IN THE NAME OF ALMIGHTY ALLAH

1-Protocols and Standards

Identify a MAC (Media Access Control) address and its parts.

Every device on the network must have a unique MAC address to ensure proper receiving
and transmission of data. The MAC address is a device's actual physical address, which is
usually designated by the manufacturer of the device

Medium Access Control sublayer Operations The purpose of the MAC sublayer is to
determine when each frame should be passed on to the physical layer to be transmitted as a
data signal over the network. The MAC sublayer governs which devices have permission to
transmit data over the network and when. There are four basic methods for controlling access
to the network, polling, contention, token passing, and switching.

The data link layer is divided into two sublayers: The Media Access Control (MAC) layer
and the Logical Link Control (LLC) layer. The MAC sublayer controls how a computer on
the network gains access to the data and permission to transmit it. The LLC layer controls
frame synchronization, flow control and error checking.

Identify the seven layers of the OSI (Open Systems Interconnect) model and their
functions.

APPLICATION Gives user applications access to network. This layer

represents the services, that directly support the user
layer 7 applications such as software for file transfers, database
access, and E-mail

PRESENTATION The presentation layer, usually part of an operating system,

converts incoming and outgoing data from one presentation
layer 6 format to another. Presentation layer services include data
encryption and text compression.

SESSION Opens manages, and closes conversations between two

computers. It performs name recognition and the functions
layer 5 such as security, needed to allow two applications to
communicate over the network, also provides error handling.

TRANSPORT This layer provides transparent transfer of data between end

systems, or hosts, and is responsible for end-to-end error
layer 4 recovery and flow control. It ensures complete data transfer.

Sequences data packets, and requests retransmission of

missing packets. It also repackages messages for more
efficient transmission over the network.

NETWORK Establishes, maintains and terminates network connections.

Routes data packets across network segments. Translates

1
 layer 3 logical addresses and names into physical addresses.

DATA LINK Transmits frames of data from computer to computer on the

same network segment. Ensures the reliability of the physical
layer 2 link established at layer 1. Standards define how data frames
are recognized and provide the necessary flow control and
error handling at the frame set.

The data link layer is divided into two sublayers: The Media
Access Control (MAC) layer and the Logical Link Control
(LLC) layer. The MAC sublayer controls how a computer on
the network gains access to the data and permission to
transmit it. The LLC layer controls frame synchronization,
flow control and error checking.

PHYSICAL The Physical layer defines all the electrical and physical
specifications for devices. This includes the layout of pins,
layer 1 voltages, and cable specifications. Hubs, repeaters and
network adapters are physical-layer devices.

Defines cabling and connections. Transmits data over the

physical media.

Identify the OSI (Open Systems Interconnect) layers at which the following network
components operate:

> Hubs, Switches, Bridges, Routers, NICs (Network Interface Card), WAPs (Wireless
Access Point)

APPLICATION • DHCP
• DNS
layer 7 • FTP
• HTTP
• IMAP4
• IRC
• NNTP
• XMPP
• MIME
• POP3
• SIP
• SMTP
• SNMP
• SSH
• TELNET
• BGP
• RPC
• RTP

2
 • RTCP
• TLS/SSL
APPLICATION • SDP
• SOAP
layer 7 • L2TP

• PPTP

PRESENTATION • AFP, AppleShare File Protocol

• GIF
layer 6 • ICA Citrix Systems Core Protocol
• JPEG, Joint Photographic Experts Group
• LPP, Lightweight Presentation Protocol
• NCP, NetWare Core Protocol
• NDR, Network Data Representation
• PNG, Portable Network Graphics
• TIFF, Tagged Image File Format
• XDR, eXternal Data Representation

• X.25 PAD, Packet Assembler/Disassembler

Protocol

SESSION • ADSP, AppleTalk Data Stream Protocol

• ASP, AppleTalk Session Protocol
layer 5 • H.245, Call Control Protocol for Multimedia
Communication
• iSNS, Internet Storage Name Service
• L2F, Layer 2 Forwarding Protocol
• L2TP, Layer 2 Tunneling Protocol
• NetBIOS, Network Basic Input Output System
• PAP, Printer Access Protocol
• PPTP, Point-to-Point Tunneling Protocol
• RPC, Remote Procedure Call Protocol
• RTP, Real-time Transport Protocol
• RTCP, Real-time Transport Control Protocol
• SMPP, Short Message Peer-to-Peer
• SCP, Secure Copy Protocol
• SSH, Secure Shell

• ZIP, Zone Information Protocol

TRANSPORT • AEP, AppleTalk Echo Protocol

• ATP, AppleTalk Transaction Protocol
layer 4 • CUDP, Cyclic UDP
• DCCP, Datagram Congestion Control Protocol
• FCP, Fiber Channel Protocol
• FCIP, Fiber Channel over TCP/IP
• IL, IL Protocol

3
 • iSCSI, Internet Small Computer System Interface
• NBP, Name Binding Protocol
TRANSPORT • NetBEUI, NetBIOS Extended User Interface
• SPX, Sequenced Packet Exchange
layer 4 • RTMP, Routing Table Maintenance Protocol
• SCTP, Stream Control Transmission Protocol
• SCSI, Small Computer System Interface
• TCP, Transmission Control Protocol

• UDP, User Datagram Protocol

NETWORK Routers - Switches - Bridges

layer 3 • IP/IPv6, Internet Protocol

o DVMRP, Distance Vector Multicast
Routing Protocol
o ICMP, Internet Control Message Protocol
o IGMP, Internet Group Multicast Protocol
o PIM-SM, Protocol Independent Multicast
Sparse Mode
o PIM-DM, Protocol Independent Multicast
Dense Mode
• IPSec, Internet Protocol Security
• IPX, Internetwork Packet Exchange
o RIP, Routing Information Protocol
o NLSP, NetWare Link State Protocol
• X.25, Packet Level Protocol
o X.75, Packet Switched Signaling
Between Public Networks

• DDP, Datagram Delivery Protocol

4
DATA LINK • ARCnet
• ATM
layer 2 • Cisco Discovery Protocol (CDP)
• Controller Area Network (CAN)
• Econet
• Ethernet
• Fiber Distributed Data Interface (FDDI)
• Frame Relay
• High-Level Data Link Control (HDLC)
• IEEE 802.2 (provides LLC functions to IEEE
802 MAC layers)
• IEEE 802.11 wireless LAN
• LocalTalk
• Multiprotocol Label Switching (MPLS)
• Point-to-Point Protocol (PPP)
• Serial Line Internet Protocol (SLIP
• StarLan

