Please Review Attached
Lab 2:
Examining Contents of Ethernet Packet
Done by
{Your Name here}
Date Report Due: Feb 27, 2013
Report Submitted:
Table of Contents
3
Abstract
3
Introduction
3
Lab Write up
5
Conclusion
5
References
5
Glossary
Abstract
See Sample abstract in lab template located in ‘Important Documents for the Course’ folder under the Course Content icon in Blackboard
Introduction
Purpose of the lab is to continue to develop your understanding of network communications by looking deeper into the network packets used to connect to a distant server. The primary activities of the lab focus on the capture and examination of the network protocols in layer 3 & 4 of the OSI reference model. That is the Internet Protocol and Transmission Control Protocol sections shown in Figure 1.
As in other labs you should set up the lab by explain how this lab fits into the reading and with other labs. Provide a brief overview of each of the main sections of the lab. As before, provide a complete list of hardware and software used in this lab.
Overall Objectives for this Lab
1. Get an overview of how layers 2 & 3 of the OSI protocol stack interact to facilitate communications between endpoints of a conversation.
2. Identify the specific role of the IP protocol in end-to-end communications
3. Examine how layers 3 & 4 interact in your communication with the web server.
4. Identify the call setup, transmission and the call termination accomplished in layer 4 protocols. Specifically we are interested in TCP as a layer 4 protocol in this lab
5. Explore the HTTP protocol conversation between your PC and a Web site with the view of seeing how TCP/IP facilitates that communication
Lab Write up
( Part A: Internet Protocol
In this section of the lab you are going to explore a little deeper into the Ethernet packet. You may recall that the
IP Protocol
is a
layer 3
protocol, and that it is used to guide packets between networks. Your write-up of this section should explain how the IP protocol is employed within the packet to help guide it between networks. In particular, the questions below are focusing on packets sent across the Internet to a server in some other location.
Explain in some detail how the IP protocol assists in the packet navigation across the Internet. You will want to reference the idea of the datagram service of the IP protocol. You will need to reference instructor slides and tutorials from this section and other resources to support your analysis. To help you get started with this analysis I have included some questions below to help you think about the role of the
IP Header
of the packet (See Figure 2). Your narrative about what you learn could include answers to some of these topics
· The IP header has multiple information fields. What are they used for?
· How do these header attributes insure packets are sent and received successfully?
· How does the definition of a datagram help explain the function of the IP header?
( Part B: TCP Protocol
Transmission Control Protocol
is one of the Layer 4 protocols used to communicate across the network. TCP is used to establish a reliable connection to a host on the far end of the conversation. The reliable connection creates addition traffic when sending acknowledgements of received packets. It makes sense that we would want to have a reliable connection, but there are times when this extra overview is not helpful. For example, when sending voice over IP we can’t resend packets that may have been lost because of the timing and the need to get all packets in order make resending lost packets impractical. For these types of applications we use
UDP
, rather than TCP as the Layer 4 protocol.
In this section of the lab you will explore information found in layer 4 of the packets you captured to learn something about how the layer 4 protocols provide for a reliable end-to-end communication service. To help direct your efforts the questions below might be helpful.
· Review the reading on TCP & UDP in your book and perhaps look at other resources to help you explain the differences between TCP & UDP. They are both layer protocols, but they serve different purposes. What are the differences? ( Hint: Use UDP as your packet filter value to see what you get. The information at
http://en.wikipedia.org/wiki/User_Datagram_Protocol
might prove useful in this discussion.
· What are the field in the TCP header used for, and how do they help in setting up a reliable end-to-end communication (aka connection-oriented connection)?
· Explain the use of port numbers in layer protocols. How are this port numbers used with the IP address to establish the right connection between programs on both ends of the ‘conversation’? What are well-known port numbers? What about the other port numbers not listed there?
· Define any new words or acronyms and highlight them to your running glossary
Conclusion
Address the following topics from your experience in the lab…..
1) What were the most important concepts you learned in this lab?
2) What did you discover in the process of exploring the contents of a packet?
3) As a network administrator, how might this information be useful to you?
4) How does this lab relate to the reading?
References
APA Format
Glossary
(start with previous lab Glossary entries)
Figure 1: Wireshark Protocol Capture Window
IP Packet Header Section
Figure 2: IP Header
Figure 3: TCP Header
Page 2 of 5
Mike Meyers’
CompTIA Network+®
Guide to Managing and
Troubleshooting Networks
Third Edition
(Exam N10-005)
This page intentionally left blank
Mike Meyers’
CompTIA Network+®
Guide to Managing and
Troubleshooting Networks
Third Edition
(Exam N10-005)
Mike Meyers
New York Chicago San Francisco
Lisbon London Madrid Mexico City Milan
New Delhi San Juan Seoul Singapore Sydney Toronto
BaseTech
Copyright © 2012 by the McGraw-Hill Companies. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of
1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written
permission of publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for
publication.
ISBN: 978-0-07-179981-2
MHID: 0-07-179981-8
The material in this eBook also appears in the print version of this title: ISBN: 978-0-07-178911-0,
MHID: 0-07-178911-1.
All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trademarked name, we use names in an
editorial fashion only, and to the benefi t of the trademark owner, with no intention of infringement of the trademark. Where such designations appear in this book, they
have been printed with initial caps.
McGraw-Hill eBooks are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training programs. To contact a
representative please e-mail us at bulksales@mcgraw-hill.com.
McGraw-Hill is an independent entity from CompTIA®. This publication and digital content may be used in assisting students to prepare for the CompTIA Network+
exam. Neither CompTIA nor McGraw-Hill warrants that use of this publication and digital content will ensure passing any exam. CompTIA and CompTIA Network+
are trademarks or registered trademarks of CompTIA in the United States and/or other countries. All other trademarks are trademarks of their respective owners.
Fluke images printed with permission of Fluke Corporation, ©Fluke Corp.
Intel image printed with permission of Intel Corporation, ©Intel Corp.
TRENDnet images printed with permission of Trendnet Media, ©TRENDnet.
Equalizer E650GX image printed by permission of Coyote Point Systems, ©Coyote Point Systems, Inc. www.coyotepoint.com.
NetGear image printed with permission of NetGear, ©NETGEAR, Inc.
Hewlett-Packard images printed with permission of HP, ©Hewlett-Packard CLEAR image printed with permission of CLEAR, ©CLEAR
TERMS OF USE
This is a copyrighted work and The McGraw-Hill Companies, Inc. (“McGrawHill”) and its licensors reserve all rights in and to the work. Use of this work is subject
to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of the work, you may not decompile, disassemble,
reverse engineer, reproduce, modify, create derivative works based upon, transmit, distribute, disseminate, sell, publish or sublicense the work or any part of it without
McGraw-Hill’s prior consent. You may use the work for your own noncommercial and personal use; any other use of the work is strictly prohibited. Your right to use
the work may be terminated if you fail to comply with these terms.
THE WORK IS PROVIDED “AS IS.” McGRAW-HILL AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS TO THE ACCURACY,
ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDING ANY INFORMATION THAT CAN
BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. McGraw-Hill and
its licensors do not warrant or guarantee that the functions contained in the work will meet your requirements or that its operation will be uninterrupted or error free.
Neither McGraw-Hill nor its licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any damages
resulting therefrom. McGraw-Hill has no responsibility for the content of any information accessed through the work. Under no circumstances shall McGraw-Hill and/
or its licensors be liable for any indirect, incidental, special, punitive, consequential or similar damages that result from the use of or inability to use the work, even if
any of them has been advised of the possibility of such damages. This limitation of liability shall apply to any claim or cause whatsoever whether such claim or cause
arises in contract, tort or otherwise.
E-book conversion by codeMantra
Version 2.0
www.coyotepoint.com
About the Author■■
Michael Meyers is the industry’s leading authority on CompTIA Network+ certifica-
tion. He is the president and founder of Total Seminars, LLC, a major provider of PC
and network repair seminars for thousands of organizations throughout the world, and
a member of CompTIA.
Mike has written numerous popular textbooks, including the best-selling Mike
Meyers’ CompTIA A+® Guide to Managing & Troubleshooting PCs, Mike Meyers’ CompTIA
A+® Guide to Essentials, and Mike Meyers’ CompTIA A+® Guide to Operating Systems.
About the Contributor
Scott Jernigan wields a mighty red pen as Editor in Chief for Total Seminars. With a
Master of Arts degree in Medieval History, Scott feels as much at home in the musty
archives of London as he does in the warm CRT glow of Total Seminars’ Houston head-
quarters. After fleeing a purely academic life, he dove headfirst into IT, working as an
instructor, editor, and writer.
Scott has written, edited, and contributed to dozens of books on computer liter-
acy, hardware, operating systems, networking, and certification, including Computer
Literacy—Your Ticket to IC3 Certification, and co-authoring with Mike Meyers the All-in-
One CompTIA Strata® IT Fundamentals Exam Guide.
Scott has taught computer classes all over the United States, including stints at
the United Nations in New York and the FBI Academy in Quantico. Practicing what
he preaches, Scott is a CompTIA A+ and CompTIA Network+ certified technician, a
Microsoft Certified Professional, a Microsoft Office User Specialist, and Certiport Inter-
net and Computing Core Certified.
About the Technical Editor
Jonathan S. Weissman earned his master’s degree in Computer and Information
Science from Brooklyn College (CUNY), and holds nineteen industry certifications,
including Cisco CCNA, CompTIA Security+, CompTIA i-Net+, CompTIA Network+,
CompTIA A+, CompTIA Linux+, Novell CNE, Novell CNA, Microsoft Office Master,
Microsoft MCAS Word, Microsoft MCAS PowerPoint, Microsoft MCAS Excel, Microsoft
MCAS Access, Microsoft MCAS Outlook, and Microsoft MCAS Vista.
Jonathan is a tenured Assistant Professor of Computing Sciences at Finger Lakes
Community College, in Canandaigua, NY, and also teaches graduate and under-
graduate computer science courses at nearby Rochester Institute of Technology. In addi-
tion, Jonathan does computer, network, and security consulting for area businesses and
individuals.
Between FLCC and RIT, Jonathan has taught nearly two dozen different computer
science courses, including networking, security, administration, forensics, program-
ming, operating systems, hardware, and software.
Students evaluating his teaching emphasize that he simplifies their understanding
of difficult topics, while at the same time makes the class interesting and entertaining.
Jonathan completely designed and configured FLCC’s newest Networking & Secu-
rity Lab. Serving as IT Program Coordinator, he rewrote FLCC’s Information Technol-
ogy course requirements for the degree, keeping it current with the changes in industry
over the years.
This textbook is just one of the many that Jonathan has edited for thoroughness and
accuracy.
BaseTech
This page intentionally left blank
vii
Acknowledgments■■
I’d like to acknowledge the many people who contributed their talents to
make this book possible:
To Tim Green, my acquisitions editor at McGraw-Hill: Didn’t think
I’d get the book out this quickly, did you? Thanks for your superb support
and encouragement, as always.
To my in-house Editor-in-Chief, Scott Jernigan: Didn’t think we’d get
the book out that fast, did you? How many 85s do you have now? Pelape
still smokes them all in DPS.
To Jonathan Weissman, technical editor: Holy crap, you kicked my butt.
Thanks for making my book dramatically better than it has ever been.
To LeeAnn Pickrell, copy editor: u made me write good, thx.
To Michael Smyer, Total Seminars’ resident tech guru and photogra-
pher: Glad to see you staying focused. And your photos rocked as always!
To Ford Pierson, graphics maven and editor: Superb conceptual art?
Check! Great editing? Check! Beating the boss in Unreal Tournament over
and over again? Check, unfortunately.
To Aaron Verber, editor extraordinaire: Your quiet toils in the dark cor-
ner of the office have once again paid outstanding dividends!
To Dudley Lehmer, my partner at Total Seminars: As always, thanks
for keeping the ship afloat while I got to play on this book!
To Stephanie Evans, acquisitions coordinator at McGraw-Hill: You
are my favorite South African ambassador since the Springboks. Thanks
for keeping track of everything and (gently) smacking Scott when he forgot
things.
To Molly Sharp and Jody McKenzie, project editors: It was a joy to
work with you, Molly, and again with you, Jody. I couldn’t have asked for a
better team! (Didn’t think I could resist making the pun, did you?)
To Andrea Fox, proofreader: You did a super job, thank you
To Tom and Molly Sharp, compositors: The layout was excellent,
thanks!
To Staci Lynne ■■
Davis, vegan chef and
punk rocker: Thanks for
showing me your world
and, in the process,
expanding mine.
BaseTech
Key Terms, identified
in red, point out
important vocabulary
and definitions that
you need to know.
Tech Tip sidebars
provide inside
information from
experienced IT
professionals.
Cross Check
questions develop
reasoning skills: ask,
compare, contrast,
and explain.
Engaging and Motivational—
Using a conversational style and
proven instructional approach, the
author explains technical concepts in a
clear, interesting way using real-world
examples.
Makes Learning Fun!—
Rich, colorful text and enhanced
illustrations bring technical
subjects to life.
10BaseT also introduced the
networking world to the RJ-45
connector (Figure 4.9). Each pin on
the RJ-45 connects to a single wire
inside the cable; this enables de-
vices to put voltage on the indi-
vidual wires within the cable. The
pins on the RJ-45 are numbered
from 1 to 8, as shown in Figure 4.10.
The 10BaseT standard designates some of these numbered wires for specific
purposes. As mentioned earlier, although the cable has four pairs, 10BaseT
uses only two of the pairs. 10BaseT devices use pins 1 and 2 to send data,
and pins 3 and 6 to receive data. Even though one pair of wires sends data
and another receives data, a 10BaseT device cannot send and receive simul-
taneously. The rules of CSMA/CD still apply: only one device can use the
segment contained in the hub without causing a collision. Later versions of
Ethernet will change this rule.
An RJ-45 connector is usually called a crimp, and the act (some folks call
it an art) of installing a crimp onto the end of a piece of UTP cable is called
crimping. The tool used to secure a crimp onto the end of a cable is a crimper.
Each wire inside a UTP cable must connect to the proper pin inside the
crimp. Manufacturers color-code each wire within a piece of four-pair UTP
to assist in properly matching the ends. Each pair of wires consists of a solid-
colored wire and a striped wire: blue/blue-white, orange/orange-white,
brown/brown-white, and green/green-white (Figure 4.11).
The Telecommunications Industry Association/Electronics Industries
Alliance (TIA/EIA) defines the industry standard for correct crimping of
four-pair UTP for 10BaseT networks. Two standards currently exist: TIA/
EIA 568A and TIA/EIA 568B. Figure 4.12 shows the TIA/EIA 568A and TIA/
EIA 568B color-code standards. Note that the wire pairs used by 10BaseT
(1 and 2; 3 and 6) come from the same color pairs (green/green-white and
orange/orange-white). Following an established color-code scheme, such
as TIA/EIA 568A, ensures that the wires match up correctly at each end of
the cable.
66 Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
Cross Check
Check Your CATs!
You’ve already seen CAT levels in Chapter 3, “Cabling and Topology,”
so check your memory and review the different speeds of the various
CAT levels. Could 10BaseT use CAT 2? Could it use CAT 6? What types
of devices can use CAT 1?
• Figure 4.9 Two views of an RJ-45
connector
• Figure 4.10 The pins on an RJ-45 connector are numbered
1 through 8.
• Figure 4.11 Color-coded pairs
The real name for RJ-45 is
“8 Position 8 Contact (8P8C)
modular plug.” The name RJ-45
is so dominant, however, that
nobody but the nerdiest of nerds
calls it by its real name. Stick to
RJ-45.
AbouT ThIs book
Proven Learning Method Keeps You on Track
Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks is structured to give you
comprehensive knowledge of computer skills and technologies. The textbook’s active learning methodology
guides you beyond mere recall and—through thought-provoking activities, labs, and sidebars—helps you
develop critical-thinking, diagnostic, and communication skills.
Information technology (IT) offers many career paths,
leading to occupations in such fields as PC repair,
network administration, telecommunications, Web
development, graphic design, and desktop support. To
become competent in any IT field, however, you need
certain basic computer skills. Mike Meyers’ CompTIA
Network+® Guide to Managing and Troubleshooting
Networks builds a foundation for success in the IT
field by introducing you to fundamental technology
concepts and giving you essential computer skills.
Important Technology skills ■
10BaseT also introduced the
networking world to the RJ-45
connector (Figure 4.9). Each pin on
the RJ-45 connects to a single wire
inside the cable; this enables de-
vices to put voltage on the indi-
vidual wires within the cable. The
pins on the RJ-45 are numbered
from 1 to 8, as shown in Figure 4.10.
The 10BaseT standard designates some of these numbered wires for specific
purposes. As mentioned earlier, although the cable has four pairs, 10BaseT
uses only two of the pairs. 10BaseT devices use pins 1 and 2 to send data,
and pins 3 and 6 to receive data. Even though one pair of wires sends data
and another receives data, a 10BaseT device cannot send and receive simul-
taneously. The rules of CSMA/CD still apply: only one device can use the
segment contained in the hub without causing a collision. Later versions of
Ethernet will change this rule.
An RJ-45 connector is usually called a crimp, and the act (some folks call
it an art) of installing a crimp onto the end of a piece of UTP cable is called
crimping. The tool used to secure a crimp onto the end of a cable is a crimper.
Each wire inside a UTP cable must connect to the proper pin inside the
crimp. Manufacturers color-code each wire within a piece of four-pair UTP
to assist in properly matching the ends. Each pair of wires consists of a solid-
colored wire and a striped wire: blue/blue-white, orange/orange-white,
brown/brown-white, and green/green-white (Figure 4.11).
The Telecommunications Industry Association/Electronics Industries
Alliance (TIA/EIA) defines the industry standard for correct crimping of
four-pair UTP for 10BaseT networks. Two standards currently exist: TIA/
EIA 568A and TIA/EIA 568B. Figure 4.12 shows the TIA/EIA 568A and TIA/
EIA 568B color-code standards. Note that the wire pairs used by 10BaseT
(1 and 2; 3 and 6) come from the same color pairs (green/green-white and
orange/orange-white). Following an established color-code scheme, such
as TIA/EIA 568A, ensures that the wires match up correctly at each end of
the cable.
66 Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
Cross Check
Check Your CATs!
You’ve already seen CAT levels in Chapter 3, “Cabling and Topology,”
so check your memory and review the different speeds of the various
CAT levels. Could 10BaseT use CAT 2? Could it use CAT 6? What types
of devices can use CAT 1?
• Figure 4.9 Two views of an RJ-45
connector
• Figure 4.10 The pins on an RJ-45 connector are numbered
1 through 8.
• Figure 4.11 Color-coded pairs
The real name for RJ-45 is
“8 Position 8 Contact (8P8C)
modular plug.” The name RJ-45
is so dominant, however, that
nobody but the nerdiest of nerds
calls it by its real name. Stick to
RJ-45.
10BaseT also introduced the
networking world to the RJ-45
connector (Figure 4.9). Each pin on
the RJ-45 connects to a single wire
inside the cable; this enables de-
vices to put voltage on the indi-
vidual wires within the cable. The
pins on the RJ-45 are numbered
from 1 to 8, as shown in Figure 4.10.
The 10BaseT standard designates some of these numbered wires for specific
purposes. As mentioned earlier, although the cable has four pairs, 10BaseT
uses only two of the pairs. 10BaseT devices use pins 1 and 2 to send data,
and pins 3 and 6 to receive data. Even though one pair of wires sends data
and another receives data, a 10BaseT device cannot send and receive simul-
taneously. The rules of CSMA/CD still apply: only one device can use the
segment contained in the hub without causing a collision. Later versions of
Ethernet will change this rule.
An RJ-45 connector is usually called a crimp, and the act (some folks call
it an art) of installing a crimp onto the end of a piece of UTP cable is called
crimping. The tool used to secure a crimp onto the end of a cable is a crimper.
Each wire inside a UTP cable must connect to the proper pin inside the
crimp. Manufacturers color-code each wire within a piece of four-pair UTP
to assist in properly matching the ends. Each pair of wires consists of a solid-
colored wire and a striped wire: blue/blue-white, orange/orange-white,
brown/brown-white, and green/green-white (Figure 4.11).
The Telecommunications Industry Association/Electronics Industries
Alliance (TIA/EIA) defines the industry standard for correct crimping of
four-pair UTP for 10BaseT networks. Two standards currently exist: TIA/
EIA 568A and TIA/EIA 568B. Figure 4.12 shows the TIA/EIA 568A and TIA/
EIA 568B color-code standards. Note that the wire pairs used by 10BaseT
(1 and 2; 3 and 6) come from the same color pairs (green/green-white and
orange/orange-white). Following an established color-code scheme, such
as TIA/EIA 568A, ensures that the wires match up correctly at each end of
the cable.
66 Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
Cross Check
Check Your CATs!
You’ve already seen CAT levels in Chapter 3, “Cabling and Topology,”
so check your memory and review the different speeds of the various
CAT levels. Could 10BaseT use CAT 2? Could it use CAT 6? What types
of devices can use CAT 1?
• Figure 4.9 Two views of an RJ-45
connector
• Figure 4.10 The pins on an RJ-45 connector are numbered
1 through 8.
• Figure 4.11 Color-coded pairs
The real name for RJ-45 is
“8 Position 8 Contact (8P8C)
modular plug.” The name RJ-45
is so dominant, however, that
nobody but the nerdiest of nerds
calls it by its real name. Stick to
RJ-45.
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / fm blind folio ix
consider that type of NIC. The spe-
cific process by which a NIC uses
electricity to send and receive data is
exceedingly complicated, but luck-
ily for you, not necessary to under-
stand. Instead, just think of a charge
on the wire as a one, and no charge as
a zero. A chunk of data moving in
pulses across a wire might look
something like Figure 2.13.
If you put an oscilloscope on
the wire to measure voltage, you’d
see something like Figure 2.14. An
oscilloscope is a powerful micro-
scope that enables you to see elec-
trical pulses.
Now, remembering that the pulses represent bi-
nary data, visualize instead a string of ones and zeroes
moving across the wire (Figure 2.15).
Once you understand how data moves along the
wire, the next question becomes this: how does the net-
work get the right data to the right system? All networks
transmit data by breaking whatever is moving across the physical layer (files,
print jobs, Web pages, and so forth) into discrete chunks called frames. A frame
is basically a container for a chunk of data moving across a network. The NIC
creates and sends, as well as receives and reads, these frames.
I like to visualize an imaginary table inside every NIC that acts as a
frame creation and reading station. I see frames as those pneumatic canis-
ters you see when you go to a drive-in teller at a bank. A little guy inside the
network card—named Nick, naturally!—builds these pneumatic canisters
(the frames) on the table, and then shoots them out on the wire to the hub
(Figure 2.16).
Chapter 2: Building a Network with the OSI Model 15
Try This!
What’s Your MAC Address?
You can readily determine your MAC address on a Windows computer
from the command line. This works in all modern versions of Windows.
1. In Windows 2000/XP, click Start | Run. Enter the command
CMD and press the ENTER key to get to a command prompt.
2. In Windows Vista, click Start, enter CMD in the Start Search text
box, and press the ENTER key to get to a command prompt.
3. At the command prompt, type the command IPCONFIG /ALL
and press the ENTER key.
• Figure 2.13 Data moving along a wire
• Figure 2.14 Oscilloscope of
data
• Figure 2.15 Data as ones and
zeroes
• Figure 2.16 Inside the NIC
A number of different frame
types are used in different net-
works. All NICs on the same net-
work must use the same frame
type or they will not be able to
communicate with other NICs.
Each chapter includes
Learning Objectives ■ that set measurable goals for
chapter-by-chapter progress
Illustrations ■ that give you a clear picture of the
technologies
Tutorials ■ that teach you to perform essential tasks
and procedures hands-on
Try This!, Cross Check ■ , and Tech Tip sidebars that
encourage you to practice and apply concepts in
real-world settings
Notes, Tips ■ , and Warnings that guide you through
difficult areas
Chapter Summaries ■ and Key Terms Lists that
provide you with an easy way to review important
concepts and vocabulary
Challenging End-of-Chapter Tests ■ that include
vocabulary-building exercises, multiple-choice
questions, essay questions, and on-the-job lab
projects
This pedagogically rich book is designed to make
learning easy and enjoyable and to help you develop
the skills and critical-thinking abilities that will
enable you to adapt to different job situations and
troubleshoot problems.
Mike Meyers’ proven ability to explain concepts in
a clear, direct, even humorous way makes this book
interesting, motivational, and fun.
Effective Learning Tools ■
Proven Learning Method Keeps You on Track
Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks is structured to give you
comprehensive knowledge of computer skills and technologies. The textbook’s active learning methodology
guides you beyond mere recall and—through thought-provoking activities, labs, and sidebars—helps you
develop critical-thinking, diagnostic, and communication skills.
Try This! exercises
apply core skills in a
new setting.
Chapter Review
sections provide
concept summaries,
key terms lists, and
lots of questions and
projects.
Key Terms Lists
presents the
important terms
identified in the
chapter.
Offers Practical Experience—
Tutorials and lab assignments develop
essential hands-on skills and put
concepts in real-world contexts.
Robust Learning Tools—
Summaries, key terms lists, quizzes,
essay questions, and lab projects
help you practice skills and measure
progress.
Notes,Tips, and
Warnings create a
road map for success.
consider that type of NIC. The spe-
cific process by which a NIC uses
electricity to send and receive data is
exceedingly complicated, but luck-
ily for you, not necessary to under-
stand. Instead, just think of a charge
on the wire as a one, and no charge as
a zero. A chunk of data moving in
pulses across a wire might look
something like Figure 2.13.
If you put an oscilloscope on
the wire to measure voltage, you’d
see something like Figure 2.14. An
oscilloscope is a powerful micro-
scope that enables you to see elec-
trical pulses.
Now, remembering that the pulses represent bi-
nary data, visualize instead a string of ones and zeroes
moving across the wire (Figure 2.15).
Once you understand how data moves along the
wire, the next question becomes this: how does the net-
work get the right data to the right system? All networks
transmit data by breaking whatever is moving across the physical layer (files,
print jobs, Web pages, and so forth) into discrete chunks called frames. A frame
is basically a container for a chunk of data moving across a network. The NIC
creates and sends, as well as receives and reads, these frames.
I like to visualize an imaginary table inside every NIC that acts as a
frame creation and reading station. I see frames as those pneumatic canis-
ters you see when you go to a drive-in teller at a bank. A little guy inside the
network card—named Nick, naturally!—builds these pneumatic canisters
(the frames) on the table, and then shoots them out on the wire to the hub
(Figure 2.16).
Chapter 2: Building a Network with the OSI Model 15
Try This!
What’s Your MAC Address?
You can readily determine your MAC address on a Windows computer
from the command line. This works in all modern versions of Windows.
1. In Windows 2000/XP, click Start | Run. Enter the command
CMD and press the ENTER key to get to a command prompt.
2. In Windows Vista, click Start, enter CMD in the Start Search text
box, and press the ENTER key to get to a command prompt.
3. At the command prompt, type the command IPCONFIG /ALL
and press the ENTER key.
• Figure 2.13 Data moving along a wire
• Figure 2.14 Oscilloscope of
data
• Figure 2.15 Data as ones and
zeroes
• Figure 2.16 Inside the NIC
A number of different frame
types are used in different net-
works. All NICs on the same net-
work must use the same frame
type or they will not be able to
communicate with other NICs.
consider that type of NIC. The spe-
cific process by which a NIC uses
electricity to send and receive data is
exceedingly complicated, but luck-
ily for you, not necessary to under-
stand. Instead, just think of a charge
on the wire as a one, and no charge as
a zero. A chunk of data moving in
pulses across a wire might look
something like Figure 2.13.
