4.1 chapter 7

ISPs offer managed services that enable these organizations to have access to the leading network technologies and applications without having to make large investments in equipment and support.
To meet customer expectations, the service offerings have to be reliable and available.
Reliability can be measured in two ways: mean time between failure (MTBF) and mean time to repair MTTR.
Equipment manufacturers specify MTBF based on tests they perform as part of manufacturing. The measure of equipment robustness is fault tolerance. The longer the MTBF, the greater the fault tolerance.
MTTR is established by warranty or service agreements.
To provide support for the multiple end-user applications that rely on TCP/IP for delivery, it is important for the ISP support personnel to be familiar with the operation of the TCP/IP protocols.
SP servers need to be able to support multiple applications for many different customers. For this support, they must use functions provided by the two TCP/IP transport protocols, TCP and UDP.
like web serving and email accounts, also depend on underlying TCP/IP protocols to ensure their reliable delivery.
Domain Name System (DNS) – Resolves Internet names to IP addresses.
HyperText Transfer Protocol (HTTP) -Transfers files that make up the web pages of the World Wide Web.
Simple Mail Transfer Protocol (SMTP) – Transfers mail messages and attachments.
Telnet – Terminal emulation protocol that provides remote access to servers and networking devices.
File Transfer Protocol (FTP) – Transfers files between systems interactively.
Bootstrap Protocol-enables diskless workstation to diuacover ite own IP address, the IP assress of a BooTP server on the network,and file to be loaded into memory to boot the machine .
BOOTP is being superseded by DHCP.
Transport Layer Protocols
Different types of data can have unique requirements. For some applications, communication segments must arrive in a specific sequence to be processed successfully.
Additionally, the lower layers are not aware that there are multiple applications sending data on the network.
The TCP/IP model and the OSI model have similarities and differences.
Similarities
Use of layers to visualize the interaction of protocols and services
Comparable Transport and Network layers
Used in the networking field when referring to protocol interaction
Differences
OSI model breaks the function of the TCP/IP Application Layer into distinct layers. The upper three layers of the OSI model specify the same functionality as the Application Layer of the TCP/IP model.
The TCP/IP suite does not specify protocols for the physical network interconnection. The two lower layers of the OSI model are concerned with access to the physical network and the delivery of bits between hosts on a local network.
. UDP is considered a “best effort” Transport Layer protocol because it does not provide error checking, guaranteed data delivery, or flow control. Because UDP is a “best effort” protocol, UDP datagrams may arrive at the destination out of order, or may even be lost all together.
Before a TCP session can be used, the source and destination hosts exchange messages to set up the connection over which data segments can be sent.
This SYN, SYN-ACK, ACK activity between the TCP processes on the two hosts is called a three-way handshake
The main differences between TCP and UDP are the specific functions that each protocol implements and the amount of overhead incurred.
A socket pair, consisting of the source and destination IP addresses and port numbers, is also unique and identifies the specific conversation between the two hosts.
DNS uses a hierarchical system to provide name resolution. The hierarchy looks like an inverted tree, with the root at the top and branches below.
At the top of the hierarchy, the root servers maintain records about how to reach the top-level domain servers, which in turn have records that point to the second-level domain servers.
DNS zones can be either a forward lookup or reverse lookup zone. They can also be either a primary or a secondary forward or reverse lookup zone. Each zone type has a specific role within the overall DNS infrastructure.
Forward Lookup Zones
A forward lookup zone is a standard DNS zone that resolves fully qualified domain names to IP addresses. This is the zone type that is most commonly found when surfing the Internet.
Reverse Lookup Zones
A reverse lookup zone is a special zone type that resolves an IP address to a fully qualified domain name. Some applications use reverse lookups to identify computer systems that are actively communicating with them.
Reverse lookups on IP addresses can be found using the ping -a [ip_address] command.
For secure communication across the Internet, Secure HTTP (HTTPS) is used for accessing or posting web server information. HTTPS can use authentication and encryption to secure data as it travels between the client and server.
HTTPS is HTTP over secure socket layer (SSL). HTTPS uses the same client request-server response process as HTTP, but the data stream is encrypted with SSL before being transported across the network.
FTP is a connection-oriented protocol that uses TCP to communicate between a client FTP process and an FTP process on a server.
Data Transfer Process
DTP is a separate data transfer function. This function is enabled only when the user wants to actually transfer files to or from the FTP server.

