NETWORK+ EXAM CompTIA Textbook Notes Flashcards
(221 cards)
1
Q
Missing Route Issues
A
- Use ping and traceroute/tracert to identify where network path fails
- Check routing table
- Missing static route
- Dynamic protocol failure
- Device configuration review
2
Q
Routing Loop Issues
A
- Incorrect path information causes
packet to circulate until TTL is
exhausted - Use traceroute to diagnose
3
Q
Asymmetrical Routing Issues
A
- Return path different to forward path
- Issues
- Inconsistent latency
- Security appliances dropping return packets
- Analyze traceroute output and investigate routing tables
4
Q
Low Optical Link Budget Issues
A
- Consider PHY/data link layer issues when routing across WANs
- Poor connectivity across fiber link
- Loss budget expresses amount of loss from attenuation, connectors,
and splices measured in dB - Loss budget must be less than power budget (transceiver transmit
power and receive sensitivity)
5
Q
OSI Model
A
Layer 1 – Physical
Layer 2 – Data link
Layer 3 – Network
Layer 4 – Transport
Layer 5 – Session
Layer 6 – Presentation
Layer 7 – Application
6
Q
Application Layer 7
A
End User Layer
Protocols: SMTP, HTTP
program that opens what was sent or creates what was sent
7
Q
Presentation Layer 6
A
Syntax Layer
JPEG/ASCII/EBDIC/TIFF/GIF/PICT
encrypt and decrypt (if needed)
formats data to be presented to the application layer and can be viewed as “translator” for network.
8
Q
Session Layer 5
A
synch and send to ports (logical ports)
Logical Ports: RPC/SQL/NFS/NetBIOS names/Stateful Inspection Firewall
allows session establishment between processes running on different stations.
9
Q
Transport Layer 4
A
TCP Host to Host, Flow Control
Packet Filtering
TCP/SPX/UDP
ensures delivery of messages error free, in sequence, no losses or duplicates.
10
Q
Network Layer 3
A
Packets “letter”, contains IP address
Packet Filtering
Routers: IP/IPX/ICMP
TTL, Firewall
Controls the operation of the subnet, deciding which physical path data takes.
11
Q
Data Link Layer 2
A
Frames “envelope”, contains MAC address
Switch/Bridge/WAP/NIC/Ethernet/PPP/SLIP
[NIC card > Switch > NIC card]
Provides error-free transfer of data frames from one node to another over the physical layer.
12
Q
Physical Layer 1
A
Physical Structure (signal layer)
Cables, hubs, modem, transceivers, media converters…
Transmission and reception of the unstructured raw bit stream over the physical medium.
13
Q
Network Protocol two principal functions:
A
Addressing and Encapsulation
14
Q
Addressing
A
describing where data messages should go
15
Q
Encapsulating
A
describing how data messages should be packaged for transmission
16
Q
At each layer what must two nodes be running to communicate?
A
the same protocol at each layer
17
Q
Same Layer Interaction
A
communication between nodes at the same layer
18
Q
Adjacent Layer Interaction
A
To transmit or receive communication on each node each layer provides services for the layer above and uses the services of the layer below
19
Q
Process of Encapsulation
A
When a message is sent from one node to another, it travels down the stack of layers on the sending node, reaches the receiving node using the transmission media, and then passes up the stack on that node. At each level (except the physical layer), the sending node adds a header to the data payload, forming a “chunk” of data called a protocol data unit (PDU).
20
Q
Physical Topology
A
The layout of nodes and links as established by the transmission media. An area of a larger network is called a segment. A network is typically divided into segments to cope with the physical restrictions of the network media used, to improve performance, or to improve security. At the Physical layer, a segment is where all the nodes share access to the same media.
21
Q
Physical Interface
A
Mechanical specifications for the network medium, such as cable specifications, the medium connector and pin-out details (the number and functions of the various pins in a network connector), or radio transceiver specifications.
22
Q
Devices that operate at the Physical Layer 1:
A
Transceiver—The part of a network interface that sends and receives signals over the network media.
Repeater—A device that amplifies an electronic signal to extend the maximum allowable distance for a media type.