If you put an oscilloscope on
the wire to measure voltage, you’d
see something like Figure 2.14. An
oscilloscope is a powerful micro-
scope that enables you to see elec-
trical pulses.
Now, remembering that the pulses represent bi-
nary data, visualize instead a string of ones and zeroes
moving across the wire (Figure 2.15).
Once you understand how data moves along the
wire, the next question becomes this: how does the net-
work get the right data to the right system? All networks
transmit data by breaking whatever is moving across the physical layer (files,
print jobs, Web pages, and so forth) into discrete chunks called frames. A frame
is basically a container for a chunk of data moving across a network. The NIC
creates and sends, as well as receives and reads, these frames.
I like to visualize an imaginary table inside every NIC that acts as a
frame creation and reading station. I see frames as those pneumatic canis-
ters you see when you go to a drive-in teller at a bank. A little guy inside the
network card—named Nick, naturally!—builds these pneumatic canisters
(the frames) on the table, and then shoots them out on the wire to the hub
(Figure 2.16).
Chapter 2: Building a Network with the OSI Model 15
Try This!
What’s Your MAC Address?
You can readily determine your MAC address on a Windows computer
from the command line. This works in all modern versions of Windows.
1. In Windows 2000/XP, click Start | Run. Enter the command
CMD and press the ENTER key to get to a command prompt.
2. In Windows Vista, click Start, enter CMD in the Start Search text
box, and press the ENTER key to get to a command prompt.
3. At the command prompt, type the command IPCONFIG /ALL
and press the ENTER key.
• Figure 2.13 Data moving along a wire
• Figure 2.14 Oscilloscope of
data
• Figure 2.15 Data as ones and
zeroes
• Figure 2.16 Inside the NIC
A number of different frame
types are used in different net-
works. All NICs on the same net-
work must use the same frame
type or they will not be able to
communicate with other NICs.
BaseTech
x
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Front Matter
Contents at a Glance
CoNTENTs AT A GLANCE
Chapter 1 ■ CompTIA Network+ in a Nutshell 1
Chapter 2 ■ Network Models 8
Chapter 3 ■ Cabling and Topology 44
Chapter 4 ■ Ethernet Basics 66
Chapter 5 ■ Modern Ethernet 90
Chapter 6 ■ Installing a Physical Network 106
Chapter 7 ■ TCP/IP Basics 144
Chapter 8 ■ The Wonderful World of Routing 182
Chapter 9 ■ TCP/IP Applications 224
Chapter 10 ■ Network Naming 258
Chapter 11 ■ Securing TCP/IP 294
Chapter 12 ■ Advanced Networking Devices 330
Chapter 13 ■ IPv6 356
Chapter 14 ■ Remote Connectivity 380
Chapter 15 ■ Wireless Networking 424
BaseTech
xi
Contents at a Glance
Chapter 16 ■ Protecting Your Network 458
Chapter 17 ■ Virtualization 484
Chapter 18 ■ Network Management 504
Chapter 19 ■ Building a SOHO Network 534
Chapter 20 ■ Network Troubleshooting 554
Appendix A ■ Objectives Map: CompTIA Network+ 580
Appendix b ■ About the Download 592
■ Glossary 596
■ Index 632
xii
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Front Matter
Contents
About the Author . . . . . . . . . . . . . . . . . . v
Acknowledgments . . . . . . . . . . . . . . . . . .vii
Preface. . . . . . . . . . . . . . . . . . . . . . . . xvii
CompTIA Approved Quality Curriculum. . . . xix
Instructor and Student Website. . . . . . . . . . xxv
Chapter 1
■■CompTIA Network+ in a Nutshell 1
Who Needs CompTIA Network+?
I Just Want to Learn about Networks! . . . . . 1
What Is CompTIA Network+ Certification? . . . 1
What Is CompTIA? . . . . . . . . . . . . . . . 2
The Current CompTIA Network+
Certification Exam Release. . . . . . . . . . 2
How Do I Become CompTIA
Network+ Certified? . . . . . . . . . . . . . 2
What Is the Exam Like? . . . . . . . . . . . . . . . 3
How Do I Take the Test?. . . . . . . . . . . . . 4
How Much Does the Test Cost? . . . . . . . . . 4
How to Pass the CompTIA Network+ Exam . . . 5
Obligate Yourself . . . . . . . . . . . . . . . . 5
Set Aside the Right Amount of Study Time . . 5
Study for the Test . . . . . . . . . . . . . . . . 6
Chapter 2
■■Network Models 8
Historical/Conceptual . . . . . . . . . . . . . . . 10
Working with Models . . . . . . . . . . . . . . . . 10
Biography of a Model . . . . . . . . . . . . . . 10
Network Models . . . . . . . . . . . . . . . . . 11
The OSI Seven-Layer Model in Action. . . . . . . 11
Welcome to MHTechEd!. . . . . . . . . . . . . 12
Test Specific. . . . . . . . . . . . . . . . . . . . . . 13
Let’s Get Physical—Network Hardware
and Layers 1–2 . . . . . . . . . . . . . . . . . . 13
The NIC . . . . . . . . . . . . . . . . . . . . . 15
The Two Aspects of NICs . . . . . . . . . . . . 21
Beyond the Single Wire—Network Software
and Layers 3–7 . . . . . . . . . . . . . . . . . . 22
IP—Playing on Layer 3, the Network Layer . . . 24
Packets Within Frames . . . . . . . . . . . . . 25
Assembly and Disassembly—Layer 4,
the Transport Layer . . . . . . . . . . . . . 27
Talking on a Network—Layer 5,
the Session Layer . . . . . . . . . . . . . . . 28
Standardized Formats, or Why Layer 6,
Presentation, Has No Friends . . . . . . . . 30
Network Applications—Layer 7, the
Application Layer . . . . . . . . . . . . . . 31
The TCP/IP Model. . . . . . . . . . . . . . . . . . 32
The Link Layer . . . . . . . . . . . . . . . . . 33
The Internet Layer. . . . . . . . . . . . . . . . 34
The Transport Layer . . . . . . . . . . . . . . . 34
The Application Layer . . . . . . . . . . . . . . 36
Frames, Packets, and Segments, Oh My! . . . . 37
The Tech’s Troubleshooting Tool . . . . . . . . . 38
Chapter 2 Review . . . . . . . . . . . . . . . . . . 39
Chapter 3
■■Cabling and Topology 44
Test Specific. . . . . . . . . . . . . . . . . . . . . . 45
Topology . . . . . . . . . . . . . . . . . . . . . . . 45
Bus and Ring . . . . . . . . . . . . . . . . . . 45
Star . . . . . . . . . . . . . . . . . . . . . . . 46
Hybrids . . . . . . . . . . . . . . . . . . . . . 47
Mesh and Point-to-Multipoint . . . . . . . . . 47
Point-to-Point . . . . . . . . . . . . . . . . . . 50
Parameters of a Topology . . . . . . . . . . . . 50
Cabling . . . . . . . . . . . . . . . . . . . . . . . . 50
Coaxial Cable . . . . . . . . . . . . . . . . . . 50
Twisted Pair . . . . . . . . . . . . . . . . . . . 53
Fiber-Optic . . . . . . . . . . . . . . . . . . . 55
Other Cables . . . . . . . . . . . . . . . . . . . 56
Fire Ratings . . . . . . . . . . . . . . . . . . . 58
Networking Industry Standards—IEEE . . . . . . 58
Chapter 3 Review . . . . . . . . . . . . . . . . . . 60
Chapter 4
■■Ethernet Basics 66
Historical/Conceptual . . . . . . . . . . . . . . . 67
Ethernet . . . . . . . . . . . . . . . . . . . . . . . . 67
Topology . . . . . . . . . . . . . . . . . . . . . 67
Test Specific. . . . . . . . . . . . . . . . . . . . . . 68
Organizing the Data: Ethernet Frames . . . . . . 68
CSMA/CD . . . . . . . . . . . . . . . . . . . 71
CoNTENTs
BaseTech
xiii
Contents
Early Ethernet Networks . . . . . . . . . . . . . . 73
10BaseT . . . . . . . . . . . . . . . . . . . . . 73
10BaseFL . . . . . . . . . . . . . . . . . . . . 76
Extending and Enhancing Ethernet Networks . . 78
Connecting Ethernet Segments . . . . . . . . . 78
Switched Ethernet . . . . . . . . . . . . . . . . 80
Troubleshooting Hubs and Switches . . . . . . 84
Chapter 4 Review . . . . . . . . . . . . . . . . . . 85
Chapter 5
■■Modern Ethernet 90
Test Specific. . . . . . . . . . . . . . . . . . . . . . 91
100-Megabit Ethernet . . . . . . . . . . . . . . . . 91
100BaseT . . . . . . . . . . . . . . . . . . . . 91
100BaseFX . . . . . . . . . . . . . . . . . . . 93
Gigabit Ethernet . . . . . . . . . . . . . . . . . . . 94
1000BaseCX . . . . . . . . . . . . . . . . . . . 95
1000BaseSX . . . . . . . . . . . . . . . . . . . 95
1000BaseLX . . . . . . . . . . . . . . . . . . . 95
New Fiber Connectors. . . . . . . . . . . . . . 95
Implementing Multiple Types of Gigabit
Ethernet . . . . . . . . . . . . . . . . . . . 96
10 Gigabit Ethernet . . . . . . . . . . . . . . . . . 97
Fiber-based 10 GbE . . . . . . . . . . . . . . . 97
Copper-based 10 GbE . . . . . . . . . . . . . . 98
10 GbE Physical Connections . . . . . . . . . . 99
Backbones . . . . . . . . . . . . . . . . . . . . 99
Know Your Ethernets!. . . . . . . . . . . . . 100
Chapter 5 Review . . . . . . . . . . . . . . . . . 101
Chapter 6
■■Installing a Physical Network 106
Historical/Conceptual . . . . . . . . . . . . . . 107
Understanding Structured Cabling . . . . . . . 107
Cable Basics—A Star Is Born . . . . . . . . . 108
Test Specific. . . . . . . . . . . . . . . . . . . . . 109
Structured Cable Network Components . . . 109
Structured Cable—Beyond the Star. . . . . . 116
Installing Structured Cabling . . . . . . . . . . . 119
Getting a Floor Plan. . . . . . . . . . . . . . 119
Mapping the Runs . . . . . . . . . . . . . . 119
Determining the Location of the
Telecommunications Room . . . . . . . . . 120
Pulling Cable . . . . . . . . . . . . . . . . . 121
Making Connections . . . . . . . . . . . . . 123
Testing the Cable Runs . . . . . . . . . . . . 126
NICs . . . . . . . . . . . . . . . . . . . . . . . . . 130
Buying NICs . . . . . . . . . . . . . . . . . 131
Link Lights . . . . . . . . . . . . . . . . . . 133
Diagnostics and Repair of Physical Cabling . . 134
Diagnosing Physical Problems . . . . . . . . 134
Check Your Lights . . . . . . . . . . . . . . . 135
Check the NIC . . . . . . . . . . . . . . . . . 135
Cable Testing . . . . . . . . . . . . . . . . . 136
Problems in the Telecommunications Room . . 136
Toners . . . . . . . . . . . . . . . . . . . . . 137
Chapter 6 Review . . . . . . . . . . . . . . . . . 139
Chapter 7
■■TCP/IP Basics 144
Historical/Conceptual . . . . . . . . . . . . . . 145
Standardizing Networking Technology . . . . . 145
Test Specific. . . . . . . . . . . . . . . . . . . . . 146
The TCP/IP Protocol Suite . . . . . . . . . . . . 146
Internet Layer Protocols. . . . . . . . . . . . 146
Transport Layer Protocols . . . . . . . . . . . 147
Application Layer Protocols . . . . . . . . . . 149
IP in Depth . . . . . . . . . . . . . . . . . . . . . 150
IP Addresses . . . . . . . . . . . . . . . . . . 151
IP Addresses in Action . . . . . . . . . . . . 155
Class IDs . . . . . . . . . . . . . . . . . . . 162
CIDR and Subnetting . . . . . . . . . . . . . . . 163
Subnetting . . . . . . . . . . . . . . . . . . . 164
CIDR: Subnetting in the Real World . . . . . 169
Using IP Addresses . . . . . . . . . . . . . . . . 170
Static IP Addressing . . . . . . . . . . . . . 170
Dynamic IP Addressing. . . . . . . . . . . . 173
Special IP Addresses. . . . . . . . . . . . . . 176
Chapter 7 Review . . . . . . . . . . . . . . . . . 177
Chapter 8
■■The Wonderful World of Routing 182
Historical/Conceptual . . . . . . . . . . . . . . 183
How Routers Work . . . . . . . . . . . . . . . . 183
Test Specific. . . . . . . . . . . . . . . . . . . . . 184
Routing Tables. . . . . . . . . . . . . . . . . 184
Freedom from Layer 2 . . . . . . . . . . . . . 191
Network Address Translation . . . . . . . . . 191
Dynamic Routing . . . . . . . . . . . . . . . . . 196
Routing Metrics . . . . . . . . . . . . . . . . 198
Distance Vector . . . . . . . . . . . . . . . . 199
Link State . . . . . . . . . . . . . . . . . . . 204
EIGRP—the Lone Hybrid . . . . . . . . . . . 208
Dynamic Routing Makes the Internet . . . . 209
Working with Routers . . . . . . . . . . . . . . . 209
Connecting to Routers . . . . . . . . . . . . 210
Basic Router Configuration . . . . . . . . . . 215
Router Problems . . . . . . . . . . . . . . . . 216
Chapter 8 Review . . . . . . . . . . . . . . . . . 219
xiv
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Front Matter
Contents
Chapter 9
■■TCP/IP Applications 224
Historical/Conceptual . . . . . . . . . . . . . . 225
Transport Layer and Network Layer
Protocols . . . . . . . . . . . . . . . . . . . . . 225
How People Communicate . . . . . . . . . . 225
Test Specific. . . . . . . . . . . . . . . . . . . . . 225
TCP . . . . . . . . . . . . . . . . . . . . . . 225
UDP . . . . . . . . . . . . . . . . . . . . . . 226
ICMP . . . . . . . . . . . . . . . . . . . . . 227
IGMP . . . . . . . . . . . . . . . . . . . . . 227
The Power of Port Numbers . . . . . . . . . . . 228
Registered Ports . . . . . . . . . . . . . . . . 230
Connection Status . . . . . . . . . . . . . . . 232
Rules for Determining Good vs.
Bad Communications . . . . . . . . . . . 236
Common TCP/IP Applications. . . . . . . . . . 236
The World Wide Web . . . . . . . . . . . . . 236
Telnet . . . . . . . . . . . . . . . . . . . . . 242
E-mail . . . . . . . . . . . . . . . . . . . . . 246
FTP . . . . . . . . . . . . . . . . . . . . . . 249
Internet Applications . . . . . . . . . . . . . 252
Chapter 9 Review . . . . . . . . . . . . . . . . . 253
Chapter 10
■■Network Naming 258
Historical/Conceptual . . . . . . . . . . . . . . 259
DNS . . . . . . . . . . . . . . . . . . . . . . . . . 259
Test Specific. . . . . . . . . . . . . . . . . . . . . 260
How DNS Works . . . . . . . . . . . . . . . 260
Name Spaces. . . . . . . . . . . . . . . . . . 262
DNS Servers . . . . . . . . . . . . . . . . . 272
Troubleshooting DNS . . . . . . . . . . . . . 279
WINS . . . . . . . . . . . . . . . . . . . . . . . . 282
Configuring WINS Clients . . . . . . . . . . 283
Troubleshooting WINS . . . . . . . . . . . . 284
Diagnosing TCP/IP Networks . . . . . . . . . . 284
Chapter 10 Review. . . . . . . . . . . . . . . . . 288
Chapter 11
■■Securing TCP/IP 294
Test Specific. . . . . . . . . . . . . . . . . . . . . 295
Making TCP/IP Secure . . . . . . . . . . . . . . 295
Encryption. . . . . . . . . . . . . . . . . . . 295
Nonrepudiation . . . . . . . . . . . . . . . . 302
Authentication . . . . . . . . . . . . . . . . 307
Authorization . . . . . . . . . . . . . . . . . 307
TCP/IP Security Standards . . . . . . . . . . . . 308
Authentication Standards . . . . . . . . . . . 308
Encryption Standards . . . . . . . . . . . . . 316
Combining Authentication and Encryption . . 319
Secure TCP/IP Applications . . . . . . . . . . . 320
HTTPS . . . . . . . . . . . . . . . . . . . . 321
SCP . . . . . . . . . . . . . . . . . . . . . . 321
SFTP. . . . . . . . . . . . . . . . . . . . . . 322
SNMP . . . . . . . . . . . . . . . . . . . . . 322
LDAP . . . . . . . . . . . . . . . . . . . . . 323
NTP . . . . . . . . . . . . . . . . . . . . . . 323
Chapter 11 Review . . . . . . . . . . . . . . . . . 324
Chapter 12
■■Advanced Networking Devices 330
Client/Server and Peer-to-Peer Topologies . . . 331
Historical/Conceptual . . . . . . . . . . . . . . 331
Client/Server . . . . . . . . . . . . . . . . . 331
Peer-to-Peer . . . . . . . . . . . . . . . . . . 332
Test Specific. . . . . . . . . . . . . . . . . . . . . 333
Client/Server and Peer-to-Peer Today. . . . . 333
Virtual Private Networks . . . . . . . . . . . . . 334
PPTP VPNs . . . . . . . . . . . . . . . . . . 335
L2TP VPNs . . . . . . . . . . . . . . . . . . 336
SSL VPNs . . . . . . . . . . . . . . . . . . . 337
Virtual LANs . . . . . . . . . . . . . . . . . . . . 337
Trunking. . . . . . . . . . . . . . . . . . . . 338
Configuring a VLAN-capable Switch. . . . . 339
Virtual Trunk Protocol . . . . . . . . . . . . 341
InterVLAN Routing . . . . . . . . . . . . . 341
Multilayer Switches . . . . . . . . . . . . . . . . 342
Load Balancing . . . . . . . . . . . . . . . . 343
QoS and Traffic Shaping . . . . . . . . . . . 345
Network Protection . . . . . . . . . . . . . . 346
Chapter 12 Review. . . . . . . . . . . . . . . . . 351
Chapter 13
■■IPv6 356
Test Specific. . . . . . . . . . . . . . . . . . . . . 357
IPv6 Basics . . . . . . . . . . . . . . . . . . . . . 357
IPv6 Address Notation . . . . . . . . . . . . 357
Link-Local Address . . . . . . . . . . . . . . 359
IPv6 Subnet Masks . . . . . . . . . . . . . . 360
The End of Broadcast . . . . . . . . . . . . . 361
Global Address . . . . . . . . . . . . . . . . 363
Aggregation . . . . . . . . . . . . . . . . . . 364
Using IPv6 . . . . . . . . . . . . . . . . . . . . . 366
Enabling IPv6 . . . . . . . . . . . . . . . . . 367
NAT in IPv6. . . . . . . . . . . . . . . . . . 368
DHCP in IPv6 . . . . . . . . . . . . . . . . 369
DNS in IPv6 . . . . . . . . . . . . . . . . . 370
Moving to IPv6 . . . . . . . . . . . . . . . . . . . 371
IPv4 and IPv6 . . . . . . . . . . . . . . . . . 372
Tunnels . . . . . . . . . . . . . . . . . . . . 372
IPv6 Is Here, Really! . . . . . . . . . . . . . 375
Chapter 13 Review. . . . . . . . . . . . . . . . . 376
BaseTech
xv
Contents
Chapter 14
■■Remote Connectivity 380
Historical/Conceptual . . . . . . . . . . . . . . 381
Telephony and Beyond . . . . . . . . . . . . . . 381
The Dawn of Long Distance. . . . . . . . . . 382
Test Specific. . . . . . . . . . . . . . . . . . . . . 386
Digital Telephony . . . . . . . . . . . . . . . 386
Copper Carriers: T1 and T3 . . . . . . . . . . 387
Fiber Carriers: SONET/SDH and OC . . . . 391
Packet Switching . . . . . . . . . . . . . . . 392
Real-World WAN . . . . . . . . . . . . . . . 395
Alternative to Telephony WAN . . . . . . . . 396
The Last Mile . . . . . . . . . . . . . . . . . . . . 397
Dial-Up . . . . . . . . . . . . . . . . . . . . 397
DSL . . . . . . . . . . . . . . . . . . . . . . 401
Cable Modems . . . . . . . . . . . . . . . . . 404
Satellite . . . . . . . . . . . . . . . . . . . . 406
Cellular WAN . . . . . . . . . . . . . . . . . 406
Fiber . . . . . . . . . . . . . . . . . . . . . . 407
BPL . . . . . . . . . . . . . . . . . . . . . . 407
Which Connection? . . . . . . . . . . . . . . 408
Using Remote Access . . . . . . . . . . . . . . . 408
Dial-Up to the Internet . . . . . . . . . . . . 409
Private Dial-Up . . . . . . . . . . . . . . . . 410
VPNs . . . . . . . . . . . . . . . . . . . . . 411
Dedicated Connection . . . . . . . . . . . . . 411
Remote Terminal . . . . . . . . . . . . . . . 413
Chapter 14 Review. . . . . . . . . . . . . . . . . 417
Chapter 15
■■Wireless Networking 424
Historical/Conceptual . . . . . . . . . . . . . . 425
Test Specific. . . . . . . . . . . . . . . . . . . . . 425
Wi-Fi Standards . . . . . . . . . . . . . . . . . . 425
802.11 . . . . . . . . . . . . . . . . . . . . . 425
802.11b . . . . . . . . . . . . . . . . . . . . 432
802.11a . . . . . . . . . . . . . . . . . . . . 432
802.11g . . . . . . . . . . . . . . . . . . . . 433
802.11n . . . . . . . . . . . . . . . . . . . . 433
Wireless Networking Security . . . . . . . . 434
Power over Ethernet. . . . . . . . . . . . . . 437
Implementing Wi-Fi . . . . . . . . . . . . . . . . 437
Performing a Site Survey . . . . . . . . . . . 438
Installing the Client . . . . . . . . . . . . . . 439
Setting Up an Ad Hoc Network. . . . . . . . 439
Setting Up an Infrastructure Network . . . . 439
Extending the Network . . . . . . . . . . . . 446
Verify the Installation . . . . . . . . . . . . . 448
Troubleshooting Wi-Fi . . . . . . . . . . . . . . . 448
Hardware Troubleshooting . . . . . . . . . . 448
Software Troubleshooting . . . . . . . . . . . 449
Connectivity Troubleshooting . . . . . . . . . 449
Configuration Troubleshooting . . . . . . . . 450
Chapter 15 Review. . . . . . . . . . . . . . . . . 452
Chapter 16
■■Protecting Your Network 458
Test Specific. . . . . . . . . . . . . . . . . . . . . 459
Common Threats. . . . . . . . . . . . . . . . . . 459
System Crash/Hardware Failure . . . . . . . 459
Administrative Access Control . . . . . . . . 459
Malware . . . . . . . . . . . . . . . . . . . . 460
Social Engineering . . . . . . . . . . . . . . 462
Man in the Middle . . . . . . . . . . . . . . 463
Denial of Service. . . . . . . . . . . . . . . . 463
Physical Intrusion . . . . . . . . . . . . . . . 464
Attacks on Wireless Connections . . . . . . . 465
Securing User Accounts . . . . . . . . . . . . . . 466
Authentication . . . . . . . . . . . . . . . . 466
Passwords . . . . . . . . . . . . . . . . . . . 467
Controlling User Accounts . . . . . . . . . . 468
Firewalls . . . . . . . . . . . . . . . . . . . . . . 470
Hiding the IPs . . . . . . . . . . . . . . . . . 471
Port Filtering . . . . . . . . . . . . . . . . . 471
Packet Filtering . . . . . . . . . . . . . . . . 473
MAC Filtering . . . . . . . . . . . . . . . . 474
Personal Firewalls . . . . . . . . . . . . . . . 474
Network Zones . . . . . . . . . . . . . . . . 476
Vulnerability Scanners . . . . . . . . . . . . 477
Chapter 16 Review. . . . . . . . . . . . . . . . . 478
Chapter 17
■■Virtualization 484
Historical/Conceptual . . . . . . . . . . . . . . 485
What Is Virtualization? . . . . . . . . . . . . . . 485
Meet the Hypervisor. . . . . . . . . . . . . . 486
Emulation vs. Virtualization . . . . . . . . . 486
Sample Virtualization . . . . . . . . . . . . . 488
Test Specific. . . . . . . . . . . . . . . . . . . . . 492
Why Do We Virtualize? . . . . . . . . . . . . . . 492
Power Saving . . . . . . . . . . . . . . . . . 492
Hardware Consolidation . . . . . . . . . . . 493
System Recovery . . . . . . . . . . . . . . . 493
System Duplication . . . . . . . . . . . . . . 494
Research . . . . . . . . . . . . . . . . . . . . 494
Virtualization in Modern Networks . . . . . . . 494
Virtual Machine Managers . . . . . . . . . . 496
Hypervisors . . . . . . . . . . . . . . . . . . 497
Virtual Switches . . . . . . . . . . . . . . . 498
Virtual PBX . . . . . . . . . . . . . . . . . . 499
Network as a Service . . . . . . . . . . . . . 499
Chapter 17 Review. . . . . . . . . . . . . . . . . 500
xvi
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Front Matter
Contents
Chapter 18
■■Network Management 504
Test Specific. . . . . . . . . . . . . . . . . . . . . 505
Network Configuration Management . . . . . . 505
Configuration Management Documentation . . 505
Change Management Documentation . . . . 511
Monitoring Performance and Connectivity . . . 512
Performance Monitor . . . . . . . . . . . . . 512
Logs and Network Traffic . . . . . . . . . . . 518
Network Performance Optimization . . . . . . 519
Caching . . . . . . . . . . . . . . . . . . . . 520
Controlling Data Throughput. . . . . . . . . 520
Keeping Resources Available . . . . . . . . . 522
Chapter 18 Review. . . . . . . . . . . . . . . . . 528
Chapter 19
■■Building a SOHO Network 534
Historical/Conceptual . . . . . . . . . . . . . . 535
Test Specific. . . . . . . . . . . . . . . . . . . . . 535
Designing a SOHO Network . . . . . . . . . . . 535
Building the Network . . . . . . . . . . . . . . . 536
Define the Network Needs. . . . . . . . . . . 536
Network Design . . . . . . . . . . . . . . . . 537
Compatibility Issues . . . . . . . . . . . . . . 539
Internal Connections . . . . . . . . . . . . . 540
External Connections . . . . . . . . . . . . . 544
ISPs and MTUs . . . . . . . . . . . . . . . . 546
Peripherals. . . . . . . . . . . . . . . . . . . 548
Security . . . . . . . . . . . . . . . . . . . . . . . 549
Chapter 19 Review. . . . . . . . . . . . . . . . . 550
Chapter 20
■■Network Troubleshooting 554
Test Specific. . . . . . . . . . . . . . . . . . . . . 555
Troubleshooting Tools . . . . . . . . . . . . . . . 555
Hardware Tools . . . . . . . . . . . . . . . . 555
Software Tools . . . . . . . . . . . . . . . . . 558
The Troubleshooting Process . . . . . . . . . . . 564
Identify the Problem . . . . . . . . . . . . . . 565
Establish a Theory of Probable Cause . . . . . 567
Test the Theory to Determine Cause . . . . . 567
Establish a Plan of Action and Identify
Potential Effects . . . . . . . . . . . . . . 568
Implement and Test the Solution or
Escalate as Necessary . . . . . . . . . . . 568
Verify Full System Functionality and
Implement Preventative Measures . . . . . 569
Document Findings, Actions, and
Outcomes . . . . . . . . . . . . . . . . . . 569
Troubleshooting Scenarios . . . . . . . . . . . . 569
“I Can’t Log In!” . . . . . . . . . . . . . . . 570
“I Can’t Get to This Web Site!” . . . . . . . . 570
“Our Web Server Is Sluggish!” . . . . . . . . 571
“I Can’t See Anything on the Network!” . . . 571
“It’s Time to Escalate!” . . . . . . . . . . . . 572
Troubleshooting Is Fun! . . . . . . . . . . . . 574
Chapter 20 Review. . . . . . . . . . . . . . . . . 575
Appendix A
■■Objectives Map: CompTIA
Network+ 580
Appendix B
■■About the Download 592
System Requirements . . . . . . . . . . . . . . . 592
Installing and Running Total Tester . . . . . . . 592
About Total Tester 593
Mike Meyers’ Video Training 593
Mike’s Cool Tools . . . . . . . . . . . . . . . . . 594
Boson’s NetSim Network Simulator . . . . . . . 594
Technical Support . . . . . . . . . . . . . . . . . 595
Boson Technical Support . . . . . . . . . . .