4.1 chapter 6

A router uses a routing table to determine where to send packets. The routing table contains a set of routes. Each route describes which gateway or interface the router uses to reach a specified network.
A route has four main components:
Destination value
Subnet mask
Gateway or interface address
Route cost or metric
A router uses a routing table to determine where to send packets. The routing table contains a set of routes.Static routes are manually configured by a network administrator. Configuring a static route on a Cisco router requires these steps:
Step 1. Connect to the router using a console cable.
Step 2. Open a HyperTerminal window to connect with the first router that you want to configure.
Step 3. Enter privileged mode by typing enable at the R1> prompt. Note how the > symbol changes to a # to indicate that privilege mode is being used.
Routers use routing protocols to dynamically manage information received from their own interfaces and from other routers. Routing protocols can also be configured to manage manually entered routes.
The method that a routing protocol uses to determine the best route is called a routing algorithm.Routing Information Protocol (RIP) is a distance vector routing protocol that is used in thousands of networks throughout the world. It was initially specified in RFC 1058.
Characteristics of RIP include:
Is a distance vector routing protocol
Uses hop count as the metric for path selection
Defines a hop count greater than 15 as an unreachable route
Sends routing table contents every 30 seconds
Enhanced Interior Gateway Routing Protocol (EIGRP)
EIGRP is a Cisco-proprietary, enhanced distance vector routing protocol. EIGRP was developed to address some of the limitations of other
Topological database – Collection of information gathered from all the LSAs received by the router.
Shortest Path First (SPF) algorithm – Calculation performed on the database that results in the SPF tree. The SPF tree is a map of the network as seen from the point of view of the router. The information in this tree is used to build the routing table.
Open Shortest Path First (OSPF) is a non-proprietary, link-state routing protocol described in RFC 2328. The characteristics of OSPF are:
Uses the SPF algorithm to calculate the lowest cost to a destination
The router uses what is known as the administrative distance (AD). The AD represents the “trustworthiness” of the route. The lower the AD, the more the trustworthy the route. For example, a static route has an AD of 1, whereas a RIP-discovered route has an AD of 120.
The show ip route command shows the routing table, which verifies that routes received by RIP neighbors are installed in the routing table.
The debug ip rip command can be used to observe the networks advertised in the routing updates as they are sent and received.
The show ip protocols command verifies that RIP routing is configured, that the correct interfaces are sending and receiving RIP updates, and that the router is advertising the correct networks.
Autonomous Systems (AS), =Instead, the Internet is divided up into collections of networks called Autonomous Systems (AS), which are independently controlled by different organizations and companies.
Interior Gateway Protocols (IGPs) are used to exchange routing information within an AS or individual organization. The purpose of an interior routing protocol is to find the best path through the internal network.
exterior gateway protocols (EGPs) are designed to exchange routing information between different autonomous systems. Because each AS is managed by a different administration and may use different interior protocols, networks must use a protocol that can communicate between diverse systems. The EGP serves as a translator for ensuring that external routing information gets successfully interpreted inside each AS network.
border gateways EGPs run on the exterior routers. These are the routers that are located at the border of an AS. Exterior routers are also called border gateways, or boundary routers.
The most common exterior routing protocol on the Internet today is Border Gateway Protocol (BGP). It is estimated that 95% of autonomous systems use BGP.
The flow of messages in the Internet is called traffic. Internet traffic can be categorized in one of two ways:
Local traffic – Traffic carried within an AS that either originated in that same AS, or is intended to be delivered within that AS. This is like local traffic on a street.
Transit traffic – Traffic that was generated outside that AS and can travel through the internal AS network to be delivered to destinations outside the AS. This is like through traffic on a street.