• Token ring

PHYSICAL Network adapters - Repeaters - Ethernet hubs - Modems

- Wireless 802.11x
layer 1
• xDSL
• IRDA physical layer
• USB physical layer
• Firewire
• EIA RS-232, EIA-422, EIA-423, RS-449, RS-
485
• ITU Recommendations: see ITU-T
• DSL
• ISDN
• T1 and other T-carrier links, and E1 and other E-
carrier links
• 10BASE-T, 10BASE2, 10BASE5, 100BASE-
TX, 100BASE-FX, 100BASE-T, 1000BASE-T,
1000BASE-SX and other varieties of the
Ethernet physical layer
• Wireless 802.11x
• SONET/SDH
• GSM radio interface
• Bluetooth physical layer

• IEEE 802.11x Wi-Fi physical layers

5
 Differentiate between the following network protocols in terms of routing, addressing
schemes, interoperability and naming conventions:

> TCP/IP

Transmission Control Protocol, A connection based Internet protocol responsible for

breaking data into packets, which the IP protocol sends over the network. IP is located at the
TCP/IP Internet layer which corresponds to the network layer of the OSI Model. IP is
responsible for routing packets by their IP address.

IP is a connectionless protocol. which means, IP does not establish a connection between

source and destination before transmitting data, thus packet delivery is not guaranteed by IP.
Instead, this must be provided by TCP. TCP is a connection based protocol and, is designed
to guarantee delivery by monitoring the connection between source and destination before
data is transmitted. TCP places packets in sequential order and requires acknowledgment
from the receiving node that they arrived properly before any new data is sent.

TCP/IP model

Application layer

DHCP - DNS - FTP - HTTP - IMAP4 - IRC - NNTP - XMPP - MIME - POP3 - SIP
- SMTP - SNMP - SSH - TELNET - BGP - RPC - RTP - RTCP - TLS/SSL - SDP -
SOAP - L2TP - PPTP

Transport layer

This layer deals with opening and maintaining connections, ensuring that packets
are in fact received. This is where flow-control and connection protocols exist, such
as: TCP - UDP - DCCP - SCTP - GTP

Network layer

IP (IPv4 - IPv6) - ARP - RARP - ICMP - IGMP - RSVP - IPSec

Data link layer

ATM - DTM - Ethernet - FDDI - Frame Relay - GPRS - PPP

Physical layer

Ethernet physical layer - ISDN - Modems - PLC - RS232 - SONET/SDH - G.709 -

Wi-Fi

6
> IPX/SPX

Internetwork Packet Exchange/Sequenced Packet Exchange developed by Novell and is

used primarily on networks that use the Novell NetWare network operating system. The IPX
and SPX protocols provide services similar to those offered by IP and TCP. Like IP, IPX is a
connectionless network layer protocol. SPX runs on top of IPX at the transport layer and, like
TCP, provides connection oriented, guaranteed delivery.

IPX nodes do not have to be configured with a unique node identifier; instead, they copy the
MAC address of the network interface card into the IPX node address field. The IPX header
contains information about which transport layer protocol receives a particular packet. With
IPX, this information is contained in the destination socket field. Servers have pre specified
destination socket numbers, so workstations always know what value to use to send
information to the server. In contrast, these workstations assign source socket numbers
dynamically for their own protocols outside the server socket number's range.

IPX routing protocols require each logical network to have a different network number in
order to forward IPX packets correctly. But, unlike IP, with IPX only servers and routers
must be configured with a network number. New network stations first use dynamic Routing
Information Protocol (RIP) routing packets to learn network topography and configuration
from servers and routers and then configure themselves accordingly.

Because IPX is a connectionless protocol, NetWare servers are unable to tell if a station's
connection to the server is currently active. To avoid reserving resources for inactive users,
the NetWare server sends a watchdog packet to a client after a predetermined length of
inactivity. The packet asks if the client is still connected and, if the client does not respond,
the server terminates the connection.

SPX is connection oriented and, thus, does not require the use of watchdog packets.
However, network devices will keep an SPX session open by sending keep alive packets to
verify the connection.

> NetBEUI

NetBIOS Enhanced User Interface was designed as a small, efficient protocol for use in
department-sized LANs of 20-200 computers that do not need to be routed to other subnets.
NetBEUI is used almost exclusively on small, non-routed networks.

As an extension of NetBIOS, NetBEUI is not routable, therefore networks supporting

NetBEUI must be connected with bridges, rather than routers, like NetBIOS, the NetBEUI
interface must be adapted to routable protocols like TCP/IP for communication over WANs.

7
> AppleTalk

AppleTalk is a LAN architecture built into all Apple Macintosh computers. While AppleTalk
is a proprietary network, many companies now market AppleTalk based products, including
Novell and Microsoft. Similarly, designed to be link layer independent, AppleTalk supports
Apple's LocalTalk cabling scheme, but also runs over Ethernet (EtherTalk), Token Ring
(TokenTalk), and Fiber Distributed Data Interface, or FDDI (FDDITalk).

AppleTalk node addresses are assigned dynamically to ensure minimal network

administration overhead. When a node running AppleTalk starts up, it generates a random
network layer protocol address and then sends out a broadcast to determine whether that
particular address is already in use. If it is, the node with the conflicting address responds and
the broadcasting node selects a new address and repeats the inquiry process.

2-Protocols and Standards

Identify the components and structure of IP (Internet Protocol) addresses (IPv4, IPv6)
and the required setting for connections across the Internet.

An IP is a 32-bit number comprised of a host number and a network prefix, both of which are
used to uniquely identify each node within a network. A shortage of available IP addresses
has prompted the creation of an addressing scheme known as Classless Inter-Domain Routing
(CIDR). Among other capabilities, CIDR allows one IP address to designate many unique IP
addresses within a network. In addition, the current version of the IP address, IPv4, is being
upgraded to IPv6. The latter uses a 128-bit address, allowing for 2128 total IP addresses, as
opposed to IPv4's 232.

> Internet Protocol version 4

Is the fourth iteration of the Internet Protocol (IP) and it is the first version of the protocol to
be widely deployed. IPv4 is the dominant network layer protocol on the Internet and apart
from IPv6 it is the only protocol used on the Internet.