595
■■Glossary 596
■■Index 632
. . . . . . . . . . . . . . . . .
Playing Mike Meyers’ Videos 593 . . . . . . . . . .
. . . . . . . . . .
BaseTech
xvii
Preface
I was a teacher long before I was ever an author. I started writing computer
books for the simple reason that no one wrote the kind of books I wanted
to read. The books were either too simple (Chapter 1, “Using Your Mouse”)
or too complex (Chapter 1, “TTL Logic and Transistors”) and none of them
provided a motivation for me to learn the information. I guessed that there
were geeky readers just like me who wanted to know why they needed to
know the information in a computer book.
Good books motivate the reader to learn what he or she is reading. If
a book discusses binary arithmetic but doesn’t explain why I need to learn
it, for example, that’s not a good book. Tell me that understanding binary
makes it easier to understand how an IP address works or why we’re about
to run out of IP addresses and how IPv6 can help, then I get excited, no mat-
ter how geeky the topic. If I don’t have a good reason, a good motivation
to do something, then I’m simply not going to do it (which explains why I
haven’t jumped out of an airplane!).
In this book, I teach you why you need to understand the wide world of
networking. You’ll learn everything you need to start building, configuring,
and supporting networks. In the process, you’ll gain the knowledge you
need to pass the CompTIA Network+ certification exam.
Enjoy, my fellow geek.
PrEfACE
This page intentionally left blank
xix
CompTIA Approved Quality Curriculum
CompTIA APProvEd QuALITy CurrICuLuM
CompTIA Network+■■
The CompTIA Network+ certification ensures that the successful candidate
has the important knowledge and skills necessary to manage, maintain,
troubleshoot, install, operate, and configure basic network infrastructure;
describe networking technologies; basic design principles; and adhere to
wiring standards and use testing tools.
It Pays to Get Certified■■
In a digital world, digital literacy is an essential survival skill. Certification
proves you have the knowledge and skill to solve business problems in
virtually any business environment. Certifications are highly valued cre-
dentials that qualify you for jobs, increased compensation, and promotion.
CompTIA Network+ certification is held by many IT staffers across
many organizations. 21% of IT staff within a random sampling of U.S. orga-
nizations within a cross section of industry verticals hold CompTIA Net-
work+ certification.
The CompTIA Network+ credential—proves knowledge of ■
networking features and functions and is the leading vendor-neutral
certification for networking professionals.
Starting salary—the average starting salary of network engineers can ■
be up to $70,000.
Career pathway—CompTIA Network+ is the first step in starting a ■
networking career, and is recognized by Microsoft as part of their
MS program. Other corporations, such as Novell, Cisco, and HP also
recognize CompTIA Network+ as part of their certification tracks.
More than 325,000 individuals worldwide are CompTIA Network+ ■
certified.
Mandated/recommended by organizations worldwide—Apple, ■
Cisco, HP, Ricoh, the U.S. State Department, and U.S. government
contractors such as EDS, General Dynamics, and Northrop
Grumman recommend or mandate CompTIA Network+.
BaseTech
xx
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Front Matter
CompTIA Approved Quality Curriculum
How Certification Helps Your Career
CompTIA Career Pathway
CompTIA offers a number of credentials that form a foundation for your career in
technology and that allow you to pursue specific areas of concentration. Depend-
ing on the path you choose, CompTIA certifications help you build upon your skills
and knowledge, supporting learning throughout your career.
BaseTech
xxi
CompTIA Approved Quality Curriculum
Steps to Getting Certified and ■■
Staying Certified
Review exam objectives.1. Review the certification objectives to make
sure you know what is covered in the exam:
www.comptia.org/certifications/testprep/examobjectives.aspx
Practice for the exam.2. After you have studied for the certification,
take a free assessment and sample test to get an idea what type of
questions might be on the exam:
www.comptia.org/certifications/testprep/practicetests.aspx
Purchase an exam voucher.3. Purchase exam vouchers on the
CompTIA Marketplace, which is located at: www.comptiastore.com
Take the test!4. Select a certification exam provider, and schedule
a time to take your exam. You can find exam providers at the
following link:
www.comptia.org/certifications/testprep/testingcenters.aspx
Stay certified!5. Continuing education is required. Effective January
1, 2011, CompTIA Network+ certifications are valid for three years
from the date of certification. There are a number of ways the
certification can be renewed. For more information go to: http://
certification.comptia.org/getCertified/steps_to_certification/
stayCertified.aspx
Join the Professional Community■■
The free online IT Pro Community provides valuable content to students
and professionals. Join the IT Pro Community:
http://itpro.comptia.org
Career IT job resources include:
Where to start in IT ■
Career assessments ■
Salary trends ■
U.S. job board ■
Join the IT Pro Community and get access to:
Forums on networking, security, computing, and cutting-edge ■
technologies
Access to blogs written by industry experts ■
www.comptia.org/certifications/testprep/examobjectives.aspx
www.comptia.org/certifications/testprep/practicetests.aspx
www.comptiastore.com
www.comptia.org/certifications/testprep/testingcenters.aspx
http://certification.comptia.org/getCertified/steps_to_certification/stayCertified.aspx
http://certification.comptia.org/getCertified/steps_to_certification/stayCertified.aspx
http://certification.comptia.org/getCertified/steps_to_certification/stayCertified.aspx
http://itpro.comptia.org
xxii
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Front Matter
CompTIA Approved Quality Curriculum
Current information on cutting edge technologies ■
Access to various industry resource links and articles related to IT ■
and IT careers
APPRO V E D Q U A L I T Y
C O
N T
EN
T
Content Seal of Quality■■
This courseware bears the seal of CompTIA Approved Quality Content.
This seal signifies this content covers 100 percent of the exam objectives
and implements important instructional design principles. CompTIA rec-
ommends multiple learning tools to help increase coverage of the learning
objectives.
Why CompTIA?■■
Global recognition ■ CompTIA is recognized globally as the leading
IT nonprofit trade association and has enormous credibility. Plus,
CompTIA’s certifications are vendor-neutral and offer proof of
foundational knowledge that translates across technologies.
Valued by hiring managers ■ Hiring managers value CompTIA
certification because it is vendor- and technology-independent
validation of your technical skills.
Recommended or required by government and businesses ■ Many
government organizations and corporations (for example, Dell,
Sharp, Ricoh, the U.S. Department of Defense, and many more)
either recommend or require technical staff to be CompTIA certified.
Three CompTIA certifications ranked in the top 10 ■ In a study
by DICE of 17,000 technology professionals, certifications helped
command higher salaries at all experience levels.
BaseTech
CompTIA Approved Quality Curriculum
How to Obtain More Information■■
Visit CompTIA online ■ Go to www.comptia.org to learn more
about getting CompTIA certified.
Contact CompTIA ■ Please call 866-835-8020, ext. 5 or e-mail
questions@comptia.org.
Join the IT Pro Community ■ Go to http://itpro.comptia.org to join
the IT community to get relevant career information.
Connect with CompTIA ■ Find us on Facebook, LinkedIn, Twitter,
and YouTube.
CAQC Disclaimer■■
The logo of the CompTIA Approved Quality Curriculum (CAQC) program
and the status of this or other training material as “Approved” under the
CompTIA Approved Quality Curriculum program signifies that, in Comp-
TIA’s opinion, such training material covers the content of CompTIA’s
related certification exam.
The contents of this training material were created for the CompTIA
Network+ exam covering CompTIA certification objectives that were cur-
rent as of the date of publication.
CompTIA has not reviewed or approved the accuracy of the contents
of this training material and specifically disclaims any warranties of mer-
chantability or fitness for a particular purpose. CompTIA makes no guaran-
tee concerning the success of persons using any such “Approved” or other
training material in order to prepare for any CompTIA certification exam.
xxiii
www.comptia.org
http://itpro.comptia.org
This page intentionally left blank
Instructor and Student Web Site
INsTruCTor ANd sTudENT WEb sITE
For instructor and student resources, please visit:
www.meyersnetplus.com
Students will find chapter quizzes that will help them learn more about
troubleshooting and fixing networks, and teachers can access the support
materials outlined below.
Additional Resources for Teachers■■
McGraw-Hill Connect, a Web-based learning platform, connects instructors
with their support materials and students with chapter assessments. The
Connect Online Learning Center provides resources for teachers in a format
that follows the organization of the textbook.
This site includes the following:
Answer keys to the end-of-chapter activities in the textbook ■
Instructor’s Manual that contains learning objectives, classroom ■
preparation notes, instructor tips, and a lecture outline for each
chapter
Answer keys to the Mike Meyers’ Lab Manual activities (available ■
separately)
Access to test bank files and software that allow you to generate ■
a wide array of paper- or network-based tests, and that feature
automatic grading. The test bank includes:
Hundreds of practice questions and a wide variety of question ■
types categorized by exam objective, enabling you to customize
each test to maximize student progress
Test bank files available on EZ Test Online and as downloads ■
from the Online Learning Center in these formats: Blackboard,
Web CT, EZ Test, and Word
Engaging PowerPoint slides on the lecture topics that include full- ■
color artwork from the book
Please contact your McGraw-Hill sales representative for details.
xxv
BaseTech
www.meyersnetplus.com
1
chapter
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 1
“Networking is an essential part
of building wealth.”
—Armstrong WilliAms
CompTIA Network+
in a Nutshell
In this chapter, you will learn
how to
Describe the importance of ■■
CompTIA Network+ certification
Illustrate the structure and ■■
contents of the CompTIA
Network+ certification exam
Plan a strategy to prepare for ■■
the exam
By picking up this book, you’ve shown an interest in learning about networking. But be forewarned. The term networking describes a vast field
of study, far too large for any single certification, book, or training course to
cover. Do you want to configure routers and switches for a living? Do you want
to administer a large Windows network at a company? Do you want to install
wide area network connections? Do you want to set up Web servers? Do you
want to secure networks against attacks?
If you’re considering a CompTIA Network+ certification, you probably don’t
yet know exactly what aspect of networking you want to pursue, and that’s
okay! You’re going to love preparing for the CompTIA Network+ certification.
Attaining CompTIA Network+ certification provides you with three
fantastic benefits. First, you get a superb overview of networking that helps
you decide what part of the industry you’d like to pursue. Second, it acts as
a prerequisite toward other, more advanced certifications. Third, the amount
of eye-opening information you’ll gain just makes getting CompTIA Network+
certified plain old fun.
1
chapter
BaseTech / Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 1
Chapter 1: CompTIA Network+ in a Nutshell
1
CompTIA Network+
in a Nutshell
Nothing comes close to providing a better overview of networking than
CompTIA Network+. The certification covers local area networks (LANs),
wide area networks (WANs), the Internet, security, cabling, and applica-
tions in a wide-but-not-too-deep fashion that showcases the many different
parts of a network and hopefully tempts you to investigate the aspects that
intrigue you by looking into follow-up certifications.
The process of attaining CompTIA Network+ certification will give you
a solid foundation in the whole field of networking. Mastering the compe-
tencies will help fill in gaps in your knowledge and provide an ongoing
series of “a-ha!” moments of grasping the big picture that make being a tech
so much fun.
Ready to learn a lot, grab a great certification, and have fun doing it?
Then welcome to CompTIA Network+ certification!
Who Needs CompTIA Network+? ■■
I Just Want to Learn about
Networks!
Whoa up there, amigo! Are you one of those folks who either has never
heard of the CompTIA Network+ exam or just doesn’t have any real inter-
est in certification? Is your goal only to get a solid handle on the idea of
networking and a jump start on the basics? Are you looking for that “magic
bullet” book that you can read from beginning to end and then start install-
ing and troubleshooting a network? Do you want to know what’s involved
with running network cabling in your walls or getting your new wireless
network working? Are you tired of not knowing enough about what TCP/
IP is and how it works? If these types of questions are running through
your mind, then rest easy—you have the right book. Like every book with
the Mike Meyers name, you’ll get solid concepts without pedantic details
or broad, meaningless overviews. You’ll look at real-world networking as
performed by real techs. This is a book that understands your needs and
goes well beyond the scope of a single certification.
If the CompTIA Network+ exam isn’t for you, you can skip the rest of
this chapter, shift your brain into learn mode, and dive into Chapter 2. But
then, if you’re going to have the knowledge, why not get the certification?
What Is CompTIA Network+ ■■
Certification?
CompTIA Network+ certification is an industry-wide, vendor-neutral certi-
fication program developed and sponsored by the Computing Technology
Industry Association (CompTIA). The CompTIA Network+ certification
shows that you have a basic competency in the physical support of net-
working systems and knowledge of the conceptual aspects of networking.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
2
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 1
To date, many hundreds of thousands of technicians have become CompTIA
Network+ certified.
CompTIA Network+ certification enjoys wide recognition throughout
the IT industry. At first, it rode in on the coattails of the successful CompTIA
A+ certification program, but it now stands on its own in the network-
ing industry and is considered the obvious next step after CompTIA A+
certification.
What Is CompTIA?
CompTIA is a nonprofit, industry trade association based in Oakbrook Ter-
race, Illinois, on the outskirts of Chicago. Tens of thousands of computer
resellers, value-added resellers, distributors, manufacturers, and training
companies from all over the world are members of CompTIA.
CompTIA was founded in 1982. The following year, CompTIA began
offering the CompTIA A+ certification exam. CompTIA A+ certification is
now widely recognized as a de facto requirement for entrance into the PC
industry. Because the CompTIA A+ exam covers networking only lightly,
CompTIA decided to establish a vendor-neutral test covering basic net-
working skills. So, in April 1999, CompTIA unveiled the CompTIA Net-
work+ certification exam.
CompTIA provides certifications for a variety of areas in the computer
industry, offers opportunities for its members to interact, and represents its
members’ interests to government bodies. CompTIA certifications include
CompTIA A+, CompTIA Network+, and CompTIA Security+, to name a
few. Check out the CompTIA Web site at www.comptia.org for details on
other certifications.
CompTIA is huge. Virtually every company of consequence in the IT
industry is a member of CompTIA: Microsoft, Dell, Cisco… Name an
IT company and it’s probably a member of CompTIA.
The Current CompTIA Network+
Certification Exam Release
CompTIA constantly works to provide exams that cover the latest technolo-
gies and, as part of that effort, periodically updates its certification objec-
tives, domains, and exam questions. This book covers all you need to know
to pass the N10-005 CompTIA Network+ exam released in 2011.
How Do I Become CompTIA
Network+ Certified?
To become CompTIA Network+ certified, you simply pass one computer-
based, multiple-choice exam. There are no prerequisites for taking the
CompTIA Network+ exam, and no networking experience is needed.
You’re not required to take a training course or buy any training materials.
The only requirements are that you pay a testing fee to an authorized test-
ing facility and then sit for the exam. Upon completion of the exam, you
will immediately know whether you passed or failed.
www.comptia.org
BaseTech / Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 1
Chapter 1: CompTIA Network+ in a Nutshell
3
Once you pass, you become CompTIA Network+ certified for three
years. After three years, you’ll need to renew your certification by retaking
the current exam or completing approved Continuing Education activities.
By completing these activities, you earn credits that (along with an annual
fee) allow you to keep your CompTIA Network+ certification. For a full list
of approved activities, check out CompTIA’s Web site (www.comptia.org)
and search for CompTIA Continuing Education Program.
Now for the details: CompTIA recommends that you have at least nine
to twelve months of networking experience and CompTIA A+ knowl-
edge, but this is not a requirement. Note the word “recommend.” You
may not need experience or CompTIA A+ knowledge, but they help! The
CompTIA A+ certification competencies have a degree of overlap with the
CompTIA Network+ competencies, such as types of connectors and how
networks work.
As for experience, keep in mind that CompTIA Network+ is mostly a
practical exam. Those who have been out there supporting real networks
will find many of the questions reminiscent of the types of problems they
have seen on LANs. The bottom line is that you’ll probably have a much
easier time on the CompTIA Network+ exam if you have some CompTIA
A+ experience under your belt.
What Is the Exam Like?■■
The CompTIA Network+ exam contains 100 questions, and you have
90 minutes to complete the exam. To pass, you must score at least 720
on a scale of 100–900, at the time of this writing. Check the CompTIA
Web site when you get close to testing to determine the current scale:
http://certification.comptia.org/getCertified/certifications/network.aspx
The exam questions are divided into five areas that CompTIA calls
domains. This table lists the CompTIA Network+ domains and the percent-
age of the exam that each represents.
CompTIA Network+ Domain Percentage
1.0 Network Technologies 21%
2.0 Network Installation and Configuration 23%
3.0 Network Media and Topologies 17%
4.0 Network Management 20%
5.0 Network Security 19%
The CompTIA Network+ exam is extremely practical. Questions often
present real-life scenarios and ask you to determine the best solution. The
CompTIA Network+ exam loves troubleshooting. Let me repeat: many of
the test objectives deal with direct, real-world troubleshooting. Be prepared
to troubleshoot both hardware and software failures and to answer both
“What do you do next?” and “What is most likely the problem?” types of
questions.
A qualified CompTIA Network+ certification candidate can install
and configure a PC to connect to a network. This includes installing and
www.comptia.org
http://certification.comptia.org/getCertified/certifications/network.aspx
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
4
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 1
testing a network card, configuring drivers, and loading all network soft-
ware. The exam will test you on the different topologies, standards, and
cabling.
Expect conceptual questions about the Open Systems Interconnec-
tion (OSI) seven-layer model. If you’ve never heard of the OSI seven-layer
model, don’t worry! This book will teach you all you need to know. While
this model rarely comes into play during the daily grind of supporting a
network, you need to know the functions and protocols for each layer to
pass the CompTIA Network+ exam. You can also expect questions on most
of the protocol suites, with heavy emphasis on the TCP/IP suite.
How Do I Take the Test?
To take the test, you must go to an authorized testing center. You cannot
take the test over the Internet. Prometric and Pearson VUE administer the
actual CompTIA Network+ exam. You’ll find thousands of Prometric and
Pearson VUE testing centers scattered across the United States and Canada,
as well as in over 75 other countries around the world. You may take the
exam at any testing center. To locate a testing center and schedule an exam,
call Prometric at 888-895-6116 or Pearson VUE at 877-551-7587. You can also
visit their Web sites at www.prometric.com and www.vue.com.
How Much Does the Test Cost?
CompTIA fixes the price, no matter what testing center you use. The cost of
the exam depends on whether you work for a CompTIA member. At press
time, the cost for non-CompTIA members is US$246.
If your employer is a CompTIA member, you can save money by obtain-
ing an exam voucher. In fact, even if you don’t work for a CompTIA member,
you can purchase a voucher from member companies and take advantage
of significant member savings. You simply buy the voucher and then use
the voucher to pay for the exam. Vouchers are delivered to you on paper
and electronically via e-mail. The voucher number is the important thing.
That number is your exam payment, so protect it from fellow students until
you’re ready to schedule your exam.
If you’re in the United States or Canada, you can visit www.totalsem
.com or call 800-446-6004 to purchase vouchers. As I always say, “You don’t
have to buy your voucher from us, but for goodness’ sake, get one from
somebody!” Why pay full price when you have a discount alternative?
You must pay for the exam when you schedule, whether online or by
phone. If you’re scheduling by phone, be prepared to hold for a while. Have
your Social Security number (or the international equivalent) ready and
either a credit card or a voucher number when you call or begin the online
scheduling process. If you require any special accommodations, both Pro-
metric and Pearson VUE will be able to assist you, although your selection
of testing locations may be a bit more limited.
International prices vary; see the CompTIA Web site for international
pricing. Of course, prices are subject to change without notice, so always
check the CompTIA Web site for current pricing!
CompTIA occasionally
makes changes to the content
of the exam, as well as the
score necessary to pass it.
Always check the Web site of
my company, Total Seminars
(www.totalsem.com), before
scheduling your exam.
Although you can’t take the
exam over the Internet, both
Prometric and Pearson VUE
provide easy online registration.
Go to www.prometric.com or
www.vue.com to register online.
www.totalsem.com
www.prometric.com
www.vue.com
www.prometric.com
www.vue.com
www.totalsem.com
www.totalsem.com
BaseTech / Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 1
Chapter 1: CompTIA Network+ in a Nutshell
5
How to Pass the CompTIA ■■
Network+ Exam
The single most important thing to remember about the CompTIA Net-
work+ certification exam is that CompTIA designed it to test the knowl-
edge of a technician with as little as nine months of experience—so keep it
simple! Think in terms of practical knowledge. Read this book, answer the
questions at the end of each chapter, take the practice exams on the media
accompanying this book, review any topics you missed, and you’ll pass
with flying colors.
Is it safe to assume that it’s probably been a while since you’ve taken
an exam? Consequently, has it been a while since you’ve had to study for
an exam? If you’re nodding your head yes, you’ll probably want to read
the next sections. They lay out a proven strategy to help you study for the
CompTIA Network+ exam and pass it. Try it. It works.
Obligate Yourself
The first step you should take is to schedule the exam. Ever heard the old
adage that heat and pressure make diamonds? Well, if you don’t give your-
self a little “heat,” you might procrastinate and unnecessarily delay taking
the exam. Even worse, you may end up not taking the exam at all. Do your-
self a favor. Determine how much time you need to study (see the next sec-
tion), and then call Prometric or Pearson VUE and schedule the exam, giving
yourself the time you need to study—and adding a few extra days for safety.
Afterward, sit back and let your anxieties wash over you. Suddenly, turning
off the television and cracking open the book will become a lot easier! Keep
in mind that Prometric and Pearson VUE let you schedule an exam only a
few weeks in advance, at most. If you schedule an exam and can’t make it,
you must reschedule at least a day in advance or lose your money.
Set Aside the Right Amount of Study Time
After helping thousands of techs get their CompTIA Network+ certifica-
tion, we at Total Seminars have developed a pretty good feel for the amount
of study time needed to pass the CompTIA Network+ exam. Table 1.1 will
help you plan how much study time you must devote to the exam. Keep in
mind that these are averages. If you’re not a great student or if you’re a little
on the nervous side, add another 10 percent. Equally, if you’re the type who
can learn an entire semester of geometry in one night, reduce the numbers
by 10 percent. To use this table, just circle the values that are most accurate
for you and add them up to get the number of study hours.
A complete neophyte will need at least 120 hours of study time. An
experienced network technician already CompTIA A+ certified should only
need about 24 hours.
Study habits also come into play here. A person with solid study habits
(you know who you are) can reduce the number by 15 percent. People with
poor study habits should increase that number by 20 percent.
The total hours of study time you need is __________________.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
6
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 1
Table 1.1 Determining How Much Study Time You Need
Amount of Experience
Type of Experience None
Once or
Twice
On
Occasion
Quite a
Bit
Installing a SOHO wireless network 4 2 1 1
Installing an advanced wireless network (802.1X, RADIUS, etc.) 2 2 1 1
Installing structured cabling 3 2 1 1
Configuring a home router 5 3 2 1
Configuring a Cisco router 4 2 1 1
Configuring a software firewall 3 2 1 1
Configuring a hardware firewall 2 2 1 1
Configuring an IPv4 client 8 4 2 1
Configuring an IPv6 client 3 3 2 1
Working with a SOHO WAN connection (DSL, cable) 2 2 1 0
Working with an advanced WAN connection (Tx, OCx, ATM) 3 3 2 2
Configuring a DNS server 2 2 2 1
Configuring a DHCP server 2 1 1 0
Configuring a Web application server (HTTP, FTP, SSH, etc.) 4 4 2 1
Configuring a VLAN 3 3 2 1
Configuring a VPN 3 3 2 1
Configuring a dynamic routing protocol (RIP, EIGRP, OSPF) 2 2 1 1
Study for the Test
Now that you have a feel for how long it’s going to take to study for the
exam, you need a strategy for studying. The following has proven to be an
excellent game plan for cramming the knowledge from the study materials
into your head.
This strategy has two alternate paths. The first path is designed for
highly experienced technicians who have a strong knowledge of PCs and
networking and want to concentrate on just what’s on the exam. Let’s call
this group the Fast Track group. The second path, and the one I’d strongly
recommend, is geared toward people like me: the ones who want to know
why things work, those who want to wrap their arms completely around
a concept, as opposed to regurgitating answers just to pass the CompTIA
Network+ exam. Let’s call this group the Brainiacs.
To provide for both types of learners, I have broken down most of the
chapters into two parts:
Historical/Conceptual ■ Although not on the CompTIA Network+
exam, this knowledge will help you understand more clearly what is
on the CompTIA Network+ exam.
Test Specific ■ These topics clearly fit under the CompTIA
Network+ certification domains.
The beginning of each of these areas is clearly marked with a large ban-
ner that looks like the following.
BaseTech / Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 1
Chapter 1: CompTIA Network+ in a Nutshell
7
Historical/Conceptual
If you consider yourself a Fast Tracker, skip everything but the Test Spe-
cific section in each chapter. After reading the Test Specific sections, jump
immediately to the Chapter Review questions, which concentrate on infor-
mation in the Test Specific sections. If you run into problems, review the
Historical/Conceptual sections in that chapter. After going through every
chapter as described, take the free practice exams on the media that accom-
panies the book. First, take them in practice mode, and then switch to final
mode. Once you start scoring in the 80–85 percent range, go take the test!
Brainiacs should first read the book—the whole book. Read it as though
you’re reading a novel, starting on Page 1 and going all the way through.
Don’t skip around on the first read-through, even if you are a highly expe-
rienced tech. Because there are terms and concepts that build on each other,
skipping around might confuse you, and you’ll just end up closing the book
and firing up your favorite PC game. Your goal on this first read is to under-
stand concepts—to understand the whys, not just the hows.
Having a network available while you read through the book helps a
lot. This gives you a chance to see various concepts, hardware, and configu-
ration screens in action as you read about them in the book. Nothing beats
doing it yourself to reinforce a concept or piece of knowledge!
You will notice a lot of historical information—the Historical/ Conceptual
sections—that you may be tempted to skip. Don’t! Understanding how
some of the older stuff worked or how something works conceptually will
help you appreciate the reason behind current networking features and
equipment, as well as how they function.
