Network

TC/IP
1. Glossary
  1. ARPANET
    1. The earliest version of the Internet that we see today, created by the US government project DARPA in the 1960s
  2. Children's Online Privacy Protection Act (COPPA)
    1. Regulates the information we show to children under the age of 13
  3. DARPA
    1. A US government project in the 1960s that went on to create the earliest version of the Internet that we see today
  4. Internet Corporation for Assigned Names and Numbers (ICANN)
    1. Where website names are registered
  5. Internet service provider (ISP)
    1. A company that provides a consumer an internet connection
  6. Network Address Translation
    1. A mitigation tool that lets organizations use one public IP address and many private IP addresses within the network
  7. Transfer Control Protocol (TCP)
    1. A protocol that handles reliable delivery of information from one network to another
  8. Uniform Resource Locator (URL)
    1. A web address similar to a home address
2. Layers
  1. Application
    1. HTTP, SMTP, ...
    2. Messages
    3. General
      1. Allows network applications to communicate in a way they understand
      2. Open Systems Interconnection model (OSI)
      3. layers
      4. Application
      5. Presentation
      6. Responsible for making sure that the unencapsulated application layer data is able to be understood by the application in question
      7. handle encryption or compression data
      8. Session
      9. Responsible for facilitating the communication between actual applications and the transport layer
      10. Takes application layer data and hands it off to the presentation layer
      11. Transport
      12. Network
      13. Data link
      14. Phisical
      15. Network time protocol (NTP)
      16. Used to keep all computers on a network synchronized in time
  2. Transport
    1. TCP/UDP
    2. Segment
      1. TCP Segment
      2. Made up of a TCP header and data section
      3. scheme
      4. Destination port
      5. the port of the service the traffic is intend for
      6. Source port
      7. A high-numbered port chosen from a special section of ports known as ephemeral ports
      8. Sequence number
      9. A 32-bit number that's used to keep track of where in a sequence of TCP segments this one expected to be
      10. which segment out of many this particular segment might be
      11. Acknowledgment number
      12. The number of the next expected segment
      13. Control flags
      14. URG (urgent)
      15. A value of one here indicates that segment is considered urgent and that the urgent pointer field has more data about this
      16. ACK (acknowledged)
      17. A value of one in this field means that the acknowledgement number field should be examined
      18. PSH (push)
      19. The transmitting device wants the receiving device to push currently-buffered data to the application on the receiving end as soon as possible
      20. RST (reset)
      21. One of the sides in a TCP connection hasn't been able to properly recover from a series of missing of malformed segments
      22. SYN (synchronize)
      23. It's used when first establishing a TCP connection and makes sure the receiving end knows to examine the sequence number field
      24. FIN (finish)
      25. When this flag is set to one, it means the transmitting computer doesn't have any more data to send and the connection can be closed
      26. Data offset field
      27. A 4-bit number that communicates how long the tcp header for this segment is
      28. TCP window
      29. Specifies the range of sequence numbers that might be sent before an acknowledgement is required
      30. Urgent pointer field
      31. Used in conjunction with one of the TCP control flags to point out particular segments that might be more important than others
      32. rarely used
      33. Options
      34. It is sometimes used for more complicated flow control protocols
      35. Padding
      36. a sequence of zeros to ensure that the data payload section begins at the expected location
      37. The three-way handshake
      38. To start the process off computer A sends a TCP segment to Computer B, with a SYN flag sent. This is computer A's way of saying, let's establish a connection and look at my sequence number field so we know where this conversation starts.
      39. Computer B then responds with a TCP segment where both the SYN and ACK flags are sent. This is Computer B's way of saying, sure, let's establish a connection and I acknowledge your sequence number.
      40. Then Computer A responds again with just the ACK flag sent, which is just saying I acknowledge your acknowledgement, let's start sending data.
      41. Once the three-way handshake is complete, the TCP connection is established. Now, Computer A is free to send whatever data it wants to Computer B and vice versa. Since both sides have now sent SYN/ACK pairs to each other, a TCP connection in this state is operating in full duplex.
      42. Once one of the devices involved with the TCP connection is ready to close the connection, something known as a four-way handshake happens. The computer ready to close the connection sends a FIN flag, which the other computer acknowledges with an ACK flag. Then if this computer is also ready to close the connection, which will almost always be the case, it will send a FIN flag. This is again responded to by an ACK flag. Hypothetically, a TCP connection can stay open in simplex mode with only one side closing the connection, but this isn't something you'll run into very often.
      43. UDP
      44. The client sends a packet to the server via UDP. UDP does not include SYN-ACK or handshake.
      45. UDP packet
      46. The packet is carrying the header and data for the server. The header has information about the origin and destination IP addresses for the packet. The data is the payload of the packet.
    3. Port
      1. A 16-bit number that's used to direct traffic to specific services running on a networked computer
      2. System Ports versus Ephemeral Ports
      3. Network services are run by listening to specific ports for incoming data requests. A port is a 16-bit number used to direct traffic to a service running on a networked computer. A "service" (or "server") is a program waiting to be asked for data. A "client" is another program that requests this data from the other end of a network connection. This reading explains how the Transmission Control Protocol (TCP) uses ports and sockets to establish a network connection and deliver data between services and clients.
      4. Types
      5. System Ports
      6. System Ports are identified as ports 1 through 1023. System ports are reserved for common applications like FTP (port 21) and Telnet over TLS/SSL (port 992). Many still are not assigned. Note: Modern operating systems do not use system ports for outbound traffic.
      7. 1-1023
      8. User Ports
      9. User Ports are identified as ports 1024 through 49151. Vendors register user ports for their specific server applications. The IANA has officially registered some but not all of them.
      10. 1024-49151
      11. Ephemeral Ports (Dynamic or Private Ports)
      12. Ephemeral Ports (Dynamic or Private Ports) are identified as ports 49152 through 65535. Ephemeral ports are used as temporary ports for private transfers. Only clients use ephemeral ports.
      13. 49152-65535
      14. Socket
      15. A socket is a port that a TCP segment has activated to listen for data requests.
      16. Ports allow services to send data to your computer but can also send malware into a client program. It's important to secure your ports.
    4. General
      1. Allows traffic to be directed to specific network applications
      2. traffic
      3. multiplexing
      4. demultiplexing
      5. Socket
      6. The instantiation of an end-point in a potential TCP connection
      7. States
      8. LISTEN
      9. A TCP socket is ready and listening for incoming connections
      10. SYN_SENT
      11. A synchronization request has been sent, but the connection hasn't been established yet
      12. client
      13. SYN-RECEIVED
      14. A socket previously in a LISTEN state has received a synchronization request and sent a SYN/ACK back
      15. server
      16. ESTABLISHED
      17. The TCP connection is in working order and both sides are free to send each other data
      18. FIN_WAIT
      19. A FIN has been sent, but the corresponding ACK from the other end hasn't been received yet
      20. CLOSE_WAIT
      21. The connection has been closed at the TCP layer, but that the application that opened the socket hasn't released its hold on the socket yet
      22. CLOSED
      23. The connection has been fully terminated and that no further communication is possible
      24. Instantiation
      25. The actual implementation of something defined elsewhere
      26. Connection-oriented protocol
      27. Established a connection, and uses this to ensure that all data has been properly transmitted
      28. Transmission Control Protocol (TCP)
      29. Connectionless protocols
      30. UDP
      31. User Datagram Protocol
      32. video streaming
      33. Firewalls
      34. A device that blocks traffic that meets certain criteria
  3. Network
    1. IP
    2. Packet/Datagram
      1. IP datagram
      2. A highly structured series of fields that are strictly defined
      3. version
      4. ip version
      5. Header lenght
      6. Almost always 20bytes in length when dealing with IPv4
      7. service type
      8. these 8 bits can be used to specify details about quality of service, or QoS, technologies
      9. total length
      10. indicates the total length of the IP datagram it's attached to
      11. Identification
      12. a 16-bit number that's used to group messages together
      13. flag
      14. used to indicate is a datagram is allowed to be fragmented, or to indicate that the datagram has already been fragmented
      15. Fragmentation
      16. The process of taking a single IP datagram and splitting it up into several smaller datagrams
      17. TTL
      18. Time to live - an 8-bit field that indicates how many router hops a datagram can traverse before it's thrown away
      19. protocol
      20. Another 8-bit field that contains data about what transport layer protocol is being used
      21. header checksum
      22. A checksum of the contents of the entire IP datagram header
      23. Options
      24. An optional field and is used to set special characteristics for datagrams primarily used for testing purposes
      25. Padding
      26. a series of zeros used to unsure the header is the correct total size
      27. The maximum size of a single datagram is the largest number you can represent with 16 bits
      28. 65 535
      29. if the total amount of data that needs to be send is larger than what can fit in a single datagram, the IP layer needs to split this data up into many individual packets
    3. IP Address
      1. IPv4 Addresses
      2. 32 bit
      3. 4 octets
      4. 4 x 0-255
      5. Sections
      6. Network ID
      7. Host ID
      8. Address class system
      9. A way of defining how the global IP address space is split up
      10. Class A
      11. [123.][48.30.100]
      12. first octet - is network id
      13. 2,3,4 octet - are host id
      14. Class B
      15. 2 octets - network ID
      16. 2 octets - host id
      17. Class C
      18. 3/1 - network id/host id
      19. IP addresses belong to networks, not to the devices attached to those networks
      20. types
      21. Dynamic IP address
      22. Static IP address
      23. In most cases, static IP addresses are reserved for servers and network devices, while dynamic IP addresses are reserved for clients
    4. General
      1. ARP
      2. Address resolution protocol
      3. A protocol used to discover the hardware address of a node with a certain IP address
      4. ARP table
      5. A list of IP addresses and the MAC addresses associated with them
      6. ARP table entries generally expire after a short amount of time to ensure changes in the network are accounted for
      7. Subnetting
      8. The process of taking a large network and splitting it up into many individual and smaller subnetworks, or subnets
      9. Incorrect subnetting setups are a common problem you might run into as an IT support specialist, so it's important to have a strong understanding of how this works
      10. Subnet masks
      11. 32-bit numbers that are normally written out as four octets in decimal
      12. 1
      13. the ignored part - subnet id
      14. 0
      15. valuable - host id
      16. example
      17. 255.255.255.224
      18. 11111111.11111111.11111111.11100000
      19. 5 bits
      20. 32 - 5 = 27 x 1 digits
      21. 9.100.100.100/27
      22. CIDR
      23. Classless Inter-Domain Routing
      24. / notation for the mask
      25. Demarcation point
      26. To describe where one network or system ends and another one begins
      27. Routing
      28. RFC
      29. Request for comments
      30. Router
      31. The network device that forwards traffic depending on the destination address of that traffic
      32. Basic routing
      33. Receive data packet
      34. Examine destination IP
      35. Looks up IP destination network in routing table
      36. Forwards traffic to destination
      37. Routing tables
      38. Basic
      39. Destination Network
      40. This column would contain a row for each network that the router knows about
      41. Next Hop
      42. This is IP address of the next router that should receive data intended for the destination networking question
      43. Total Hops
      44. the Metric indicates the associated cost of using the indicated route.