IPv4 is a data-oriented protocol to be used on a packet switched internetwork (e.g., Ethernet).

It is a best effort protocol in that it doesn't guarantee delivery. It doesn't make any guarantees
on the correctness of the data; it may result in duplicated packets and/or packets out-of-order.

> Internet Protocol version 6 (IPv6)

A network layer protocol for packet-switched internetworks. It is designated as the successor

of IPv4, the current version of the Internet Protocol, for general use on the Internet.

The main improvement brought by IPv6 (Internet Protocol version 6) is the increase in the
number of addresses available for networked devices, allowing, for example, each mobile
phone and mobile electronic device to have its own address. IPv4 supports 232 (about 4.3
billion) addresses, which is inadequate for giving even one address to every living person, let
alone supporting embedded and portable devices. IPv6, however, supports 2128 addresses;
this is approximately 5×1028 addresses for each of the roughly 6.5 billion people alive today.

8
 Identify classful IP (Internet Protocol) ranges and their subnet masks (For example:
Class A, B and C).

Systems that have interfaces to more than one network require a unique IP address for each
network interface. The first part of an Internet address identifies the network on which the
host resides, while the second part identifies the particular host on the given network. This
creates the two-level addressing hierarchy.

The leading portion of each IP address identifies the network prefix. All hosts on a given
network share the same network prefix but must have a unique host number. Similarly, any
two hosts on different networks must have different network prefixes but may have the same
host number.

Address Class Decimal Notation Ranges

Class A 1.xxx.xxx.xxx through 126.xxx.xxx.xxx

Class B 128.0.xxx.xxx through 191.255.xxx.xxx

Class C 192.0.0.xxx through 223.255.255.xxx

The “xxx” represents the host number field of the address that is assigned by the local
network administrator.

Class A

addresses are intended for very large networks and can address up to 16,777,216 (224) hosts
per network. The first digits of a Class A addresses will be a number between 1 and 126, the
network ID start bit is 0 and default subnet mask is 255.0.0.0

Class B

addresses are intended for moderate sized networks and can address up to 65,536 (216) hosts
per network. The first digits of a Class B address will be a number between 128 and 191, the
network ID start bit is 10 and the default subnet mask is 255. 255.0.0

Class C

intended for small networks and can address only up to 254 (28-2) hosts per network. The
first digits of a Class C address will be a number between 192 and 223, the network ID start
bit is 110 and their default subnet mask is 255. 255. 255.0

9
 Basic Class A, B, and C Network Address's

Class A
Class B Class C

Router A Router B Router C

10.10.0.0 128.28.0.0 192.28.0.0

Switch Switch Switch

10.10.0.1 128.28.0.1 192.28.0.1

10.10.0.2 128.28.0.2 192.28.0.2

Identify the purpose of subnetting.

A subnet mask is used to mask a portion of the IP address, so that TCP/IP can tell the
difference between the network ID and the host ID. TCP/IP uses the subnet mask to
determine whether the destination is on a local or remote network.

Advantages of subnetting a network include the following:

• Reducing network congestion by limiting the range of broadcasts using routers

• Enabling different networking architectures to be joined

Identify the differences between private and public network addressing schemes.

10
> Public IP Addresses

For a computer to be visible on the Internet, it must be reachable through a public IP address.
The IANA assigns ranges of public IP addresses to organizations that can then assign IP
addresses within those ranges to individual computers. This prevents multiple computers
from having the same IP address.

The public IP address can be assigned through a Dynamic Host Configuration Protocol
(DHCP) server, configured manually, or provided by an Internet service provider (ISP).

> Authorized Private IP Addresses

The IANA has reserved a certain number of IP addresses that are never used on the global
Internet. These private IP addresses are used for networks that do not want to directly connect
to the Internet but nevertheless require IP connectivity. For example, a user wanting to
connect multiple Windows based computers in a home network can use the Automatic
Private IP Addressing (APIPA) feature to allow each computer to automatically assign itself
a private IP address. The user does not need to configure an IP address for each computer,
nor is a DHCP server needed.

Computers on a network using authorized private IP addressing can connect to the Internet
through the use of another computer with either proxy or network address translator (NAT)
capabilities.

> Unauthorized Private IP Addresses

It is possible, when there is an absolute certainty that your network will never access the
Internet, to assign to a node a 32-bit unauthorized private IP address of your choosing. Keep
in mind that if any Internet connectivity is ever established with any node on your network,
these unauthorized private IP addresses could generate significant problems that would
require you to immediately change the IP address of every node that you had assigned in this
manner.

Identify and differentiate between the following IP (Internet Protocol) addressing

methods:

> Static / Dynamic

An IP network is somewhat similar to the telephone network in that you have to have the
phone number to reach a destination. The big difference is that IP addresses are often
temporary (dynamic).

Each device in an IP network is either assigned a permanent address (static) by the network
administrator or is assigned a temporary address (dynamic) via DHCP software. Routers,
firewalls and proxy servers use static addresses as do most servers and printers that serve
multiple users. Client machines may use static or dynamic IP addresses. The IP address
assigned to your service by your cable or DSL Internet provider is typically dynamic IP. In
routers and operating systems, the default configuration for clients is dynamic IP.

> Self-assigned (APIPA (Automatic Private Internet Protocol Addressing))

11
Automatic Private IP Addressing (APIPA) is a feature of Windows-based operating systems
(included in Windows 98, ME, 2000, and XP) that enables a computer to automatically
assign itself an IP address when there is no Dynamic Host Configuration Protocol (DHCP)
server available to perform that function.

Using APIPA, a Windows based client assigns itself an IP address from a range reserved for
authorized private class B network addresses (169.254.0.1 through 169.254.255.254), with a
subnet mask of 255.255.0.0. A computer with an authorized private address cannot directly
communicate with hosts outside its subnet, including Internet hosts. APIPA is most suitable
for small, single-subnet networks, such as a home or small office. APIPA is enabled by
default if no DHCP servers are available on the network.

Note APIPA assigns only an IP address and subnet mask; it does not assign a default
gateway, nor does it assign the IP addresses of DNS or WINS servers. Use APIPA only on a
single-subnet network that contains no routers. If your small office or home office network is
connected to the Internet or a private intranet, do not use APIPA.