After you have completed the first read-through, cozy up for a second.
This time, try to knock out one chapter per sitting. Concentrate on the Test
Specific sections. Get a highlighter and mark the phrases and sentences that
make major points. Take a hard look at the pictures and tables, noting how
they illustrate the concepts. Then, answer the end of chapter questions.
Repeat this process until you not only get all the questions right, but also
understand why they are correct!
Once you have read and studied the material in the book, check your
knowledge by taking the practice exams included on the media accompa-
nying the book. The exams can be taken in practice mode or final mode. In
practice mode, you are allowed to check references in the book (if you want)
before you answer each question, and each question is graded immediately.
In final mode, you must answer all the questions before you are given a test
score. In each case, you can review a results summary that tells you which
questions you missed, what the right answer is, and where to study further.
Use the results of the exams to see where you need to bone up, and then
study some more and try them again. Continue retaking the exams and
reviewing the topics you missed until you are consistently scoring in the
80–85 percent range. When you’ve reached that point, you are ready to pass
the CompTIA Network+ exam!
If you have any problems or questions, or if you just want to argue about
something, feel free to send an e-mail to me at michaelm@totalsem.com or to
my editor, Scott Jernigan, at scottj@totalsem.com.
For additional information about the CompTIA Network+ exam, con-
tact CompTIA directly at its Web site: www.comptia.org.
Good luck! —Mike Meyers
We have active and helpful
discussion groups at www
.totalsem.com/forums. You
need to register to participate
(though not to read posts), but
that’s only to keep the spammers
at bay. The forums provide an
excellent resource for answers,
suggestions, and just socializing
with other folks studying for
the exam.
Be aware that you may need
to return to previous chapters
to get the Historical/Conceptual
information you need for a later
chapter.
www.totalsem.com/forums
www.totalsem.com/forums
www.comptia.org
2
chapter
8
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2
Network Models
“First we thought the PC was a
calculator. Then we found out how
to turn numbers into letters with
ASCII—and we thought it was
a typewriter. Then we discovered
graphics, and we thought it was
a television. With the World
Wide Web, we’ve realized it’s a
brochure.”
—Douglas aDams
In this chapter, you will learn
how to
Describe how models such as the ■■
OSI seven-layer model and the
TCP/IP model help technicians
understand and troubleshoot
networks
Explain the major functions of ■■
networks with the OSI seven-layer
model
Describe the major functions of ■■
networks with the TCP/IP model
The CompTIA Network+ certification challenges you to understand virtually every aspect of networking—not a small task. Luckily for you, we use two
methods to conceptualize the many parts of a network: the Open Systems
Interconnection (OSI) seven-layer model and the Transmission Control
Protocol/Internet Protocol (TCP/IP) model.
These models act as guidelines and break down how a network functions
into discrete parts called layers. If you want to get into networking—and
if you want to pass the CompTIA Network+ certification exam—you must
understand both the OSI seven-layer model and the TCP/IP model in great
detail.
BaseTech
Chapter 2: Network Models
9
These models provide two
tools that make them critical for
networking techs. First, the OSI
and TCP/IP models provide
powerful mental tools for diag-
nosing problems. Understand-
ing the models enables a tech to
determine quickly at what layer a
problem can occur and helps him
or her zero in on a solution with-
out wasting a lot of time on false
leads. Second, these models also
provide a common language to
describe networks—a way for us
to communicate with each other
about the functions of a network.
Figure 2.1 shows a sample Cisco
Systems Web page about configuring routing—a topic this book covers
in detail later. A router operates at Layer 3 of the OSI seven-layer model,
for example, so you’ll hear techs (and Web sites) refer to it as a “Layer 3
switch.”
This chapter looks first at models in general and how models help
conceptualize and troubleshoot networks. We’ll then go into both the OSI
seven-layer model and the TCP/IP model to see how they help clarify net-
work architecture for techs.
Figure 2.1 • Using the OSI terminology—Layer 3—in a typical setup screen
The term “Layer 3 switch”
has evolved over time and refers
today to a variety of complex
network boxes that I’ll cover
later in the book.
Cross Check
Cisco and Certifications
Cisco Systems, Inc. is famous for making many of the “boxes” that
interconnect networks all over the world. It’s not too far of a stretch
to say that Cisco helps power a huge portion of the Internet. These
boxes are complicated to configure, requiring a high degree of techni-
cal knowledge.
To address this need, Cisco offers a series of certifications. One of
the entry-level certifications, for example, is the Cisco Certified Net-
work Associate (CCNA). Go to Cisco’s certification Web site and com-
pare their objectives with what you learned about CompTIA Network+
in Chapter 1. Ask yourself this question: could you study for CCNA
and CompTIA Network+ simultaneously?
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
10
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2
Historical/Conceptual
Working with Models■■
Networking is hard. It takes a lot of pieces, both hardware and software,
to get anything done. Just making Google appear in your Web browser
requires millions of hours in research, development, and manufacturing.
Whenever we encounter highly complex technologies, we need to sim-
plify the overall process (making Google show up in your browser) by
breaking it into discrete, simple, individual processes. We do this using
models.
Modeling is critical to the networking world. We use models to under-
stand and communicate with other techs about networks. Most beginning
network techs, however, might have a very different idea of what model-
ing means.
Biography of a Model
What does the word “model” mean to you? Does the word make you
think of a beautiful woman walking down a catwalk at a fashion show or
some hunky guy showing
off the latest style of blue
jeans on a huge billboard?
Maybe it makes you think
of a plastic model airplane?
What about those com-
puter models that try to
predict weather? We use
the term “model” in a
number of ways, but each
use shares certain common
themes.
All models are a sim-
plified representation of
the real thing. The human
model ignores the many different types of body shapes, using only
a single “optimal” figure. The model airplane lacks functional
engines or the internal framework, and the computerized weather
model might disregard subtle differences in wind temperatures or
geology (Figure 2.2).
Additionally, a model must have at least all the major functions
of the real item, but what constitutes a major rather than a minor
function is open to opinion. Figure 2.3 shows a different level of
detail for a model. Does it contain all the major components of
an airplane? There’s room for argument that perhaps the model
should have landing gear to go along with the propeller, wings,
and tail.
Figure 2.2 • Types of models (images from left to right courtesy of NOAA, Mike Schinkel, and
Michael Smyer)
Figure 2.3 • Simple model airplane
BaseTech
Chapter 2: Network Models
11
Network Models
Network models face similar challenges. What functions define all net-
works? What details can you omit without rendering the model inaccurate?
Does the model retain its usefulness when describing a network that does
not employ all the layers?
In the early days of networking, different manufacturers made unique
types of networks that functioned fairly well. But each network had its own
cabling, hardware, drivers, naming conventions, applications, and many
other unique features. Back then, a single manufacturer provided every-
thing for a customer whenever you purchased a network solution: cabling,
NICs, hubs, drivers, and all the software in one complete and expensive
package. Although these networks worked fine as stand-alone networks,
the proprietary nature of the hardware and software made it difficult—to
put it mildly—to connect networks of multiple manufacturers. To intercon-
nect networks and improve networking as a whole, someone needed to
create a guide, a model that described the functions of a network, so that
people who made hardware and software could work together to make
networks that worked together well.
The granddaddy of network models came from the International Orga-
nization for Standardization, known as ISO. Their model, known as the OSI
seven-layer model, works for almost every type of network, even extremely
old and long-obsolete ones. On the other hand, the TCP/IP model only
works for networks that use the now-dominant TCP/IP protocol suite.
(Don’t worry about what TCP/IP means yet—most of this book’s job is to
explain that in great detail.) Since most of the world uses TCP/IP, the TCP/
IP model supplanted the OSI model in many cases, though most discussion
that involves the word “Layers” refers to the OSI model. A good tech can
talk the talk of both models, and they are objectives on the CompTIA Net-
work+ exam, so let’s learn both.
The best way to learn the OSI and TCP/IP models is to see them in action.
For this reason, I’ll introduce you to a small network that needs to copy a file
from one computer to another. This example goes through each of the OSI
and TCP/IP layers needed to copy that file, and I explain each step and why
it is necessary. By the end of the chapter, you should have a definite handle
on using either of these models as a tool to conceptualize networks. You’ll
continue to build on this knowledge throughout the book and turn your OSI
and TCP/IP model knowledge into a powerful troubleshooting tool.
I’ll begin by discussing the OSI seven-layer model. After seeing this
small network through the lens of the OSI seven-layer model, we’ll repeat
the process with the TCP/IP model.
The OSI Seven-Layer Model ■■
in Action
Each layer in the OSI seven-layer model defines an important function in
computer networking, and the protocols that operate at that layer offer
solutions to those functions. Protocols are sets of clearly defined rules,
ISO may look like a
misspelled acronym, but it’s
actually a word, derived from
the Greek word isos, which
means “equal.” The International
Organization for Standardization
sets standards that promote
equality among network
designers and manufacturers,
thus ISO.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
12
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2
regulations, standards, and procedures that enable hardware and software
developers to make devices and applications that function properly at a
particular level. The OSI seven-layer model encourages modular design
in networking, meaning that each layer has as little to do with the opera-
tion of other layers as possible. Think of it as an automobile assembly line.
The guy painting the car doesn’t care about the gal putting doors on the
car—he expects the assembly line process to make sure the cars he paints
have doors. Each layer on the model trusts that the other layers on the
model do their jobs.
The OSI seven layers are:
Layer 7 ■ Application
Layer 6 ■ Presentation
Layer 5 ■ Session
Layer 4 ■ Transport
Layer 3 ■ Network
Layer 2 ■ Data Link
Layer 1 ■ Physical
The OSI seven layers are not laws of physics—anybody who wants
to design a network can do it any way he or she wants. Although many
protocols fit neatly into one of the seven layers, others do not.
Now that you know the names of the layers, let’s see what each layer
does. The best way to understand the OSI layers is to see them in action.
Let’s see them at work at the fictional company of MHTechEd, Inc.
Welcome to MHTechEd!
Mike’s High-Tech Educational Supply Store and Post Office, or MHTechEd
for short, has a small network of PCs running Windows, a situation typi-
cal of many small businesses today. Windows runs just fine on a PC uncon-
nected to a network, but it also comes with all the network software it
needs to connect to a network. All the computers in the MHTechEd net-
work are connected by special network cabling.
As in most offices, virtually everyone at
MHTechEd has his or her own PC. Figure 2.4
shows two workers, Janelle and Dana, who han-
dle all the administrative functions at MHTechEd.
Because of the kinds of work they do, these two
often need to exchange data between their two
PCs. At the moment, Janelle has just completed a
new employee handbook in Microsoft Word, and
she wants Dana to check it for accuracy. Janelle
could transfer a copy of the file to Dana’s com-
puter by the tried-and-true Sneakernet method—
saving the file on a thumb drive and walking it
over to her—but thanks to the wonders of com-
puter networking, she doesn’t even have to turn
around in her chair. Let’s watch in detail each
Be sure to memorize both
the name and the number of
each OSI layer. Network
techs use OSI terms such as
“Layer 4” and “Transport layer”
synonymously. Students have
long used mnemonics for
memorizing such lists. One
of my favorites for the OSI
seven-layer model is “Please
Do Not Throw Sausage Pizza
Away.” Yum!
This section is a conceptual
overview of the hardware and
software functions of a network.
Your network may have different
hardware or software, but it will
share the same functions!
Figure 2.4 • Janelle and Dana, hard at work
BaseTech
Chapter 2: Network Models
13
piece of the process that gives Dana direct access to Janelle’s computer,
so she can copy the Word document from Janelle’s system to her own.
Long before Janelle ever saved the Word document on her system—
when the systems were first installed—someone who knew what they were
doing set up and configured all the systems at MHTechEd to be part of
a common network. All this setup activity resulted in multiple layers of
hardware and software that can work together behind the scenes to get that
Word document from Janelle’s system to Dana’s. Let’s examine the differ-
ent pieces of the network, and then return to the process of Dana grabbing
that Word document.
Test Specific
Let’s Get Physical—Network ■■
Hardware and Layers 1–2
Clearly the network needs a physical channel through which it can move
bits of data between systems. Most networks use a cable like the one shown
in Figure 2.5. This cable, known in the networking industry as unshielded
twisted pair (UTP), usually contains four pairs of wires that can transmit
and receive data.
Another key piece of hardware the network uses is a special box-like
device called a hub (Figure 2.6), often tucked away in a closet or an equip-
ment room. Each system on the network has its own cable that runs to the
hub. Think of the hub as being like one of those old-time telephone switch-
boards, where operators created connections between persons who called
in wanting to reach other telephone users.
Readers with some
networking experience know
that hubs don’t exist in modern
networks, having been replaced
with much better devices called
switches. But the CompTIA
Network+ exam expects you to
know what hubs are; plus hubs
make this modeling discussion
simpler. I’ll get to switches soon
enough.
Figure 2.6 • Typical hubFigure 2.5 • UTP cabling
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
14
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2
Layer 1 of the OSI model defines the method of
moving data between computers, so the cabling
and hubs are part of the Physical layer (Layer 1).
Anything that moves data from one system to
another, such as copper cabling, fiber optics, even
radio waves, is part of the OSI Physical layer. Layer
1 doesn’t care what data goes through; it just
moves the data from one system to another sys-
tem. Figure 2.7 shows the MHTechEd network in
the OSI seven-layer model thus far. Note that each
system has the full range of layers, so data from
Janelle’s computer can flow to Dana’s computer.
The real magic of a network starts with the net-
work interface card, or NIC (pronounced “nick”),
which serves as the interface between the PC and
the network. While NICs come in a wide array of
shapes and sizes, the ones at MHTechEd look like
Figure 2.8.
On older systems, a NIC truly was a separate card that snapped
into a handy expansion slot, which is why they were called network
interface cards. Even though they’re now built into the motherboard,
they are still called NICs.
When installed in a PC, the NIC looks like Figure 2.9. Note the
cable running from the back of the NIC into the wall; inside that wall
is another cable running all the way back to the hub.
Cabling and hubs define the Physical layer of the network, and
NICs provide the interface to the PC. Figure 2.10 shows a diagram of
the network cabling system. I’ll build on this diagram as I delve
deeper into the network process.
You might be tempted to categorize the NIC as part of the Physical
layer at this point, and you’d have a valid argument. The NIC clearly
is necessary for the physical connection to take place. The CompTIA
Network+ exam and many authors put the NIC in OSI Layer 2, the
Data Link layer, though, so clearly something else is happening inside
the NIC. Let’s take a closer look.
Figure 2.8 • Typical NIC
Figure 2.9 • NIC with cable connecting the PC to the wall jack Figure 2.10 • The MHTechEd network
Dana
Figure 2.7 • The network so far, with the Physical layer hardware
installed
BaseTech
Chapter 2: Network Models
15
The NIC
To understand networks, you must understand how NICs work. The net-
work must provide a mechanism that gives each system a unique identi-
fier—like a telephone number—so data is delivered to the right system.
That’s one of the NIC’s most important jobs. Inside every NIC, burned onto
some type of ROM chip, is special firmware containing a unique identifier
with a 48-bit value called the media access control address, or MAC address.
No two NICs ever share the same MAC address—ever. Any com-
pany that makes NICs must contact the Institute of Electrical and
Electronics Engineers (IEEE) and request a block of MAC addresses,
which the company then burns into the ROMs on its NICs. Many
NIC makers also print the MAC address on the surface of each NIC,
as shown in Figure 2.11. Note that the NIC shown here displays the
MAC address in hexadecimal notation. Count the number of hex
characters—because each hex character represents 4 bits, it takes 12
hex characters to represent 48 bits.
The MAC address in Figure 2.11 is 004005-607D49, although in
print, we represent the MAC address as 00–40–05–60–7D–49. The first
six digits, in this example 00–40–05, represent the number of the NIC
manufacturer. Once the IEEE issues those six hex digits to a manu-
facturer—often referred to as the organizationally unique identifier
(OUI)—no other manufacturer may use them. The last six digits, in
this example 60–7D–49, are the manufacturer’s unique serial number
for that NIC; this portion of the MAC is often referred to as the device ID.
Would you like to see the MAC address for your NIC? If you have
a Windows system, type ipconfig /all from a command prompt to
display the MAC address (Figure 2.12). Note that ipconfig calls the MAC
address the physical address, which is an important distinction, as you’ll see
a bit later in the chapter.
Figure 2.12 • Output from ipconfig /all
Figure 2.11 • MAC address
MAC-48 and EUI-48
The Institute of Electrical and
Electronics Engineers (IEEE)
forms MAC addresses from a
numbering name space originally
called MAC-48, which simply
means that the MAC address
will be 48 bits, with the first
24 bits defining the OUI, just
as described here. The current
term for this numbering name
space is EUI-48. EUI stands
for Extended Unique Identifier.
(IEEE apparently went with the
new term because they could
trademark it.)
Most techs just call them MAC
addresses, as you should, but you
might see MAC-48 or EUI-48 on
the CompTIA Network+ exam.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
16
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2
Okay, so every NIC in the world has a unique
MAC address, but how is it used? Ah, that’s where
the fun begins! Recall that computer data is binary,
which means it’s made up of streams of ones and
zeroes. NICs send and receive this binary data as
pulses of electricity, light, or radio waves. The NICs
that use electricity to send and receive data are the
most common, so let’s consider that type of NIC. The
specific process by which a NIC uses electricity to
send and receive data is exceedingly complicated but,
luckily for you, not necessary to understand. Instead,
just think of a charge on the wire as a one and no charge
as a zero. A chunk of data moving in pulses across a
wire might look something like Figure 2.13.
If you put an oscilloscope on the wire to measure
voltage, you’d see something like Figure 2.14. An
oscilloscope is a powerful tool that enables you to see
electrical pulses.
Now, remembering that the pulses represent
binary data, visualize instead a string of ones and
zeroes moving across the wire (Figure 2.15).
Once you understand how data moves along
the wire, the next question is how does the network
get the right data to the right system? All networks
transmit data by breaking whatever is moving across
the Physical layer (files, print jobs, Web pages, and so forth) into discrete
chunks called frames. A frame is basically a container for a chunk of data
moving across a network. The NIC creates and sends, as well as receives
and reads, these frames.
I like to visualize an imaginary table inside every NIC that acts as a
frame creation and reading station. I see frames as those pneumatic canis-
ters you see when you go to a drive-in teller at a bank. A little guy inside
the network card—named Nic, naturally!—builds these pneumatic canis-
ters (the frames) on the table and then shoots them out on the wire to the
hub (Figure 2.16).
Figure 2.16 • Inside the NIC
Figure 2.13 • Data moving along a wire
Figure 2.14 • Oscilloscope of data
Figure 2.15 • Data as ones and zeroes
A number of different frame
types are used in different
networks. All NICs on the same
network must use the same
frame type, or they will not
be able to communicate with
other NICs.
Try This!
What’s Your MAC Address?
You can readily determine your MAC address on a
Windows computer from the command line. This
works in all modern versions of Windows.
In Windows 2000/XP, click Start | Run. Enter 1.
the command cmd and press the enter key to
get to a command prompt.
In Windows Vista/7, click Start, enter2. cmd in
the Start Search text box, and press the enter
key to get to a command prompt.
At the command prompt, type the command3.
ipconfig /all and press the enter key.
BaseTech
Chapter 2: Network Models
17
Here’s where the MAC address
becomes important. Figure 2.17 shows a
representation of a generic frame. Even
though a frame is a string of ones and
zeroes, we often draw frames as a series
of rectangles, each rectangle representing
a part of the string of ones and zeroes. You will see this type of frame repre-
sentation used quite often, so you should become comfortable with it (even
though I still prefer to see frames as pneumatic canisters). Note that the frame
begins with the MAC address of the NIC to which the data is to be sent,
followed by the MAC address of the sending NIC. Then comes the data, fol-
lowed by a special bit of checking information called the frame check sequence
(FCS). The FCS uses a type of binary math called a cyclic redundancy check
(CRC) that the receiving NIC uses to verify that the data arrived intact.
So, what’s inside the data part of the frame? You neither know nor
care. The data may be a part of a file, a piece of a print job, or part of a
Web page. NICs aren’t concerned with content! The NIC simply takes
whatever data is passed to it via its device driver and addresses it for
the correct system. Special software will take care of what data gets sent
and what happens to that data when it arrives. This is the beauty of
imagining frames as little pneumatic canisters (Figure 2.18). A canister
can carry anything from dirt to diamonds—the NIC doesn’t care one
bit (pardon the pun).
Like a canister, a frame can hold only a certain amount of data. Different
networks use different sizes of frames, but a single frame holds about 1500
bytes of data.
This raises a new question: what happens when the data to be sent is
larger than the frame size? Well, the sending system’s software must chop
the data up into nice, frame-sized chunks, which it then hands to the NIC
for sending. As the receiving system begins to accept the incoming frames,
the receiving system’s software recombines the data chunks as they come
in from the network. I’ll show how this disassembling and reassembling is
done in a moment—first, let’s see how the frames get to the right system!
When a system sends a frame out on the network, the frame goes into
the hub. The hub, in turn, makes an exact copy of that frame, sending a
copy of the original frame to every other system on the network. The inter-
esting part of this process is when the copy of the frame comes into all the
other systems. I like to visualize a frame sliding onto the receiving NIC’s
“frame assembly table,” where
the electronics of the NIC inspect
it. Here’s where the magic takes
place: only the NIC to which the
frame is addressed will process
that frame—the other NICs sim-
ply erase it when they see that
it is not addressed to their MAC
address. This is important to
appreciate: every frame sent on a
network is received by every NIC,
but only the NIC with the match-
ing MAC address will process that
particular frame (Figure 2.19).
Figure 2.18 • Frame as a canister
Tech Tip
FCS in Depth
Most FCSs are only 4 bytes long, yet the average frame carries around 1500 bytes
of data. How can 4 bytes tell you if all 1500 bytes in the data are correct? That’s the
magic of the math of the CRC. Without going into the grinding details, think of the
CRC as just the remainder of a division problem. (Remember learning remainders from
division back in elementary school?) The NIC sending the frame does a little math to
make the CRC. Using binary arithmetic, it works a division problem on the data using
a divisor called a key. The result of this division is the CRC. When the frame gets to
the receiving NIC, it divides the data by the same key. If the receiving NIC’s answer is
the same as the CRC, it knows the data is good.
Data
Sender’s
MAC address
Recipient’s
MAC address FCS
Figure 2.17 • Generic frame
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
18
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2
Figure 2.19 • Incoming frame!
Getting the Data on the Line
The process of getting data onto the wire and then picking that data off the
wire is amazingly complicated. For instance, what happens to keep two
NICs from speaking at the same time? Because all the data sent by one NIC
is read by every other NIC on the network, only one system may speak at a
time. Networks use frames to restrict the amount of data a NIC can send at
once, giving all NICs a chance to send data over the network in a reasonable
span of time. Dealing with this and many other issues requires sophisti-
cated electronics, but the NICs handle these issues completely on their own
without our help. Thankfully, the folks who design NICs worry about all
these details, so we don’t have to!
Getting to Know You
Using the MAC address is a great way to move data around, but this pro-
cess raises an important question. How does a sending NIC know the MAC
address of the NIC to which it’s sending the data? In most cases, the send-
ing system already knows the destination MAC address because the NICs
had probably communicated earlier, and each system stores that data. If it
doesn’t already know the MAC address, a NIC may send a broadcast onto
the network to ask for it. The MAC address of FF-FF-FF-FF-FF-FF is the
broadcast address—if a NIC sends a frame using the broadcast address,
every single NIC on the network will process that frame. That broadcast
frame’s data will contain a request for a system’s MAC address. Without
knowing the MAC address to begin with, the requesting computer will use
an IP address or host name to pick the target computer out of the crowd.
The system with the MAC address your system is seeking will read the
request in the broadcast packet and respond with its MAC address.
BaseTech
Chapter 2: Network Models
19
The Complete Frame Movement
Now that you’ve seen all the pieces used to send and receive frames, let’s
put these pieces together and see how a frame gets from one system to
another. The basic send/receive process is as follows.
First, the sending system’s network operating system (NOS) software—
such as Windows 7—hands some data to its NIC. The NIC builds a frame to
transport that data to the receiving NIC (Figure 2.20).
Figure 2.20 • Building the frame
After the NIC creates the frame, it adds the FCS, and then dumps it and
the data into the frame (Figure 2.21).
FC
S
Figure 2.21 • Adding the data and FCS to the frame
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
20
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2
Next, the NIC puts both the destination MAC address and its own MAC
address onto the frame. It waits until no other NIC is using the cable, and
then sends the frame through the cable to the network (Figure 2.22).
Figure 2.22 • Sending the frame
The frame propagates down the wire into the hub, which creates copies
of the frame and sends it to every other system on the network. Every NIC
receives the frame and checks the MAC address. If a NIC finds that a frame
is addressed to it, it processes the frame (Figure 2.23); if the frame is not
addressed to it, the NIC erases it.
Figure 2.23 • Reading an incoming frame
So, what happens to the data when it gets to the correct NIC? First,
the receiving NIC uses the FCS to verify that the data is valid. If it is, the
BaseTech
Chapter 2: Network Models
21
receiving NIC strips off all the framing information and sends the data to
the software—the network operating system—for processing. The receiv-
ing NIC doesn’t care what the software does with the data; its job stops the
moment it passes on the data to the software.
Any device that deals with a MAC address is part of the OSI Data Link
layer, or Layer 2 of the OSI model. Let’s update the OSI model to include
details about the Data Link layer (Figure 2.24).
Figure 2.24 • Layer 1 and Layer 2 are now properly applied to the network.
Note that the cabling and the hub are located in the Physical layer. The
NIC is in the Data Link layer, but spans two sublayers.
The Two Aspects of NICs
Consider how data moves in and out of a NIC. On one end, frames move
into and out of the NIC’s network cable connection. On the other end, data
moves back and forth between the NIC and the network operating system
software. The many steps a NIC performs to keep this data moving—send-
ing and receiving frames over the wire, creating outgoing frames, reading
incoming frames, and attaching MAC addresses—are classically broken
down into two distinct jobs.
The first job is called the Logical Link Control (LLC). The LLC is the aspect
of the NIC that talks to the operating system, places data coming from the
software into frames, and creates the CRC on each frame. The LLC is also
responsible for dealing with incoming frames: processing those that are
addressed to this NIC and erasing frames addressed to other machines on
the network.
The second job is called the Media Access Control (MAC), and I bet you
can guess what it does! That’s right—it remembers the NIC’s own MAC
address and attaches MAC addresses to the frames. Recall that each frame
the LLC creates must include both the sender’s and recipient’s MAC
addresses. The MAC also ensures that the frames, now complete with their
MAC addresses, are then sent along the network cabling. Figure 2.25 shows
the Data Link layer in detail.
The CompTIA Network+
exam tests you on the details
of the OSI seven-layer model,
so remember that the Data Link
layer is the only layer that has
any sublayers.
The Data Link layer provides
a service called Data Link
Control (DLC). The only reason
to mention this is there’s an
ancient printing protocol with
the same name. DLC might
show up as an incorrect answer
on the exam.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
22
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2
Figure 2.25 • LLC and MAC, the two parts of the Data Link layer
Tech Tip
NIC and Layers
Most networking materials that describe the OSI seven-layer model put NICs squarely
into the Data Link layer of the model. It’s at the MAC sublayer, after all, that data
gets encapsulated into a frame, destination and source MAC addresses get added to
that frame, and error checking occurs. What bothers most students with placing NICs
solely in the Data Link layer is the obvious other duty of the NIC—putting the ones
and zeroes on the network cable. How much more physical can you get?