      45. Interface
      46. The Interface indicates what locally available interface is responsible for reaching the gateway.
      47. Example
      48. Routing Protocols
      49. These are special protocols the routers use to speak to each other in order to share what information they might have
      50. Autonomous system
      51. A collection of networks that all fall under the control of a single network operator
      52. main categories
      53. interior gateway protocols
      54. categories
      55. Link state routing protocols
      56. Every router on the system knows every detail about every other router in system
      57. Require both more memory in order to hold all of this data and much more processing power
      58. example
      59. BGP, or Border Gateway Protocol (IETF RFC4271)
      60. Distance-vector protocols
      61. older standard
      62. the router sends the list (routing table) to every neighboring router (every router directly connected to it). The list is a vector
      63. routers don't really know that much about the total state of an autonomous system
      64. examples
      65. RIP, or Routing Information Protocol (IETF RFC2453)
      66. EIGRP, or Enhanced Interior Gateway Routing Protocol
      67. Used by routers to share information within a single autonomous system
      68. exterior gateway protocols
      69. Used for the exchange of information between independent autonomous systems
      70. Non-routable address space
      71. They are ranges of IPs set asides for use by anyone that cannot be routed to
      72. 10.0.0.0/8
      73. 172.16.0.0/12
      74. 192.168.0.0/16
      75. NAT
      76. Network address translation
      77. Organizations
      78. Internet Assigned Numbers Authority (IANA)
      79. A non-profit organization that helps manage things like IP address allocation
      80. Autonomous System Number (ASN) allocation
      81. Numbers assigned to individual autonomous system
      82. 32 bits
      83. decimal number without splitting
      84. Internet Engineering Task Force (IEFT)
      85. Many network protocols are implemented based on specifications published by the Internet Engineering Task Force (IETF).
  4. Data Link
    1. Ethernet, Wi-Fi
    2. Frames
      1. Ethernet frame
      2. A highly structured collection of information presented in a specific order
      3. SFD
      4. last byte in the Preamble
      5. Start frame delimiter
      6. Signals to a receiving device that the preamble is over and that the actual frame contents will now follow
      7. Destination address
      8. MAC address
      9. Ether-type
      10. 16 bits long and used to describe the protocol of the contents of the frame
      11. VLAN header
      12. Indicates that the frame itself is what's called a VLAN frame
      13. If a VLAN header is present, the EtherType field follows it
      14. Virtual LAN (VLAN)
      15. A technique that lets you have multiple logical LANs operating on the same physical equipment
      16. Payload
      17. In networking terms, is the actual data being transported, which is everything that isn't a header
      18. all data for next layers
      19. Frame check sequence (FCS)
      20. A 4-byte (or 32-bit) number that represents a checksum value for the entire frame
      21. This checksum value is calculated by performing what's known as a cyclical redundancy check against the frame
      22. Cyclical redundancy check (CRC)
      23. An important concept for data integrity, and is used all over computing, not just network transmissions
    3. MAC Address
      1. A globally unique identifier attached to an individual network interface
      2. It is a 48-bit number normally represented by six groupings of two hexadecimal numbers
      3. Octet
      4. in a computer networking, any number that can be represented by 8 bits
      5. Organizationally Unique Identifier (OUI)
      6. The first three octets of a MAC address
      7. MAC(Media Access Control) address
    4. common way of interpreting signals
    5. General
      1. Ethernet
      2. The protocol most widely used to send data across individual links
      3. CSMA/CD
      4. Used to determine when the communications channels are clear, and when a device is free to transit data
      5. Carrier-Sense Multiple Access with Collision Detection (CSMA/CD)
      6. Unicast
      7. A unicast transmission is always meant for just one receiving address
      8. If the least significant nit in the first octet of a destination address is set to zero, it means that ethernet frame is intended for only the destination address
      9. Multicast
      10. If the least significant bit in the first octet of a destination address is set to one, it means you're dealing with multicast frame
      11. Broadcast
      12. sent to every single device on a LAN
      13. broadcast address
      14. all F
      15. FF:FF:FF:FF:FF:FF
      16. Data packet
      17. An all-encompassing term that represents any single set of binary data being sent across a network link
  5. Phisical
    1. Bits
    2. devices
    3. General
      1. Modulation
      2. A way of varying the voltage of this charge moving across the cable
      3. Duplex communication
      4. The concept that information can flow in both directions across the cable
      5. Simplex communication
      6. This process is undirectional
      7. cables
      8. Twisted pair cable
      9. the most common type of cabling used for connection computing devices
      10. It features pairs of copper wires that are twisted together
      11. Types
      12. Unshielded twisted pair (UTP)
      13. The most common and least expensive type of Ethernet cable found in business and home networks. UTP cables offer very basic protection against EMI, RFI, and crosstalk interference.
      14. Shielded twisted pair (STP)
      15. Used in environments where electromagnetic interference (EMI), radio frequency interference (RFI), and crosstalk with nearby cables have been identified as a problem for network communications. An STP cable uses a braided aluminum and/or copper shielding to encase the four twisted pairs underneath the outer jacket.
      16. Foiled twisted pair (FTP)
      17. Also used in environments where EMI, RFI, and crosstalk are a problem. An FTP cable uses a thin foil shield that wraps around the bundle of twisted pair wires underneath the outer jacket.
      18. Straight-through cable
      19. key
      20. Computers and routers use
      21. Pins 1 & 2 - Orange wires for sending data
      22. Pins 3 & 6 - Green wires for receiving data
      23. Hubs and switches use
      24. Pins 1 & 2 - Green wires for sending data
      25. Pins 3 & 6 - Orange wires for receiving data
      26. Straight-through cables are also known as patch cables. They are the primary type of Ethernet cable used in computer networks. Straight-through cables normally connect computers and routers to hubs and Ethernet switches. Ethernet cable can also connect servers to Ethernet switches.
      27. Twisted pair Ethernet: Crossover cable
      28. Crossover cables are used to connect two computing devices directly to one another. As an IT Support specialist, you might use a short crossover cable to connect an IT administrator laptop directly to an Enterprise machine (e.g., server, switch, router, hub, etc.). This type of connection is normally used to update, repair, and perform other administrative tasks on the Enterprise machine. A crossover cable should be connected between the Ethernet port/Network Interface Card (NIC) on the IT administrative system and the management port of the Enterprise machine. This connection is then used to access the operating system and/or the management interface of the Enterprise machine. Additionally, crossover cables can connect two switches, two hubs, or a switch to a hub, as well as two routers, two PCs, or a router to a PC.