Define the purpose, function and use of the following protocols used in the TCP / IP
(Transmission Control Protocol / Internet Protocol) suite:

> TCP (Transmission Control Protocol)

Transmission Control Protocol, A connection based Internet protocol responsible for

breaking data into packets, which the IP protocol sends over the network. IP is located at the
TCP/IP Internet layer which corresponds to the network layer of the OSI Model. IP is
responsible for routing packets by their IP address.

IP is a connectionless protocol. which means, IP does not establish a connection between

source and destination before transmitting data, thus packet delivery is not guaranteed by IP.
Instead, this must be provided by TCP. TCP is a connection based protocol and, is designed
to guarantee delivery by monitoring the connection between source and destination before
data is transmitted. TCP places packets in sequential order and requires acknowledgment
from the receiving node that they arrived properly before any new data is sent.

> UDP (User Datagram Protocol)

User Datagram Protocol runs on top of IP and is used as an alternative to TCP. UDP does
not, however, provide any error checking for guaranteeing packet delivery. Because UDP is
not as complex as TCP, it is also faster. It is often used for broadcast messages and for
streaming audio and video. UDP is a connectionless transport protocol.

All upper layer applications that use TCP or UDP have a port number that identifies the
application. This enables the port number to identify the type of service that one TCP system
is requesting from another.

Some commonly used ports

12
 Port Number Service
80 HTTP
21 FTP
110 POP3
25 SMTP
23 Telnet

> FTP (File Transfer Protocol)

An Internet standard application-level TCP/IP protocol that can be used for transferring files
between hosts on a TCP/IP internetwork.

File Transfer Protocol (FTP) is one of the earliest Internet protocols, and is still used for
uploading and downloading files between clients and servers. An FTP client is an application
that can issue FTP commands to an FTP server, while an FTP server is a service or daemon
running on a server that responds to FTP commands from a client. FTP commands can be
used to change directories, change transfer modes between binary and ASCII, upload files,
and download files.

> SFTP (Secure File Transfer Protocol)

SSH File Transfer Protocol or SFTP is a network protocol that provides file transfer and
manipulation functionality over any reliable data stream. It is typically used with the SSH-2
protocol to provide secure file transfer, but is intended to be usable with other protocols as
well. The sftp program provides an interactive interface similar to that of traditional FTP
clients.

> TFTP (Trivial File Transfer Protocol)

Trivial File Transfer Protocol is a file transfer protocol that transfers files to and from a
remote computer running the TFTP service. TFTP was designed with less functions than
FTP.

> SMTP (Simple Mail Transfer Protocol)

Simple Mail Transfer Protocol, is used to transfer messages between two remote computers.
It is used on the Internet, and is part of the TCP/IP protocol stack.

> HTTP (Hypertext Transfer Protocol)

Hypertext Transfer Protocol is the underlying protocol for the World Wide Web. HTTP
defines how all resources on the web are transferred and what action web servers and
browsers should take in response to commands.

HTTP is a "stateless" protocol, meaning each command is executed independently, without

any knowledge of the commands that came before it.

13
> HTTPS (Hypertext Transfer Protocol Secure)

The secure hypertext transfer protocol is a communications protocol designed to transfer

encrypted information between computers over the World Wide Web. HTTPS is HTTP using
a Secure Socket Layer (SSL). A secure socket layer is an encryption protocol invoked on a
Web server that uses HTTPS. Most implementations of the HTTPS protocol involve online
purchasing or the exchange of private information. Accessing a secure server often requires
some sort of registration, login, or purchase. The successful use of the HTTPS protocol
requires a secure server to handle the request.

> POP3 / IMAP4 (Post Office Protocol version 3 / Internet Message Access Protocol
version 4)

Post Office Protocol, used to retrieve e-mail from a mail server. Most e-mail applications use
the POP protocol, although some use the newer IMAP (Internet Message Access Protocol).

This older POP2 requires SMTP to send messages. While POP3, can be used with or without
SMTP.

> Telnet

Short for Telecommunication Network, a virtual terminal protocol allowing a user logged on
to one TCP/IP host to access other hosts on the network.

> SSH (Secure Shell)

Secure Shell or SSH is a set of standards and an associated network protocol that allows
establishing a secure channel between a local and a remote computer. It uses public-key
cryptography to authenticate the remote computer and (optionally) to allow the remote
computer to authenticate the user. SSH provides confidentiality and integrity of data
exchanged between the two computers using encryption and message authentication codes
(MACs). SSH is typically used to log into a remote machine and execute commands, but it
also supports tunneling, forwarding arbitrary TCP ports and X11 connections; it can transfer
files using the associated SFTP or SCP protocols. An SSH server, by default, listens on the
standard TCP port 22.

> ICMP (Internet Control Message Protocol)

Internet Control Message Protocol is a maintenance protocol in the TCP/IP suite, required in
every TCP/IP implementation, that allows two nodes on an IP network to share IP status and
error information. ICMP is used by the ping utility to determine the readability of a remote
system.

> ARP / RARP (Address Resolution Protocol / Reverse Address Resolution Protocol)

Address Resolution Protocol, is a TCP/IP protocol used to convert an IP address into a

physical address, such as an Ethernet address. A host wishing to obtain a physical address
broadcasts an ARP request onto the TCP/IP network. The host on the network that has the IP
address in the request then replies with its physical hardware address.

14
> NTP (Network Time Protocol)

The Network Time Protocol is used to synchronize the time of a computer client or server to
another server or reference time source, such as a radio or satellite receiver or modem. It
provides accuracy's typically within a millisecond on LANs and up to a few tens of
milliseconds on WANs.

> SNMP

Simple Network Management Protocol, is a TCP/IP protocol for monitoring networks and
network components. SNMP uses small utility programs called agents to monitor behavior
and traffic on the network, in order to gather statistical data.

These agents can be loaded onto managed devices such as hubs, NIC's, servers, routers, and
bridges. The gathered data is stored in a MIB (management information base).

To collect the information in a usable form, a management program console polls these
agents and downloads the information from their MIB's, which then can be displayed as
graphs, charts and sent to a database program to be analyzed.

> NNTP (Network News Transport Protocol)

The Network News Transfer Protocol or NNTP is an Internet application protocol used
primarily for reading and posting Usenet articles, as well as transferring news among news
servers.

> SCP (Secure Copy Protocol)

Secure Copy or SCP is a means of securely transferring computer files between a local and a
remote host or between two remote hosts, using the Secure Shell (SSH) protocol.