Hub—A multiport repeater, deployed as the central point of connection for nodes.
Media converter—A device that converts one media signaling type to another.
Modem—A device that performs some type of signal modulation and demodulation, such as sending digital data over an analog line.
23
Q
Logical Topology
A
A layer 2 segment might include multiple physical segments.
24
Q
End Systems or Host Nodes
A
Nodes that send and receive information
This type of node includes computers, laptops, servers, Voice over IP (VoIP) phones, smartphones, and printers.
25
intermediate system or infrastructure node
A node that provides only a forwarding function
26
Devices that operate at the data link layer include:
Network adapter or network interface card (NICs)—An NIC joins an end system host to network media (cabling or wireless) and enables it to communicate over the network by assembling and disassembling frames.
Bridge—A bridge is a type of intermediate system that joins physical network segments while minimizing the performance reduction of having more nodes on the same network. A bridge has multiple ports, each of which functions as a network interface.
Switch—An advanced type of bridge with many ports. A switch creates links between large numbers of nodes more efficiently.
Wireless access point (AP)—An AP allows nodes with wireless network cards to communicate and creates a bridge between wireless networks and wired ones.
27
ACL
A network ACL is a list of the addresses and types of traffic that are permitted or blocked.
28
heterogenerous
networks using a variety of physical layer media and data link protocols
29
Main appliance working at layer 3:
the router
30
End to End or Host to Host Layer
Transport Layer 4
31
Which layer assigns port numbers to network applications?
Transport Layer
32
Segments at the Transport Layer
on the sending host, data from the upper layers is packaged as a series of layer 4 PDUs and each segment is tagged with the apps port number.
33
Which layers in the OSI model is the port number ignored?
At the network and data link layer and it becomes part of the data payload and is invisible to the routers and switches that implement the addressing and forwarding functions of these layers. At the receiving host, each segment is decapsulated, identified by its port number, and passed to the relevant handler at the application layer. Put another way, the traffic stream is de-multiplexed.
34
IDS
Intrusion Detection System
35
Functions in the Session Layer
establishing a dialog, managing data transfer, and then ending (or tearing down) the session
36
What protocol does not encapsulate any other protocols or provide services to any protocol
Application Layer
37
At layer 2, the SOHO router implements the following functions to make use of its physical layer adapters:
ethernet switch and wireless access point
38
What connects a SOHO router to the internet?
WAN interface
39
PSTN
The Public Switched Telephone Network is where Most SOHO subscriber Internet access is facilitated
40
CPE
customer premises equipment
41
demarcation point/demarc
point at which the telco's cabling enters the customer premises
42
Internet Assigned Numbers Authority (IANA)
manages allocation of IP addresses and maintenance of the top-level domain space. IANA is currently run by Internet Corporation for Assigned Names and Numbers (ICANN). IANA allocates addresses to regional registries who then allocate them to local registries or ISPs.
43
Internet Engineering Task Force (IETF)
focuses on solutions to Internet problems and the adoption of new standards, published as Requests for Comments (RFCs). Some RFCs describe network services or protocols and their implementation, while others summarize policies. An older RFC is never updated. If changes are required, a new RFC is published with a new number. Not all RFCs describe standards. Some are designated informational, while others are experimental.
44
Bandwidth
The more bandwidth available in the media, the greater the amount of data that can be encoded.
45
Carrier Sense Multiple Access with Collision Detection (CSMA/CD)
The Ethernet protocol governing contention and media access
46
Fast Link Pulse
Fast Ethernet codes a 16-bit data packet into this signal advertising its service capabilities.
47
unshielded twisted pair (UTP)
Modern buildings are often flood-wired using UTP cabling.