      29. key
      30. Endpoint 1 of the Ethernet cable
      31. Pins 1 & 2 - Green wires for sending data
      32. Pins 3 & 6 - Orange wires for receiving data
      33. Endpoint 2 of the Ethernet cable:
      34. Pins 1 & 2 - Orange wires for sending data
      35. Pins 3 & 6 - Green wires for receiving data
      36. ports
      37. RJ45
      38. yellow - Link LED
      39. Cable properly connected to two devices that are both powered on
      40. green - Activity LED
      41. Would flash when data actively transmitted across the cable
      42. Line coding
      43. Modulation used for computer networks
  6. schemes
3. Example
  1. Description
Devices
1. Cables
  1. Cooper
    1. forms
      1. Cat5
      2. Cat5e
      3. Cat6
    2. Crosstalk
      1. When an electrical pulse on one wire is accidentally detected on another wire
  2. Fiber
    1. Contain individual optical fibers, which are tiny tubes made out of glass about the width of a human hair
2. Single network
  1. Hub
    1. A physical layer device that allows for connections from many computers at once
    2. Collision domain
      1. A network segment where only one device can communicate at a time
    3. Physical
  2. Switch
    1. Data Link
    2. switch vs hub
  3. LAN
    1. local area network
3. Router
  1. A device that knows how to forward data between independent networks
  2. Network layer
  3. Border Gateway Protocol (BGP)
    1. Router share data with each other via this protocol, which lets them learn about the most optimal paths to forward traffic
  4. Internetwork
    1. A collection of networks connected together through routers - the most famous of these being the Internet
4. Servet/Client
Connections and protocols
1. Dial-up and Modems
  1. Public Switched Telephone Network (PSTN)
  2. Plain Old Telephone Service (POTS)
  3. A dial-up connection uses POTS for data transfer, and gets its name because the connection is established by actually dialing a phone number
  4. Baud rate
    1. A measurement of how many bits can be passed across a phone line in a second
      1. 1950s - 110 bits per second
      2. 1990s 14.4 Kbits per second
2. Broadband
  1. Any connectivity technology that isn't dial-up internet
  2. T-carrier technologies
    1. Originally invented by AT&T in order to transmit multiple phone calls over a single link
    2. Transmission System 1 specification
      1. invented a way to carry up to 24 simultaneous phone calls across a single piece of twisted pair copper.
      2. Each of the 24 phone channels was capable of transmitting data at 64 kilobits per second, making a single T1 line capable of transmitting data at 1.544 megabits per second. Over the years, the phrase T1 has come to mean any twisted pair copper connection capable of speeds of 1.544 megabits per second.
    3. AT3 line is 28 T1s all multiplexed, achieving a total throughput speed of 44.736 megabits per second.
  3. Digital Subscriber Lines (DSL)
    1. digital subscriber line access multiplexers (DSLAMs)
    2. types
      1. ADSL
      2. Asymmetric Digital Subscriber Line
      3. ADSL connections feature different speeds for outbound and incoming data. Generally, this means faster download speeds and slower upload speeds.
      4. SDSL
      5. Symmetric Digital Subscriber Line
      6. Most SDSL technologies have an upper cap of 1.544 megabits a second or the same as a T1 line.
      7. HDSL
      8. High bit-rate Digital Subscriber Lines.
      9. These are DSL technologies that provision speeds above 1.544 megabits per second.
  4. Cable
    1. Cable modem
      1. The device that sits at the edge of a consumer's network and connects it to the cable modem termination system, or CMTS
  5. Fiber
    1. FTTX
      1. FTTN
      2. fiber to the neighborhood.
      3. FTTB
      4. fiber to the building, fiber to the business, or even fiber to the basement.
      5. is a setup where fiber technologies are used for data delivery to an individual building
      6. FTTH
      7. fiber to the home
      8. FTTP
      9. fiber to the premises
  6. Point to Point Protocol (PPP)
    1. Point to Protocol (PPP) is a byte-oriented protocol broadly used for high-traffic data transmissions. PPP functions at the data link layer, which transmits data between two devices on the same network. PPP is designed to link devices, so the endpoints do not need to be the same vendor to work.
    2. options
      1. Multilink connection provides a method for spreading traffic across multiple distinct PPP connections.
      2. Compression increases throughput by reducing the amount of data in the frame.
      3. Authentication occurs when connected devices exchange authentication messages using one of two methods:
      4. Password Authentication Protocol (PAP) is a password authentication option that is hard to obtain plaintext from if passwords are compromised.
      5. Challenge Handshake Authentication Protocol (CHAP) is a three-way handshake authentication that periodically confirms the identity of the clients.
      6. Error detection includes Frame Check Sequence (FCS) and looped link detection.
      7. Frame Check Sequence (FCS) is a number included in the frame calculated over the Address, Control, Protocol, Information, and Padding fields used to determine if there has been data loss during transmission.
      8. Looped link detection in PPP detects looped links using magic numbers. A magic number is generated randomly at each end of the connection, so when a looped message is received, the device checks the magic number against its own. If the line is looped, the number will match the sender's magic number, and the frame is discarded.
    3. Sub-protocols for PPP
      1. Network Control Protocol (NCP)
      2. will be used to negotiate optional configuration parameters and facilities for the network layer. There is an NCP for each higher layer protocol used by the PPP.
      3. Link Control Protocol (LCP)
      4. initiates and terminates connections automatically for hosts. It automatically configures the interfaces at each end like magic numbers and selecting for optional authentication.
    4. PPP Frame
      1. Data is sent using PPP in a frame. A frame is a collection of data sent to a receiving point.
      2. Flag
      3. is a single byte and lets the receiver know this is the beginning of the frame. Depending on the encapsulation, there may or may not be a start flag or an end flag.
      4. Address
      5. is a single byte, and it contains the broadcast address.
      6. Control
      7. is a single byte required for various purposes but also allows a connectionless data link.
      8. Protocol
      9. varies from one to three bytes which identify the network protocol of the datagram.
      10. Data
      11. is where the information you need to transmit is stored and has a limit of 1500 bytes per frame.
      12. Frame check sequence (FCS)
      13. is 2 or 4 bytes and is used to verify data is intact upon receipt at the endpoint.
      14. When the data is packaged in a frame, it undergoes encapsulation.
      15. Encapsulation
      16. Encapsulation is the process by which each layer takes data from the previous layer and adds headers and trailers for the next layer to interpret.
    5. PPP can get expensive and hard to manage due to all the direct cables and links required. In this case, you may want to switch to a multi-access Ethernet solution. Point to Point Protocol over Ethernet is a protocol made to bridge the gap between directly connected endpoints and other devices.
  7. Point to Point Protocol over Ethernet (PPPoE)
    1. Point to Point protocol over Ethernet (PPPoE) is a way of encapsulating PPP frames inside an ethernet frame. PPPoE is a solution for tunneling packets over the DSL connection service provider's IP network and from there to the rest of the Internet. Like PPP, PPPoE provides authentication, encryption, and compression, though it primarily uses Password Authentication Protocol (PAP) for authentication.
    2. A common use case is PPPoE using DSL services where a PPPoE modem-router connects to the DSL service or when a PPPoE DSL modem is connected to a PPPoE-only router using an Ethernet cable.
    3. PPP is strictly point-to-point, so frames can only go to the intended destination. PPPoE requires a new step because ethernet connections are multi-access enabled (every node connects to another). This requires an additional step called the discovery stage. The discovery stage establishes a session ID to identify the hardware address. This stage ensures data gets routed to the correct place.
    4. PPPoE is an encapsulation of PPP inside an ethernet frame. PPPoE retains the same architecture, configuration options, and frame data as PPP but with one extra layer of ethernet encapsulation.
3. Wide Area Network Technologies (WANs)
  1. Acts like a single network, but spans across multiple physical locations
  2. WAN router
    1. Hardware devices that act as intermediate systems to route data amongst the LAN member groups of a WAN (also called WAN endpoints) using a private connection. WAN routers may also be called border routers or edge routers. These routers facilitate an organization’s access to a carrier network. WAN routers have a digital modem interface for the WAN, which works at the OSI link layer, and an Ethernet interface for the LAN.
  3. Software-Defined WAN (SD-WAN)
    1. Software developed to address the unique needs of cloud-based WAN environments. SD-WANs can be used alone or in conjunction with a traditional WAN. SD-WANs simplify how WANs are implemented, managed, and maintained. An organization’s overall cost to operate a cloud-based SD-WAN is significantly less than the overall cost of equipping and maintaining a traditional WAN. One of the ways that SD-WANs help reduce operational costs is by replacing the need for expensive lines leased from an ISP by linking regional LANs together to build a WAN.
  4. WAN optimization
    1. Compression
      1. Reducing file sizes to improve network traffic efficiency. There are many compression algorithms available for text, image, video, etc. The sender and the receiver will need apps that offer the same compression/decompression algorithm to encode and decode the compressed files.
    2. Deduplication
      1. Prevents files from being stored multiple times within a network to avoid wasting expensive hard drive space. One copy of the file is kept in a central location. All other “copies” are actually file pointers to the single copy of the file. This saves valuable hard drive space, makes performing data backups more efficient, and reduces the amount of time needed to recover from data loss disasters.
    3. Protocol Optimization
      1. Improves the efficiency of networking protocols for applications that need higher bandwidth and low latency.
    4. Local Caching
      1. Storing local copies of network and internet files on a user’s computer to reduce the need to resend the same information across the network every time the file is accessed. Some WAN optimization products can cache shared files at one physical LAN location when groups of employees at the location tend to request the same set of files frequently.