The protocol itself does not provide authentication and security; it expects the underlying
protocol, SSH, to secure this.

The SCP protocol implements file transfers only. It does so by connecting to the host using
SSH and there executes an SCP server (scp). The SCP server program is typically the very
same program as the SCP client.

> LDAP (Lightweight Directory Access Protocol)

Lightweight Directory Access Protocol, or LDAP, is a networking protocol for querying and
modifying directory services running over TCP/IP.

A directory is a set of information with similar attributes organized in a logical and

hierarchical manner. The most common example is the telephone directory, which consists of
a series of names organized alphabetically, with an address and phone number attached.

An LDAP directory often reflects various political, geographic, and/or organizational

boundaries, depending on the model chosen. LDAP deployments today tend to use Domain
Name System (DNS) names for structuring the topmost levels of the hierarchy. Deeper inside

15
the directory might appear entries representing people, organizational units, printers,
documents, groups of people or anything else which represents a given tree entry.

> IGMP (Internet Group Multicast Protocol)

The Internet Group Management Protocol is a communications protocol used to manage the
membership of Internet Protocol multicast groups. IGMP is used by IP hosts and adjacent
multicast routers to establish multicast group memberships. It is an integral part of the IP
multicast specification, like ICMP for unicast connections. IGMP can be used for online
video and gaming, and allows more efficient use of resources when supporting these uses.

> LPR (Line Printer Remote)

The Line Printer Daemon protocol/Line Printer Remote protocol (or LPD, LPR) also known
as the Berkeley printing system, is a set of programs that provide printer spooling and
network print server functionality for Unix-like systems. The most common implementations
of LPD are the official BSD UNIX operating system and the LPRng project. The Common
Unix Printing System (or CUPS), which is more common on modern Linux distributions,
borrows heavily from LPD.

A printer that supports LPD/LPR is sometimes referred to as a "TCP/IP printer" (TCP/IP is

used to establish connections between printers and workstations on a network), although that
term seems equally applicable to a printer that supports CUPS.

3-Protocols and Standards

Define the function of TCP / UDP (Transmission Control Protocol / User Datagram
Protocol) ports.

> Transmission Control Protocol

A connection based Internet protocol responsible for breaking data into packets, which the IP
protocol sends over the network. IP is located at the TCP/IP Internet layer which corresponds
to the network layer of the OSI Model. IP is responsible for routing packets by their IP
address.

> User Datagram Protocol

Runs on top of IP and is used as an alternative to TCP. UDP does not, however, provide any
error checking for guaranteeing packet delivery. Because UDP is not as complex as TCP, it is
also faster. It is often used for broadcast messages and for streaming audio and video. UDP is
a connectionless transport protocol.

Identify the well-known ports associated with the following commonly used services and
protocols:

16
 Protocol Common Port

FTP (File Transfer Protocol) 20, 21

SSH (Secure Shell) 22

Telnet 23

SMTP (Simple Mail Transfer Protocol) 25

DNS (Domain Name Service) 53

TFTP (Trivial File Transfer Protocol) 69

HTTP (Hypertext Transfer Protocol) 80

POP3 (Post Office Protocol version 3) 110

NNTP (Network News Transport Protocol) 119

NTP (Network Time Protocol) 123

IMAP4 (Internet Message Access Protocol version

143
4)

HTTPS (Hypertext Transfer Protocol Secure) 443

Identify the purpose of network services and protocols:

> DNS (Domain Name Service)

DNS name resolution is used on the Internet to map friendly names to IP addresses, and vice
versa. For example instead of trying to remember an IP address composed of numbers, such
as 198.46.8.34 you could with the DNS type

http://www.microsoft.com/.

In Microsoft Windows 2000, Microsoft Windows Server™ 2003, and Microsoft Windows
XP environments, DNS is the default name resolution method.

17
> NAT
(Network Address Translation)

Network Address Translation is a process that lets an entire network connect to a PPP server
and appear as a single IP address, thus helping to conceal IP addresses from external hackers
and to alleviate address space shortage.

> ICS (Internet Connection Sharing)

You can choose one computer to share an Internet connection with the rest of the computers
on your home or small office network. This computer is called the Internet Connection
Sharing (ICS) host computer.

To determine which computer should be your ICS host computer, use the following
guidelines:

• The computer must be one that you can leave on at all times so that other computers
on the network can access the Internet. If the computer is turned off, the connection to
the Internet will not be available.
• If one computer has a DSL or cable modem, use that computer as the ICS host
computer.
• If you plan to use a shared printer for your network, the printer should be installed on
the ICS host computer.

> WINS (Windows Internet Name Service)

While DNS resolves host names to IP addresses, WINS resolves NetBIOS names to IP
addresses. Windows Internet Name Service provides a dynamic database of IP address to
NetBIOS name resolution mappings.

WINS, determines the IP address associated with a particular network computer. This is
called name resolution. WINS supports network client and server computers running
Windows.

WINS uses a distributed database that is automatically updated with the names of computers
currently available and the IP address assigned to each one.

DNS is an alternative for name resolution suitable for network computers with fixed IP
addresses.

> SNMP (Simple Network Management Protocol)

Simple Network Management Protocol, is a TCP/IP protocol for monitoring networks and
network components. SNMP uses small utility programs called agents to monitor behavior
and traffic on the network, in order to gather statistical data.

These agents can be loaded onto managed devices such as hubs, NIC's, servers, routers, and
bridges. The gathered data is stored in a MIB (management information base).

18
To collect the information in a usable form, a management program console polls these
agents and downloads the information from their MIB's, which then can be displayed as
graphs, charts and sent to a database program to be analyzed.

> NFS (Network File System)

Network File System (NFS) is a distributed file system that allows users to access files and
directories located on remote computers and treat those files and directories as if they were
local.

> Zeroconf (Zero configuration)

Zero Configuration Networking is a set of techniques that automatically create a usable IP

network without configuration or special servers. This allows unknowledgeable users to
connect computers, networked printers, and other items together and expect them to work
automatically. Without Zeroconf or something similar, a knowledgeable user must either set
up special servers, like DHCP and DNS, or set up each computer's network settings manualy.

Zeroconf currently solves three problems :

• Choose numeric network addresses for networked items

• Figure out which computer has a certain name
• Figure out where to get services, like printing.