Most twisted pair cable used in office networks
48
two methods for terminating Ethernet(RJ-45) connections:
T568A and T568B
49
T568A Standard
gGoBbObrBR
green/white, green, orange/white, blue, blue/white, orange, brown/white, brown
50
T568B Standard
oOgBbGbrBR
orange/white, orange, green/white, blue, blue/white, green, brown/white, brown
51
plenum cable
typically in false ceiling and must not emit a lot smoke, be self-extinguishing
uses treated PVC or FEP
data cable is marked CMP/MMP
52
General purpose (nonplenum) cabling
uses PVC (polyvinyl chloride) jackets and insulation
marked CMG/MMG or CM/MP
53
Riser cabling
Cabling that passes between two floors
conduit must be fire-stopped
data cable marked CMR/MPR
54
coax cable
made of two conductors that share the same axis, hence the name ("co" and "ax")
The core conductor of the cable is made of copper wire (solid or stranded) and is enclosed by plastic insulation (dielectric). A wire mesh (the second conductor), which serves both as shielding from EMI and as a ground, surrounds the insulating material. A tough plastic sheath protects the cable.
55
Coax cables are categorized using
the Radio Grade (RG) standard
56
Twinaxial (or twinax) cable
similar to coax but contains two inner conductors
used for datacenter 10GbE and 40GbE up to 5 m for passive cables and 10 m for active cable types.
57
SMF
Single Mode Fiber :
small core (8-10 mcrions)
long wavelength
support data rates 100Gbps
OS1 indoor
OS2 outdoor
suitable for WAN
58
MMF
Multimode Fiber:
large core (62.5 or 50 microns)
shorter wavelength
less expensive than SMF
no high signaling speed/no long distance as single mode
suitable for LAN
59
MMF is graded by Optical Multimode (OM) categories, defined in the ISO/IEC 11801 standard:
OM1/OM2—62.5-micron cable is OM1, while early 50-micron cable is OM2. OM1 and OM2 are mainly rated for applications up to 1 Gbps and use LED transmitters.
OM3/OM4—these are also 50-micron cable, but manufactured differently, designed for use with 850 nm Vertical-Cavity Surface-Emitting Lasers (VCSEL), also referred to as laser optimized MMF (LOMMF). A VCSEL is not as powerful as the solid-state lasers used for SMF, but it supports higher modulation (transmitting light pulses rapidly) than LED-based optics.
60
Straight Tip (ST)
push-and-twist locking mechanism connector
multimode
61
Subscriber Connector (SC)
push/pull design
single- or multimode
commonly used for Gigabit Ethernet
62
Local Connector (LC) (also referred to as Lucent Connector)
tabbed push/pull design
widely adopted form factor for Gigabit Ethernet and 10/40 GbE
63
Mechanical Transfer Registered Jack (MTRJ)
small-form-factor duplex connector with a snap-in
multimode
64
fiber ethernet standard specifications
100BASE-FX
100BASE-SX
1000BASE-SX
1000BASE-LX
10GBASE-SR
10GBASE-LR
65
Physical Contact (PC)
The faces of the connector and fiber tip are polished so that they curve slightly and fit together better, reducing return loss (interference caused by light reflecting back down the fiber).
66
UltraPhysical Contact (UPC)
This means the cable and connector are polished to a higher standard than with PC.
67
Angled Physical Contact (APC)
The faces are angled for an even tighter connection and better return loss performance. APC cannot be mixed with PC or UPC. These connectors are usually deployed when the fiber is being used to carry analog signaling, as in Cable Access TV (CATV) networks. They are also increasingly used for long distance transmissions and for Passive Optical Networks (PON), such as those used to implement Fiber to the x (FTTx) multiple subscriber networks.
68
Horizontal Cabling
Connects user work areas to the nearest horizontal cross-connect. A cross-connect can also be referred to as a distribution frame. Horizontal cabling is so-called because it typically consists of the cabling for a single floor and so is made up of cables run horizontally through wall ducts or ceiling spaces.
69
Backbone Cabling
Connects horizontal cross-connects (HCCs) to the main cross-connect (optionally via intermediate cross-connects). These can also be described as vertical cross-connects, because backbone cabling is more likely to run up and down between floors.
70
Telecommunications Room
Houses horizontal cross-connects. Essentially, this is a termination point for the horizontal cabling along with a connection to backbone cabling. An equipment room is similar to a telecommunications room but contains the main or intermediate cross-connects. Equipment rooms are also likely to house "complex" equipment, such as switches, routers, and modems.