    5. Traffic Shaping
      1. Optimizing network performance by controlling the flow of network traffic.
      2. bandwidth throttling
      3. controlling network traffic volume during peak use times
      4. rate limiting
      5. capping maximum data rates/speeds
      6. use of complex algorithms
      7. classifying and prioritizing data to give preference to more important traffic (e.g., an organization might want to prioritize private LAN-to-LAN traffic within the organization’s WAN and give a lower priority to employees accessing the public Internet).
  5. WAN Protocols
    1. WAN Internet Protocols are used in conjunction with WAN routers to perform the task of distinguishing between a private LAN and the related public WAN.
      1. Packet switching
      2. A method of data transmission. In packet switching, messages are broken into multiple packets. Each packet contains a header that includes information on how to reassemble the packets, as well as the intended destination of the packets. As a measure to prevent data corruption, the packets are triplicated. The triplicated packets are sent separately over optimal routes through the internet. Then, once the packets reach their destination, they are reassembled. The triplicate copies are compared with one another to detect and correct any data corruption that occurred during transmission (at least two of the three copies should match). If the data cannot be reassembled and/or data corruption is evident in all three copies, the destination will make a request to the origin to resend the packet.
      3. Frame relay
      4. Also a method of data transmission. Frame relay is an older technology originally designed for use on Integrated Services Digital Network (ISDN) lines. However, the technology is now used in other network interfaces. Frame relays are used to transmit data between endpoints of a WAN through a packet switching method that works at the OSI data link and physical layers. A fast data communications network, called a Frame Relay Network, is used to transport data packets in frames. The reliability of Frame Relay Networks minimizes the need for error checking. The frames include routing address information for the destination.
      5. Permanent Virtual Circuits (PVCs)
      6. Used for long-term data connections. Stays open even when data is not being transmitted.
      7. Switched Virtual Circuits (SVCs)
      8. Used in temporary session connections for sporadic communications.
      9. Asynchronous Transfer Mode (ATM)
      10. ATM is an older technology that encodes data using asynchronous time-division multiplexing. The encoded data is packaged into small, fixed-sized cells. ATM can send the cells over a long distance, which makes it useful for WAN communications. ATMs uses routers as end-points between ATM networks and other networks. ATM technology has been replaced for the most part by Internet Protocol (IP) technologies.
      11. High Level Data Control (HLDC)
      12. An encapsulation or data link protocol that delivers data frames through a network. The frames include multiple fields that can hold information about start and end flags, controls, Frame Check Sequence (FCS), and protocol used. HLDC was developed to use multiple protocols to replace Synchronous Data Link Control (SLDC), which used only one protocol. HDLC includes error correction, flow control, and data transmission through polling. HDLC has three modes to define the relationship between two devices, or nodes, during communications
      13. Normal Response Mode (NRM)
      14. Primary node must give permission to the secondary node to transmit.
      15. Asynchronous Response Mode (ARM)
      16. Primary node allows the secondary node to initiate communication.
      17. Asynchronous Balanced Mode (ABM)
      18. Both nodes can act as either the primary or secondary nodes. They can each initiate communications without permission.
      19. Packet over Synchronous Optical Network (SONET) or Synchronous Digital Hierarchy (SDH)
      20. A communication protocol used for WAN transport. The SONET or SDH communication protocols define how point-to-point links communicate over fiber optics cables.
      21. Multiprotocol Label Switching (MPLS)
      22. A technique for optimizing network routing. MPLS replaces inefficient table lookups for long network addresses with short path labels. These labels direct data from node to node.
  6. local loop
    1. the area between a demarcation point and the ISP's core network
    2. The demarcation point is the point at which the responsibility for the transmission of data shifts from the customer to the service provider, and the ISP's core network is the main part of the network that handles the traffic between different locations. The last mile is typically the most expensive and difficult part of the network to maintain, as it involves connecting the customer's premises to the service provider's network over long distances, often using a variety of technologies such as copper wires, fiber optic cables, and wireless connections.
4. Point-to-Point VPNs
5. Wireless Networking
  1. IEEE 802.11
    1. specifications
      1. 802.11b
      2. (1999) - Wi-Fi 1
      3. Designed for 2.4 GHz frequency band only
      4. Offered a maximum data rate of 11 Mbps
      5. Offered a maximum signal range of 450 feet (140 m)
      6. Defined 14 overlapping channels (frequent cause of interference)
      7. 802.11a
      8. (1999) - Wi-Fi 2
      9. Designed for 5 GHz frequency band only
      10. Offered a maximum data rate of 54 Mbps
      11. Offered a maximum signal range of 400 feet (120 m)
      12. Defined 23 non-overlapping channels at 20 MHz wide
      13. 802.11g
      14. (2003) update to 802.11b - Wi-Fi 3
      15. Improved 2.4 GHz frequency band only
      16. Increased the maximum data rate to 54 Mbps
      17. 802.11n
      18. (2009) bandwidth increase - Wi-Fi 4
      19. Improved both 2.4 GHz and 5 GHz frequency bands
      20. Access points could offer “dual-band” support with each band implemented by a separate radio.
      21. Increased bandwidth and reliability with “multiple input multiple output" (MIMO) technology.
      22. Allowed “channel bonding” for 5 GHz (two adjacent channels could be combined).
      23. Increased the maximum data rate to 72 Mbps per stream and 150 Mbps per stream for bonded channels. With specific configurations, the maximum data rate could be as high as 600 Mbps.
      24. Increased maximum signal range of 825 feet (250 m)
      25. 802.11ac
      26. (2014) and Wave 2 (2015) bandwidth increases - Wi-Fi 5
      27. Improved the 5 GHz frequency band only, though access points could still offer dual band support for older 2.4 GHz specifications.
      28. Access points could offer triband support (one 2.4 GHz and two 5 GHz radios).
      29. Supported wider bonded channels at 80 and 160 MHz.
      30. Allowed up to eight streams with each 80 MHz channel.
      31. Increased maximum data rates to 1 Gbps and could be as high as 2.2 Gbps for specific configurations. Wave 2 increased the maximum data rate to 6.9 Gbps.
      32. Increased sent data transmissions to up to 4 clients at the same time. This was achieved by allowing access points to use multiple antennas through downlink multiuser MIMO (DL MU-MIMO) technology.
      33. 802.11ax
      34. (2019) bandwidth increases - Wi-Fi 6
      35. Improved data stream rates to 600 Mbps per 80 MHz channel, with combined data rates of over 1 Gbps for the 2.4 GHz frequency and 4.8 Gbps for the 5 GHz frequency.
      36. Increased sent data transmissions to up to 8 clients at the same time with downlink MU-MIMO.
      37. Added support for full-duplex MU-MIMO to receive uplink data from multiple client devices.
      38. Added support for “orthogonal frequency division multiple access” (OFDMA), which works with MU-MIMO to sustain high data rates during periods of high client device traffic.
      39. Requires all client devices to use WPA3 security protocols.
      40. Wi-Fi 6e (2020) bandwidth increases
      41. Added support for a new 6 GHz frequency band, which has a combined maximum data rate speed of 10 Gbps (shared by multiple devices).
      42. Added new channels to reduce interference.
      43. Improved frequency space for 80 and 160 MHz channels.
      44. Table
    2. DataFrame
      1. physical and data link layers
      2. Frame Control
      3. Is 16 bits long and contains a number of subfields that are used to describe how the frame itself should be processed
      4. version was used
      5. Duration
      6. It specifies how long the total frame is, so the receiver knows how long it should expect to have to listen to this transmission
      7. 4 addresses
      8. Wireless access point
      9. A device that bridges the wireless and wired portions of a network
      10. Source address
      11. Receiver address
      12. The MAC address of the access point that should receive the frame
      13. Transmitter address
      14. The MAC address of whatever has just transmitted the frame
      15. Sequence control
      16. Is 16 bits long and mainly contains a sequence number used to keep track of the ordering of frames
      17. Data payload
      18. Has all of the data of the protocols further up the stack
      19. Fram check sequence field (FCS)
      20. Contains a checksum used for a cyclical redundancy check, just like how ethernet does it
    3. Institute of Electrical and Electronics Engineers (IEEE)
    4. In 1997, the Institute of Electrical and Electronics Engineers (IEEE) ratified the first 802.11 standard for wireless fidelity (later branded as Wi-Fi)
    5. The various amended 802.11 specifications use the same fundamental data link protocol. However, some characteristics may vary at the OSI physical layer, including
      1. signal ranges
      2. modulation techniques
      3. transmission bit rates
      4. frequency bands
      5. channels
  2. Frequency band
    1. A certain section of the radio spectrum that's been agreed upon to be used for certain communications
    2. WiFi
      1. 2.4 GHz
      2. Advantages
      3. Has the longest signal range from 150 feet (45 meters) indoors to 300 feet (92 meters) outdoors.
      4. Can pass through walls and other solid objects.
      5. Disadvantages
      6. The long signal range also increases the chances of Wi-Fi traffic being intercepted by cybercriminals.
      7. Includes a limited number of channels. Can range from 11 to 14 channels, depending on regulations in the country of use.
      8. Can experience network traffic congestion and interference with other Wi-Fi networks and wireless technologies, such as BlueTooth, that overlap the 2.4 GHz frequency bands.