4.1 chapter 5

The Cisco Internetwork Operating System (IOS) software provides features that enable a Cisco device to send and receive network traffic using a wired or wireless network.
The router bootup process has three stages.
1.Perform Power-on self test (POST) and load the bootstrap program.
2.Locate and load the Cisco IOS software.
3.Locate and execute the startup configuration file or enter setup mode.
two methods to connect a PC to a network device to perform configuration and monitoring tasks: out-of-band management and in-band management.
Technicians use out-of-band management to initially configure a network device, because until properly configured, the device cannot participate in the network.
A serial connection can be used to connect networks that are separated by large geographic distances. These WAN network interconnections require a telecommunications service provider (TSP).
The protocol encapsulation must be the same at both ends of a serial connection. Some encapsulation types require authentication parameters, like username and password, to be configured. Encapsulation types include:
High-Level Data Link Control (HDLC)
Frame Relay
Point-to-Point Protocol (PPP)
The LAN configuration settings enable the router interface to participate on the connected local network.
Use in-band management to monitor and make configuration changes to a network device over a network connection.
The Cisco IOS command line interface (CLI) is a text-based program that enables entering and executing Cisco IOS commands to configure, monitor, and maintain Cisco devices. The Cisco CLI can be used with either in-band or out-of-band management tasks.
Security Device Manager (SDM) is a web-based GUI device management tool. Unlike CLI, SDM can be used only for in-band management tasks.
SDM Express simplifies the initial router configuration. It uses a step-by-step approach to create a basic router configuration quickly and easily.
Additional DHCP configuration parameters include:
Domain name for the organization – This name is given to the hosts as part of the DHCP configuration.
Primary domain name server – IP address of the primary DNS server. Used to resolve URLs and names on the network.
Secondary domain name server – IP address of a secondary DNS sever, if available. Used if the primary DNS server does not respond.
The Basic NAT Wizard configures Dynamic NAT with PAT, by default. PAT enables the hosts on the internal local network to share the single registered IP address assigned to the WAN interface. In this manner, hosts with internal private addresses can have access to the Internet.
Serial and Ethernet interfaces are the most common. Local network connections use Ethernet interfaces
If the NVRAM fails or becomes corrupt and the router cannot load the startup configuration file, another copy is available.
To assign an address to a switch, the address must be assigned to a virtual local area network VLAN interface.
To connect the switch to a router, use a straight-through cable. LED lights on the switch and router indicate that the connection is successful.

4.1 chapter 4

To send and receive messages on an IP network, every network host must be assigned a unique 32-bit IP address
First bit is 0, the network is a Class A, and the first octet represents the network ID.
When the first bit is 1, the router examines the second bit. If that bit is 0, the network is a Class B.
router uses the first 16 bits for the network ID. If the first three bits are 110, it indicates a Class C address. Class C addresses use the first 24 bits, or three octets, to designate the network. available network designations from 256 to over two million.
Class D- is 1110 (multicast Group ID-28 Bits)
Class E-is 11110 (reserved for future use-27 Bits)
Private network addresses are not to be routed across the Internet. This allows multiple networks in various locations to use the same private addressing scheme without creating addressing conflicts
In the original IP address hierarchy, there are two levels: a network and a host. In a classful addressing scheme, the first three leading bit values are used to determine that an IP address is either a Class A, B, or C.
One thing to keep in mind is that in all IPv4 networks, two host addresses are reserved: the all-0s and the all-1s.
The original classful subnetting design required that all subnets of a single classed network be the same size. This was because routers did not include subnet mask information in their routing updates.
Variable length subnet masking (VLSM) helps to solve this issue. VLSM addressing allows an address space to be divided into networks of various sizes.
In addition to VLSM, Classless Inter-Domain Routing (CIDR) was proposed in RFC 1519 and accepted. CIDR ignores network classes based on the value of the high-order bits. CIDR identifies networks based solely on the number of bits in the network prefix, which corresponds to the number of 1s in the subnet mask.
NAT allows a large group of private users to access the Internet by sharing one or more public IP addresses. Address translation is similar to how a telephone system works in a company.
Static NAT allows hosts on the public network to access selected hosts on a private network.
If a device on the inside network needs to be accessible from the outside, use static NAT.
Static NAT is for permanent one –to –one translation from a specific inside-local ip address to a specific inside-global ip address.
PAT,can be used to add a port number to the IP address for specific connections.