71
Entrance Facilities/Demarc
Special types of equipment rooms marking the point at which external cabling (outside plant) is joined to internal (premises) cabling. These are required to join the access provider's network and for inter-building communications. The demarcation point is where the access provider's network terminates and the organization's network begins.
72
punchdown block
comprises a large number of insulation-displacement connection (IDC) terminals
The IDC contains contacts that cut the insulation from a wire and hold it in place.
73
Copper wire termination
terminated using a distribution frame or punchdown block
74
66 block
older distribution frame used to terminate telephone cabling and legacy data applications(pre CAT5)
50rows of 4 IDC terminals
75
110 block
(developed by AT&T) is a type of distribution frame supporting 100 MHz operation (Cat 5) and better
76
punchdown tool
used to terminate fixed cable
77
cable crimper
used to create patch cords
fixes a plug to a cable
78
block tool
terminates a group of connectors in one action
79
fusion splicer
permanent joint with lower insertion loss
80
Small Form Factor Pluggable (SFP)
uses LC connectors and is also designed for Gigabit Ethernet
81
Enhanced SFP (SFP+)
updated specification to support 10 GbE but still uses the LC form factor
82
Multi-Source Agreement (MSA)
ensure that a transceiver from one vendor is compatible with the switch/router module of another vendor
83
Quad small form-factor pluggable (QSFP)
Quad small form-factor pluggable (QSFP) is a transceiver form factor that supports 4 x 1 Gbps links, typically aggregated to a single 4 Gbps channel. Enhanced quad small form-factor pluggable (QSFP+) is designed to support 40 GbE by provisioning 4 x 10 Gbps links.
84
Wavelength Division Multiplexing (WDM)
means of using a strand to transmit and/or receive more than one channel at a time.
85
Bidirectional (BiDi) transceivers
support transmit and receive signals over the same strand of fiber
86
Coarse Wavelength Division Multiplexing (CWDM)
supports up to 16 wavelengths and is typically used to deploy four or eight bidirectional channels over a single fiber strand.
87
Dense Wavelength Division Multiplexing (DWDM)
provisions greater numbers of channels (20, 40, 80, or 160). This means that there is much less spacing between each channel and requires more precise and expensive lasers.
88
point-to-point WDM topology
each transceiver is cabled to a multiplexer/demultiplexer (mux/demux). The single fiber strand is run to a mux/demux at the other site.
89
optical add/drop multiplexers (OADM)
can insert and remove signals for a particular wavelength channel on a ring topology
90
repeater
overcomes the distance limitation by boosting the signal at some point along the cable run
works at the physical layer 1
91
media converter
used to transition from one cable type to another
92
The following media conversions are typical:
Single mode fiber to twisted pair—These powered converters change light signals from SMF cabling into electrical signals carried over a copper wire Ethernet network (and vice versa).
Multimode fiber to twisted pair—A different media converter model is required to convert the light signals carried over MMF media.
Single mode to multimode fiber—These passive (unpowered) devices convert between the two fiber cabling types.
93
hub
each end system node is wired to a central intermediate system
All node interfaces are half-duplex, using the CSMA/CD protocol, and the media bandwidth (10 Mbps or 100 Mbps) is shared between all nodes.
94
bridges
An Ethernet bridge works at the data link layer (layer 2) to establish separate physical network segments while keeping all nodes in the same logical network. This reduces the number of collisions caused by having too many nodes contending for access.
95
Layer 2 switch
performs the same sort of function as a bridge, but in a more granular way and for many more ports than are supported by bridges. Each switch port is a separate collision domain. Gigabit Ethernet and Ethernet 10 GbE cannot be deployed without using switches.
96
microsegmentation
the switch establishes a point-to-point link between any two network nodes
97
heather fields in an ethernet frame:
Preamble | SFD | Destination MAC | Source MAC | Ether Type |Payload | FCS
98
the preamble and SFD in an ethernet frame are used for:
clock synchronization and as part of the CSMA/CD protocol to identify collisions early.
99
Cyclic Redundancy Check (CRC) or Frame Check Sequence (FCS)
error checking field contains a 32-bit (4-byte) checksum
100
A MAC/EUI address
48 bit (6 byte) identifier
101
I/G bit
The I/G bit of a MAC address determines whether the frame is addressed to an individual node (0) or a group (1).