      9. Microwave ovens also work in the 2.4 GHz frequency band and can cause Wi-Fi interference.
      10. Under specific conditions, the maximum achievable data rate is 600 Mbps.
      11. 5 GHz
      12. Advantages
      13. Includes significantly more channels than 2.4 GHz.
      14. Experiences fewer interference problems and less wireless network traffic congestion than 2.4 GHz.
      15. Can achieve over 2 Gbps data transfer speeds under specific conditions.
      16. Disadvantages
      17. The wireless range is limited to 50 feet (12 meters) indoors and 100 feet (30 meters) outdoors.
      18. Does not penetrate walls and other solid objects as well as 2.4 GHz.
      19. Wi-Fi 6
      20. 802.11ax
      21. is one of the largest leaps in Wi-Fi technology since its introduction
      22. The Wi-Fi 6 network protocol is faster and more efficient for networks with a larger number of connected devices.
      23. Benefits of Wi-Fi 6
      24. Higher data rates
      25. Band splitting or increased client group sizes allow for uploading and downloading greater amounts of data.
      26. Increased band capacity
      27. Band utilization increased from 80mHz to 160mHz, creating a faster connection from the router to connected devices
      28. Better performance
      29. The input/output streams are doubled from the 4 by 4 allowed by Wi-Fi 5, to 8 by 8 in Wi-Fi 6, allowing more clients to be grouped
      30. Improved power efficiency
      31. Devices only connect to the network when sending or receiving data, increasing battery life.
      32. Capabilities of Wi-Fi 6
      33. Channel sharing
      34. for better efficiency and shortens the time it takes to send data once a user gives the send command.
      35. Target Wake Time (TWT)
      36. improves the network speed and increases battery life by allowing battery-powered devices to sleep when not in use.
      37. Multi-user MIMO (Multiple Input, Multiple Output)
      38. wireless technology allows more data to be transferred simultaneously. This ability increases capacity and efficiency in high bandwidth applications like voice calls or video streaming.
      39. 160 MHz channel utilization
      40. gives more space for transmitting data and increases bandwidth capability.
      41. 1024 Quadrature amplitude modulation
      42. combines two signals into a single channel, so more data is encoded.
      43. Orthogonal Frequency Division Multiple Access (OFDMA)
      44. allows for bandwidth splitting, which is assigned dynamically by the access point to separate devices.
      45. Transmit beamforming
      46. is a technique that sends signals that allow for more efficient higher data rates by targeting each connected device.
      47. Wi-Fi 6E extends Wi-Fi 6 into 6 GHz
      48. Wi-Fi 6E is an additional certification for Wi-Fi 6 that has all of the features of Wi-Fi 6 but adds a third 6 GHz band. Wi-Fi 6E has more channels to use to broadcast, including 14 more 80MHz channels and seven more 160MHz channels. The additional channels allow networks with Wi-Fi 6E for better performance even when streaming high-definition video or using virtual reality devices.
    3. dynamic frequency selection (DFS)
  3. Wireless Network Configurations
    1. Ad-hoc networks
      1. There are ad-hoc networks where nodes all speak directly to each other.
      2. In an ad-hoc network, there isn't really any supporting network infrastructure
    2. Wireless LANS or WLANS
      1. where one or more access points act as a bridge between a wireless and a wired network
    3. Mech networks
      1. which are a hybrid of the two.
  4. Wireless Channels
    1. Channels
      1. Individual, smaller sections of the overall frequency band used by a wireless network
    2. Collision domain
      1. Any one network segment where one computer interrupt another
  5. Wireless Security
    1. Wired Equivalent Privacy (WEP)
      1. An encryption technology that provides a very low level of privacy
      2. WEP only uses 40 bits for its encryption keys and with the speed of modern computers this can usually be cracked in just a few minutes.
    2. Wifi Protected Access (WPA)
      1. WPA by default uses a 128-bit key, making it a whole lot more difficult to crack than WEP
    3. WPA2
      1. WPA2 uses a 256 bit key, make it even harder to crack
    4. MAC filtering
      1. You configure your access points to only allow for connections from a specific set of MAC addresses belonging to devices you trust
      2. This doesn't do anything more to help encrypt wireless traffic being sent through the air, but it does provide an additional barrier preventing unauthorized devices from connecting to the wireless network itself.
    5. WPA3
      1. WPA3 is built upon the WPA2 protocol and is intended to replace WPA2. The WPA3 protocol introduces new features and methods to repair the security weaknesses of WPA2.
      2. Benefits
      3. Simplified wireless security
      4. Stronger authentication
      5. Powerful encryption
      6. Stable business continuity
      7. Enhanced security methods
      8. Replacement for legacy protocols
      9. Protected Management Frames (PMF) requirement for enterprise networks
      10. Simultaneous Authentication of Equals (SAE)
      11. Personal Pre-Shared Key (PSK)
      12. handshake protocol
      13. Pairwise Master Key (PMK)
      14. The PMK uses password-based authentication and is shared between a Wi-Fi access point and a wireless device.
      15. The SAE authentication also reduces the probability of successful dictionary and brute force attacks, in which cybercriminals try to crack short, weak, and commonly used passwords. Additionally, SAE corrects a weakness exploited by cybercriminals who could perform key reinstallation attacks (KRACKs) when in close proximity to a Wi-Fi user. This type of attack could decrypt data and expose passwords, credit card information, photos, chats, emails, and more.
      16. WPA3-Personal
      17. WPA3-Personal is intended for individual users and personal/home Wi-Fi networks. This protocol addresses common cybersecurity weaknesses that affect consumers’ wireless devices. It also simplifies Wi-Fi security for users.
      18. Natural password selection
      19. Gives users the ability to set passwords that are easier for the user to remember.
      20. Increased ease of use
      21. Users do not need to change the way they connect to Wi-Fi to benefit from WPA3’s improved security.
      22. Forward secrecy
      23. If a password is stolen, WPA3 can continue to protect data that is transmitted.
      24. Simultaneous Authentication of Equals (SAE)
      25. WPA3-Personal improves upon the WPA2-Personal Pre-Shared Key (PSK) handshake protocol. SAE uses PSK to generate a Pairwise Master Key (PMK). The PMK uses password-based authentication and is shared between a Wi-Fi access point and a wireless device. The pair use a complex, multi-stage process for proving to one another that they each possess the PMK. This complex handshake makes it extremely difficult for cybercriminals to intercept packets in order to extract an identifiable authentication key. If the SAE transaction is successful, the wireless device will pass the authentication stage and gain access to the secured Wi-Fi network.
      26. WPA3-Enterprise
      27. WPA3-Enterprise is intended for business networks with multiple users. This protocol addresses the WPA2-Enterprise weaknesses that cybercriminals have been able to exploit. In addition to the WPA3-Personal SAE improvements, the WPA3-Enterprise security improvements and options include:
      28. Galois/Counter Mode Protocol (GCMP-256)
      29. The Advanced Encryption Standard (AES)
      30. Counter Mode Protocol (CCMP)
      31. Cipher Block Chaining Message Authentication Code (CBC-MAC)
      32. The Advanced Encryption Standard (AES) with GCMP-256-bit encryption replaces the WPA2 128-bit AES-Counter Mode Protocol (CCMP) Cipher Block Chaining Message Authentication Code (CBC-MAC). GCMP for data integrity. The GCMP-256-bit encryption strength takes significantly more computing power for cybercriminals to crack than 128-bit encryption. The average person would not have access to that level of computing power. GCMP-256-bit encryption provides a stronger security protocol and makes it harder for cybercriminals to perform Meddler-in-the-Middle attacks.
      33. Opportunistic Wireless Encryption (OWE)
      34. OWE improves upon the WPA2 wireless encryption standard of 802.1x Open Authentication and Extensible Authentication Protocol (EAP). In WPA2, EAP required additional support to help it encrypt and authenticate login credentials. In the WPA3 protocol, OWE replaces EAP with a solution that encrypts and authenticates all wireless traffic. It also replaces Wi-Fi passwords by assigning a unique key to each device that has permission to access the network. This technology repairs a weakness Wi-Fi users experience in open networks, which are often found in restaurants, coffee shops, hotels, airports, malls, and more.
      35. Extensible Authentication Protocol (EAP)
      36. Wi-Fi Device Provisioning Protocol (DPP)
      37. DPP improves upon the WPA2 Wi-Fi Protected Setup (WPS) encryption technology between wireless devices and routers. WPA3’s DPP uses QR codes or NFC tags to grant passwordless Wi-Fi access to wireless devices.
      38. Wi-Fi Protected Setup (WPS)
      39. 384-bit Hashed Message Authentication Mode (HMAC) with Secure Hash Algorithm (SHA)
      40. HMAC creates hash code from a secret key. This hash code is sent with each message passed between a Wi-Fi access point and a user’s device. The hash code from the origin of the message is compared to the hash code from the receiver of the message to determine if the hash codes match. A discrepancy between the two hashes would indicate that the message was compromised or corrupted during transmission.