Many teachers will finesse this issue by defining the Physical layer in its logical
sense—that it defines the rules for the ones and zeroes—and then ignore the fact that
the data sent on the cable has to come from something. The first question when you
hear a statement like that—at least to me—is, “What component does the sending?”
It’s the NIC, of course, the only device capable of sending and receiving the physical
signal.
Network cards, therefore, operate at both Layer 2 and Layer 1 of the OSI seven-layer
model. If cornered to answer one or the other, however, go with the more common
answer, Layer 2.
Beyond the Single Wire—Network ■■
Software and Layers 3–7
Getting data from one system to another in a simple network (defined as
one in which all the computers connect to one hub) takes relatively little
effort on the part of the NICs. But one problem with simple networks is
that computers need to broadcast to get MAC addresses. It works for small
networks, but what happens when the network gets big, like the size of the
BaseTech
Chapter 2: Network Models
23
entire Internet? Can you imagine millions of computers all broadcasting?
No data could get through.
Equally important, data flows over the Internet using many technolo-
gies, not just Ethernet. These technologies, such as SONET, ATM, and oth-
ers, don’t know what to do with Ethernet MAC addresses. When networks
get large, you can’t use the MAC addresses anymore.
Large networks need a logical addressing method, like a postal code or
telephone numbering scheme, that ignores the hardware and enables you
to break up the entire large network into smaller networks called subnets.
Figure 2.26 shows two ways to set up a network. On the left, all the com-
puters connect to a single hub. On the right, however, the LAN is separated
into two five-computer subnets.
Figure 2.26 • Large LAN complete (left) and broken up into two subnets (right)
To move past the physical MAC addresses and start using logical
addressing requires some special software called a network protocol. Net-
work protocols exist in every operating system. A network protocol not
only has to create unique identifiers for each system, but also must create
a set of communication rules for issues like how to handle data chopped
up into multiple packets and how to ensure those packets get from one
subnet to another. Let’s take a moment to learn a bit about the most
famous network protocol—TCP/IP—and its unique universal addressing
system.
To be accurate, TCP/IP is really several network protocols designed to
work together—but two protocols, TCP and IP, do so much work that the
folks who invented all these protocols named the whole thing TCP/IP. TCP
stands for Transmission Control Protocol, and IP stands for Internet Protocol.
IP is the network protocol I need to discuss first; rest assured, however, I’ll
cover TCP in plenty of detail later.
MAC addresses are also
known as physical addresses.
TCP/IP dominates the
networking universe. Almost
every network in existence
uses TCP/IP. Because it is more
specific, a simpler model called
the TCP/IP model was created to
describe it. You’ll learn all about
this model later in the chapter.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
24
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2
IP—Playing on Layer 3, the Network Layer
At the Network layer, Layer 3, packets get created and addressed so they can
go from one network to another. The Internet Protocol is the primary logical
addressing protocol for TCP/IP. IP makes sure that a piece of data gets to
where it needs to go on the network. It does this by giving each device on
the network a unique numeric identifier called an IP address. An IP address
is known as a logical address to distinguish it from the physical address, the
MAC address of the NIC.
Every network protocol uses some type of naming convention, but
no two protocols use the same convention. IP uses a rather unique dotted
decimal notation (sometimes referred to as a dotted-octet numbering sys-
tem) based on four 8-bit numbers. Each 8-bit number ranges from 0 to 255,
and the four numbers are separated by periods. (If you don’t see how 8-bit
numbers can range from 0 to 255, don’t worry—by the end of this book,
you’ll understand these naming conventions in more detail than you ever
believed possible!) A typical IP address might look like this:
192.168.4.232
No two systems on the same network share the same IP address; if two
machines accidentally receive the same address, they won’t be able to send
or receive data. These IP addresses don’t just magically appear—they must
be configured by the end user (or the network administrator).
Take a look at Figure 2.26. What makes logical addressing powerful is
the magic box—called a router—that connects each of the subnets. Routers
use the IP address, not the MAC address, to forward data. This enables
networks to connect across data lines that don’t use Ethernet, like the tele-
phone network. Each network type (such as Ethernet, SONET, ATM, and
others that we’ll discuss later in the book) uses a unique frame. Figure 2.27
shows a typical router.
Figure 2.27 • Typical small router
Try to avoid using redundant
expressions. Even though many
techs will say “IP protocol,” for
example, you know that “IP”
stands for “Internet Protocol.”
It wouldn’t be right to say
“Internet Protocol protocol” in
English, so it doesn’t work in
network speak either.
BaseTech
Chapter 2: Network Models
25
What’s important here is for you to appreciate that in a TCP/IP net-
work, each system has two unique identifiers: the MAC address and the IP
address. The MAC address (the physical address) is literally burned into
the chips on the NIC, whereas the IP address (the logical address) is simply
stored in the system’s software. MAC addresses come with the NIC, so you
don’t configure MAC addresses, whereas you must configure IP addresses
using software. Figure 2.28 shows the MHTechEd network diagram again;
this time with the MAC and IP addresses displayed for each system.
Figure 2.28 • MHTechEd addressing
Packets Within Frames
For a TCP/IP network to send data successfully, the data must be wrapped
up in two distinct containers. A frame of some type enables the data to
move from one device to another. Inside that frame is both an IP-specific
container that enables routers to determine where to send data—regardless
of the physical connection type—and the data itself. In TCP/IP, that inner
container is called a packet.
Figure 2.29 shows a typical IP packet; notice the similarity to the frames
you saw earlier.
Destination
IP address
Source
IP address
Data
Figure 2.29 • IP packet
This is a highly simplified IP
packet. I am not including lots of
little parts of the IP packet in this
diagram because they are not
important to what you need to
understand right now—but don’t
worry, you’ll see them later in
the book!
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
26
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2
But IP packets don’t leave their PC
home without any clothes on! Each IP
packet is handed to the NIC, which then
encloses the IP packet in a regular frame,
creating, in essence, a packet within a
frame. I like to visualize the packet as an
envelope, with the envelope in the pneu-
matic canister frame (Figure 2.30). A more
conventional drawing would look like
Figure 2.31.
When you send data from one com-
puter to another on a TCP/IP network
such as the Internet, that data can go
through many routers before it reaches its
destination. Each router strips off the
incoming frame, determines where to
send the data according to the IP address
in the packet, creates a new frame, and
then sends the packet within a frame on
its merry way. The new frame type will
be the appropriate technology for what-
ever connection technology connects to
the next router. That could be a cable or
DSL network connection, for example
(Figure 2.32). The IP packet, on the other
hand, remains unchanged.
Once the packet reaches the destination subnet’s router, that router will
strip off the incoming frame—no matter what type—look at the destination
IP address, and then add a frame with the appropriate destination MAC
address that matches the destination IP address.
Frame
Header
Packet
Header FCS
Data
Packet
Frame
Figure 2.31 • IP packet in a frame
Keep in mind that not all
networks are Ethernet networks.
Ethernet may dominate, but
IP packets fit in all sorts of
other connectivity options. For
example, cable modems use a
type of frame called DOCSIS. T1
lines use a frame called DS1. The
beauty of IP packets is that they
can travel unchanged in each
of these and many others. For
more about these technologies,
check out Chapter 14.
Figure 2.30 • IP packet in a frame (as a canister)
Frame stripped
Incoming frame
New frame added
New frame out
Figure 2.32 • Router removing network frame and adding one for the outgoing connection
BaseTech
Chapter 2: Network Models
27
The receiving NIC strips away the Ethernet frame and passes the
remaining packet off to the software. The networking software built into
your operating system handles all the rest of the work. The NIC’s driver
software is the interconnection between the hardware and the software. The
NIC driver knows how to communicate with the NIC to send and receive
frames, but it can’t do anything with the packet. Instead, the NIC driver
hands the packet off to other programs that know how to deal with all the
separate packets and turn them into Web pages, e-mail messages, files, and
so forth.
The Network layer (Layer 3) is the last layer that deals directly with
hardware. All the other layers of the OSI seven-layer model work strictly
within software.
Assembly and Disassembly—Layer 4,
the Transport Layer
Because most chunks of data are much larger than a single packet, they
must be chopped up before they can be sent across a network. When a serv-
ing computer receives a request for some data, it must be able to chop the
requested data into chunks that will fit into a packet (and eventually into
the NIC’s frame), organize the packets for the benefit of the receiving sys-
tem, and hand them to the NIC for sending. The receiving system must be
able to recognize a series of incoming packets as one data transmission,
reassemble the packets correctly based on information included in the
packets by the sending system, and verify that all the packets for that piece
of data arrived in good shape.
This part is relatively simple—the transport protocol breaks up the data
into packets and gives each packet some type of sequence number. I like
to compare this process to the one that my favorite international shipping
company uses. I receive boxes from UPS almost every day; in fact, some
days I receive many, many boxes from UPS. To make sure I get all the boxes
for one shipment, UPS puts a numbering system, like the one shown in
Figure 2.33, on the label of each box. A computer sending data on a network
does the same thing. Embedded into the data of each packet is a sequencing
number. By reading the sequencing numbers, the receiving system knows
both the total number of packets and how to put them back together.
Figure 2.33 • Labeling the boxes
I’m using the term
“packets” here to refer to a
generic container. Because
the OSI model can be applied
to many different network
protocols, the terminology
for this container changes.
Almost all protocols split up
data at the Transport layer and
add sequencing numbers so
the receiving computer can
put them together in logical
order. What happens at that
point depends on the protocol
suite. In TCP/IP, for example,
the precisely named IP packet
is created at the Network layer
and other container types are
created at the Transport layer.
I’ll go into a lot more detail
on this in the TCP/IP model
section later in this book. That
model, rather than the OSI
model, makes more sense for
TCP/IP network descriptions.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
28
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2
The MHTechEd network just keeps getting more and more complex,
doesn’t it? And the Word document still hasn’t been copied, has it? Don’t
worry; you’re almost there—just a few more pieces to go!
Layer 4, the Transport layer of the OSI seven-layer model, has a big job:
it’s the assembler/disassembler software. As part of its job, the Transport
layer also initializes requests for packets that weren’t received in good order
(Figure 2.34).
Figure 2.34 • OSI updated
Talking on a Network—Layer 5,
the Session Layer
Now that you understand that the
system uses software to assemble
and disassemble data packets,
what’s next? In a network, any one
system may be talking to many other
systems at any given moment. For
example, Janelle’s PC has a printer
used by all the MHTechEd systems,
so there’s a better than average
chance that, as Dana tries to access
the Word document, another sys-
tem will be sending a print job to
Janelle’s PC (Figure 2.35).
Janelle’s system must direct
these incoming files, print jobs, Web
pages, and so on, to the right pro-
grams (Figure 2.36). Additionally,
the operating system must enable
one system to make a connection
to another system to verify that the
other system can handle whatever
A lot of things happen on a
TCP/IP network at the Transport
layer. I’m simplifying here
because the TCP/IP model does
a way better job explaining each
thing than does the OSI model.
Figure 2.35 • Handling multiple inputs
BaseTech
Chapter 2: Network Models
29
operation the initiating system wants to perform. If Bill’s system wants to
send a print job to Janelle’s printer, it first contacts Janelle’s system to ensure
that it is ready to handle the print job. The session software handles this part
of networking, connecting applications to applications.
Figure 2.36 • Each request becomes a session.
Layer 5, the Session layer of the OSI seven-layer model, handles all the
sessions for a system (Figure 2.37). The Session layer initiates sessions,
accepts incoming sessions, and opens and closes existing sessions. The
Session layer also keeps track of computer naming conventions, such as
calling your computer SYSTEM01 or some other type of name that makes
more sense than an IP or MAC address.
Figure 2.37 • OSI updated
Try This!
See Your Sessions
How many sessions does
a typical system have run-
ning at one time? Well, if you
have a TCP/IP network (and
who doesn’t these days), you
can run the netstat program
from a command prompt to
see all of them. Open a com-
mand prompt and type the
following:
netstat -a
Then press the enter key
to see your sessions. Don’t
worry about trying to inter-
pret what you see—Chapter 9
covers netstat in detail. For
now, simply appreciate that
each line in the netstat output
is a session. Count them!
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
30
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2
Standardized Formats, or Why Layer 6,
Presentation, Has No Friends
One of the most powerful aspects of a network lies in the fact that it works
with (almost) any operating system. Today’s networks easily connect, for
example, a Macintosh system to a Windows PC,
despite the fact that these different operating sys-
tems use different formats for many types of data.
Different data formats used to drive us crazy back
in the days before word processors (like Micro-
soft Word) could import or export a thousand
other word processor formats (Figure 2.38).
This issue motivated folks to create stan-
dardized formats that anyone—at least with
the right program—could read from any type
of computer. Specialized file formats, such as
Adobe’s popular Portable Document Format
(PDF) for documents and PostScript for print-
ing, provide standard formats that any system,
regardless of operating system, can read, write,
and edit ( Figure 2.39).
Figure 2.39 • Everyone recognizes PDF files!
Layer 6, the Presentation layer of the OSI seven-layer model, handles
the conversion of data into formats that are readable by the system. Of all
the OSI layers, the high level of file format standardization has made the
Presentation layer the least important and least used (Figure 2.40).
Figure 2.38 • Different data formats were often unreadable between
systems.
Tech Tip
Acrobat as Open Standard
Adobe released the PDF standard to ISO in 2007 and PDF became the ISO 32000
open standard. Adobe Reader remains the premier application for reading PDF
documents. Note that Adobe seems to be phasing out the Acrobat branding of PDF
documents, but many techs still call PDF “Adobe Acrobat format.”
BaseTech
Chapter 2: Network Models
31
Figure 2.40 • OSI updated
Network Applications—Layer 7,
the Application Layer
The last and most visible part of any network is the software applications
that use it. If you want to copy a file residing on another system in your net-
work, you need an application like Network in Windows 7 (or My Network
Places in earlier versions of Windows) that enables you to access files on
remote systems. If you want to view Web pages, you need a Web browser
like Internet Explorer or Mozilla Firefox. The people who use a network
experience it through an application. A user who knows nothing about all
the other parts of a network may still know how to open an e-mail applica-
tion to retrieve mail (Figure 2.41).
Figure 2.41 • Network applications at work
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
32
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2
Applications may include a number of additional functions, such as
encryption, user authentication, and tools to control the look of the data.
But these functions are specific to the given applications. In other words,
if you want to put a password on your Word document, you must use the
password functions in Word to do so.
The Application layer is Layer 7 in the OSI seven-layer model. Keep in
mind that the Application layer doesn’t refer to the applications themselves.
It refers to the code built into all operating systems that enables network-
aware applications. All operating systems have Application Programming
Interfaces (APIs) that programmers can use to make their programs network
aware (Figure 2.42). An API, in general, provides a standard way for pro-
grammers to enhance or extend an application’s capabilities.
Figure 2.42 • OSI updated
The TCP/IP Model■■
The OSI model was developed as a reaction to a world of hundreds, if not
thousands, of different protocols made by different manufacturers that
needed to play together. The ISO declared the OSI seven-layer model as the
tool for manufacturers of networking equipment to find common ground
between multiple protocols, enabling them to create standards for interop-
erability of networking software and hardware.
The OSI model is extremely popular and very well-known to all net-
working techs. Today’s world, however, is a TCP/IP world. The complexity
of the OSI model doesn’t make sense in a world with one protocol suite.
Given its dominance, the aptly named TCP/IP model shares equal popular-
ity with the venerable OSI model.
The TCP/IP model consists of four layers:
Application ■
Transport ■
BaseTech
Chapter 2: Network Models
33
Internet ■
Link/Network Interface ■
It’s important to appreciate that the TCP/IP model doesn’t have a
standards body to define the layers. Because of this, there are a surprising
number of variations on the TCP/IP model.
A great example of this lack of standardization is the Link layer.
Without a standardizing body, we can’t even agree on the name. While
“Link layer” is extremely common, the term “Network Interface layer” is
equally popular. A good tech knows both of these terms and understands
that they are interchangeable. Notice also that, unlike the OSI model, the
TCP/IP model does not identify each layer with a number.
CompTIA has chosen one popular version of the TCP/IP model for the
CompTIA Network+ competencies and exam. That’s the version you’ll
learn right here. It’s concise, having only four layers, and many important
companies, like Cisco and Microsoft, use it, although with a few varia-
tions in names as just described. The TCP/IP model gives each protocol in
the TCP/IP protocol suite a clear home in one of the four layers.
The clarity of the TCP/IP model shows the flaws in the OSI model.
The OSI model couldn’t perfectly describe all the TCP/IP protocols. In
fact, the OSI model couldn’t perfectly describe any of the now defunct
alternative protocols, such as IPX/SPX and NetBIOS/NetBEUI. Network
nerds have gotten into fistfights over a particular protocol’s exact location
in the OSI model.
The TCP/IP model fixes this ambiguity, at least for TCP/IP. Because
of its tight protocol-to-layer integration, the TCP/IP model is a descriptive
model, whereas the OSI seven-layer model is a prescriptive model.
The Link Layer
The TCP/IP model lumps together the OSI model’s
Layer 1 and Layer 2 into a single layer called the
Link layer (or Network Interface layer), as seen in
Figure 2.43. It’s not that the Physical and Data Link
layers are unimportant to TCP/IP, but the TCP/
IP protocol suite really begins at Layer 3 of the OSI
model. In essence, TCP/IP techs count on other techs
to handle the physical connections in their networks.
All of the pieces that you learned in the OSI model
(cabling, hubs, physical addresses, and NICs) sit
squarely in the Link layer.
A nice way to separate layers in the TCP/IP
model is to think about packets and frames. Any part
of the network that deals with complete frames is in
the Link layer. The moment the frame information is
stripped away from an IP packet, we move out of the
Link layer and into the Internet layer.
Transport
Internet
Link
Transport
Session
Presentation Application
Application
Network
Data Link
Physical
Figure 2.43 • TCP/IP Link layer compared to OSI Layers 1 and 2
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
34
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2
The Internet Layer
The Internet layer should really be called the “IP
packet” layer (Figure 2.44). Any device or protocol that
deals with pure IP packets—getting an IP packet to its
destination—sits in the Internet layer. IP addressing
itself is also part of the Internet layer, as are routers
and the magic they perform to get IP packets to the
next router. IP packets are created at this layer.
The Internet layer doesn’t care about the type of
data an IP packet carries, nor does it care whether the
data gets there in good order or not. Those jobs are for
the next layer: the Transport layer.
The Transport Layer
The Transport layer combines features of the OSI
Transport and Session layers with a dash of Appli-
cation layer just for flavor (Figure 2.45). While the
TCP/IP model is certainly involved with the assem-
bly and disassembly of data, it also defines other
functions, such as connection-oriented and connec-
tionless communication.
Connection-Oriented vs. Connectionless
Communication
Some protocols, like the popular Post Office Protocol
(POP) used for sending e-mail messages, require that
the e-mail client and server verify that they have a
good connection before a message is sent (Figure 2.46).
This makes sense because you don’t want your e-mail
message to be a corrupted mess when it arrives.
Figure 2.46 • Connection between e-mail client and server
Application
Transport
Link
Internet
Session
Transport
Application
Presentation
Data Link
Physical
Network
Figure 2.44 • TCP/IP Internet layer compared to OSI Layer 3
Transport
Session
Application
Link
Transport
Application
Presentation
Data Link
Physical
Network Internet
Figure 2.45 • TCP/IP Transport layer compared to OSI Layers 4, 5,
and part of 7
BaseTech
Chapter 2: Network Models
35
Alternatively, a number of TCP/IP protocols simply send data without
first waiting to verify that the receiving system is ready (Figure 2.47). When
using Voice over IP (VoIP), for example, the call is made without verifying
first whether another device is there.
Figure 2.47 • Connectionless communication
The connection-oriented protocol is called Transmission Control Protocol
(TCP). The connectionless protocol is called User Datagram Protocol (UDP).
Everything you can do on the Internet, from Web browsing to Skype
phone calls to playing World of Warcraft, is predetermined to be either
connection-oriented or connectionless. It’s simply a matter of knowing
your applications.
Segments Within Packets
To see the Transport layer in action, strip away the IP addresses from an IP
packet. What’s left is a chunk of data in yet another container called a TCP
segment. TCP segments have many other fields that ensure the data gets to
its destination in good order. These fields have names such as Checksum,
Flags, and Acknowledgement. Chapter 7 goes into more detail on TCP seg-
ments, but, for now, just know that TCP segments have fields that ensure
the connection-oriented communication works properly. Figure 2.48 shows
a typical (although simplified) TCP segment.
Destination
port
Source
port
Sequence
number
Checksum Flags Acknowledgement Data
Figure 2.48 • TCP segment
Data comes from the Application layer applications. The Transport layer
breaks that data into chunks, adding port numbers and sequence numbers,
creating the TCP segment. The Transport layer then hands the TCP segment
to the Internet layer that, in turn, creates the IP packet.
Most traffic on a TCP/IP network uses TCP at the Transport layer, but
like Yoda said, “There is another,” and that’s UDP. UDP also gets data from
Chapter 7 covers TCP, UDP,
and all sorts of other protocols
in detail.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
36
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2
the Application layer programs and adds port and sequencing numbers to
create a container called a UDP datagram. A UDP datagram lacks most of the
extra fields found in TCP segments, simply because UDP doesn’t care if the
receiving computer gets its data. Figure 2.49 shows a UDP datagram.
Destination
port
Source
port
Sequence
number
Checksum Data
Figure 2.49 • UDP datagram
The Application Layer
The TCP/IP Application layer combines features of the top three layers
of the OSI model (Figure 2.50). Every application, especially connection-
oriented applications, must know how to initiate, control, and disconnect
from a remote system. No single method exists for doing this. Each TCP/IP
application uses its own method.
Transport
Internet
Link
Transport
Session
Presentation Application
Application
Network
Data Link
Physical
Figure 2.50 • TCP/IP Application layer compared to OSI layers 5–7
TCP/IP uses a unique port numbering system that gives each applica-
tion a unique number between 1 and 65535. Some of these port numbers are
very famous. The protocol that makes Web pages work, HTTP, uses port 80,
for example.
Although we can say that the OSI model’s Presentation layer fits inside
the TCP/IP model’s Application layer, no application requires any particu-
lar form of presentation as seen in the OSI model. Standard formats are part
and parcel with TCP/IP protocols. For example, all e-mail messages use
an extremely strict format called MIME. All e-mail servers and clients read
MIME without exception.
BaseTech
Chapter 2: Network Models
37
In the OSI model, we describe the API—the smarts that make applica-
tions network-aware—as being part of the Application layer. While this is
still true for the TCP/IP model, all applications designed for TCP/IP are, by
definition, network-aware. There is no such thing as a “TCP/IP word pro-
cessor” or a “TCP/IP image editor” that requires the added ability to know
how to talk to a network—all TCP/IP applications can talk to the network,
as long as they are part of a network. And every TCP/IP application must
be a part of a network to function: Web browsers, e-mail clients, multiplayer
games, and so on.
Don’t think that the TCP/IP model is any simpler than the OSI model
just because it only uses four layers. With the arguable exception of the Pre-
sentation layer, everything you saw in the OSI model is also found in the
TCP/IP model (Figure 2.51).
Transport
Internet
Link
Transport
Session
Presentation Application
Application
Network
Data Link
Physical
I work at the
Application layer.
And, not surprisingly,
the other Application
layer.
I work on both of
the Transport layers.
Figure 2.51 • OSI model and TCP/IP model side by side
Frames, Packets, and Segments,
Oh My!
The TCP/IP model shows its power in its ability to describe
what happens at each layer to the data that goes from one
computer to another. The Application layer programs create
the data. The Transport layer breaks the data into chunks,
putting those chunks into TCP segments or UDP datagrams.
The Internet layer adds the IP addressing and creates the IP
packets. The Link layer wraps the IP packet into a frame, with
the MAC address information and a frame check sequence
(FCS). Now the data is ready to hit the wire (or airwaves,
if you’re in a café). Figure 2-52 shows all this encapsulating
goodness relative to the TCP/IP model.
Application
data
Segment/
datagram
Packet
FrameIP Packet
Segment
Header Data
Data
Header
Header
Figure 2.52 • Data encapsulation in TCP/IP
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
38
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2
For the exam, remember at what layer each encapsulation happens.
Table 2.1 shows the layers and the corresponding data structure.
Table 2.1 TCP/IP Model Layers and Corresponding Data Structures
TCP/IP Model Layer Data Structure
Link Frame
Internet IP packet
Transport TCP segment/UDP datagram
Application (The data starts and ends here)
The Tech’s Troubleshooting Tool
The OSI seven-layer model and TCP/IP model provide you with a way to
conceptualize a network to determine what could cause a specific prob-
lem when the inevitable problems occur. Good techs always use a model to
troubleshoot their networks.
If Jane can’t print to the networked printer, for example, a model can
help solve the problem. If her NIC shows activity, then, using the OSI
model, you can set aside both the Physical layer (Layer 1) and Data Link
layer (Layer 2). If you’re a TCP/IP model tech, you can look at the same
symptoms and eliminate the Link layer. In either case, you’ll find yourself
moving up the layer ladder to the OSI model’s Network layer (Layer 3) or
the TCP/IP model’s Internet layer. If her computer has a proper IP address,
then you can set that layer aside too, and you can move on up to check other
layers to solve the problem.
Understanding both the OSI and TCP/IP models is important. Sure,
they’re on the CompTIA Network+ exam, but more importantly, they are
your primary diagnostic tool for troubleshooting networks and a commu-
nication tool for talking to your fellow techs.
BaseTech
39
Chapter 2: Network Models
Chapter 2 Review■■
Chapter Summary ■
After reading this chapter and completing the
exercises, you should understand the following about
networking.
Describe how models such as the OSI seven-layer
model and the TCP/IP model help technicians
understand and troubleshoot networks
Modeling is critical to the networking world. You ■
use models to understand and communicate with
other techs about networks.
All models are a simplified representation of the ■
real thing. The human model ignores the many
different types of body shapes, using only a
single “optimal” figure. The model airplane lacks
functional engines or the internal framework, and
the computerized weather model might disregard
subtle differences in wind temperatures or geology.
In the early days of networking, different ■
manufacturers made unique types of networks
that functioned fairly well. But each network
had its own cabling, hardware, drivers, naming
conventions, applications, and many other unique
features. To interconnect networks and improve
networking as a whole, someone needed to create
a guide—a model that described the functions of
a network—so people who made hardware and
software could work together to make networks
that worked together well.
The OSI seven-layer model defines the role played ■
by each protocol. The OSI model also provides
a common jargon that network techs can use to
describe the function of any network protocol.
The TCP/IP four-layer model applies only to ■
networks that use the TCP/IP protocol suite, such
as the Internet.
Explain the major functions of networks with the OSI
seven-layer model.
OSI Layer 1, the Physical layer, includes anything ■
that moves data from one system to another, such
as cabling or radio waves.
OSI Layer 2, the Data Link layer, defines the rules ■
for accessing and using the Physical layer. The
Data Link layer is divided into two sublayers:
Media Access Control (MAC) and Logical Link
Control (LLC).
The MAC sublayer controls access to the Physical ■
layer, or shared media. It encapsulates (creates
the frames for) data sent from the system, adding
source and destination MAC addresses and
error-checking information; it also decapsulates
(removes the MAC addresses and CRC from) data
received by the system.
The LLC sublayer provides an interface with ■
the Network layer protocols. It is responsible
for the ordered delivery of frames, including
retransmission of missing or corrupt packets, and
for flow control (moderating data flow so one
system doesn’t overwhelm the other). Any device
that deals with a MAC address is part of the Data
Link layer.