102
Address Resolution Protocol (ARP)
determine which MAC address is associated with an IP address on the local network
103
Internet Control Message Protocol (ICMP)
used to report errors and send messages about the delivery of a packet
104
ping
utility sends a configurable number and size of ICMP request packets to a destination host
105
INCORRECT DNS ISSUES
If you can successfully perform all connectivity tests by IP address but cannot ping by host name, then this suggests a name resolution problem.
106
routing table
stores info about the location of other IP networks and hosts
107
The following main parameters define a routing entry:
Protocol - source of the route
Destination - most specific des prefix(longest mask) will be selected as the forwarding path if there is more than one match
Interface - used to forward a packet along the chosen route can be represented as IP address of interface or layer 2 interface ID
Gateway/next hop - IP address of next router along the path to destination
108
directly connected routes
IP network or subnet for each active router interface is automatically added to the routing table
109
static routes
manually added to the routing table and only changes if edited by the administrator
110
default route
special type of static route that identifies the next hop router for a destination that cannot be matched by another routing entry
destination address 0.0.0.0/0 (IPv4) or ::/0 (IPv6) is used to represent default route
111
If the packet can be delivered to a directly connected network via an Ethernet interface, the router uses ______ or ______ to determine the interface address of the destination host.
ARP (IPv4) or Neighbor Discovery (ND in IPv6)
112
If the packet can be forwarded via a gateway over an Ethernet interface, it ___________________ into the new frame.
inserts the next hop router's MAC address
113
If the packet can be forwarded via a gateway over another type of interface (leased line or DSL, for instance), _______________ in an appropriate frame type.
the router encapsulates the packet
114
If the destination address cannot be matched to a route entry, the packet is either ________________________________________.
forwarded via the default route or dropped(and the source host is notified that it was undeliverable).
115
hop count
each router along a packet's path counts as one hop
116
Time To Live (TTL)
number of secs a packet can stay on the network without being discarded when TTL 0 the packet is discarded to prevent badly addressed packets from permanently circulating the network
117
fragmentation IPv4 vs IPv6
IPv4 the ID, flags and fragment offset IP header fields are used to record the sequence in which the packets were sent and if the IP diagram has been split between frames
IPv6 does not allow routers to perform fragmentation. The host performs path MTU discovery to see if it fits the MTU and crafts IP diagrams that will fit the smallest MTU.
118
119
Dynamic routing protocol
uses an algorithm and metrics to build and maintain a routing information base
120
Learned route
A route that was communicated to a router by another router
121
Distance vector
Algorithm used by routing protocols that select a forwarding path based on the next hop router with the lowest hop count to the destination network.
122
Convergence
Process whereby routers running dynamic algorithms agree on the network topology
123
Autonomous system number
A network under the administrative control of a single owner
124
Interior Gateway Protocol IGP
Identifies routes with an AS
125
Exterior Gateway Protocol
advertise routes between autonomous systems replaced by BGP
126
Routing Information Protocol RIP
Distance Vector
IGP
UDP (port 520 or 521)
highest AD
127
Enhanced Interior Gateway Routing Protocol (EIGRP)
Distance Vector/Hybrid
IGP
Native IP (88)
uses bandwidth and delay as default elements
sends updates when first establishes with network and when topology changes using multicast addresing
128
Open Shortest Path First (OSPF)
Link State
suited for large organizations with multiple redundant paths between networks
Hierarchical
IGP
Native IP (89)
129
Boarded Gateway Protocol BGP
Path Vector
EGP
TCP (port 179)
allows comms with routers in separate autonomous systems
BGP within AS referred to as IBGP
BGP between AS referred to as EBGP
130
to help prevent looping the maximum hop count in RIP allowed is
15
131
RIP Versions
RIPv1
RIPv2
RIPng (next generation)
132
RIPv1
classful protocol and uses inefficient broadcasts to communicate updates over UDP port 520
133
RIPv2
supports classless addressing, authentication, and uses more efficient multicast transmissions over UDP port 520.