      41. Elliptic Curve Diffie-Hellman Exchange (ECDHE) and Elliptic Curve Digital Signature Algorithm (ECDSA)
      42. In WPA3, key management and authentication use the ECDHE protocol and ECDSA encryption for faster performance. The protocol is supported by most browsers. This key management technology replaces the WPA2 4-way handshake.
  6. Cellular Networking
  7. Bluetooth
  8. Wireless Network Protocols for IoT
    1. IoT wireless network protocols at the physical layer
      1. network protocols support
      2. Personal Area Networks (PANs)
      3. global internet connectivity
      4. network protocols
      5. Wireless-Fidelity (Wi-Fi)
      6. IEEE 802.15.4
      7. An inexpensive, low-power wireless access technology intended for IoT devices that operate on battery power. IEEE 802.15.4 uses the 2.4 GHz or lower radio band frequencies. IEEE 802.15.4 is normally used for low-rate wireless personal area networks (LR-WPANs) and uses a 128-bit encryption
      8. Example
      9. ZigBee
      10. An LR-WPAN intended for smart home use. However, ZigBee has also been adopted globally for commercial IoT products. ZigBee includes a universal language that facilitates the interoperability of smart objects through a self-healing mesh network. ZigBee LR-WPAN networks can be accessed through Wi-Fi or Bluetooth.
      11. Thread
      12. A low-latency wireless mesh networking protocol based on IPv6 addressing and existing open standards and technologies. These characteristics make thread networks compatible with a broad spectrum of IoT ecosystems. Thread devices do not use proprietary gateways or translators, making them inexpensive and easier to implement and maintain than other wireless technologies. Thread is used by the Google Nest Hub Max.
      13. Z-Wave
      14. An interoperable, wireless mesh protocol (described below) that is based on low powered radio frequency (RF) communications. The Z-Wave protocol uses an RF signal on the 908.2MHz frequency band and extends 330 feet. Z-Wave allows users to control and monitor IoT smart devices. Z-Wave is inexpensive, reliable, and simple to use. The Z-wave protocol supports a closed network for security purposes. Over 3300 types and models of home and business IoT devices are certified to use Z-Wave technology, with more than 100 million devices in use worldwide.
      15. Wireless mesh network (WMN)
      16. Mesh networks are used by many popular wireless IoT network protocols, like Zigbee and Z-Wave, for device communication. Wireless mesh networks use less power than other wireless connectivity options. Wireless mesh is a decentralized network of connected wireless access points (WAP), also called nodes. Each WAP node forwards data to the next node in the network until the data reaches its destination. This network design is “self-healing,” meaning the network can recover on its own when a node fails. The other nodes will reroute data to exclude the failed node. Wireless mesh is a good option for high reliability and low power consumption, which is better for battery powered IoT devices.
      17. Full mesh network
      18. Every node can communicate with all of the other nodes in the network.
      19. Partial mesh network
      20. Nodes can only communicate with nearby nodes.
      21. Bluetooth
      22. Bluetooth is a widely used wireless network that operates at a 2.45 GHz frequency band and facilitates up to 3 Mbps connections among computing and IoT devices.
      23. Bluetooth has a range of up to 100 feet (30.6 meters) and can accommodate multiple paired connections.
      24. It is a good choice for creating a short distance wireless connection between Bluetooth enabled devices. Bluetooth is often used by computing devices to manage, configure, control, and/or collect small amounts of data from one or more close range IoT devices. For example, Bluetooth may be used to control smart home lighting or thermostat IoT devices from a smartphone.
      25. Near-Field Communication (NFC)
      26. NFC is a short-range, low data, wireless communication protocol that operates on the 13.56 MHz radio frequency.
      27. NFC technology requires a physical chip (or tag) to be embedded in the IoT device. NFC chips can be found in credit and debit cards, ID badges, passports, wallet apps on smartphones (like Google Pay), and more.
      28. A contactless NFC scanner, like a Point-of-Sale (PoS) device, is used to read the chip. This scanner communication connection often requires the IoT device to be within 2 inches (6 cm) of the scanner, but some NFC chips have an 8 inch (20 cm) range.
      29. This short-distance range helps to limit wireless network security threats. However, criminals can carry a portable NFC scanner into a crowded area to pick up NFC chip data from items like credit cards stored inside purses and wallets. To protect against this type of data theft, the cards should be placed inside special NFC/RFID sleeves that make the chips unreadable until they are removed from the sleeves. NFC technology may also be used in the pairing process for Bluetooth connections.
      30. Long Range Wide Area Network (LoRaWan)
      31. LoRaWan is an open source networking protocol designed to connect battery powered, wireless IoT devices to the Internet for widely dispersed networks.
6. IoT Data Transfer Protocols
  1. Data protocol models used with IoT
    1. Request/Response model
      1. Often used in distributed systems where the communication flow between servers and clients consists of requests and responses for data. Examples include HTTP and CoAP (described in the “IoT data protocols at the application layer” section below)
    2. Publish/Subscribe model
      1. A framework for message exchanges between publishers (hosts) and subscribers (clients) that are routed through a broker. Subscribers can sign up to a channel to receive notices through the broker when the publisher releases new messages. Examples: MQTT and AMQP (described in the “IoT data protocols at the application layer” section below).
  2. IoT data protocols at the application layer
    1. HyperText Transfer Protocol / Secure (HTTP/HTTPS)
      1. HTTP and HTTPS are the most widely used information transfer protocols across the World Wide Web (WWW). The protocols define how information is formatted and transmitted. HTTP/HTTPS uses ASCII formatting, has a header size of 8 bytes, and is designed for transmitting documents. HTTP/HTTPS use either Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) for sending information across the internet. HTTP/HTTPS uses the request/response model. When a website address is entered into a browser, HTTP/HTTPS sends a request to the site’s web server, which then returns an HTTP/HTTPS formatted response to the browser. The protocols use ports 80 or 8080 and data security is provided on the HTTPS version of the protocol. HTTP is supported by Google Cloud IoT Core for device-to-cloud communication.
    2. Machine-to-Machine (M2M) Communication Protocols
      1. A set of direct communication methods for low-power devices, machines, and systems. There are three primary architectural and protocol groups in M2M electronic communications
      2. Representational State Transfer (REST)
      3. An architectural style for communication amongst web accessible systems.
      4. Service-oriented Architectures (SOA)
      5. An architecture for data exchanges in industrial automation systems.
      6. Message Oriented Protocols
      7. A protocol for asynchronous data transfers for distributed systems.
    3. Message Queue Telemetry Transport (MQTT)
      1. An IoT data-centric interaction protocol for M2M that uses a simple publish-subscribe model. MQTT supports Quality of Service (QoS), uses TCP for sending information, and utilizes Secure Sockets Layer (SSL) and Transport Layer Security (TLS) for security. MQTT using binary format and 2-byte header sizes for efficient messaging. MQTT is supported by Google Cloud IoT Core for device to cloud communication.
    4. Constrained Application Protocol (CoAP)
      1. A web transfer protocol for IoT constrained nodes and networks designed for M2M applications. CoAP is used for IoT applications like building automation and smart energy management. CoAP is very similar to HTTP: both are based on the REST model and both place resources on a server that is accessible to clients via a URL.
    5. Advanced Message Queuing Protocol (AMQP)
      1. An open standard for messaging amongst applications in different organizations and/or platforms. Its purpose is to remove vendor lock-in for app communication. In addition to interoperability, AMQP also offers reliability and security.
    6. Extensible Messaging and Presence Protocol (XMPP)
      1. A decentralized, open standard for chat, messaging, video and voice calls, collaboration tools, and more. Built upon Japper, XMPP offers a proven communication technology that is extensible, flexible, and diverse.
    7. Data Distribution Service (DDS)
      1. An API standard and middleware protocol from the Object Management Group. Middleware exists in the OSI applications layer, between software and the operating system. DDS uses the publish-subscribe communications model. DDS is also data-centric, provides low-latency data connectivity, and helps the devices in an IoT ecosystem share data more efficiently. DDS is reliable, scalable, and provides control of QoS parameters, including bandwidth and resource limits.
Settings and configurations
1. Dynamic Host Configuration Protocol (DHCP)
  1. An application layer protocol that automates the configuration process of hosts on a network
  2. Dynamic allocation
    1. A range of IP addresses is set aside for client devices and one of these IPs is issued to these devices when they request one
  3. Automatic allocation
    1. A range of IP addresses is set aside for assignment purposes
  4. Fixed allocation
    1. Requires a manually specified list of of MAC address and their corresponding IPs
  5. DHCP discovery
    1. The process by which a client configured to use DHCP attempts to get network configuration information
      1. DHCPDISCOVER
      2. DHCPOFFER
      3. DHCPREQUEST
      4. DHCPACK
2. Network Address Translation (NAT)
  1. A technology that allows a gateway, usually a router or firewall, to rewrite the source IP of an outgoing IP datagram while retaining the original IP in order to rewrite it into response
  2. IP masquerading
  3. Port preservation
    1. A technique where the source port chosen by a client is the same port used by the router
  4. Port forwarding
    1. A technique where specific destination ports can be configured to always be delivered to specific nodes
3. Domain name system (DNS)
  1. A global and highly distributed network service that resolves strings of letters into IP addresses for you
  2. Domain name
    1. The term we use for something that can be resolved by DNS
    2. Time to live (TTL)
      1. A value, in seconds, that can be configured by the owner of a domain name for how long a name server is allowed to cache an entry before it should disgard it and perform a full resolution again
    3. Top-level domain (TLD)
      1. Represents the top of the hierarchical DNS name resolution system
      2. Administration and definition of TLDs is handled by a non profit organization, known as ICANN or the Internet Corporation for Assigned Names and Numbers.