OSI Layer 3, the Network layer, is the last layer to ■
work directly with hardware. It adds the unique
identifiers (such as IP addresses) to the packets
that enable routers to make sure the packets get
to the correct system without worrying about the
type of hardware used for transmission. Anything
having to do with logical addressing works at the
Network layer.
A network protocol creates unique identifiers ■
for each system and also creates a set of
communication rules for issues such as how to
handle data chopped up into multiple packets
and how to make sure those packets get from one
subnet to another.
OSI Layer 4, the Transport layer, breaks up data ■
received from the upper layers into smaller pieces
for transport and adds sequencing numbers to
make sure the receiving computer can reassemble
the data properly.
Session software at OSI Layer 5 handles the ■
process of differentiating between various types
of connections on a PC. The Session layer initiates
sessions, accepts incoming sessions, and opens and
closes existing sessions. You can use the netstat
program to view existing sessions.
40
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks,Third Edition / Meyers / 911-1 / Chapter 2
OSI Layer 6, the Presentation layer, presents ■
data from the sending system in a form that
the applications on the receiving system can
understand. Standardized data formats, such
as PDF, enable computers running on different
platforms to share data across a network; the result
is that the Presentation layer is the least important
and least used of the seven layers.
OSI Layer 7, the Application layer, defines a set of ■
tools that programs can use to access the network.
Application layer programs provide services to the
programs that the users see.
Describe the major functions of networks with the
TCP/IP model
The TCP/IP Link layer (or Network Interface ■
layer) covers the first two layers of the OSI
model—the physical components like hubs and
cables as well as network frames.
The TCP/IP Internet layer works just like the OSI ■
model’s Network layer. Anything involved with
IP, including packets, addressing, and routing,
happens at this layer.
The TCP/IP Transport layer is similar to the OSI ■
model’s Transport layer, except that the TCP/
IP version differentiates between connection-
oriented communication and connectionless
communication.
In TCP/IP, the Transport layer takes data from ■
the applications, splits the data into chunks called
TCP segments or UDP datagrams, depending on
the protocol used, and adds port and sequence
numbers. The segments and datagrams get
handed down to the Internet layer for IP to further
encapsulate the data.
The TCP/IP Application layer combines the top ■
three layers of the OSI model into one super
layer. The session component works similarly
to the OSI model’s Session layer. There is no
presentation component that compares to the OSI
model’s Presentation layer, however. The TCP/IP
Application layer is like the OSI model’s version,
except that TCP/IP connectivity is implied and not
a separate program or function.
Key Terms ■
Application layer (32)
broadcast address (18)
cyclic redundancy check (CRC) (17)
Data Link layer (21)
device ID (15)
frame (16)
frame check sequence (FCS) (17)
hub (13)
Internet layer (34)
Internet Protocol (23, 24)
IP address (24)
Link layer (33)
logical address (24)
Logical Link Control (LLC) (21)
MAC address (15)
Media Access Control (MAC) (21)
network interface card (14)
Network Interface layer (33)
Network layer, Layer 3 (24)
network protocol (23)
NIC (14)
Open Systems Interconnection (OSI) seven-layer
model (8)
organizationally unique identifier (OUI) (15)
packet (25)
physical address (15)
Physical layer (14)
Presentation layer (30)
protocols (11)
router (24)
Session layer (29)
session software (29)
subnets (23)
TCP segment (35)
Transmission Control Protocol (TCP) (23)
Transmission Control Protocol/Internet Protocol
(TCP/IP) model (8)
Transport layer (28)
UDP datagram (36)
unshielded twisted pair (UTP) (13)
User Datagram Protocol (UDP) (35)
BaseTech
41
Chapter 2: Network Models
Key Term Quiz ■
Use the Key Terms list to complete the sentences that
follow. Not all terms will be used.
The _______________ is an example of software 1.
that creates packets for moving data across
networks.
Most often, the _______________ provides the 2.
physical connection between the PC and the
network.
Using the _______________ enables a computer 3.
to send a packet that every other PC on the
network will process.
You can connect two very different networks by 4.
using a(n) _______________.
Every NIC has a hard-coded identifier called a(n) 5.
_______________.
The _______________ provides an excellent tool 6.
for conceptualizing how a TCP/IP network
works. (Select the best answer.)
On a sending machine, data gets broken up 7.
at the _______________ of the OSI seven-layer
model.
NICs encapsulate data into a(n) _______________ 8.
for sending that data over a network.
A(n) _______________ enables multiple machines 9.
to connect over a network.
The _______________ provides the key interface 10.
between the Physical and Network layers.
Multiple-Choice Quiz ■
Which of the following OSI layers converts the 1.
ones and zeroes to electrical signals and places
these signals on the cable?
Physical layerA.
Transport layerB.
Network layerC.
Data Link layerD.
The term “unshielded twisted pair” describes 2.
which of the following network components?
CableA.
HubB.
RouterC.
NICD.
From the options that follow, select the one 3.
that best describes the contents of a typical
(simplified) network frame.
Sender’s MAC address, recipient’s MAC A.
address, data, FCS
Recipient’s MAC address, sender’s MAC B.
address, data, FCS
Recipient’s IP address, sender’s IP address, C.
data, FCS
Recipient’s e-mail address, sender’s e-mail D.
address, data, FCS
Which of the following is most likely to be a 4.
MAC address assigned to a NIC?
192.168.1.121A.
24.17.232.7BB.
23.4F.17.8A.4C.10C.
713.555.1212D.
Which layer of the TCP/IP model involves 5.
routing?
Link layerA.
Transport layerB.
Internet layerC.
Application layerD.
How much data can a typical frame contain?6.
500 bytesA.
1500 bytesB.
1500 kilobytesC.
1 megabyteD.
42
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2
Which of the following best describes an IP 7.
address?
A unique dotted decimal notation burned A.
into every NIC
A unique 48-bit identifying number burned B.
into every NIC
A dotted decimal notation assigned to a NIC C.
by software
A 48-bit identifying number assigned to a D.
NIC by software
Which layer of the OSI model makes sure the 8.
data is in a readable format for the Application
layer?
Application layerA.
Presentation layerB.
Session layerC.
Transport layerD.
At which layer of the TCP/IP model are UDP 9.
datagrams created?
Link/Network InterfaceA.
InternetB.
TransportC.
ApplicationD.
Which protocol creates the final IP packet?10.
NICA.
IPB.
TCPC.
UDPD.
Which TCP/IP layer includes Layers 5–7 from 11.
the OSI seven-layer model?
Application layerA.
Transport layerB.
Internet layerC.
Link layerD.
What component of Layer 2 of the OSI seven-12.
layer model is responsible for the ordered
delivery of frames, including retransmission of
missing or corrupt packets?
MAC sublayerA.
LLC sublayerB.
CRC sublayerC.
Data Link sublayerD.
Which components work at Layer 1 of the OSI 13.
seven-layer model? (Select two.)
CablesA.
HubB.
Network protocolC.
Session softwareD.
Andalyn says complete 48-bit MAC addresses 14.
are allocated to NIC manufacturers from the
IEEE. Buster says the IEEE only assigns the first
24 bits to manufacturers. Carlos says the IEEE
assigns only the last 24 bits to manufacturers.
Who is correct?
Only Andalyn is correct.A.
Only Buster is correct.B.
Only Carlos is correct.C.
No one is correct.D.
If a sending system does not know the MAC 15.
address of the intended recipient system, it sends
a broadcast frame with what MAC address?
192.168.0.0A.
FF-FF-FF-FF-FF-FFB.
11-11-11-11-11-11C.
00-00-00-00-00-00D.
Essay Quiz ■
Some new techs at your office are confused by 1.
the differences between a NIC’s frame and an IP
packet. Write a short essay describing the two
encapsulations, including the components that
do the encapsulating.
Your boss has received a set of files with the file 2.
extension .WP and is worried because he’s never
seen that extension before. He wants people to
have access to the information in those files from
anywhere in the network. Write a short memo
describing how Microsoft Word can handle these
files, including a discussion of how that fits with
the OSI seven-layer model.
BaseTech
43
Chapter 2: Network Models
Lab Projects
Lab Project 2.1 •
Examine your classroom network. What
components does it have? How would you
classify those components according to the OSI
seven-layer model?
Lab Projects
Lab Project 2.2 •
Create a mnemonic phrase to help you
remember the OSI seven-layer model. With
two layers beginning with the letter P, how will
you differentiate in your mnemonic between
Presentation and Physical? How will you
incorporate the two sublayers of the Data Link
layer?
44
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 3
3
chapter Cabling and Topology
“It’s from someone who says
she’s a fan of my work on low-
dimensional topology. And she’s
a fan of my . . . hair.”
—Charlie eppes, Numb3rs
In this chapter, you will learn
how to
Explain the different types of ■■
network topologies
Describe the different types of ■■
network cabling
Describe the IEEE networking ■■
standards
Every network must provide some method to get data from one system to another. In most cases, this method consists of some type of cabling
(usually copper or fiber-optic) running between systems, although many
networks skip wires and use wireless methods to move data. Stringing those
cables brings up a number of critical issues you need to understand to work on a
network. How do all these cables connect the computers? Does every computer
on the network run a cable to a central point? Does a single cable snake through
the ceiling, with all the computers on the network connected to it? These
questions need answering! Furthermore, manufacturers need standards so they
can make networking equipment that works well together. While we’re talking
about standards, what about the cabling itself? What type of cable? What
quality of copper? How thick should it be? Who defines the standards for cables
so they all work in the network?
This chapter answers these questions in three parts. First, you will learn
about network topology—the way that cables and other pieces of hardware
connect to one another. Second, you will tour the most common standardized
cable types used in networking. Third, you will discover the IEEE committees
that create network technology standards.
BaseTech
Chapter 3: Cabling and Topology
45
Test Specific
Topology■■
Computer networks employ many different topologies, or ways of connect-
ing computers together. This section looks at both the historical topologies—
bus, ring, and star—and the modern topologies—hybrid, mesh, point-to-
multipoint, and point-to-point.
Bus and Ring
The first generation of wired
networks used one of two
topologies, both shown in
Figure 3.1. A bus topology
uses a single cable that con-
nects all of the computers in a
line. A ring topology connects
all computers on the network
with a ring of cable.
Note that topologies are
diagrams, much like an electrical circuit
diagram. Real network cabling doesn’t
go in perfect circles or perfect straight
lines. Figure 3.2 shows a bus topology
network that illustrates how the cable
might appear in the real world.
Data flows differently between bus
and ring networks, creating different
problems and solutions. In bus topol-
ogy networks, data from each computer
simply goes out on the whole bus. A
network using a bus topology needs
termination at each end of the cable to
prevent a signal sent from one com-
puter from reflecting at the ends of the
cable, quickly bringing the network
down (Figure 3.3).
Figure 3.1 • Bus and ring topologies
Figure 3.2 • Real-world bus topology
Figure 3.3 • Terminated bus topology
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
46
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 3
In a ring topology network, in contrast, data traffic moves in a circle
from one computer to the next in the same direction (Figure 3.4). With no
end to the cable, ring networks require no termination.
Bus and ring topology networks work well but suffer from the same
problem: the entire network stops working if the cable breaks at any
point. The broken ends on a bus topology network aren’t terminated,
causing reflection between computers that are still connected. A break in
a ring topology network simply breaks the circuit, stopping the data flow
( Figure 3.5).
Figure 3.4 • Ring topology moving in a certain direction Figure 3.5 • Nobody is talking!
Star
The star topology uses a central connection box for all
the computers on the network (Figure 3.6). Star topol-
ogy has a huge benefit over ring and bus topologies
by offering fault tolerance—if one of the cables breaks,
all of the other computers can still communicate. Bus
and ring topology networks were popular and inex-
pensive to implement, however, so the old-style star
topology networks weren’t very successful. Network
hardware designers couldn’t easily redesign their
existing networks to use a star topology.
Figure 3.6 • Star topology
BaseTech
Chapter 3: Cabling and Topology
47
Hybrids
Even though network designers couldn’t easily use a star topology, the
benefits of star topologies were overwhelming, motivating smart people
to come up with a way to use star topologies without requiring a major
redesign—and the way they did so was ingenious. The ring topology net-
work designers struck first by taking the entire ring and shrinking it into a
small box, as shown in Figure 3.7.
This was quickly followed by the bus topology folks who, in turn, shrunk
their bus (better known as the segment) into their own box ( Figure 3.8).
Figure 3.7 • Shrinking the ring
The most successful of the
star ring topology networks was
called Token Ring, manufactured
by IBM.
Figure 3.8 • Shrinking the segment
Physically, they looked like a star, but if you examined it as an electronic
schematic, the signals acted like a ring or a bus. Clearly the old definition of
topology needed a little clarification. When we talk about topology today,
we separate how the cables physically look (the physical topology) from how
the signals travel electronically (the signaling topology or logical topology).
Any form of networking technology that combines a physical topology
with a signaling topology is called a hybrid topology. Hybrid topologies
have come and gone since the earliest days of networking. Only two hybrid
topologies, star-ring topology and star-bus topology, ever saw any amount
of popularity. Eventually star-ring lost market share, and star-bus reigned
as the undisputed king of topologies.
Mesh and Point-to-Multipoint
Topologies aren’t just for wired networks. Wireless networks also need
topologies to get data from one machine to another, but using radio waves
instead of cables involves somewhat different topologies. Almost all wire-
less networks use one of two different topologies: a mesh topology or a
point-to-multipoint topology (Figure 3.9).
Most techs refer to the
signaling topology as the logical
topology today. That’s how you’ll
see it on the CompTIA Network+
exam as well.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
48
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks,Third Edition / Meyers / 911-1 / Chapter 3
Figure 3.9 • Mesh and point-to-multipoint topologies
Mesh
In a mesh topology network, every computer connects to every other com-
puter via two or more routes. Some of the routes between two computers
may require traversing through another member of the mesh network.
There are two types of meshed topologies: partially meshed and fully
meshed (Figure 3.10). In a partially meshed topology network, at least two
machines have redundant connections. Every machine doesn’t have to con-
nect to every other machine. In a fully meshed topology network, every com-
puter connects directly to every other computer.
Figure 3.10 • Partially and fully meshed topologies
If you’re looking at Figure 3.10 and thinking that a mesh topology
looks amazingly resilient and robust, it is—at least on paper. Because every
BaseTech
Chapter 3: Cabling and Topology
49
computer connects to every other computer on the fully meshed network,
even if half the PCs crash, the network still functions as well as ever (for
the survivors). In a practical sense, however, implementing a fully meshed
topology for a wired network would be an expensive mess. Even a tiny
fully meshed network with 10 PCs, for example, would need 45 separate
and distinct pieces of cable to connect every PC to every other PC. What a
mesh mess! Because of this, mesh topologies have never been practical for
a wired network.
Make sure you know the formula to calculate the number of connec-
tions needed to create a fully meshed network, given a certain number of
computers. Here’s the formula:
y = number of computers
Number of connections = y(y – 1)/2
So, if you have six computers, you need 6(6 – 1)/2 = 30/2 = 15 connections
to create a fully meshed network.
Point-to-Multipoint
In a point-to-multipoint topology, a single system acts as a common source
through which all members of the point-to-multipoint network converse.
If you compare a star topology to a slightly rearranged point-to-multipoint
topology, you might be tempted to say they’re the same thing. Granted,
they’re similar, but look at Figure 3.11. See what’s in the middle? The subtle
but important difference is that a point-to-multipoint topology requires an
intelligent device in the center, whereas the device in the center of a star
topology has little more to do than send or provide a path for a signal down
all the connections.
Figure 3.11 • Comparing star and point-to-multipoint topologies
You’ll sometimes find mesh or point-to-multipoint topology used in
wired networks, but they’re rare. These two topologies are far more com-
monly seen in wireless networks.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
50
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks,Third Edition / Meyers / 911-1 / Chapter 3
Point-to-Point
In a point-to-point topology network, two computers connect
directly together with no need for a central device of any kind.
You’ll find point-to-point topologies implemented in both wired
and wireless networks (Figure 3.12).
Parameters of a Topology
Although a topology describes the method by which systems in a network
connect, the topology alone doesn’t describe all of the features necessary to
enable those networks. The term bus topology, for example, describes a net-
work that consists of some number of machines connected to the network
via a single linear piece of cable. Notice that this definition leaves a lot of
questions unanswered. What is the cable made of? How long can it be?
How do the machines decide which machine should send data at a specific
moment? A network based on a bus topology can answer these questions
in a number of different ways—but it’s not the job of the topology to define
issues like these. A functioning network needs a more detailed standard.
Over the years, particular manufacturers and standards bodies have
created several specific network technologies based on different topologies.
A network technology is a practical application of a topology and other criti-
cal technologies that provides a method to get data from one computer to
another on a network. These network technologies have names like 10BaseT,
1000BaseF, and 10GBaseLX. You will learn all about these in the next two
chapters.
Cabling■■
The majority of networked systems link together using some type of cabling.
Different types of networks over the years have used a number of different
types of cables—and you need to learn about all these cables to succeed on
the CompTIA Network+ exam! This section explores both the cabling types
used in older networks and those found in today’s networks.
All cables used in the networking industry can be categorized in three
distinct groups: coaxial (coax), twisted pair, and fiber-optic. Let’s look at
all three.
Coaxial Cable
Coaxial cable contains a central conductor wire surrounded
by an insulating material, which, in turn, is surrounded by a
braided metal shield. The cable is referred to as coaxial (coax
for short) because the center wire and the braided metal shield
share a common axis or centerline (Figure 3.13).
Coaxial cable shields data transmissions from electromag-
netic interference (EMI). Many devices in the typical office
environment generate magnetic fields, including lights, fans,
Figure 3.12 • Point-to-point topology
Make sure you know all
your topologies: bus, ring,
star, hybrid, mesh, point-to-
multipoint, and point-to-point.
Figure 3.13 • Cutaway view of coaxial cable
BaseTech
Chapter 3: Cabling and Topology
51
copy machines, and refrigerators. When a metal wire encounters these
magnetic fields, electrical current is generated along the wire. This extra
current—EMI—can shut down a network because it is easily misinterpreted
as a signal by devices like NICs. To prevent EMI from affecting the network,
the outer mesh layer of a coaxial cable shields the center wire (on which the
data is transmitted) from interference (Figure 3.14).
Early bus topology networks used coaxial cable to connect computers
together. Back in the day, the most popular cable used special bayonet-style
connectors called BNC connectors (Figure 3.15). Even earlier bus networks
used thick cable that required vampire connections—sometimes called
vampire taps—that literally pierced the cable.
Figure 3.14 • Coaxial cable showing
braided metal shielding
Figure 3.15 • BNC connector on coaxial
cable
You’ll find coaxial cable used today primarily to enable a cable modem
to connect to an Internet service provider (ISP). Connecting a computer to the
cable modem enables that computer to access the Internet. This cable is the
same type used to connect televisions to cable boxes or to satellite receivers.
These cables use an F-connector that screws on, making for a secure connec-
tion (Figure 3.16).
Figure 3.16 • F-type connector on coaxial cable
Coaxial cabling is also very
popular with satellite, over-the-
air antennas, and even some
home video devices. This book
covers cable and other Internet
connectivity options in great
detail in Chapter 14.
Tech Tip
What’s in a Name?
Techs all around the globe argue
over the meaning of BNC.
A solid percentage says with
authority that it stands for
“British Naval Connector.” An
opposing percentage says with
equal authority that it stands
for “Bayonet Neill-Concelman,”
after the stick-and-twist style of
connecting and the purported
inventors of the connector. The
jury is still out, though this week
I’m leaning toward Neill and
Concelman and their bayonet-
style connector.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
52
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 3
Cable modems connect using either RG-6 or, rarely, RG-59. RG-59 was
used primarily for cable television rather than networking. Its thinness and
the introduction of digital cable motivated the move to the more robust
RG-6, the predominant cabling used today (Figure 3.17).
All coax cables have a Radio Grade (RG) rating. The U.S. military devel-
oped these ratings to provide a quick reference for the different types of
coax. The only important measure of coax cabling is its Ohm rating, a relative
measure of the resistance (or more precisely, characteristic impedance) on
the cable. You may run across other coax cables that don’t have acceptable
Ohm ratings, although they look just like network-rated coax. Fortunately,
most coax cable types display their Ohm ratings on the cables themselves
(see Figure 3.18). Both RG-6 and RG-59 cables are rated at 75 Ohms.
The Ohm rating of a
particular piece of cable
describes the impedance of that
cable. Impedance describes a
set of characteristics that define
how much a cable resists the
flow of electricity. This isn’t
simple resistance, though.
Impedance also factors in things
like how long it takes the wire
to get a full charge—the wire’s
capacitance—and more.
Figure 3.17 • RG-6 cable Figure 3.18 • Ohm rating (on an older, RG-58 cable used for
networking)
Given the popularity of cable for television and Internet in homes today,
you’ll run into situations where people need to take a single coaxial cable
and split it. Coaxial handles this quite nicely with coaxial splitters like the
one shown in Figure 3.19. You can also connect two coaxial cables together
easily using a barrel connector when you need to add some distance to a
connection (Figure 3.20).
Figure 3.19 • Coaxial splitter Figure 3.20 • Barrel connector
BaseTech
Chapter 3: Cabling and Topology
53
Twisted Pair
The most common type of cabling used in networks consists of twisted pairs
of cables, bundled together into a common jacket. Twisted-pair cabling
for networks is composed of multiple pairs of wires, twisted around each
other at specific intervals. The twists reduce interference, called crosstalk:
the more twists, the less crosstalk. Networks use two types of twisted-pair
cabling: shielded twisted pair and unshielded twisted pair.
Shielded Twisted Pair
Shielded twisted pair (STP), as its name implies, consists of
twisted pairs of wires surrounded by shielding to protect
them from EMI. STP is pretty rare, primarily because there’s
so little need for STP’s shielding. The shielding only really
matters in locations with excessive electronic noise, such as a
shop floor with lots of lights, electric motors, or other machin-
ery that could cause problems for other cables. Figure 3.21
shows the most common STP type: the venerable IBM Type 1
cable used in Token Ring network technology.
Unshielded Twisted Pair
Unshielded twisted pair (UTP) is by far the most
common type of network cabling used today. UTP
consists of twisted pairs of wires surrounded by
a plastic jacket (Figure 3.22). This jacket does not
provide any protection from EMI, so when install-
ing UTP cabling, you must be careful to avoid
interference from fluorescent lights, motors, and
so forth. UTP costs much less than STP but, in
most cases, performs just as well.
Although more sensitive to interference than
coaxial or STP cable, UTP cabling provides an
inexpensive and flexible means to cable networks.
UTP cable isn’t exclusive to networks. Many other
technologies (such as telephone systems) employ the same cabling. This
makes working with UTP a bit of a challenge. Imagine going up into a ceil-
ing and seeing two sets of UTP cables: how would you determine which is
for the telephones and which is for the network? Not to worry—a number
of installation standards and tools exist to help those who work with UTP
answer these types of questions.
Have you ever picked up a
telephone and heard a distinct
crackling noise? That’s an
example of crosstalk.
Figure 3.21 • Shielded twisted pair
Figure 3.22 • Unshielded twisted pair
Cross Check
OSI Seven-Layer and TCP/IP Model
You’ve seen UTP cabling before when Dana accessed documents on
Janelle’s PC at MHTechEd. Refer to Chapter 2, and cross-check your
memory. At what layer of the OSI seven-layer model would you put
UTP cabling? For that matter, at what layer would you put network
topology? How about on the TCP/IP model?
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
54
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks,Third Edition / Meyers / 911-1 / Chapter 3
Not all UTP cables are the same! UTP cabling has a number of varia-
tions, such as the number of twists per foot. To help network installers get
the right cable for the right network technology, the cabling industry has
developed a variety of grades called category (CAT) ratings. CAT ratings
are officially rated in megahertz (MHz), indicating the highest frequency the
cable can handle. Table 3.1 shows the most common categories along with
their status with the TIA/EIA (see the Tech Tip for more information).
Table 3.1 CAT Ratings for UTP
CAT Rating Max Frequency Max Bandwidth Status with TIA/EIA
CAT 1 < 1 MHz Analog phone
lines only
No longer recognized
CAT 2 4 MHz 4 Mbps No longer recognized
CAT 3 16 MHz 16 Mbps Recognized
CAT 4 20 MHz 20 Mbps No longer recognized
CAT 5 100 MHz 100 Mbps No longer recognized
CAT 5e 100 MHz 1000 Mbps Recognized
CAT 6 250 MHz 10000 Mbps Recognized
UTP cables are rated to handle a certain frequency or cycles per second,
such as 100 MHz or 1000 MHz. You could take the frequency number in the
early days of networking and translate that into the maximum throughput
for a cable. Each cycle per second (or hertz) basically accounted for one bit of
data per second. A 10 million cycle per second (10 MHz) cable, for example,
could handle 10 million bits per second (10 Mbps). The maximum amount
of data that goes through the cable per second is called the bandwidth.
For current networks, developers have implemented bandwidth-efficient
encoding schemes, which means they can squeeze more bits into the same
signal as long as the cable can handle it. Thus, the CAT 5e cable can handle
a throughput of up to 1000 Mbps, even though it’s rated to handle a fre-
quency of only up to 100 MHz.
Because most networks can run at speeds of up to 1000 MHz, most
new cabling installations use Category 5e (CAT 5e) cabling, although a
large number of installations use CAT 6 to future-proof the network. CAT
5e cabling currently costs much less than CAT 6, although as CAT 6 gains
in popularity, it’s slowly drop-
ping in price.
Make sure you can look at UTP
and know its CAT rating. There
are two places to look. First, UTP
is typically sold in boxed reels,
and the manufacturer will clearly
mark the CAT level on the box
(Figure 3.23). Second, look on the
cable itself. The category level of a
piece of cable is usually printed on
the cable (Figure 3.24).
The CompTIA Network+
exam is only interested
in CAT 3, CAT 5, CAT 5e,
and CAT 6 cables.
Tech Tip
Industry Standards
Bodies
Several international groups set
the standards for cabling and
networking in general. Ready for
alphabet soup? At or near the top
is the International Organization
for Standardization (ISO). The
American National Standards
Institute (ANSI) is both the
official U.S. representative to the
ISO and a major international
player. ANSI checks the standards
and accredits other groups,
such as the Telecommunications
Industry Association (TIA) and
the Electronic Industries Alliance
(EIA). The TIA and EIA together
set the standards for UTP cabling,
among many other things.
Try This!
Shopping Spree!
Just how common has CAT 6 become in your neighborhood? Take a
run down to your local hardware store or office supply store and shop
for UTP cabling. Do they carry CAT 6? CAT 5? CAT 7? What’s the dif-
ference in price? If it’s not much more expensive to go with the better
cable, the expected shift in networking standards has occurred and you
might want to upgrade your network.
BaseTech
Chapter 3: Cabling and Topology
55
Anyone who’s plugged in a telephone has probably already dealt with
the registered jack (RJ) connectors used with UTP cable. Telephones use RJ-11
connectors, designed to support up to two pairs of wires. Networks use the
four-pair RJ-45 connectors (Figure 3.25).
Fiber-Optic
Fiber-optic cable transmits light rather than electricity, making it attractive
for both high-EMI areas and long-distance transmissions. Whereas a sin-
gle copper cable cannot carry data more than a few hundred meters at
best, a single piece of fiber-optic cabling will operate, depending on the
implementation, for distances of up to tens of kilometers. A fiber-optic
cable has four components: the glass fiber itself (the core); the cladding,
which is the part that makes
the light reflect down the
fiber; buffer material to give
strength, and the insulating
jacket (Figure 3.26).