4.1 chapter 3

A physical topology is the actual physical location of cables, computers, and other peripherals. A logical topology documents the path that data takes through the network and where network functions, like routing, occur.
Logical topology-map of the devices and flow of data on a network. A logical topology demonstrates how the devices communicate with each other. Compare logical topology with physical topology.
With a star topology, each device is connected via a single connection to a central point. The central point is typically a switch or a wireless access point. The advantage of a star topology is that if a single connecting device fails, only that device is affected. However, if the central device, such as the switch, fails, then all connecting devices lose connectivity.
An extended star is created when the central device in one star is connected to a central device of another star, such as when multiple switches are interconnected, or daisy-chained together.
Mesh Topologies-Most Core Layers in a network are wired in either a full mesh or a partial mesh topology. In a full mesh topology, every device has a connection to every other device. While full mesh topologies provide the benefit of a fully redundant network, they can be difficult to wire and manage and are more costly.
For larger installations, a modified partial mesh topology is used. In a partial mesh topology, each device is connected to at least two other devices. This arrangement creates sufficient redundancy, without the complexity of a full mesh.
SWOT-(strengths,weaknesses,opportunities,or threats)part of the planning process in network design that evaluates the strengths,weaknesses,opportunities, and threats to a network or network upgrade.
Telecommunications room- or wiring closet, in a small, single-floor network is usually referred to as the Main Distribution Facility (MDF).Facility that maintains network and telecommunications equipment, vertical and horizontal cable terminations, and cross-connect cables. A telecommunications room is also known as riser, a distribution facility, or a wiring closet. telecommunications room is critical to the security and reliability of the network.
MDF-(main Distribution Facility) primary communications room for a building. An MDF is the central point of a star networking topology where patch panels, hubs, and routers are located. It is used to connect public or private lines coming into the building to internet networks.
Intermediate Distribution Facilities (IDFs). IDFs are typically smaller than the MDF, and connect to the MDF.
ISO standards refer to MDFs and IDFs using different terminology. MDFs and IDFs can also be referred to as wiring closets.
Shielded twisted pair (STP) – Usually Category 5, 5e, or 6 cable that has a foil shielding to protect from outside electromagnetic interference (EMI). In an Ethernet environment, the distance limitation is approximately 328 feet (100 meters).
Unshielded twisted pair (UTP) – Usually Category 5, 5e, or 6 cable that does not provide extra shielding from EMI, but it is inexpensive. Cable runs should avoid electrically noisy areas. In an Ethernet environment, the distance limitation is approximately 328 feet (100 meters).
Fiber-optic cable – A medium that is not susceptible to EMI, and can transmit data faster and farther than copper. Depending on the type of fiber optics, distance limitations can be several miles (kilometers). Fiber-optic can be used for backbone cabling and high-speed connections.
coaxial is also used in networking. Coaxial is not typically used in LANs, but it is widely used in cable modem provider networks. Coaxial has a solid copper core with several protective layers including polyvinyl chloride (PVC), braided wire shielding, and a plastic covering.
Two of the most common TIA/EIA cable specifications include the 568-A and 568-B standards. Both of these standards typically use the same Cat 5 or Cat 6 cable, but with a different termination color code.
Straight-through – Connects dissimilar devices, such as a switch and a computer, or a switch and a router.
Crossover – Connects similar devices, such as two switches or two computers.
Console (or Rollover) – Connects a computer to the console port of a router or switch to do initial configuration.
A serial cable is typically used to connect the router to an Internet connection.
Patch cable – Short cable from the computer to the wall plate in the user work area
Horizontal cable – Cable from the wall plate to the IDF in the distribution area
Vertical cable – Cable from the IDF to the MDF in the backbone area of the business
Backbone cable – Network part that handles the major traffic
Location of wiring closet – Area to concentrate the end-user cables to the hub or switch
Cable management system – Trays and straps used to guide and protect cable runs
Cable labeling system – Labeling system or scheme to identify cables
Electrical considerations – Outlets and other items to support the electrical requirements of the network equipment
ISP There is generally two options for obtaining new equipment:
Integrated Service Routers (ISRs) are network devices that combine the functionality of switches, routers, access points, and firewalls into the same device.
Managed service – The equipment is obtained from the ISP through a lease or some other agreement, and the ISP is responsible for updating and maintaining the equipment.
In-house – The customer purchases the equipment, and the customer is responsible for the updates, warranties, and maintenance of the equipment.