    4. Domains
      1. Domains are used to demarcate where control moves from a TLD name server, to an authoritative name server.
    5. Fully qualified domain name (FQDN)
      1. When you combine all of these parts together, you have what's known as this
      2. A fully qualified domain name can contain up to 255 characters.
    6. Subdomains
      1. DNS can technically support up to 127 levels of domain in total for a single fully qualified domain name.
  3. Regional internet registries (RIRs)
    1. IANA assigns IP address blocks to the five regional internet registries (RIRs). An RIR is an organization that manages internet number resources within a geographical region.
      1. AFRINIC - Africa
      2. entered IPv4 Exhaustion Phase 2 in January 2020.
      3. ARIN - USA, Canada, and parts of the Caribbean
      4. exhausted its list of free IPv4 addresses in September 2015.
      5. APNIC - Most of Asia, Australia, New Zealand, and Pacific Island nations
      6. reached its final /8 addresses in April 2011.
      7. LACNIC - Central America, South America, and the remaining parts of the Caribbean not covered by ARIN
      8. reached its final /10 addresses in June 2014.
      9. RIPE - Europe, Russia, Middle East, and portions of Central Asia
      10. reached its final /8 addresses in September 2012.
    2. On February 3, 2011, IATA assigned the last unallocated /8 of the 4.2 billion possible combinations of IPv4 addresses. In some regions, you use a recycled number as a new IP address due to reaching IP exhaustion.
    3. IPv6 will replace IPv4, using 128-bit addresses. IPv6 provides an identification and location system for computers on networks and routes traffic across the internet. The 128-bit addresses used by IPv6 provide a practically inexhaustible number of addresses. While IPv6 will solve many IPv4 address exhaustion issues, 99% of the devices in use today still use IPv4. IT professionals should be aware of IPv6 as it begins to take effect over the coming years and the structure of IP addresses changes.
  4. Name resolution
    1. Process of using DNS to turn a domain name into an IP address is known as name resolution
  5. the standard modern network configuration
    1. IP address
    2. Subnet mask
    3. Gateway for a host
    4. DNS server
  6. There are five primary types of DNS servers:
    1. Caching name servers
    2. Recursive name service
      1. Performs full DNS resolution requests
    3. Root name service
    4. TLD name servers
    5. Authoritative name servers
    6. Purpose is to store known domain lookups for a certain amount of time
  7. Anycast
    1. A technique that's used to route traffic to different destinations depending on factors like location, congestion, or link health
  8. Protocol
    1. UDP for the most variants
    2. TCP if the packet too large
  9. Resource record types
    1. A record
      1. Used to point a certain domain name at a certain IPv4 IP address
      2. can have multiple records for domain name
      3. Round robin
      4. A concept that involves iterating over a list of items one by one in an orderly fashion
    2. Quad A record (AAAA)
      1. Very similar to an A record, except that it returns an IPv6 address instead of an IPv4 address
    3. CNAME record
      1. Used to redirect traffic from one domain name to another
    4. Mail exchange (MX) record
      1. This resource record is used in order to deliver email to the correct server
    5. Service record (SRV)
      1. Used to define the location of various specific services
    6. Text record (TXT)
      1. Originally intended to be used only for associating some descriptive text with a domain name for human consumption
    7. NS record
      1. Indicate other name servers that might also be responsible for this zone
    8. Start of authority (SOA)
      1. Declares the zone and the name of the name server that is authoritative for it
    9. Pointer record (PTR)
      1. Resolves an IP to a name
    10. DNS zones
  10. DNS zone
    1. Allow for easier control over multiple levels of a domain
    2. Zone files
      1. Simple configuration files that declare all resource records for a particular zone
    3. Reverse lookup zone files
      1. These let DNS resolvers ask for an IP and get the FQDN associated with it returned
4. Configuration for machine
  1. IP address
  2. Subnet mask
  3. Gateway
  4. Name server
5. Proxy Services
  1. A server that acts on behalf of a client in order to access another service
  2. benefits
    1. Anonymity
    2. Security
    3. Content filtering
    4. Increased perfomance
  3. Reverse proxy
    1. A service might appear to be a single server to external clients, but actually represents many servers living behind it
6. Virtual Private Networks (VPN)
  1. A technology that allows for the extension of a private or local network to hosts that might not work on that same local network
  2. tunneling protocol
    1. used encrypted tunnel
  3. Two-factor authentication
    1. A technique where more than just username and password are required to authenticate
Troubleshooting
1. General
  1. Error-detection
    1. The ability for a protocol or program to determine that something went wrong
  2. Error-recovery
    1. The ability for a protocol or program to attempt to fix it
  3. Reasons
    1. errors still pop up
    2. misconfigurations occur
    3. hardware breaks down
    4. system incompatibilities comes to light
2. Verifying Connectivity
  1. Internet Control Message Protocol (ICMP)
    1. ICMP Packet
      1. Type
      2. which specifies what type of message is being delivered
      3. 8 bits
      4. Code
      5. which indicates a more specific reason for the message than just the type. For example, of the destination unreachable type, there are individual codes for things like destination network unreachable, and destination port unreachable.
      6. checksum
      7. 16-bit
      8. Rest of the header
      9. 32-bit
      10. this field is optionally used by some of the specific types and codes to send more data.
      11. data payload
      12. The payload for an ICPM packet exists entirely so that the recipient of the message knows which of their transmissions caused the error being reported
      13. It contains the entire IP header and the first eight bytes of the data payload section of the offending packet.
  2. Ping
    1. Ping lets you send a special type of ICPM message called an Echo request
    2. If the destination is up and running and able to communicate on the network, it'll send back an ICPM Echo Reply message type
    3. CLI
      1. Example
      2. In all environments, ping supports a number of command line flags that let you change its behavior, like the number of echo requests to send, how large they should be, and how quickly they should be sent. Check out the documentation for your operating system to learn a little bit more.
      3. Every line of output will generally display the address sending the ICMP echo reply and how long it took for the round-trip communications. It will also have the TTL remaining and how large the ICMP message is in bytes.
      4. Once the command ends, there will also be some statistics displayed, like percentage of packets transmitted and received, the average round-trip time, and a couple of other things like that.
      5. On Linux and macOS, the ping command will run until it's interrupted by an end user sending an interrupt event. They do this by pressing the Control key and the C key at the same time.
      6. On Windows, paying defaults to only sending four echo requests.
  3. Traceroute
    1. A utility that lets you discover the path between two nodes, and gives you information about each hop along the way
      1. On each line, you'll see the number of the hop and the round trip time for all three packets. You will also see the IP of the device at each hop and a host name if Traceroute can resolve one.
    2. Tools
      1. mtr
      2. Linux
      3. MacOS
      4. pathping
      5. Windows
  4. Testing Port Connectivity
    1. netcat
      1. linux/macos
      2. nc host port
      3. -z
      4. zero input/output
      5. -v
      6. verbose
      7. -u
      8. Tells netcat to open a user datagram protocol (UDP) connection, instead of a TCP connection.
      9. -vv
      10. Stands for very verbose and gives more output text than just verbose
      11. -p
      12. Refers to a local port for a connection. Some protocols require a specific source port to work properly, this lets you specify what port to connect from.
      13. -e
      14. Executes a program after connection established. This option is not supported by all version of netcat, but you can also use standard unix command line pipelines to pass network input to or from other programs.
      15. -n <addr> <port>
      16. prevents domain name server (DNS) lookup. Use this when you have an IP address and numeric port to use for the connection and you want to avoid the overhead of DNS or if it is not working properly.
    2. Test-NetConnection
      1. Windows
      2. -port
      3. Test-NetConnection -InformationLevel "Detailed"
      4. Tests ping connectivity with detailed results.
      5. Test-NetConnection -ComputerName [remote host]
      6. Tests a connection to a remote host.
      7. Test-NetConnection -ComputerName [remote host] -Port [port number]
      8. Tests TCP connectivity to a specific host and port. This can be combined with the display detailed results option
      9. Test-NetConnection -ComputerName [remote host] -DiagnoseRouting
      10. Performs route diagnostics to connect to a remote host. This can require administrator privileges, so you may have to run your powershell window as administrator.