134
RIPng
version of protocol designed for IPv6 uses UDP port 521
135
maximum hop count allowed in EIGRP is
255
136
link state vs distance vector algorithm
link state uses a topology table of the whole network to select routes vs distance vector chooses the closest router and selects its route that way
link state more expensive than distance vector
137
Network Layer Reachability Information (NLRI)
classless network prefixes that BGP works with
138
Classless Inter-Domain Routing (CIDR)
CIDR also known as "supernetting" uses bits normally assigned to the network ID to mask the complexity of the subnet and host addressing scheme within that network
139
Variable Length Subnet Masking (VLSM)
allows to allocate ranges of IP addresses to subnets that match the predicted need for numbers of subnets and hosts per subnet more closely
140
edge routers
placed at the network perimeter
provides access to the internet
can do framing to repackage data from WAN to private LAN
141
internal routers
no public interface
designed to implement required network topology
142
subinterfaces/ virtual interface
configuring a router physical interface with multiple virtual interfaces connected to a separate virtual LAN (VLAN) ID over a trunk
143
Layer 3 Switch
optimized for routing between VLANs
can use static and dynamic routing to identify which VLAN an IP address should be forwarded to
144
route command
used to view and modify the routing table of end system
145
traceroute tool (linux)
allows to test the path between two nodes with a view to isolating the node or link that is causing the issue
uses UDP probe by default
146
tracert command (windows)
uses ICMP echo request probes by default
allows to test the path between two nodes with a view to isolating the node or link that is causing the issue
147
optical link budget
the amount of loss suffered by all components along a fiber transmission path calculated by using attenuation, connectors, and splices.
148
client server vs peer to peer networks
client server some nodes act as clients and servers are more powerful computers vs peer to peer network each end system acts as both client and server
149
Local Area Network (LAN)
confined to a single geo location
150
Campus Area Network (CAN)
LAN that spans multiple nearby bldgs
151
datacenter
network hosts only servers and storage
152
Wireless Local Area Network (WLAN)
LANs based on Wi-Fi
public WAN referred to as hotspots
153
Wide Area Network (WAN)
network of networks connected by long distance links
154
Metropolitan Area Network (MAN)
smaller than WAN city wide network encompassing multiple bldgs
155
Personal Area Network (PAN)
a person might establish a close range network between devices such as phones, tablets, headsets, and printers
156
network topology
describes the physical or logical structure of the network in terms of nodes and links
157
physical network topology
describes placement of nodes and how connected by the network media
158
logical network topology
flow of data through network
159
point to point link
single link established between two nodes
can be physical or logical topology
160
star topology
each endpoint is connected to a centra forwarding node such as a hub,switch, router
161
hub and spoke topology
Network connectivity between multiple virtual private clouds where one virtual private cloud (VPC) acts as a hub and the other VPCs are peered with it but not with each other.
162
mesh topology
commonly used in WAN
each device has point to point link with every other device on the network
excellent redundancy
163
partial mesh networks
provisioning so many interfaces links can be difficult so with partial mesh nodes can forward packets to a destination by learning the network topology
packets can take multiple routes through network
164
ring topology
each node is wired to its neighbor in a closed loop
165
bus topology
all nodes attached directly to a single segment
a fault on the cable and nodes are unable to communicate
166
hybrid topology
mixture of 2 or more topologies
167
hierarchical star
also known as tree topology
corporate networks are often designed in a hierarchical
168
three tiered network hierarchy
access, distribution, and core
169
access or edge layer
allows end user service, such as computers, printers, and smartphones to connect to network
170
distribution/aggregation layer
provides fault tolerant interconnections between different access blocks and either the core or other distribution blocks
171
application specific integrated circuit (ASIC)
while a router uses a generic processor and firmware to process incoming packets a layer 3 switch uses ASIC
172
core layer
provides a highly available backbone
provides redundant traffic paths
173
spanning tree protocol (STP)
means for bridges or switches to organize themselves into a hierarchy
operates by default if supported by switch
174
root port
port that forwards up to the root via intermediate switches
175
designated port
port that can forward traffic down through the network with the least cost
176
blocking or non designated port
creates a loop
177
rapid spanning tree protocol (RSTP)
creates outages of a few seconds or less
blocking, listening, and disabled states are aggregated into a discarding state
178
switching loop
where flooded frames circulate the network perpetually
179
broadcast storm
traffic that is recirculated and amplified by loops in a switching topology causing network slowdowns and crashing swiches
180
If a broadcast storm occurs on a network where STP is enabled, investigate the potential causes:
Verify compatible versions of STP are enabled on all switches.