> SMB (Server Message Block)

A file-sharing protocol designed to allow networked computers to transparently access files

that reside on remote systems over a variety of networks. The SMB protocol defines a series
of commands that pass information between computers. SMB uses four message types:
session control, file, printer, and message. It is mainly used by Microsoft Windows equipped
computers.

SMB works through a client-server approach, where a client makes specific requests and the
server responds accordingly. One section of the SMB protocol is specifically for filesystem
access, such that clients may make requests to a file server. The SMB protocol was optimised
for local subnet usage, but one could use it to access different subnets across the Internet on
which MS Windows file-and-print sharing exploits usually focus.

Client computers may have their own hard disks, which are not publicly shared, yet also want
access to the shared file systems and printers on the server, and it is for this primary purpose
that SMB is best known and most heavily used.

> AFP (Apple File Protocol)

The file sharing protocol used in an AppleTalk network. In order for non-Apple networks to
access data in an AppleShare server, their protocols must translate into the AFP language.

AFP versions 3.0 and greater rely exclusively on TCP/IP (port 548 or 427) for establishing
communication, supporting AppleTalk only as a service discovery protocol. The AFP 2.x
family supports both TCP/IP and AppleTalk for communication and service discovery.

19
> LPD (Line Printer Daemon) and Samba).

LPD is the primary UNIX printing protocol used to submit jobs to the printer. The LPR
component initiates commands such as "print waiting jobs," "receive job," and "send queue
state," and the LPD component in the print server responds to them.

The most common implementations of LPD are in the official BSD UNIX operating system
and the LPRng project. The Common Unix Printing System (or CUPS), which is more
common on modern Linux distributions, borrows heavily from LPD.

Unix and Mac OS X Servers use the Open Source SAMBA to provide Windows users with
Server Message Block (SMB) file sharing.

Identify the basic characteristics (For example: speed, capacity and media) of the
following WAN (Wide Area Networks) technologies:

> Packet switching

Packet switching offers more efficient use of a telecommunication provider's network

bandwidth. With packet switching, the switching mechanisms on the network route each data
packet from switch to switch individually over the network using the best-available path. Any
one physical link in a packet-switched network can carry packets from many different
senders and for many different destinations. Where as in a circuit switched connection, the
bandwidth is dedicated to one sender and receiver only.

> Circuit switching

With circuit switching, data travels over a fixed path that is established at the beginning of
the connection and remains open until the connection is terminated. A telephone call is an
example of a circuit switched link. When you dial a number the telecommunication provider,
establishes an open circuit between your phone and the phone of the person you are calling.
No other calls can be placed over this circuit until you hang up.

> ISDN (Integrated Services Digital Network)

Integrated Services Digital Network adapters can be used to send voice, data, audio, or video
over standard telephone cabling. ISDN adapters must be connected directly to a digital
telephone network. ISDN adapters are not actually modems, since they neither modulate nor
demodulate the digital ISDN signal.

Like standard modems, ISDN adapters are available both as internal devices that connect
directly to a computer's expansion bus and as external devices that connect to one of a
computer's serial or parallel ports. ISDN can provide data throughput rates from 56 Kbps to
1.544 Mbps using a T1 service.

ISDN hardware requires a NT (network termination) device, which converts network data
signals into the signaling protocols used by ISDN. Some times, the NT interface is included,
or integrated, with ISDN adapters and ISDN-compatible routers. In other cases, an NT device
separate from the adapter or router must be implemented.

20
ISDN works at the physical, data link, network, and transport layers of the OSI Model.

> FDDI (Fiber Distributed Data Interface)

Fiber Distributed Data Interface, shares many of the same features as token ring, such
as a token passing, and the continuous network loop configuration. But FDDI has better
fault tolerance because of its use of a dual, counter-rotating ring that enables the ring to
reconfigure itself in case of a link failure. FDDI also has higher transfer speeds, 100
Mbps for FDDI, compared to 4 - 16 Mbps for Token Ring.

Unlike Token Ring, which uses a star topology, FDDI uses a physical ring. Each device in
the ring attaches to the adjacent device using a two stranded fiber optic cable. Data
travels in one direction on the outer strand and in the other direction on the inner
strand. When all devices attached to the dual ring are functioning properly, data travels
on only one ring. FDDI transmits data on the second ring only in the event of a link
failure.

Media MAC Signal Propagation Method Speed Topologies Maximum

Method Connections

Fiber- Token Forwarded from device to 100 Double ring 500 nodes
optic passing device (or port to port on a Mbps Star
hub) in a closed loop

> T1 (T Carrier level 1)

A 1.544 Mbps point to point dedicated, digital circuit provided by the telephone companies.
T1 lines are widely used for private networks as well as interconnections between an
organizations LAN and the telco.

A T1 line uses two pairs of wire one to transmit, and one to receive. and time division
multiplexing (TDM) to interleave 24 64-Kbps voice or data channels. The standard T1 frame
is 193 bits long, which holds 24 8-bit voice samples and one synchronization bit with 8,000
frames transmitted per second. T1 is not restricted to digital voice or to 64 Kbps data streams.
Channels may be combined and the total 1.544 Mbps capacity can be broken up as required.

> T3 (T Carrier level 3)

A T3 line is a super high-speed connection capable of transmitting data at a rate of 45 Mbps.

A T3 line represents a bandwidth equal to about 672 regular voice-grade telephone lines,
which is wide enough to transmit real time video, and very large databases over a busy
network. A T3 line is typically installed as a major networking artery for large corporations,
universities with high-volume network traffic and for the backbones of the major Internet
service providers.

> OCx (Optical Carrier)

Optical Carrier,
designations are used to specify the speed of fiber optic networks that
conforms to the SONET standard.

21
 Level Speed

51.85
OC-1
Mbps

155.52
OC-3
Mbps

622.08
OC-12
Mbps

1.244
OC-24
Gbps

2.488
OC-48
Gbps

> X.25

An X.25 network transmits data with a packet-switching protocol, bypassing noisy telephone
lines. This protocol relies on an elaborate worldwide network of packet-forwarding nodes
that can participate in delivering an X.25 packet to its designated address.

Network Connections supports X.25 by using packet assemblers/disassemblers (PADs) and

X.25 cards. You can also use a modem and special dial-up X.25 carriers (such as Sprintnet
and Infonet) in place of a PAD or X.25 smart card on your computer.