Fiber-optic cabling is
manufactured with many
different diameters of core
and cladding. In a convenient
bit of standardization, cable
manufacturers use a two-
number designator to define
fiber-optic cables according
to their core and cladding
measurements. The most
common fiber-optic cable
size is 62.5/125 µm. Almost
all network technologies that
use fiber-optic cable require
Figure 3.23 • CAT level marked on box of UTP
Figure 3.24 • CAT level on UTP
Figure 3.25 • RJ-11 (left) and RJ-45 (right)
connectors
Figure 3.26 • Cross section of fiber-optic
cabling
Tech Tip
CAT 6a
If you have a need for speed, the
latest finalized update to the
venerable UTP cable is Category
6a. This update doubles the
bandwidth of CAT 6 to 500
MHz to accommodate 10-Gbps
speeds up to 100 meters. Take
that, fiber! (The 100-meter
limitation, by the way, refers to
the Ethernet standard, the major
implementation of UTP in the
networking world. Chapter 4
covers Ethernet in great detail.)
Other standards are in the
works, however, so by the time
you read this paragraph, CAT 6a
might be old news. CAT 7 (600
MHz), CAT 7a (1000 MHz),
and CAT 8 (1200 MHz) are just
around the corner.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
56
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks,Third Edition / Meyers / 911-1 / Chapter 3
pairs of fibers. One fiber is used for sending, the other for receiving. In
response to the demand for two-pair cabling, manufacturers often con-
nect two fibers together like a lamp cord to create the popular duplex
fiber-optic cabling (Figure 3.27).
Fiber cables are pretty tiny! Light can be sent down a fiber-optic cable as
regular light or as laser light. The two types of light require totally different
fiber-optic cables. Most network technologies that use fiber optics use LEDs
(light emitting diodes) to send light signals. A fiber-optic cable that uses
LEDs is known as multimode fiber (MMF).
A fiber-optic cable that uses lasers is known as single-
mode fiber (SMF). Using laser light and single-mode fiber-
optic cables prevents a problem unique to multimode fiber
optics called modal distortion (signals sent at the same time
don’t arrive at the same time because the paths differ slightly
in length) and enables a network to achieve phenomenally
high transfer rates over incredibly long distances.
Fiber optics also define the wavelength of light used,
measured in nanometers (nm). Almost all multimode cables
transmit 850-nm wavelengths, whereas single-mode trans-
mits either 1310 or 1550 nm, depending on the laser.
Fiber-optic cables come in a broad choice of connector
types. There are over one hundred different connectors,
but the three you need to know for the CompTIA Net-
work+ exam are ST, SC, and LC (Figure 3.28). LC is unique
because it is a duplex connector, designed to accept two
fiber cables.
Figure 3.28 • From left to right: ST, SC, and LC fiber-optic connectors
Other Cables
Fiber-optic and UTP make up almost all network cabling, but a few other
types of cabling may serve from time to time as alternatives to these two:
the ancient serial and parallel cables from the earliest days of PCs and the
modern high-speed serial connection, better known as FireWire. These
cables are only used with quick-and-dirty temporary connections, but they
do work, so they bear at least a quick mention.
For those of you unfamiliar
with it, the odd little u-shaped
symbol describing fiber cable
size (µ) stands for micro, or
1/1,000,000.
Figure 3.27 • Duplex fiber-optic cable
Tech Tip
What’s in a Name?
Most technicians call common
fiber-optic connectors by their
initials—such as ST, SC, or
LC—perhaps because there’s no
consensus about what words go
with those initials. ST probably
stands for straight tip, although
some call it snap twist. But SC
and LC? How about subscriber
connector, standard connector,
or Siemon connector for the
former, and local connector or
Lucent connector for the latter?
If you want to remember the
connectors for the exam, try these:
stick and twist for the bayonet-
style ST connectors; stick and
click for the straight push-in SC
connectors; and little connector
for the . . . little . . . LC connector.
BaseTech
Chapter 3: Cabling and Topology
57
Classic Serial
Serial cabling predates both networking and the personal com-
puter. RS-232, the recommended standard (RS) upon which all
serial communication takes place on your PC, dates from 1969
and hasn’t substantially changed in around 40 years. When IBM
invented the PC way back in 1980, serial connections were just
about the only standard input/output technology available, so
IBM included two serial ports on every PC. The most common
serial port is a 9-pin, male D-subminiature (or DB-9) connector, as
shown in Figure 3.29.
Serial ports offer a poor option for networking, with very slow
data rates—only about 56,000 bps—and only point-to-point con-
nections. In all probability, copying something on a flash drive and
just walking over to the other system is faster, but serial network-
ing does work if needed. Serial ports are quickly fading away,
however, and you no longer see them on new PCs.
Parallel
Parallel connections are as ancient as serial ports. Parallel can run up to
around 2 Mbps, although when used for networking, they tend to be much
slower. Parallel is also limited to point-to-point topology but uses a 25-pin
female—rather than male—DB type connector (Figure 3.30). The IEEE 1284
committee sets the standards for parallel communication. (See the section
“Networking Industry Standards—IEEE,” later in this chapter.)
FireWire
FireWire (based on the IEEE 1394 standard) is the only viable alternative
cabling option to fiber-optic or UTP. FireWire is also restricted to point-to-
point connections, but it’s very fast (currently the standard is up to 800
Mbps). FireWire has its own unique connector (Figure 3.31).
Figure 3.31 • FireWire connector
Figure 3.29 • Serial port
Figure 3.30 • Parallel connector
Concentrate on UTP—that’s
where the hardest CompTIA
Network+ exam questions
come into play. Don’t forget to
give coax, STP, and fiber-optic
a quick pass, and make sure
you understand the reasons
for picking one type of cabling
over another. Even though the
CompTIA Network+ exam does
not test too hard on cabling,
this is important information
that you will use in the real
networking world.
You cannot network
computers using FireWire in
Windows Vista or Windows 7.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
58
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 3
Fire Ratings
Did you ever see the movie The Towering Inferno? Don’t worry if you
missed it—The Towering Inferno was one of the better disaster movies of
the 1970s, although it was no Airplane! Anyway, Steve McQueen stars
as the fireman who saves the day when a skyscraper goes up in flames
because of poor-quality electrical cabling. The burning insulation on the
wires ultimately spreads the fire to every part of the building. Although
no cables made today contain truly flammable insulation, the insulation
is made from plastic, and if you get any plastic hot enough, it will create
smoke and noxious fumes. The risk of burning insulation isn’t fire—it’s
smoke and fumes.
To reduce the risk of your network cables burning and creating nox-
ious fumes and smoke, Underwriters Laboratories and the National Elec-
trical Code (NEC) joined forces to develop cabling fire ratings. The two
most common fire ratings are PVC and plenum. Cable with a polyvinyl
chloride (PVC) rating has no significant fire protection. If you burn a PVC
cable, it creates lots of smoke and noxious fumes. Burning plenum-rated
cable creates much less smoke and fumes, but plenum-rated cable—often
referred to simply as “plenum”—costs about three to five times as much
as PVC-rated cable. Most city ordinances require the use of plenum cable
for network installations. The bottom line? Get plenum!
The space between the acoustical tile ceiling in an office building and
the actual concrete ceiling above is called the plenum—hence the name
for the proper fire rating of cabling to use in that space. A third type of
fire rating, known as riser, designates the proper cabling to use for vertical
runs between floors of a building. Riser-rated cable provides less protec-
tion than plenum cable, though, so most installations today use plenum
for runs between floors.
Networking Industry ■■
Standards—IEEE
The Institute of Electrical and Electronics Engineers (IEEE) defines industry-
wide standards that promote the use and implementation of technol-
ogy. In February 1980, a new committee called the 802 Working Group
took over from the private sector the job of defining network standards.
The IEEE 802 committee defines frames, speeds, distances, and types of
cabling to use in a network environment. Concentrating on cables, the
IEEE recognizes that no single cabling solution can work in all situations
and, therefore, provides a variety of cabling standards.
IEEE committees define standards for a wide variety of electronics.
The names of these committees are often used to refer to the standards
they publish. The IEEE 1284 committee, for example, sets standards for
parallel communication. Have you ever seen a printer cable marked “IEEE
BaseTech
Chapter 3: Cabling and Topology
59
1284–compliant,” as in Figure 3.32? This means the
manufacturer followed the rules set by the IEEE 1284
committee. Another committee you may have heard
of is the IEEE 1394 committee, which controls the
FireWire standard.
The IEEE 802 committee sets the standards for net-
working. Although the original plan was to define a
single, universal standard for networking, it quickly
became apparent that no single solution would work
for all needs. The 802 committee split into smaller
subcommittees, with names such as IEEE 802.3
and IEEE 802.5. Table 3.2 shows the currently recog-
nized IEEE 802 subcommittees and their areas of jurisdiction. I’ve included
the inactive subcommittees for reference. The missing numbers, such as
802.4 and 802.12, were used for committees long-ago disbanded. Each sub-
committee is officially called a Working Group, except the few listed as a
Technical Advisory Group (TAG) in the table.
Some of these committees deal with technologies that didn’t quite
make it, and the committees associated with those standards, such as
IEEE 802.4, Token Bus, have become dormant. When preparing for the
CompTIA Network+ exam, concentrate on the IEEE 802.3 and 802.11 stan-
dards. You will see these again in later chapters.
Table 3.2 IEEE 802 Subcommittees
IEEE 802 LAN/MAN Overview & Architecture
IEEE 802.1 Higher Layer LAN Protocols
802.1s Multiple Spanning Trees
802.1 Rapid Reconfiguration of Spanning Tree
802.1x Port Based Network Access Control
IEEE 802.2 Logical Link Control (LLC); now inactive
IEEE 802.3 Ethernet
802.3ae 10 Gigabit Ethernet
IEEE 802.5 Token Ring; now inactive
IEEE 802.11 Wireless LAN (WLAN); specifications, such as Wi-Fi
IEEE 802.15 Wireless Personal Area Network (WPAN)
IEEE 802.16 Broadband Wireless Access (BWA); specifications for
implementing Wireless Metropolitan Area Networks
(Wireless MANs); referred to also as WiMAX
IEEE 802.17 Resilient Packet Ring (RPR)
IEEE 802.18 Radio Regulatory Technical Advisory Group
IEEE 802.19 Coexistence Technical Advisory Group
IEEE 802.20 Mobile Broadband Wireless Access (MBWA)
IEEE 802.21 Media Independent Handover
IEEE 802.22 Wireless Regional Area Networks
Memorize the 802.3
and 802.11 standards. Ignore
the rest.
Fire Ratings
Did you ever see the movie The Towering Inferno? Don’t worry if you
missed it—The Towering Inferno was one of the better disaster movies of
the 1970s, although it was no Airplane! Anyway, Steve McQueen stars
as the fireman who saves the day when a skyscraper goes up in flames
because of poor-quality electrical cabling. The burning insulation on the
wires ultimately spreads the fire to every part of the building. Although
no cables made today contain truly flammable insulation, the insulation
is made from plastic, and if you get any plastic hot enough, it will create
smoke and noxious fumes. The risk of burning insulation isn’t fire—it’s
smoke and fumes.
To reduce the risk of your network cables burning and creating nox-
ious fumes and smoke, Underwriters Laboratories and the National Elec-
trical Code (NEC) joined forces to develop cabling fire ratings. The two
most common fire ratings are PVC and plenum. Cable with a polyvinyl
chloride (PVC) rating has no significant fire protection. If you burn a PVC
cable, it creates lots of smoke and noxious fumes. Burning plenum-rated
cable creates much less smoke and fumes, but plenum-rated cable—often
referred to simply as “plenum”—costs about three to five times as much
as PVC-rated cable. Most city ordinances require the use of plenum cable
for network installations. The bottom line? Get plenum!
The space between the acoustical tile ceiling in an office building and
the actual concrete ceiling above is called the plenum—hence the name
for the proper fire rating of cabling to use in that space. A third type of
fire rating, known as riser, designates the proper cabling to use for vertical
runs between floors of a building. Riser-rated cable provides less protec-
tion than plenum cable, though, so most installations today use plenum
for runs between floors.
Networking Industry ■■
Standards—IEEE
The Institute of Electrical and Electronics Engineers (IEEE) defines industry-
wide standards that promote the use and implementation of technol-
ogy. In February 1980, a new committee called the 802 Working Group
took over from the private sector the job of defining network standards.
The IEEE 802 committee defines frames, speeds, distances, and types of
cabling to use in a network environment. Concentrating on cables, the
IEEE recognizes that no single cabling solution can work in all situations
and, therefore, provides a variety of cabling standards.
IEEE committees define standards for a wide variety of electronics.
The names of these committees are often used to refer to the standards
they publish. The IEEE 1284 committee, for example, sets standards for
parallel communication. Have you ever seen a printer cable marked “IEEE
Figure 3.32 • Parallel cable marked IEEE 1284–compliant
60
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 3
Chapter 3 Review■■
Chapter Summary ■
After reading this chapter and completing the exer-
cises, you should understand the following about
cabling and topology.
Explain the different types of network topologies
A network’s ■ topology describes how computers
connect to each other in that network. The most
common network topologies are called bus, ring,
star, and mesh.
In a bus topology, all computers connect to ■
the network via a main line. The cable must
be terminated at both ends to prevent signal
reflections.
In a ring topology, all computers on the network ■
attach to a ring of cable. A single break in the
cable stops the flow of data through the entire
network.
In a star topology, the computers on the network ■
connect to a central wiring point, which provides
fault tolerance.
Modern networks use one of two hybrid ■
topologies: star-bus or star-ring. Star-bus is
overwhelmingly the most common topology
used today.
In a mesh topology, each computer has a ■
dedicated line to every other computer. Mesh
networks can be further categorized as partially
meshed or fully meshed, both of which require
a significant amount of physical cable. Network
techs are able to determine the amount of cable
segments needed with a mathematical formula.
In a point-to-multipoint topology, a single ■
system acts as a common source through which
all members of the network converse.
Mesh and point-to-multipoint topologies are ■
common among wireless networks.
In a point-to-point topology, two computers ■
connect directly together.
Describe the different types of network cabling
Coaxial cable, or coax, shields data transmissions ■
from EMI. Coax was widely used in early bus
networks and used BNC connectors. Today, coax
is used mainly to connect a cable modem to
an ISP.
Coax cables have an RG rating, with RG-6 being ■
the predominant coax today.
Twisted pair, which comes shielded or ■
unshielded, is the most common type of
networking cable today. UTP is less expensive
and more popular than STP, though it doesn’t
offer any protection from EMI.
UTP is categorized by its CAT rating, with ■
CAT 5, CAT 5e, and CAT 6 being the most
commonly used today.
Telephones use RJ-11 connectors, whereas UTP ■
uses RJ-45 connectors.
Fiber-optic cabling transmits light instead of the ■
electricity used in CAT cable or coax. It is thin
and more expensive, yet less flexible and more
delicate, than other types of network cabling.
There are two types of fiber-optic cable based ■
on what type of light is used. LEDs require
multimode cable, whereas lasers generally
require single-mode cable.
All fiber-optic cable has three parts: the fiber ■
itself; the cladding, which covers the fiber and
helps it reflect down the fiber; and the outer
insulating jacket. Additionally, there are over
one hundred types of connectors for fiber-optic
cable, but ST, SC, and LC are the most common
for computer networking.
Plenum-rated UTP is required by most cities for ■
network installations.
Serial cables adhering to the RS-232 standard ■
and parallel cables adhering to the IEEE-1284
standard may be used to network two computers
BaseTech
61
Chapter 3: Cabling and Topology
directly together. You can also use IEEE 1394
(FireWire) connections for direct connection,
although not with Windows Vista or Windows 7.
Describe the IEEE networking standards
Networking standards are established and ■
promoted by the Institute of Electrical and
Electronics Engineers (IEEE).
The IEEE 802 committee defines frames, ■
speeds, distances, and types of cabling to use
in networks. IEEE 802 is split into several
subcommittees, including IEEE 802.3 and IEEE
802.11.
The IEEE 1284 committee defines the standards ■
for parallel communications, whereas the
IEEE 1394 committee defines the standards for
FireWire High-Performance Serial Bus.
Key Terms ■
bandwidth (54)
BNC connectors (51)
bus topology (45)
category (CAT) ratings (54)
cladding (55)
coaxial cable (50)
core (55)
crosstalk (53)
electromagnetic interference (EMI) (50)
fault tolerance (46)
fiber-optic cable (55)
fully meshed topology (48)
hybrid topology (47)
IEEE 1284 (57)
IEEE 1394 (57)
Institute of Electrical and Electronics Engineers
(IEEE) (58)
insulating jacket (55)
logical topology (47)
mesh topology (48)
modal distortion (56)
multimode fiber (MMF) (56)
network topology (44)
Ohm rating (52)
partially meshed topology (48)
physical topology (47)
plenum (58)
point-to-multipoint topology (49)
point-to-point topology (50)
polyvinyl chloride (PVC) (58)
Radio Grade (RG) rating (52)
ring topology (45)
riser (58)
RJ-11 (55)
RJ-45 (55)
RS-232 (57)
segment (47)
shielded twisted pair (STP) (53)
signaling topology (47)
single-mode fiber (SMF) (56)
star-bus topology (47)
star-ring topology (47)
star topology (46)
unshielded twisted pair (UTP) (53)
Key Term Quiz ■
Use the Key Terms list to complete the sentences that
follow. Not all terms will be used.
The _______________ is a network topology that 1.
relies on a main line of network coaxial cabling.
The _______________ of a cable will determine 2.
its speed.
A(n) _______________ provides more fault 3.
tolerance than any other basic network topology.
When your network has all computers connected 4.
to a centrally located wiring closet, you have a
physical _______________ network.
62
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 3
_______________ networks use more than one 5.
type of basic network topology.
CAT 5e cable is a type of _______________ 6.
wiring.
Coaxial cable uses a braided metal shield to 7.
protect data from _______________.
Network cabling can use either light or electricity 8.
to transmit data. The faster of these types uses
light along _______________.
_______________-grade UTP must be installed 9.
in ceilings, whereas _______________-grade UTP
is often used to connect one floor to another
vertically in a building.
The twisting of the cables in UTP and STP 10.
reduces _______________.
Multiple-Choice Quiz ■
Which of the following are standard network 1.
topologies? (Select three.)
BusA.
StarB.
RingC.
Dual-ringD.
John was carrying on at the water cooler the 2.
other day, trying to show off his knowledge
of networking. He claimed that the company
had installed special cabling to handle the
problems of crosstalk on the network. What
kind of cabling did the company install?
CoaxialA.
Shielded coaxialB.
Unshielded twisted pairC.
Fiber-opticD.
Jill needs to run some UTP cable from one 3.
office to another. She found a box of cable in
the closet and wants to make sure it’s CAT 5
or better. How can she tell the CAT level of the
cable? (Select two.)
Check the box.A.
Scan for markings on the cable.B.
Check the color of the cable—gray means C.
CAT 5, yellow means CAT 6e, and so on.
Check the ends of the cable.D.
What topology provides the most fault 4.
tolerance?
BusA.
RingB.
Star-busC.
MeshD.
What organization is responsible for 5.
establishing and promoting networking
standards?
Institute of Electrical and Electronics A.
Engineers (IEEE)
International Networking Standards B.
Organization (INSO)
Federal Communications Commission C.
(FCC)
International Telecommunications D.
Association (ITA)
What aspects of network cabling do the IEEE 6.
committees establish? (Select three.)
Frame sizeA.
SpeedB.
Color of sheathingC.
Cable typesD.
BaseTech
63
Chapter 3: Cabling and Topology
What types of coax cabling have been used in 7.
computer networking? (Select three.)
RG-8A.
RG-45B.
RG-58C.
RG-62D.
What applications are best suited for fiber-8.
optic cabling? (Select two.)
Short distancesA.
Wireless networksB.
High-EMI areasC.
Long distancesD.
What are the main components of fiber-optic 9.
cabling? (Select three.)
CladdingA.
Insulating jacketB.
Copper coreC.
FiberD.
What is the most popular size fiber-optic 10.
cabling?
62.5/125 µmA.
125/62.5 µmB.
50/125 µmC.
125/50 µmD.
Most fiber-optic installations use LEDs to send 11.
light signals and are known as what?
Single-modeA.
MultimodeB.
Complex modeC.
Duplex modeD.
Why must the main cable in a bus topology be 12.
terminated at both ends?
To allow the signal to be amplified so it can A.
reach both ends of the network
To prevent the signal from dropping off the B.
network before reaching all computers
To prevent the signal from bouncing back C.
and forth
To convert the signal to the proper format D.
for a bus network
Where are you most likely to encounter a mesh 13.
network?
On any network using fiber-optic cableA.
On any network using plenum cableB.
On wireless networksC.
On wired networksD.
You are asked by your boss to research 14.
upgrading all the network cable in your
office building. The building manager
requires the safest possible cabling type
in case of fire, and your boss wants to future-
proof the network so cabling doesn’t need
to be replaced when network technologies
faster than 1 Gbps are available. You decide
to use CAT 5e plenum cabling throughout
the building. Which objective have you
satisfied?
Neither the building manager’s nor your A.
boss’s requirements have been met.
Only the building manager’s requirement B.
has been met.
Only your boss’s requirement has C.
been met.
Both the building manager’s and your D.
boss’s requirements have been met.
Which committee is responsible for wireless 15.
networking standards?
IEEE 802.2A.
IEEE 802.3B.
IEEE 802.5C.
IEEE 802.11D.
64
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 3
Lab Project 3.1 •
Lab ProjectsLab Projects
This lab project requires you to demonstrate
knowledge of the four basic network
topologies. Obtain four blank pieces of paper.
Proceed to draw six boxes on each page to
represent six computers—neatness counts!
At the top of each sheet, write one of the
following: bus topology, mesh topology, ring
topology, or star topology. Then draw lines
to represent the physical network cabling
required by each network topology.
Lab Project 3.2 •
In your studies of network cabling for the
CompTIA Network+ certification exam, you
realize you could use a simplified chart to
study from and memorize. Build a reference
study chart that describes the features of
network cabling. Create your completed chart
using a spreadsheet program, or simply a sheet
of paper, with the column headings and names
shown in the following table. If you wish, you
can start by writing your notes here.
Essay Quiz ■
You work in the computer training department 1.
at your company. A newly developed mobile
training program is being planned. The plan
requires setting up five training computers
in a particular department you use to train
on weekly. Write a short essay that describes
which network topology would be quickest
to set up and tear down for this type of onsite
training.
Your boss has decided to have cable run to 2.
every computer in the office, but doesn’t know
which type to use. In an effort to help bring the
company into the 21st century, write a short
essay comparing the merits of UTP and fiber-
optic cabling.
The NICs on your company’s computers all 3.
have dual 10-Mbps and 100-Mbps capability,
yet users complain that the network is slow.
Write a brief essay that explains what could be
the cause of the problem.
Your company has hired a group of new 4.
network techs, and you’ve been tasked to do
their training session on networking standards
organizations. Write a brief essay detailing the
IEEE and its various committees.
BaseTech
65
Chapter 3: Cabling and Topology
Cable Type Description Benefits Drawbacks
CAT 5
CAT 5e
CAT 6
Fiber-optic
Lab Project 3.3 •
In this lab project, you will demonstrate
knowledge of the different IEEE committees
that are most prevalent today. Use the Internet
to research each of these subcommittees:
IEEE 802.3, IEEE 802.5, and IEEE 802.11. Give
an example of where each type of technology
might best be used.
4
chapter
66
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 4
Ethernet Basics
“In theory there is no difference
between theory and practice. In
practice there is.”
—Yogi Berra
In this chapter, you will learn
how to
Define and describe Ethernet■■
Explain early Ethernet ■■
implementations
Describe ways to extend and ■■
enhance Ethernet networks
In the beginning, there were no networks. Computers were isolated, solitary islands of information in a teeming sea of proto-geeks who used clubs and
wore fur pocket protectors. Okay, maybe it wasn’t that bad, but if you wanted to
move a file from one machine to another—and proto-geeks were as much into
that as modern geeks—you had to use Sneakernet, which meant you saved the
file on a disk, laced up your tennis shoes, and hiked over to the other system.
All that walking no doubt produced lots of health benefits, but frankly, proto-
geeks weren’t all that into health benefits—they were into speed, power, and
technological coolness in general. (Sound familiar?) It’s no wonder, then, that
geeks everywhere agreed on the need to replace Sneakernet with a faster and
more efficient method of sharing data. The method they came up with is the
subject of this chapter.
BaseTech
Chapter 4: Ethernet Basics
67
Historical/Conceptual
Ethernet■■
In 1973, Xerox answered the challenge of moving data without sneakers
by developing Ethernet, a networking technology standard based on a bus
topology. The Ethernet standard dominates today’s networks and defines
all of the issues involved in transferring data between computer systems.
The original Ethernet used a single piece of coaxial cable in a bus topology
to connect several computers, enabling them to transfer data at a rate of up
to 3 Mbps. Although slow by today’s standards, this early version of Ether-
net was a huge improvement over Sneakernet methods and served as the
foundation for all later versions of Ethernet.
Ethernet remained a largely in-house technology within Xerox until
1979, when Xerox decided to look for partners to help promote Ethernet as
an industry standard. Xerox worked with Digital Equipment Corporation
(DEC) and Intel to publish what became known as the Digital-Intel-Xerox
(DIX) standard. Running on coaxial cable, the DIX standard enabled mul-
tiple computers to communicate with each other at a screaming 10 Mbps.
Although 10 Mbps represents the low end of standard network speeds
today, at the time it was revolutionary. These companies then transferred
control of the Ethernet standard to the IEEE, which, in turn, created the
802.3 (Ethernet) committee that continues to control the Ethernet standard
to this day.
Given that Ethernet’s been around for so long, we need to start at a
common point. I’ve chosen to use 10BaseT, the earliest version of Ether-
net designed to use UTP cabling. At this point, don’t worry what 10BaseT
Tech Tip
IEEE
The source for all things Ethernet
is but a short click away on the
Internet. For starters, check out
www.ieee802.org.
Tech Tip
Defining Ethernet
Providing a clear and concise definition
of Ethernet has long been one of the major
challenges in teaching networking. This
difficulty stems from the fact that Ethernet has
changed over the years to incorporate new and
improved technology. Most folks won’t even try
to define Ethernet, but here’s my best attempt
at a current definition.
Ethernet is a standard for a family of
network technologies that share the same basic
bus topology, frame type, and network access
method. Because the technologies share these
essential components, you can communicate
between them just fine. The implementation of
the network might be different, but the frames
remain the same. This is true for Ethernet
running on a physical bus topology—the
ancient 10Base5 and 10Base2—and a logical
bus topology—10BaseT and later.
means—this chapter will cover the definition. For right now, just
get into the idea of how Ethernet works.
Ethernet’s designers faced the same challenges as the design-
ers of any network: how to send data across the wire, how to iden-
tify the sending and receiving computers, and how to determine
which computer should use the shared cable at what time. The
engineers resolved these issues by using data frames that con-
tain MAC addresses to identify computers on the network and
by using a process called CSMA/CD (discussed shortly) to deter-
mine which machine should access the wire at any given time.
You saw some of this in action in Chapter 2, but now I need to
introduce you to a bunch of new terms, so let’s look at each of
these solutions.