Verify the physical config of segments that use the legacy equipment, such as ethernet hubs.
Investigate networking devices in the user environment and verify that they are not connected as part of a loop. Typical sources problems include unmanaged desktop switches and VoIP handsets.
181
TCP
Transmission Control Protocol provides guaranteed comms using acknowledgements to ensure delivery.
Unicast only
182
Main Fields of a TCP segment are:
Source Port, Destination Port, Sequence Number, Ack Number, Data Length, Flags, Window, Checksum, Urgent Pointer, Options
183
TCP three way handshare
SYN, SYN-ACK, ACK
184
TCP Connection Teardown
FIN, ACK, ACK
185
How to observe TCP connections
use netstat tool
186
User Datagram Protocol (UDP)
nonguaranteed method of comms with no ack or flow control
use with multicast and broadcast
187
structure of UDP datagram
Source Port, Destination Port, Message Length, Checksum
188
UDP vs TCP header size
UDP header size is 8 and TCP is 20 bytes or more
189
IP scanner
tool that performs host discovery and can establish the overall logical topology of the network in terms of subnets and routers
190
nmap
used for IP scanning
191
netstat
allows to check the state of ports on the local host
192
port scanner
utility that can probe a host to enumerate the status of TCP and UDP ports
193
protocol analyzer
utility that can parse the header and payloads of protocols in captured frames for display and analysis
194
DHCP
automatic method of assigning IP addresses to hosts
195
scope
range of addresses and options configured for a single subnet
196
reservation
mapping of a MAC address or interface ID to a specific IP address within the DHCP server's address pool
197
DHCP relay
agent configured to provide forwarding of DHCP traffic between subnets
198
IP helper
can be configured on routers to allow set types of broadcast traffic to be forwarded to an interface
199
SLAAC
IPV6 stateless address autoconfiguration can locate routers and generate host address with a suitable net prefix automatically
200
ff02::1:2
used to discover a DHCP server
201
host name
assigned to a computer by administrator unique on the local network
202
fully qualified domain name
provides a unique identity for the host belonging to a particular network
203
domain name system (DNS)
global hierarchy of distributed name server databases that contain information on domains and hosts within those domains
204
iterative lookups
DNS query type whereby a server responds with information from its own data store only
205
recursive lookup
DNS query type whereby a server submits additional queries to other servers to obtain the requested information
206
resource records
allows DNS name server to resolve queries for names and services hosted in the domain into IP addresses
207
auhtorative name server
DNS server designated by a name server record for the domain that holds a complete copy of zone records
208
forward lookup vs reverse lookup zones
forward lookup zones can contain records listed previously
a reverse DNS query returns the host name associated with given IP address the info is stored as PTR
209
Sender Policy Framework (SPF) and DomainKeys Identified Email (DKIM)
used to validate the origin of email and reject spam configured in DNS as txt records
210
primary DNS zones
zone records held on the server are editable
211
secondary DNS zones
server holds a read only copy of the zone
212
cache DNS only
dont maintain a zone
213
authoritative DNS
holds complete records for a domain
214
DNS spoofing
attacker is able to supply a false name resolution to clients
215
internal DNS
domains used on the private network only
216
external DNS
records that internet clients must be able to access
217
nslookup
cross-platform command tool for querying DNS resource records
218
dig
domain information groper is a utility to query a DNS and return info about a particular domain name
219
recursive DNS lookup
if the queried server is not authoritative, it does take on the task of querying other name servers until it finds the requested record or times out
220
iterative DNS lookup
a name server responds to a query with either the requested record or the address of a name server at a lower level in the hierarchy that is authoritative for the namespace
221