Remote access clients running Windows XP Professional or Windows 2000 Server or later
can use either an X.25 card or dial in to an X.25 PAD to create connections. To accept
incoming connections on a computer using X.25 running Windows XP Professional or
Windows 2000 Server or later, you must use an X.25 card.

Identify the basic characteristics of the following internet access technologies:

> xDSL (Digital Subscriber Line)

xDSL is a term referring to a variety of new Digital Subscriber Line technologies. Some of
these varieties are asymmetric with different data rates in the downstream and upstream
directions. Others are symmetric. Downstream speeds range from 384 Kbps (or "SDSL") to
1.5-8 Mbps (or "ADSL").

Asymmetric Digital Subscriber Line (ADSL) A high-bandwidth digital transmission

technology that uses existing phone lines and also allows voice transmissions over the same
lines. Most of the traffic is transmitted downstream to the user, generally at rates of 512 Kbps
to about 6 Mbps.

> Broadband Cable (Cable modem)

Cable modems use a broadband connection to the Internet through cable television
infrastructure. These modems use frequencies that do not interfere with television
transmission.

22
> POTS / PSTN (Plain Old Telephone Service / Public Switched Telephone Network)

POTS / PSTN use modem's, which is a device that makes it possible for computers to
communicate over telephone lines. The word modem comes from Modulate and Demodulate.
Because standard telephone lines use analog signals, and computers digital signals, a sending
modem must modulate its digital signals into analog signals. The computers modem on the
receiving end must then demodulate the analog signals into digital signals.

Modems can be external, connected to the computers serial port by an RS-232 cable or
internal in one of the computers expansion slots. Modems connect to the phone line using
standard telephone RJ-11 connectors.

> Wireless

A wireless network consists of wireless NICs and access points. NICs come in different
models including PC Card, ISA, PCI, etc. Access points act as wireless hubs to link multiple
wireless NICs into a single subnet. Access points also have at least one fixed Ethernet port to
allow the wireless network to be bridged to a traditional wired Ethernet network, such as the
organization’s network infrastructure. Wireless and wired devices can coexist on the same
network.

• WLAN (Wireless Local Area Network) A group of computers and associated

devices that communicate with each other wirelessly.
• WPA (Wi-Fi Protected Access) A security protocol for wireless networks that builds
on the basic foundations of WEP. It secures wireless data transmission by using a key
similar to WEP, but the added strength of WPA is that the key changes dynamically.
The changing key makes it much more difficult for a hacker to learn the key and gain
access to the network.
• WPA2 (Wi-Fi Protected Access 2) WPA2 is the second generation of WPA security
and provides a stronger encryption mechanism through Advanced Encryption
Standard (AES), which is a requirement for some government users.
• WPA-Personal A version of WPA that uses long and constantly changing encryption
keys to make them difficult to decode.
• WPA-Enterprise A version of WPA that uses the same dynamic keys as WPA-
Personal and also requires each wireless device to be authorized according to a master
list held in a special authentication server.

4-Protocols and Standards

Define the function of the following remote access protocols and services:

> RAS (Remote Access Service)

Remote Access Service A service that provides remote networking for telecommuters, mobile
workers, and system administrators who monitor and manage servers at multiple branch
offices. Users with RAS can dial in to remotely access their networks for services such as file
and printer sharing, electronic mail, scheduling, and SQL database access.

23
> PPP (Point-to-Point Protocol)

An industry standard suite of protocols for the use of point-to-point links to transport
multiprotocol datagrams.

Point to point Protocol facilitates Internet connections over serial lines, including modem
connections. PPP software requires only a destination address usually a phone number for
modem connections and a user login in order to negotiate a complete configuration for each
session.

PPP support enables computers to dial in to remote networks through any server that
complies with the PPP standard. PPP also enables remote access clients to use any
combination of IPX, TCP/IP, NetBEUI, and AppleTalk. Remote access clients running
Windows NT and Windows 2000, Windows 98, and Windows 95 can use any combination of
TCP/IP, IPX, and NetBEUI and programs written to the Windows Sockets, NetBIOS, or IPX
interface. Microsoft remote access clients do not support the use of the AppleTalk protocol
over a remote access connection.

PPP connection sequence

When you connect to a remote computer, PPP negotiation accomplishes the following:

• Framing rules are established between the remote computer and server. This allows
continued communication (frame transfer) to occur.
• The remote access server then authenticates the remote user by using the PPP
authentication protocols (MS-CHAP, EAP, CHAP, SPAP, PAP). The protocols that
are invoked depend on the security configurations of the remote client and server.
• Once authenticated, if callback is enabled, the remote access server hangs up and calls
the remote access client.
• The Network Control Protocols (NCPs) enable and configure the remote client for the
desired LAN protocols.

> SLIP (Serial Line Internet Protocol)

An older industry standard that is part of Windows remote access client to ensure
interoperability with other remote access software.

> PPPoE (Point-to-Point Protocol over Ethernet)

A specification for connecting users on an Ethernet network to the Internet through a

broadband connection, such as a single DSL line, wireless device, or cable modem. Using
PPPoE and a broadband modem, LAN users can gain individual authenticated access to high-
speed data networks. By combining Ethernet and Point-to-Point Protocol (PPP), PPPoE
provides an efficient way to create a separate connection for each user to a remote server.

24
> PPTP (Point-to-Point Tunneling Protocol)

Networking technology that supports multiprotocol virtual private networks (VPNs),

enabling remote users to access corporate networks securely across the Internet or other
networks by dialing into an Internet service provider (ISP) or by connecting directly to the
Internet. The Point-to-Point Tunneling Protocol (PPTP) tunnels, or encapsulates, IP, IPX, or
NetBEUI traffic inside of IP packets. This means that users can remotely run applications that
are dependent upon particular network protocols.

> VPN (Virtual Private Network)

Virtual private network A remote LAN that can be accessed through the Internet by using
PPTP (see above)

> RDP (Remote Desktop Protocol)

Remote Desktop Protocol (RDP) is a multi-channel protocol that allows a user to connect to a
computer running Microsoft Terminal Services. Clients exist for most versions of Windows
(including handheld versions), and other operating systems such as Linux, FreeBSD, Solaris
Operating System and Mac OS X. The server listens by default on TCP port 3389.