4.1 chapter 2

ISP help desk technicians provide solutions to customer problems with the goal of network optimization and customer retention. A good help desk team ensures that problems are resolved quickly and to the satisfaction of the customer.
ISP, there are usually three levels of customer support:
Level 1 is for immediate support handled by junior-level help desk technicians.
Level 2 handles calls that are escalated to more experienced telephone support.
Level 3 is for calls that cannot be resolved by phone support and require a visit by an on-site technician.
Managed service-service provider that offers onsite support of a customer network.
SLA-service level Agreement(contract that defines expectations between an organization and the service vendor to provide an agreed upon level of support.
Incident management-Procedure that should be followed when a help desk technician initiates a problem solving process.
Customer service skills
Preparation; courteous greeting ; open a trouble ticket ; listen to the customer ; Adapt to customer temperament; diagnose a simple problem correctly; log the call;
In a similar manner, the OSI model can be used as a means to focus on a layer when troubleshooting to identify and resolve network problems.
Application layer-*defines interfaces between application software and network communication functions.*provides standardized services such as file transfer between systems.
Presentation layer -*Standarsizes user data formats for use between different types of systems.*Encodes and decodes user data; encrypts and decrypts data; compresses and decompresses.
Session layer-*Manages user sessions and dialogues *Manages links between applications .
Transport layer -*Manages end –to end message delivery over the network.*can provide reliable and sequential packet delivery through error recovery and flow control mechanisms.
Network layer-*provides logical network addressing .*router packet between networks based on logical addressing.
Data link layer-*defines procedures for operating the communication links.*detects and corrects frame transmit errors.*adds physical addresses to frame.
Physical layer –defines physical means of sending data over network devices.*interfaces between network medium and devices.*defines optical, electrical, and wireless media.
*includes all forms of electromagnetic transmission such as light .electricity, infrared and radio waves.
Bottom-Up – The bottom-up approach starts with the physical components of the network and works its way up the layers of the OSI model. Bottom-up troubleshooting is an effective and efficient approach for suspected physical problems.
Top-Down – The top-down approach starts with the user application and works its way down the layers of the OSI model. This approach starts with the assumption that the problem is with the application and not the network infrastructure.
Divide-and-Conquer – The divide-and-conquer approach is generally used by more experienced network technicians. The technician makes an educated guess targeting the problem layer and then based on the observed results, moves up or down the OSI layers.
ipconfig – Shows IP settings on the computer
ping – Tests basic network connectivity
tracert – Determines if the routing path between the source and destination is available
link-local address will be automatically assigned to the local host by the operating system. IPv4 addresses in the address block 169.254.0.1 to 169.254.255.254 (169.254.0.0 /16) are designated as link-local addresses. A link-local process will randomly select an IP address within the 169.254.0.0/16 range. But what prevents two hosts from randomly selecting the same IP address?
UDP-user datagram protocol-connectionless transport layer protocol in the TCP/IP protocol stack.UDP is a simple protocol that exchanges datagram’s without acknowledgements or guaranteed delivery. It is a connectionless service for delivery of data with less overhead than TCPand designed for speed .
The TCP/IP stack can be tested and verified using a loopback address. The loopback is a special address, the reserved IPv4 address 127.0.0.1, which hosts use to direct traffic to themselves.

4.1 chapter 1

Internet-internetwork that connects networks worldwide. The internet evolved in part from ARPANET. Internet is an abbreviation for internetwork.
E-commerce-electronic ommerce.Buying and selling goods and services on the internet.
Communications-Refers to any electronic method of communication,such as use of email,instant messaging and internet using IP phones and Voice over (VoIP)technology to reduce phone costs.
Internet standard—is a rules that determines how something must be done.
ISP-Internet service Provider.Organization, such as the local phone or cable company, that providers internet service to home users. An ISP is a company or organization through which a subscriber obtains Internet access.
Equipment co-location-A business may option to have some or all internal network equipment physically located on the ISP premises.
*Web hosting-The ISP provides the server and application software for storing web pages and web content for the business website.
*FTP-The ISP provides the server and application software for the FTP site of a business.
FTP-File Transfer Protocol-Application standard used for transferring files between network nodes.FTP is defined in RFC 959 and is part of the TCP/IP protocol stack.
*Applications and media hosting – The ISP provides the server and software to allow a business to provide streaming media such as music, video, or applications such as online databases.
Stream-Continuous transmission of data from one location to another. Streaming video is the continuous , real-time flow of the video being downloaded .
*Voice over IP – A business can save on long distance telephone charges, especially for internal calls between geographically distant offices, by using Voice over IP (VoIP).
*Technical support – Many businesses do not have the in-house technical expertise to manage large internal networks. Some ISPs provide technical support and consulting services for an additional fee.
Bandwidth is measured in bits per second (bps). Higher bandwidth speeds are measured in kilobits per second (kbps), megabits per second (Mbps), or gigabits per second (Gbps).
Private peer-Direct connection between two or more ISPs that allows them to switch internet to switch internet traffic at no cost.
The Internet backbone is provides high-speed data links to interconnect the POPs and IXPs in major metropolitan areas around the world.
The ping command tests the accessibility of a specific IP address. The ping command sends an ICMP (Internet Control Message Protocol) echo request packet to the destination address and then waits for an echo reply packet to return from that host.
ICMP is an Internet protocol that is used to verify communications.
Scalability is the capacity of a network to allow for future change and growth. Scalable networks can expand quickly to support new users and applications without affecting the performance of the service being delivered to existing users.
Customer Service receives the order from the customer and ensures that the specified requirements of the customer are accurately entered into the order tracking database.
Planning and Provisioning determines whether the new customer has existing network hardware and circuits and if new circuits need to be installed.
The On-site Installation is advised of which circuits and equipment to use and then installs them at the customer site.
Network Operations Center (NOC) monitors and tests the new connection and ensures that it is performing properly.
The Help Desk is notified by the NOC when the circuit is ready for operation and then contacts the customer to guide them through the process of setting up passwords and other necessary account information.
An Internet standard is the end result of a comprehensive cycle of discussion, problem solving, and testing. When a new standard is proposed, each stage of the development and approval process is recorded in a numbered Request for Comments (RFC) document so that the evolution of the standard is tracked.
The Internet has a hierarchical structure. At the top of this hierarchy are the ISP organizations.

