadcast to resolve IP-to-Ethernet address TRACE ROUTE (TRACERT) – determine path packet takes to get from A to B NETSTAT – detail list of current protocol operations for TCP/IP connections Unix & Linux Tools TCPDUMP – command-line tool for monitoring network traffic. TRACEROUTE – trace and print the route the packets travel from source to destination ARPWATCH and ARPSNMP – monitor Ethernet or FDDI network traffic and build databases of Ethernet/IP address pairs BIND-UTILS – for querying DNS name servers to find out information on Internet hosts PING – ICMP echo test WHOIS – query remote server database of domain or IP address registries NSLOOKUP – query remote DNS server for DNS registry information DIG (Domain Internet Groper) – send domain name query packets to any DNS name server in the Internet IFCONFIG – used to obtain interface information such as packets received, packets sent, MTU, and metric Protocol Analyzers Capture packets off the cabling system and display conversations and individual packets in a readable format Step 1 – access the network Step 2 – capture the traffic Step 3 – view the captured traffic Step 4 – filter out and view just the needed traffic Step 5 – document findings Analyzer elements: Pots Decodes Capture filters Display filters (post-filters) Gauges and graphs Alarms and alarm thresholds Trace buffer Use of Protocol Analysis Troubleshooting Optimization Planning and testing Protocol Analyzer Types Stand Alone – capture packets that cross wire to which analyzer connected Distributed – captures packets on remote networks Hardware and Software – LZFW, Sniffer Basic, ManageWise, Sniffer Pro Analyzer Placement – hubbed or bridged networks, routed, or WAN links, Switched (includes hubout, analyzer agents, and port scanning or mirroring) TCP/IP ToolKits – AGNet Tools, NPS NetScanTools Pro 2000 IP Addressing Calculators Other Tools – Top MAC pairs, top senders/receivers; utilization, datalink errors; Token Rotation Time; response time, routing traffic efficiency; signal attenuation, crosstalk, cable lengths, cable faults Shareware and Freeware
49	Troubleshoot TCP/IP protocol errors Isolate the problem: PING the URL, i.e., www.iana.org Results: successful Traceroute to www.iana.org. Results: successful Use NSLOOKUP to obtain the IP address for www.iana.org. Results: 128.9.160.83 Portscan 128.9.160.83. Results: HTTP port 80 is not active on the host. You might need to use a variety of tools to isolate TCP/IP problems.

Internet = Routes data packets between difference hosts or networks. The Internet

Unicast

Broadcast

Anycast

Assigning Subnet Addresses

When you create subnet addresses, you need to

To create a subnet, you must

Interoperate

Approach

Private Address Blocks

Advantages

IP Port

ARIN

APNIC

ICANN

IETF

InterNIC

RIPE NCC

FTP [IP_address\host_name]

CSRS

CIAC

Screening Routers

Bastion Hosts

Screened Hosts

Dual-Homed Hosts

Screened Subnets

Tri-Homed Hosts

Autonomous Systems

IGP

EGP

BGP

RIP

RIP II

Learning Routes

OSPF Terms

EGP

BGP

Static Routing Configuration

Directed Broadcast Forwarding

Network Design

Parts of an IP Network Design

A Design Approach

Assigning a Static IP Address

Subnetting

Supernetting

Host Name Management

DHCP

DNS

Need to connect dissimilar networks

Can Improve your design with routing

Can use routing to satisfy security needs

Need to connect networks over a WAN

Distance Vector Protocol

Link State Protocol

Physical Topology

Logical Topology

Public & Private Networks

NAT

Low Traffic

High Availability & Reliability

Physical Redundancy

Logical Redundancy

PROS CONS

ARP Problems

DNS Problems

DHCP Problems

SLP Problems

IP Problems

NTP Problems

NAT Problems

Security Problems

Mixed Environment Problems

Firewall Problems

Network Tools

Windows 95/98 & NT Tools

Unix & Linux Tools

Protocol Analyzers

Troubleshoot TCP/IP protocol errors