• Version 4.0 was introduced with Terminal Services in Windows NT 4.0 Server,
Terminal Server Edition.
• Version 5.0, introduced with Windows 2000 Server, added support for a number of
features, including printing to local printers, and aimed to improve network
bandwidth usage.
• Version 5.1, introduced with Windows XP Professional, included support for 24-bit
color and sound.
• Version 5.2, introduced with Windows Server 2003, included support for console
mode connections, a session directory, and local resource mapping.
• Version, 6.0, introduced with Windows Vista and Windows Server includes a
significant number of new features, most notably being able to remotely access a
single application instead of the entire desktop, and support for 32 bit color.

Identify the following security protocols and describe their purpose and function:

> IPSec (Internet Protocol Security)

Is a set of protocols used to support secure exchange of packets at the IP layer.

IPsec supports two encryption modes: Transport and Tunnel. Transport mode encrypts only
the data portion of each packet, but leaves the header untouched. The more secure Tunnel
mode encrypts both the header and the data portion.

For IPsec to work, the sending and receiving devices must share a public key. This is
accomplished through a protocol known as Internet Security Association and Key

25
Management Protocol/Oakley, which allows the receiver to obtain a public key and
authenticate the sender using digital certificates.

IPsec protocols operate at the network layer, layer 3 of the OSI model. Other Internet security
protocols in widespread use, such as SSL and TLS, operate from the transport layer up (OSI
layers 4 - 7). This makes IPsec more flexible, as it can be used for protecting both TCP and
UDP based protocols

> L2TP (Layer 2 Tunneling Protocol)

Layer 2 Tunneling Protocol is a tunneling protocol used to support virtual private networks
VPNs. L2TP is an extension to the PPP protocol that enables ISPs to operate Virtual Private
Networks. L2TP combines the best features of two other tunneling protocols: PPTP from
Microsoft and L2F from Cisco Systems.

> SSL (Secure Sockets Layer)

Secure Sockets Layer is a protocol that supplies secure data communication through data
encryption and decryption. SSL enables communications privacy over networks by using a
combination of public key, and bulk data encryption.

> WEP (Wired Equivalent Privacy)

Wired Equivalent Privacy is a scheme that is part of the IEEE 802.11 wireless networking
standard to secure IEEE 802.11 wireless networks. Because a wireless network broadcasts
messages using radio, it is particularly susceptible to eavesdropping.

WEP was intended to provide comparable confidentiality to a traditional wired network and
thus it does not protect users of the network from each other.

> WPA (Wi-Fi Protected Access)

A security protocol for wireless networks that builds on the basic foundations of WEP. It
secures wireless data transmission by using a key similar to WEP, but the added strength of
WPA is that the key changes dynamically. The changing key makes it much more difficult
for a hacker to learn the key and gain access to the network.

WPA2 (Wi-Fi Protected Access 2) WPA2 is the second generation of WPA security and
provides a stronger encryption mechanism through Advanced Encryption Standard (AES),
which is a requirement for some government users.

> 802.11x

IEEE 802.11 also known by the brand Wi-Fi, denotes a set of Wireless LAN/WLAN
standards developed by working group 11 of the IEEE LAN/MAN Standards Committee
(IEEE 802). The term 802.11x is also used to denote this set of standards and is not to be
mistaken for any one of its elements. There is no single 802.11x standard.

26
 Data Data
Release Op. Range
Protocol Rate Rate Range (Outdoor)
Date Frequency (Indoor)
(Typ) (Max)

5.15-
5.35/5.47- 25 54 ~25
802.11a 1999 ~75 meters
5.725/5.725- Mbit/s Mbit/s meters
5.875 GHz

6.5 11 ~35
802.11b 1999 2.4-2.5 GHz ~100 meters
Mbit/s Mbit/s meters

25 54 ~25
802.11g 2003 2.4-2.5 GHz ~75 meters
Mbit/s Mbit/s meters

2.4 GHz or 5 200 540 ~50

802.11n 2007 ~125 meters
GHz bands Mbit/s Mbit/s meters

Identify authentication protocols:

> CHAP (Challenge Handshake Authentication Protocol)

Challenge Handshake Authentication Protocol is a challenge-response authentication protocol

that uses the industry-standard Message Digest 5 (MD5) hashing scheme to encrypt the
response. CHAP is used by various vendors of network access servers and clients.

> MS-CHAP (Microsoft Challenge Handshake Authentication Protocol)

MS-CHAP Microsoft Challenge Handshake Authentication Protocol. MS-CHAP is a

nonreversible, encrypted password authentication protocol. The challenge handshake process
works as follows:

• The remote access server or the IAS server sends a challenge to the remote access
client that consists of a session identifier and an arbitrary challenge string.
• The remote access client sends a response that contains the user name and a
nonreversible encryption of the challenge string, the session identifier, and the
password.
• The authenticator checks the response and, if valid, the user's credentials are
authenticated.

> PAP (Password Authentication

Protocol)

27
Password Authentication Protocol uses plaintext passwords and is the least sophisticated
authentication protocol. It is typically negotiated if the remote access client and remote access
server cannot negotiate a more secure form of validation.

> RADIUS (Remote Authentication Dial-In User Service)

Is an AAA (authentication, authorization and accounting) protocol for applications such as

network access or IP mobility. It is intended to work in both local and roaming situations.

Some ISPs (commonly modem, DSL, or wireless 802.11 services) require you to enter a
username and password in order to connect on to the Internet. Before access to the network is
granted, this information is passed to a Network Access Server (NAS) device over the Point-
to-Point Protocol (PPP), then to a RADIUS server over the RADIUS protocol. The RADIUS
server checks that the information is correct using authentication schemes like PAP, CHAP or
EAP. If accepted, the server will then authorize access to the ISP system and select an IP
address.

RADIUS is also widely used by VoIP service providers.

> Kerberos and EAP (Extensible

Authentication Protocol)).

An authentication system, Kerberos is designed to enable two parties to exchange private

information across an open network. It works by assigning a unique key, called a ticket, to
each user that logs on to the network. The ticket is then embedded in messages to identify the
sender of the message.

Extensible Authentication Protocol, or EAP, is a universal authentication framework

frequently used in wireless networks and Point-to-Point connections. Although the EAP
protocol is not limited to wireless LANs and can be used for wired LAN authentication, it is
most often used in wireless LANs. Recently, the WPA and WPA2 standard has officially
adopted five EAP types as its official authentication mechanisms.

28