chapter 9

A number of software utility programs are available that can help identify network problems. Most of these utilities are provided by the operating system as command line interface (CLI) commands. The syntax for the commands may vary between operating systems.

Some of the available utilities include:
ipconfig – Displays IP configuration information
ping – Tests connections to other IP hosts
tracert – Displays route taken to destination
netstat – Displays network connections
nslookup – Directly queries the name server for information on a destination domain
Ipconfig

Ipconfig is used to display the current IP configuration information for a host. Issuing this command from the command prompt will display the basic configuration information including: IP address, subnet mask and default gateway.
Ipconfig /all
The command ipconfig /all displays additional information including the MAC address, IP addresses of the default gateway and the DNS servers. It also indicates if DHCP is enabled, the DHCP server address and lease information.
Ipconfig /release and ipconfig /renew
If IP addressing information is assigned dynamically, the command ipconfig /release will release the current DHCP bindings. Ipconfig /renew will request fresh configuration information from the DHCP server.
If after releasing the IP configuration, the host is unable to obtain fresh information from the DHCP server, it could be that there is no network connectivity. Verify that the NIC has an illuminated link light, indicating that it has a physical connection to the network. If this does not solve the problem, it may be an issue with the DHCP server or network connections to the DCHP server.
Ping

If the IP configuration appears to be correctly configured on the local host, next, test network connectivity by using ping. Ping is used to test if a destination host is reachable. The ping command can be followed by either an IP address or the name of a destination host, as for example:
Ping 192.168.7.5
Ping www.cisco.com
When a ping is sent to an IP address, a packet known as an echo request is sent across the network to the IP address specified. If the destination host receives the echo request, it responds with a packet known as an echo reply. If the source receives the echo reply, connectivity is verified.
f pings to both the name and IP address are successful, but the user is still unable to access the application, then the problem most likely resides in the application on the destination host. For example, it may be that the requested service is not running.
If neither ping is successful, then network connectivity along the path to the destination is most likely the problem. If this occurs, it is common practice to ping the default gateway. If the ping to the default gateway is successful, the problem is not local. If the ping to the default gateway fails, the problem resides on the local network.
Tracert
The ping utility can verify end-to-end connectivity. However, if a problem exists and the device cannot ping the destination, the ping utility does not indicate where the connection was actually dropped. To accomplish this, another utility known as tracert must be used.
The Tracert utility provides connectivity information about the path a packet takes to reach the destination and about every router (hop) along the way. It also indicates how long a packet takes to get from the source to each hop and back (round trip time). Tracert can help identify where a packet may have been lost or delayed due to bottlenecks or slowdowns in the network.
The basic tracert utility will only allow up to 30 hops between a source and destination device before it assumes that the destination is unreachable.
Netstat
Sometimes it is necessary to know which active TCP connections are open and running on a networked host. Netstat is an important network utility that can be used to verify those connections. Netstat lists the protocol in use, the local address and port number, the foreign address and port number, and the state of the connection.
Unexplained TCP connections can pose a major security threat. This is because they can indicate that something or someone is connected to the local host.
Nslookup
When accessing applications or services across the network, individuals usually rely on the DNS name instead of the IP address. When a request is sent to that name, the host must first contact the DNS server to resolve the name to the corresponding IP. The host then uses IP to package the information for delivery.
The nslookup utility allows an end-user to look up information about a particular DNS name in the DNS server. When the nslookup command is issued, the information returned includes the IP address of the DNS server being used as well as the IP address associated with the specified DNS name. Nslookup is often used as a troubleshooting tool for determining if the DNS server is performing name resolution as ex
The easiest way to determine if the problem is with the wired or the wireless network is to:
1. Ping from a wireless client to the default gateway – this verifies if the wireless client is connecting as expected.
2. Ping from a wired client to the default gateway – this verifies if the wired client is connecting as expected.
3. Ping from the wireless client to a wired client – this verifies if the integrated router is functioning as expected.
Once the problem is isolated it can be corrected.pected.
Led indicators
1=security LED
2=Wireless activity LED
3=internet activity LED
4=Ethernet activityLED
5=power LED
Wired host cannot connect to the integrated router
If the wired client is unable to connect to the integrated router, one of the first things to check is the physical connectivity and cabling. Cabling is the central nervous system of wired networks and one of the most common issues when experiencing inactivity.
1=Be sure to use the correct type of cable.
2= Improper cable termination is one of the main problems encountered in networks. To avoid this, cables should be terminated according to standards.