      11. Test-NetConnection -ComputerName [remote host] -constrainInterface [interface number] -DiagnoseRouting -InformationLevel "Detailed"
      12. Performs route diagnostics to connect to a remote host with routing constraints.
3. Digging into DNS
  1. nslookup
    1. interactive mode
    2. By default, nslookup will return A records
  2. An ISP almost always gives you access to a recursive name server as part of the service it provides
  3. Public DNS servers
    1. Name servers specifically set up so that anyone can use them, for free
    2. The IP addresses for Level 3's public DNS servers
      1. 4.2.2.1
      2. 4.2.2.2
      3. 4.2.2.3
      4. 4.2.2.4
      5. 4.2.2.5
      6. 4.2.2.6
    3. Google's public DNS.
      1. 8.8.8.8
      2. 8.8.4.4
    4. Most public DNS servers are available globally through anycast
    5. Always make sure the name server is run by a reputable company, and try to use the name servers provided by your ISP outside of troubleshooting scenarios
  4. DNS Registration
    1. Registrar
      1. An organization responsible for assigning individual domain names to other organizations or individuals
      2. Network Solutions Inc
      3. It was responsible for the registration of almost all domains that weren't country-specific.
    2. Transfer
  5. Hosts Files
    1. The original way that numbered network addresses were correlated with words was through hosts files
    2. Host file
      1. A flat file that contains, on each line, a network address followed by the host name it can be referred to as
    3. Loopback address
      1. A way of sending network traffic to yourself
      2. 127.0.0.1
    4. Almost every hosts file in existence will, in the very least, contain a line that reads 127.0.0.1 localhost, most likely followed by ::1 localhost, where ::1 is the loopback address for IPv6
    5. Hosts files are a popular way for computer viruses to disrupt and redirect users' traffic
4. Cloud
  1. Cloud computing
    1. A technological approach where computing resources are provisioned in a shareable way so that lots of users get what they need, when they need it
    2. A new model in computing where large clusters of machines let us use the total resources available in a better way
  2. Hardware virtualiztion
    1. Hardware virtualization is a core concept of how Cloud computing technologies work. It allows the concept of a physical machine and a logical machine to be abstracted away from each other.
    2. Virtualization
      1. a single physical machine called a host, could run many individual virtual instances called guests
    3. An operating system expects to be able to communicate with the underlying hardware in certain ways. Hardware virtualization platforms employ what's called a hypervisor.
    4. Hypervisor
      1. A hypervisor is a piece of software that runs and manages virtual machines, while also offering these guests a virtual operating platform that's indistinguishable from actual hardware.
    5. Example
  3. Public cloud
    1. A large cluster of machines run by another company
  4. Private cloud
    1. Used by a single large corporation and generally physically hosted on its own premises
  5. Hybrid cloud
    1. A term used to describe situations where companies might run things like their most sensitive proprietary technologies on a private cloud, while entrusting their less-sensitive servers to a public cloud
  6. Everything as a Service (XaaS)
    1. Infrastructure as a Service (IaaS)
      1. You shouldn't have to worry about building your own network or your own servers
      2. You just pay someone else to provide you with that service
    2. Platform as a Service (Paas)
      1. A subset of cloud computing where a platform is provided for customers to run their services
    3. Software as a Service (SaaS)
      1. A way of licensing the use of software to others while keeping that software centrally hosted and managed
  7. Cloud storage
    1. In a Cloud storage system, a customer contracts a cloud storage provider to keep their data secure, accessible, and available. This data could be anything from individual documents to large database backups
    2. By using a Cloud storage solution, it's up to the provider to keep the underlying physical hardware running
    3. Cloud storage solutions also grow with you.
5. IPv6
  1. IPv5 was an experimental protocol that introduced the concept of connections
  2. 128 bits
  3. 8 groups of 16 bits each
    1. hexadecimal numbers
    2. 2001:0db8:0000:0000:0000:ff00:0012:3456
      1. 2001:db8:0:0:0:ff00:12:3456
      2. 2001:db8::ff00:12:3456
    3. you can remove any leading zeros from a group.
    4. any number of consecutive groups composed of just zeros can be replaced with two colons.
    5. 127.0.0.1
      1. ::1
    6. Network ID
      1. first 64 bits or first 4 groups
    7. Host ID
      1. last 4 groups and 64 bits
  4. FF00::
    1. Multicast
      1. A way of addressing groups of hosts all at once
      2. any address that begins with FF00::
  5. FE80::
    1. Link-local unicast addresses
      1. Allow for local network segment communications and are configured based upon host's MAC address
  6. IPv6 Headers
    1. Version field
      1. A 4-bit field that defines what version of IP is in use
    2. Traffic class field
      1. An 8-bit field that defines the type of traffic contained within the IP datagram, and allows for different classes of traffic to receive different priorities
    3. Flow label field
      1. A 20-bit field that's used in conjunction with the traffic class field for routers to make decisions about the quality of service level for a specific datagram
    4. Payload length field
      1. A 16-bit field that defines how long the data payload section of the datagram is
    5. Next header field
      1. A unique concept to IPv6, and needs a little extra explanations
      2. IPv6 addresses are four times as long as IPv4 addresses. That means they have more ones and zeros which means that they take longer to transmit across a link. To help reduce the problems with additional data that IPv6 addresses impose on the network, the IPv6 header was built to be as short as possible. One way to do that is to take all of the optional fields and abstract them away from the IPv6 header itself. The next header field defines what kind of header is immediately after this current one. These additional headers are optional, so they're not required for a complete IPv6 datagram. Each of these additional optional headers contain a next header field and allow for a chain of headers to be formed if there's a lot of optional configuration.
    6. Hop limit
      1. An 8-bit field that's identical in purpose to the TTL field in an IPv4 header
    7. Source Address
    8. Destination Address field
  7. IPv6 and IPv4 Harmony
    1. 192.168.1.1
      1. ::ffff:c0a8:0101
    2. IPv6 tunnels
      1. Servers take incoming IPv6 traffic and encapsulate it within traditional IPv4 datagram
      2. IPv6 tunnel broker
      3. Companies that provide IPv6 tunneling endpoints for you, so you don't have to introduce additional equipment to your network
      4. Three types of tunnels
      5. 6in4/manual protocol
      6. encapsulates IPv6 packets immediately inside an IPv4 packet, without using additional headers to configure the setup of the tunnel endpoints. Setup is configured manually instead. This makes performance predictable and easy to debug. Unfortunately, this protocol often will not function if the host uses network address translation (NAT) technology to map its IPv4 address. This makes the 6in4/manual protocol difficult to deploy.
      7. Tunnel Setup Protocol (TSP)
      8. specifies rules for negotiating the setup parameters between tunnel endpoints. This allows for a variety of tunnel encapsulation methods and wider deployment than is possible with the 6in4/manual protocol.
      9. Anything in Anything (AYIYA)
      10. protocol defines a method for encapsulating any protocol in any other protocol. AYIYA was developed for tunnel brokers, a service which provides a network tunnel. This protocol specifies the encapsulation, identification, checksum, security, and management operations that can be used once the tunnel is established. A key advantage of AYIYA is that it can provide a stable tunnel through an IPv4 NAT. It allows users behind a NAT or a dynamic address to maintain connectivity even when roaming between networks.
6. Command Line Tools
  1. File management
    1. copy
      1. Linux: cp
      2. copy files by moving them from one location to another, such as from one drive to another
    2. xcopy
      1. copy files with options and control over how to copy files and directories
      2. xcopy /s
      3. includes subdirectories that contain content when copying files
      4. xcopy /j
      5. protects larger files while copying
    3. robocopy
      1. copy files with more commands than xcopy, including commands for moving secure files
      2. robocopy /sec
      3. copies files with security
  2. Disk management
    1. chkdsk
      1. Linux: fsck
      2. check both the file system and its metadata for physical and logical errors
      3. chkdsk /f
      4. check the drive and repair any issues
    2. sfc
      1. Check the system for corrupted files and look for cached copies of the files to try to repair them
    3. format
      1. Reset the drive and erase all the data, only putting in data needed to operate the disk
    4. diskpart
      1. Linux: fdisk
      2. divide a hard drive into separate partitions that act like disks
  3. Other tools
    1. shutdown
      1. Linux: shutdown
      2. shut down the local computer or other computers on the network
      3. shutdown /fw
      4. reboots the computer into the firmware interface after shutdown
    2. winver
      1. display the current version of Windows
  4. Networking troubleshooting tools
    1. ipconfig
      1. Linux (later version): ip
      2. Linux (older versions): ipconfig
      3. display the current network configuration information
      4. ipconfig /all
      5. display full configuration information for all adapters
    2. ping
      1. check the status of a connection to an address or the server speed of the connection to determine if a website or router is running slow
    3. pathping
      1. send out a request to each of the routers on the path to the destination, check the packets from each router for loss and latency, and use the information to determine where the packet loss is happening
    4. tracert
      1. Linux: traceroute
      2. Mac: traceroute
      3. trace the route of a packet of data from the user’s source computer to the destination system
    5. hostname
      1. Linux: hostname
      2. display the name of one device on a network
    6. netstat
      1. Linux: netstat
      2. display statistics about network activity and configuration, such as user information about passive and active sockets
    7. nslookup
      1. Linux: nslookup
      2. obtain DNS record information by sending queries to the domain name server
    8. net user
      1. add or modifies user accounts, or display user account information
    9. net use
      1. Disconnect a computer from a shared resource and display a list of network connections
    10. gpupdate
      1. update group policy settings
    11. gpresult
      1. display the Resultant Set of Policy (RSoP) for a system