chapter 8

Social engineering is a term that refers to the ability of something or someone to influence the behavior of a group of people. In the context of computer and network security Social Engineering refers to a collection of techniques used to deceive internal users into performing specific actions or revealing confidential information.
Phishing is a form of social engineering where the phisher pretends to represent a legitimate outside organization. They typically contact the target individual (the phishee) via email.
A virus is a program that runs and spreads by modifying other programs or files. A virus cannot start by itself; it needs to be activated. Once activated, a virus may do nothing more than replicate itself and spread.
A worm is similar to a virus, but unlike a virus does not need to attach itself to an existing program. A worm uses the network to send copies of itself to any connected hosts. Worms can run independently and spread quickly.
A Trojan horse is a non-self replicating program that is written to appear like a legitimate program, when in fact it is an attack tool. A Trojan horse relies upon its legitimate appearance to deceive the victim into initiating the program. It may be relatively harmless or can contain code that can damage the contents of the computer’s hard drive.
SYN (synchronous) Flooding: a flood of packets are sent to a server requesting a client connection. The packets contain invalid source IP addresses. The server becomes occupied trying to respond to these fake requests and therefore cannot respond to legitimate ones.
Ping of death: a packet that is greater in size than the maximum allowed by IP (65,535 bytes) is sent to a device. This can cause the receiving system to crash.
Spyware is any program that gathers personal information from your computer without your permission or knowledge. This information is sent to advertisers or others on the internet and can include passwords and account numbers. Spyware can be very difficult to remove.
Tracking Cookies are a form of spyware but are not always bad. They are used to record information about an internet user when they visit websites. Cookies may be useful or desirable by allowing personalization and other time saving techniques. Many web sites require that cookies be enabled in order to allow the user to connect.
Adware is a form of spyware used to collect information about a user based on websites the user visits. That information is then used for targeted advertising. When a user opens a browser window, Adware can start new browser instances which attempt to advertize products of services based on a user’s surfing practices.
Popup and pop-unders are additional advertising windows that display when visiting a web site.Unlike adware, popup and pop-unders are not intended o collect information about the user and are typically associated only with the web-site being visited.
Spam is a serious network threat that can overload ISPs, email servers and individual end-user systems. Another annoying by-product of our increasing reliance on electronic communications is unwanted bulk email. Sometimes merchants do not want to bother with targeted marketing .They want to send the it email advertising to as many end users as possible hoping that someone is interested in their product or service. This widely distributed approach to marketing on the internet is calling Spam.
Anti-virus software can be used as both a preventative tool and as a reactive tool. It prevents infection and detects; and removes; viruses; worms and Trojan horse. Should be installed on all computer connected to network
Automatic Updates-Checks for, and downloads, known virus characteristics and patterns.Can be schedule to check for update on a regular basis.
Anti-virus software relies on knowledge of the virus to remove it. Therefore, when a virus is identified, it is important to report it or any virus-like behavior to the network administrator.
Anti-spam software protects hosts by identifying spam and performing an action, such as placing it into a junk folder or deleting it. It can be loaded on a machine locally, but can also be loaded on email servers.
A firewall is one of the most effective security tools available for protecting internet network users from external threats .A firewall resides between two or more network and control the traffic between them as well as helps prevent unauthorized access.
Packet Filtering – Prevents or allows access based on IP or MAC addresses
Firewall between the internal network (intranet) and the Internet as a border device, all traffic to and from the Internet can be monitored and controlled. This creates a clear line of defense between the internal and external network
In a two firewall configuration, there is an internal and external firewall with the DMZ located between them. The external firewall is less restrictive and allows Internet user access to the services in the DMZ as well as allowing a traffic that any internal user requested to pass through.
A simple DMZ can be set up that allows an internal server to be accessible by outside hosts. To accomplish this, the server requires a static IP address that must be specified in the DMZ configuration.
When the DMZ is enabled, in its simplest form, outside hosts can access all ports on the server, such as 80 (HTTP), 21 (FTP), and 110 (Email POP3), etc.
A more restrictive DMZ can be set up using the port forwarding capability. With port forwarding, ports that should be accessible on the server are specified
Best Practices-There are several recommended practices to help mitigate the risks they pose, including:
Define security policies
Physically secure servers and network equipment
Set login and file access permissions
Update OS and applications

chapter 4

any home and business or organization that want connect the internet must use an ISP. ISP range in size from small very large and terms of the area they service.
Individual computers and local networks connect to the ISP at a POP .pop is the connection point between the isp’s network and the particular geographical region that the pop is servicing.
Hardware (pc)+software(IP)+ISP(connectivity)=internet
the ip uses packets to carry data.
ip packet has A header at the beginning which contains the source and destination Ip addresses. The ip sometimes referred to as a datagram.
ip must be unique on the internet.
ip packet size is between 64 to 1500 bytes for Ethernet networks.
Routers are each of the ISP POP use the destination addresses of the ip packet to choose the best path through the internet.
Ping utility’s that test end to end connectivity between source and destination.
The trace route utility traces the route from source to destination. Each router through which the packet travel is referred to as a hop.
in network diagrams a cloud is often used to represent the internet or any other complex network, without showing the details of the connection.
Generally uses a type of copper cable known as TP to interconnect devices.
Coaxial cable constructed of eighter copper or aluminum and used by tv companies to provide service. Also make up satellite communication systems.
Fiber optic made of glass or plastic, very bandwidth. Carry very large amounts of data. Used in backbone networks.
Twisted pair uses pulses of electricity to transmit data and data transmission is sensitive to interference or noice, which can reduce the data rate that a cable can provide.
UTP most commonly encountered type of network cable in USA.UTP is inexpensive, high bandwidth, easy to install. Use to connect workstation, hosts, and network devices. but most common number of pairs is four.Categories3,5,5e and 6 there are electrical environment in which EMI and RFI so strong that shielding is a require/STP and ScTP are very expensive, not as flexible, and have additional requirements due to the shielding that make them difficult to work with.
Coaxial cable also carries data in the form of electrical signals. a lower signal-to-noise ratio and can therefore carry more data. It is often used to connect a TV set to the signal source.
Compared to UTP – coax is physically harder to install, more expensive, and harder to troubleshoot.
Fiber optic cabling is widely used in enterprise environments and large data centers. it is immune to EMI and is suitable for installation in environments where interference is a problem. Fiber optic circuit is actually two fiber cables,1-is used to transmit data.2-receive data.
Fiber optic cable has two forms (multimode)(single mode).
multimode is less expensive and more widely used LEDs as the light source .it is generally suitable for links of up to 2000meter
Single mode has small core ,lessDispersion,suited for long distance applications. Uses lasers as the light source, commonly use with campus backbones .transmit data for 3000 meter.
Twisted pair cable is most commonly used in network installations.
TIA/EIA organization defines two different patterns; (T568A or T568B) should be chosen and followed. It is important that the same wiring scheme is used for every termination in that project.
A Straight-through cable is the most common cable type. It maps a wire to the same pins on both ends of the cable.
A crossover cable use that the order of connection on one end of the cable does not match the order of connection on the other .both have a specific use on the network.
The type of cable needed to connect two devices depends on which wire pairs the devices use to transmit and receive data.
Ulike device pins on the data connector of a switch have pins 1 and 2 as receive and pins 3 and 6 as transmit. it is used straight-through cable to exchange data. Devices that are directly connected and use the same pins for transmit and receive.
like device that require a crosssover directly connected to another PC, pins 1 and 2 on both devices are transmit pins and pins 3 and 6 are receive pins.
UTP and STP cable is usually terminated into an RJ-45 connector.
In a NOC, network devices are usually connected to patch panels.
.