Topology
Every version of Ethernet invented since the early 1990s uses a
hybrid star-bus topology. At the center of these early networks
was a hub. A hub is nothing more than an electronic repeater—
it interprets the ones and zeroes coming in from one port and
repeats the same signal out to the other connected ports. Hubs do
not send the same signal back down the port that originally sent
There have been many
versions of Ethernet over the
years. The earliest versions,
named 10Base5 and 10Base2,
are long obsolete. As of 2009,
CompTIA finally dropped these
ancient technologies from the
CompTIA Network+ exam. Rest
in peace, 10Base5 and 10Base2!
Oddly, though, the official
Network+ Acronym List refers to
two analog technologies used in
networks circa 1980s, amplitude
modulation (AM) and frequency
modulation (FM). These were
used to transmit multiple signals
at the same time over cable. For
the exam, note that these are
not used in networks today.
www.ieee802.org
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
68
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 4
it (Figure 4.1). Repeaters are not amplifiers! They read the incoming signal
and send new copies of that signal out to every connected port on the hub.
Figure 4.1 • Ethernet hub
Test Specific
Organizing the Data: ■■
Ethernet Frames
All network technologies break data transmitted between computers into
smaller pieces called frames, as you’ll recall from Chapter 2. Using frames
addresses two networking issues. First, frames prevent any single machine
from monopolizing the shared bus cable. Second, they make the process of
retransmitting lost data more efficient.
The process you saw in Chapter 2 of transferring a word processing
document between two computers illustrates these two issues. First, if the
sending computer sends the document as a single huge frame, the frame
will monopolize the cable and prevent other machines from using the cable
until the entire file gets to the receiving system. Using relatively small
frames enables computers to share the cable easily—each computer listens
on the segment, sending a few frames of data whenever it detects that no
other computer is transmitting. Second, in the real world, bad things can
happen to good data. When errors occur during transmission, the sending
system must retransmit the frames that failed to get to the receiving system
in good shape. If a word processing document were transmitted as a single
massive frame, the sending system would have to retransmit the entire
frame—in this case, the entire document. Breaking the file up into smaller
frames enables the sending computer to retransmit only the damaged
frames. Because of these benefits—shared access and more efficient retrans-
mission—all networking technolo-
gies use frames, and Ethernet is no
exception to that rule.
In Chapter 2, you saw a generic
frame. Let’s take what you know of
frames and expand on that knowl-
edge by inspecting the details of
an Ethernet frame. A basic Ether-
net frame contains seven pieces of
information: the preamble, the MAC
address of the frame’s recipient, the
MAC address of the sending system,
the type of the data, the data itself, a
pad (if needed), and a frame check
sequence, generically called a cyclic
redundancy check (CRC). Figure 4.2
shows these components.
Preamble
All Ethernet frames begin with a preamble, a 64-bit series of alternating ones
and zeroes that ends with 11. The preamble gives a receiving NIC time to
realize a frame is coming and to know exactly where the frame starts. The
preamble is added by the sending NIC.
MAC Addresses
Each NIC, more commonly called a node, on an Ethernet network must
have a unique identifying address. Ethernet identifies the NICs on a
network using special 48-bit (6-byte) binary addresses known as MAC
addresses.
MAC addresses give each NIC a unique address. When a computer
sends out a data frame, it goes into the hub that repeats an exact copy of
that frame to every connected port, as shown in Figure 4.3. All the other
computers on the network listen to the wire and examine the frame to see
if it contains their MAC address. If it does not, they ignore the frame. If a
machine sees a frame with its MAC address, it opens the frame and begins
processing the data.
The terms frame and packet
are often used interchangeably,
especially on exams! This book
uses the terms more strictly.
You’ll recall from Chapter 2
that frames are based on MAC
addresses; packets are generally
associated with data assembled
by the IP protocol at Layer 3 of
the OSI seven-layer model.
BaseTech
Chapter 4: Ethernet Basics
69
it (Figure 4.1). Repeaters are not amplifiers! They read the incoming signal
and send new copies of that signal out to every connected port on the hub.
Test Specific
Organizing the Data: ■■
Ethernet Frames
All network technologies break data transmitted between computers into
smaller pieces called frames, as you’ll recall from Chapter 2. Using frames
addresses two networking issues. First, frames prevent any single machine
from monopolizing the shared bus cable. Second, they make the process of
retransmitting lost data more efficient.
The process you saw in Chapter 2 of transferring a word processing
document between two computers illustrates these two issues. First, if the
sending computer sends the document as a single huge frame, the frame
will monopolize the cable and prevent other machines from using the cable
until the entire file gets to the receiving system. Using relatively small
frames enables computers to share the cable easily—each computer listens
on the segment, sending a few frames of data whenever it detects that no
other computer is transmitting. Second, in the real world, bad things can
happen to good data. When errors occur during transmission, the sending
system must retransmit the frames that failed to get to the receiving system
in good shape. If a word processing document were transmitted as a single
massive frame, the sending system would have to retransmit the entire
The CompTIA Network+ exam
might describe MAC addresses as
48-bit binary addresses or 6-byte
binary addresses.
Figure 4.2 • Ethernet frame
frame—in this case, the entire document. Breaking the file up into smaller
frames enables the sending computer to retransmit only the damaged
frames. Because of these benefits—shared access and more efficient retrans-
mission—all networking technolo-
gies use frames, and Ethernet is no
exception to that rule.
In Chapter 2, you saw a generic
frame. Let’s take what you know of
frames and expand on that knowl-
edge by inspecting the details of
an Ethernet frame. A basic Ether-
net frame contains seven pieces of
information: the preamble, the MAC
address of the frame’s recipient, the
MAC address of the sending system,
the type of the data, the data itself, a
pad (if needed), and a frame check
sequence, generically called a cyclic
redundancy check (CRC). Figure 4.2
shows these components.
Preamble
All Ethernet frames begin with a preamble, a 64-bit series of alternating ones
and zeroes that ends with 11. The preamble gives a receiving NIC time to
realize a frame is coming and to know exactly where the frame starts. The
preamble is added by the sending NIC.
MAC Addresses
Each NIC, more commonly called a node, on an Ethernet network must
have a unique identifying address. Ethernet identifies the NICs on a
network using special 48-bit (6-byte) binary addresses known as MAC
addresses.
MAC addresses give each NIC a unique address. When a computer
sends out a data frame, it goes into the hub that repeats an exact copy of
that frame to every connected port, as shown in Figure 4.3. All the other
computers on the network listen to the wire and examine the frame to see
if it contains their MAC address. If it does not, they ignore the frame. If a
machine sees a frame with its MAC address, it opens the frame and begins
processing the data.
Cross Check
NICs and OSI
You learned about NICs and MAC addresses in Chapter 2, so check
your memory with these questions. Where does the NIC get its MAC
address? How does the MAC address manifest on the card? At what
layer or layers of the OSI seven-layer model does the NIC operate?
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
70
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 4
Figure 4.3 • Frames propagating on a network
This system of allowing each machine to decide which frames it will
process may be efficient, but because any device connected to the network
cable can potentially capture any data frame transmitted across the wire,
Ethernet networks carry a significant security vulnerability. Network diag-
nostic programs, commonly called sniffers, can order a NIC to run in pro-
miscuous mode. When running in promiscuous mode, the NIC processes all
the frames it sees on the cable, regardless of their MAC addresses. Sniffers
are valuable troubleshooting tools in the right hands, but Ethernet provides
no protections against their unscrupulous use.
Type
An Ethernet frame may carry one of several types of data. The Type field
helps the receiving computer interpret the frame contents at a very basic
level. This way the receiving computer can tell if the frame contains IPv4
data, for example, or IPv6 data. (See Chapter 7 for more details on IPv4; I
cover IPv6 in Chapter 13.)
The Type field does not tell you if the frame carries higher-level data,
such as an e-mail message or Web page. You have to dig deeper into the
data section of the frame to find that information.
Data
The data part of the frame contains whatever payload the frame carries. If
the frame carries an IP packet, that packet will include extra information,
such as the IP addresses of both systems, sequencing numbers, and other
information.
Pad
The minimum Ethernet frame is 64 bytes in size, but not all of that has to be
actual data. If an Ethernet frame has fewer than 64 bytes of data to haul, the
There are many situations
in which one computer might
have two or more NICs, so one
physical system might represent
more than one node.
BaseTech
Chapter 4: Ethernet Basics
71
sending NIC will automatically add extra data—a pad—to bring the data
up to the minimum 64 bytes.
Frame Check Sequence
The frame check sequence (FCS)—Ethernet’s term for the cyclic redundancy
check—enables Ethernet nodes to recognize when bad things happen to
good data. Machines on a network must be able to detect when data has
been damaged in transit. To detect errors, the computers on an Ethernet
network attach a special code to each frame. When creating an Ethernet
frame, the sending machine runs the data through a special mathematical
formula and attaches the result, the frame check sequence, to the frame.
The receiving machine opens the frame, performs the same calculation, and
compares its answer with the one included with the frame. If the answers
do not match, the receiving machine asks the sending machine to retrans-
mit that frame.
At this point, those crafty network engineers have solved two of the
problems facing them: they’ve created frames to organize the data to be
sent and put in place MAC addresses to identify machines on the network.
But the challenge of determining which machine should send data at which
time requires another solution: CSMA/CD.
CSMA/CD
Ethernet networks use a system called carrier sense multiple access/collision
detection (CSMA/CD) to determine which computer should use a shared
cable at a given moment. Carrier sense means that each node using the net-
work examines the cable before sending a data frame (Figure 4.4). If another
machine is using the network, the
node detects traffic on the segment,
waits a few milliseconds, and then
rechecks. If it detects no traffic—the
more common term is to say the
cable is “free”—the node sends out
its frame.
Multiple access means that all
machines have equal access to the
wire. If the line is free, any Ethernet
node may begin sending a frame.
From Ethernet’s point of view, it
doesn’t matter what function the
node is performing: it could be a
desktop system running Windows
XP or a high-end file server running
Windows Server 2008 or Linux. As
far as Ethernet is concerned, a node is a node is a node and access to the
cable is assigned strictly on a first-come, first-served basis.
CSMA/CD is a network
access method that maps to
the IEEE 802.3 standard for
Ethernet networks.
Figure 4.4 • No one else is talking—send the frame!
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
72
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 4
So what happens if two machines, both listening to the cable, simultane-
ously decide that it is free and try to send a frame? A collision occurs, and
both of the transmissions are lost
(Figure 4.5). A collision resembles
the effect of two people talking at
the same time: the listener hears a
mixture of two voices and can’t
understand either one.
It’s easy for NICs to notice a col-
lision. When two NICs send at the
same time, the hub sends out the
overlapping signals, and the NICs
immediately know that a collision
has occurred. When they detect a
collision, both nodes immediately
stop transmitting.
They then each generate a ran-
dom number to determine how
long to wait before trying again. If
you imagine that each machine rolls its magic electronic dice and waits for
that number of seconds, you wouldn’t be too far from the truth, except that
the amount of time an Ethernet node waits to retransmit is much shorter
than one second (Figure 4.6). Whichever node generates the lowest random
number begins its retransmission first, winning the competition to use the
wire. The losing node then sees traffic on the wire and waits for the wire to
be free again before attempting to retransmit its data.
Collisions are a normal part of the operation of an Ethernet network.
Every Ethernet network wastes some amount of its available bandwidth
dealing with these collisions. A properly running average Ethernet network
has a maximum of 10 percent collisions. For every 20 frames sent, approxi-
mately 2 frames will collide and require a resend. Collision rates greater
than 10 percent often point to damaged NICs or out-of-control software.
In an Ethernet network, a collision domain is a group of nodes that have
the capability of sending frames at the same time as each other, resulting in
collisions. A segment is certainly a collision domain, but there are ways to
Figure 4.5 • Collision!
Figure 4.6 • Rolling for timing
BaseTech
Chapter 4: Ethernet Basics
73
connect segments to create larger collision domains. If the collision domain
gets too large, you’ll start running into traffic problems that manifest as
general network sluggishness. That’s one of the reasons to break up net-
works into smaller groupings.
Early Ethernet Networks■■
Now we have the answers to many of the questions that faced those early
Ethernet designers. MAC addresses identify each machine on the network.
CSMA/CD determines when each machine should have access to the cable.
But all this remains in the realm of theory—you still need to build the thing!
Contemplating the physical network brings up numerous questions. What
kind of cables should you use? What should they be made of? How long
can they be? For these answers, turn to the IEEE 802.3 standard and two
early implementations of Ethernet: 10BaseT and 10BaseFL.
10BaseT
In 1990, the IEEE 802.3 committee created a new version of Ethernet called
10BaseT to modernize the first generations of Ethernet. Very quickly 10BaseT
became the most popular network technology in the world, replacing com-
peting and now long-gone competitors with names like Token Ring and
AppleTalk. Over 99 percent of all networks use 10BaseT or one of its faster,
newer, but very similar versions. The classic 10BaseT network consists of
two or more computers connected to a central hub. The NICs connect with
wires as specified by the 802.3 committee.
10BaseT hubs come in a variety of shapes and sizes to support different
sizes of networks. The biggest differentiator between hubs is the number of
ports (connections) that a single hub provides. A small hub might have only
4 ports, whereas a hub for a large network
might have 48 ports. As you can imagine, the
more ports on a hub, the more expensive the
hub. Figure 4.7 shows two hubs. On the top
is a small, 8-port hub for small offices or the
home. It rests on a 12-port rack-mount hub for
larger networks. Figure 4.7 • Two 10BaseT hubs
Cross Check
Physical vs. Logical
You might be tempted at this moment to define 10BaseT in terms of
physical topology versus logical topology—after all, 10BaseT uses
a physical star, but a logical bus. Refer to Chapter 3, however, and
cross-check your memory. What’s a physical topology? And a logical
topology? What would you say if you walked into an office building
that implemented a 10BaseT network? Yes, if you actually walked into
it, you’d probably say “Ouch!” But beyond that, think about how you
would describe the wires and connectors you would see in terms of
physical or logical topology.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
74
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 4
Regardless of size, all 10BaseT hubs need electrical power. Larger hubs
will take power directly from a power outlet, whereas smaller hubs often
come with an AC adapter. In either case, if the hub loses power, the entire
segment will stop working.
The name 10BaseT follows roughly the same naming convention used
for earlier Ethernet cabling systems. The number 10 refers to the speed:
10 Mbps. The word Base refers to the signaling type: baseband. (Baseband
means that the cable only carries one type of signal. Contrast this with
broadband—as in cable television—where the cable carries multiple signals
or channels.) The letter T refers to the type of cable used: twisted-pair.
UTP
Officially, 10BaseT requires the use of CAT 3 (or higher), two-pair, unshielded
twisted-pair (UTP) cable. One pair of wires sends data to the hub while the
other pair receives data from the hub. Even though 10BaseT only requires
two-pair cabling, everyone installs four-pair cabling to connect devices to
the hub as insurance against the possible requirements of newer types of
networking (Figure 4.8). Most UTP cables come with stranded Kevlar fibers
to give the cable added strength, which, in turn, enables installers to pull on
the cable without excessive risk of literally ripping it apart.
Figure 4.8 • A typical four-pair CAT 5e unshielded twisted-pair cable
10BaseT also introduced the networking world to the RJ-45 connector
(Figure 4.9). Each pin on the RJ-45 connects to a single wire inside the
cable; this enables devices to put voltage on the individual wires within
the cable. The pins on the RJ-45 are numbered from 1 to 8, as shown in
Figure 4.10.
If you ever run into a
situation on a 10BaseT or later
network in which none of the
computers can get on the
network, always check the hub
first!
The names of two earlier
physical bus versions of
Ethernet, 10Base5 and 10Base2,
gave the maximum length of
the bus. 10Base5 networks
could be up to 500 meters long,
for example, whereas 10Base2
could be almost 200 meters
(though in practice, they topped
out at 185 meters).
Cross Check
Check Your CATs!
You’ve already seen CAT levels in Chapter 3, so check your memory and
review the different speeds of the various CAT levels. Could 10BaseT
use CAT 2? Could it use CAT 6? What types of devices can use CAT 1?
BaseTech
Chapter 4: Ethernet Basics
75
The 10BaseT standard designates some of these numbered wires for
specific purposes. As mentioned earlier, although the cable has four pairs,
10BaseT uses only two of the pairs. 10BaseT devices use pins 1 and 2 to
send data, and pins 3 and 6 to receive data. Even though one pair of wires
sends data and another receives data, a 10BaseT device connected to a hub
cannot send and receive simultaneously. The rules of CSMA/CD still
apply: only one device can use the segment contained in the hub without
causing a collision.
NICs that can communicate in only one direction at a
time run in half-duplex mode. Later advances (as you’ll
see shortly) enabled NICs to send and receive at the same
time, thus running in full-duplex mode.
An RJ-45 connector is usually called a crimp, and the
act (some folks call it an art) of installing a crimp onto
the end of a piece of UTP cable is called crimping. The
tool used to secure a crimp onto the end of a cable is a
crimper. Each wire inside a UTP cable must connect to
the proper pin inside the crimp. Manufacturers color-
code each wire within a piece of four-pair UTP to assist in
properly matching the ends. Each pair of wires consists of
a solid-colored wire and a striped wire: blue/blue-white,
orange/orange-white, brown/brown-white, and green/
green-white (Figure 4.11).
The Telecommunications Industry Association/
Electronics Industries Alliance (TIA/EIA) defines the
industry standard for correct crimping of four-pair UTP
for 10BaseT networks. Two standards currently exist:
TIA/EIA 568A and TIA/EIA 568B. Figure 4.12 shows the
TIA/EIA 568A and TIA/EIA 568B color-code standards.
Note that the wire pairs used by 10BaseT (1 and 2, 3
and 6) come from the same color pairs (green/green-white and orange/
orange-white). Following an established color-code scheme, such as
TIA/EIA 568A, ensures that the wires match up correctly at each end
of the cable.
Figure 4.11 • Color-coded pairs
Figure 4.10 • The pins on an RJ-45 connector are numbered 1 through 8.
The real name for RJ-45 is
“8 Position 8 Contact (8P8C)
modular plug.” The name RJ-45
is so dominant, however, that
nobody but the nerdiest of nerds
calls it by its real name. Stick to
RJ-45.
TIA/EIA 568C, the newest
standard, includes the same
wiring standards as TIA/EIA
568A and TIA/EIA 568B. It’s all
just wrapped up in a new name.
Figure 4.9 • Two views of an RJ-45 connector
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
76
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 4
The ability to make your own Ethernet cables is a real plus for a net-
work tech. With a reel of CAT 5e, a bag of RJ-45 connectors, a moderate
investment in a crimping tool, and a little practice, you can kiss those mass-
produced cables goodbye! You can make cables to your own length speci-
fications, replace broken RJ-45 connectors that would otherwise mean toss-
ing an entire cable—and, in the process, save your company or clients time
and money.
10BaseT Limits and Specifications
Like any other Ethernet cabling system, 10BaseT has limitations, both on
cable distance and on the number of computers. The key distance limitation
for 10BaseT is the distance between the hub and the computer. The twisted-
pair cable connecting a computer to the hub may not exceed 100 meters in
length. A 10BaseT hub can connect no more than 1024 computers, although
that limitation rarely comes into play. It makes no sense for vendors to build
hubs that large—or more to the point, that expensive—because excessive
collisions can easily bog down Ethernet performance with far fewer than
1024 computers.
10BaseT Summary
Speed ■ 10 Mbps
Signal type ■ Baseband
Distance ■ 100 meters between the hub and the node
Node limit ■ No more than 1024 nodes per hub
Topology ■ Star-bus topology: physical star, logical bus
Cable type ■ CAT 3 or better UTP cabling with RJ-45 connectors
10BaseFL
Just a few years after the introduction of 10BaseT, a fiber-optic version,
called 10BaseFL, appeared. As you know from the previous chapter, fiber-
optic cabling transmits data packets using pulses of light instead of using
electrical current. Using light instead of electricity addresses the three key
For the CompTIA Network+
exam, you won’t be tested on
the TIA/EIA 568A or 568B color
codes. Just know that they are
industry-standard color codes
for UTP cabling.
Tech Tip
568A and 568B
An easy trick to remembering
the difference between 568A
and 568B is the word “GO.”
The green and orange pairs are
swapped between 568A and 568B,
whereas the blue and brown pairs
stay in the same place!
Figure 4.12 • The TIA/EIA 568A and 568B standards
BaseTech
Chapter 4: Ethernet Basics
77
weaknesses of copper cabling. First, optical signals can travel much farther.
The maximum length for a 10BaseFL cable is up to 2 kilometers, depending
on how you configure it. Second, fiber-optic cable is immune to electrical
interference, making it an ideal choice for high-interference environments.
Third, the cable is much more difficult to tap into, making it a good choice
for environments with security concerns. 10BaseFL uses multimode fiber-
optic and employs either an SC or an ST connector.
Figure 4.13 shows a typical 10BaseFL card. Note that it uses two fiber
connectors—one to send and one to receive. All fiber-optic networks use at
least two fiber-optic cables. Although 10BaseFL enjoyed some popularity
for a number of years, most networks today are using the same fiber-optic
cabling to run far faster network technologies.
10BaseFL Summary
Speed ■ 10 Mbps
Signal type ■ Baseband
Distance ■ 2000 meters between the hub and the node
Node limit ■ No more than 1024 nodes per hub
Topology ■ Star-bus topology: physical star, logical bus
Cable type ■ Multimode fiber-optic cabling with ST or SC connectors
So far you’ve seen two different flavors of Ethernet, 10BaseT and
10BaseFL. Even though these use different cabling and hubs, the actual
packets are still Ethernet frames. As a result, interconnecting flavors of
Ethernet is common. Because 10BaseT and 10BaseFL use different types of
cable, you can use a media converter (Figure 4.14) to interconnect different
Ethernet types.
10BaseFL is often simply
called “10BaseF.”
Figure 4.13 • Typical 10BaseFL card Figure 4.14 • Typical copper-to-fiber Ethernet media
converter (photo courtesy of TRENDnet)
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
78
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 4
Extending and Enhancing ■■
Ethernet Networks
Once you have an Ethernet network in place, you can extend or enhance
that network in several ways. You can install additional hubs to connect
multiple local area networks, for example. A network bridge can connect
two Ethernet segments, effectively doubling the size of a collision domain.
You can also replace the hubs with better devices to reduce collisions.
Connecting Ethernet Segments
Sometimes, one hub is just not enough. Once an organization uses every
port on its existing hub, adding more nodes requires adding hubs or a
device called a bridge. Even fault tolerance can motivate an organization to
add more hubs. If every node on the network connects to the same hub, that
hub becomes a single point of failure—if it fails, everybody drops off the
network. You can connect hubs in two ways: via an uplink port or a cross-
over cable. You can also connect Ethernet segments using a bridge.
Uplink Ports
Uplink ports enable you to connect two hubs using a straight-through cable.
They’re always clearly marked on the hub, as shown in Figure 4.15. To con-
nect two hubs, insert one end of a cable to the uplink and the other cable to
any one of the regular ports. To connect more than two hubs, you must
daisy-chain your hubs by using one uplink port and one regular port. Fig-
ure 4.16 shows properly daisy-chained hubs. As a rule, you cannot daisy-
chain more than four hubs together.
You also cannot use a sin-
gle central hub and connect
multiple hubs to that single
hub, as shown in Figure 4.17.
It simply won’t work.
Figure 4.15 • Typical uplink port
Figure 4.16 • Daisy-chained hubs
Figure 4.17 • A hierarchical hub configuration will not work!
BaseTech
Chapter 4: Ethernet Basics
79
Working with uplink ports is sometimes tricky, so you need to take your
time. Messing up and using a central hub is easy. Hub makers give their
uplink ports many different names, such as
crossover, MDI-X, and OUT. There are also
tricks to using uplink ports. Refer to Fig-
ure 4.15 again. See the line connecting the
uplink port and the port labeled 2X? You
may use only one of those two ports, not
both at the same time. Additionally, some
hubs place a button for one of the ports;
you press this button to make it either a
regular port or an uplink port (Figure 4.18).
Pressing the button electronically reverses
the wires inside the hub.
When connecting hubs, remember the following:
You can only daisy-chain hubs. ■
Take time to figure out the uplink ports. ■
If you plug hubs in incorrectly, no damage will occur—they just ■
won’t work.
Crossover Cables
Hubs can also connect to each other via special twisted-pair cables called
crossover cables. A standard cable cannot be used to connect two hubs
without using an uplink port because both hubs will attempt to send data
on the second pair of wires (3 and 6) and will listen for data on the first pair
(1 and 2). A crossover cable reverses the sending and receiving pairs on one
end of the cable. One end of the cable is wired
according to the TIA/EIA 568A standard,
whereas the other end is wired according to the
TIA/EIA 568B standard (Figure 4.19). With the
sending and receiving pairs reversed, the hubs
can hear each other; hence the need for two
standards for connecting RJ-45 jacks to UTP
cables.
A crossover cable connects to a regular port on each hub. Keep in mind
that you can still daisy-chain even when you use crossover cables. Interest-
ingly, many hubs, especially higher-end hubs, do not come with any uplink
ports at all. In these cases, your only option is to use a crossover cable.
Figure 4.18 • Press-button port
Two terms you might see
on hubs and switches and,
consequently, on the exam:
MDI and MDIX (or MDI-X).
A media dependent interface
(MDI) is a regular port on a hub
or switch. A media dependent
interface crossover (MDIX) is
an uplink port.
Figure 4.19 • A crossover cable reverses the sending and receiving pairs.
Try This!
Examine Your Uplink Ports
Although most hubs come with uplink ports, they all seem to have dif-
ferent ways to use them. Some hubs have dedicated uplink ports, and
some have uplink ports that convert to regular ports at the press of a
button. Take a look at some hubs and try to figure out how you would
use an uplink port to connect it to another hub.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
80
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 4
In a pinch, you can use a crossover cable to connect two computers
together using 10BaseT NICs with no hub between them at all. This is handy
for quickie connections, such as for a nice little home network or when you
absolutely, positively must chase down a friend in a computer game!
Be careful about confusing crossover cables with uplink ports. First, never
connect two hubs by their uplink ports with a straight-through cable. Take a
straight-through cable; connect one end to the uplink port on one hub and the
other end to any regular port on the other hub. Second, if you use a crossover
cable, just plug each end into any handy regular port on each hub.
Bridges
The popularity and rapid implementation of Ethernet networks demanded
solutions or workarounds for the limitations inherent in the technology. An
Ethernet segment could only be so long and connect a certain number of
computers. What if your network went beyond those limitations?
A bridge acts like a repeater or hub to connect two Ethernet segments,
but it goes one step beyond—filtering and forwarding traffic between those
segments based on the MAC addresses of the computers on those segments.
This preserves precious bandwidth and makes a larger Ethernet network
possible. To filter traffic means to stop it from crossing from one network to
the next; to forward traffic means to pass traffic originating on one side of
the bridge to the other.
A newly installed Ethernet bridge initially behaves exactly like a
repeater, passing frames from one segment to another. Unlike a repeater,
however, a bridge monitors and records the network traffic, eventually
reaching a point where it can begin to filter and forward. This capability
makes the bridge more “intelligent” than a repeater. A new bridge usually
requires only a few seconds to gather enough information to start filtering
and forwarding.
Although bridges offer a good solution for connecting two segments
and reducing bandwidth usage, these days you’ll mainly find bridges used
in wireless, rather than wired, networks. (I cover those kinds of bridges in
Chapter 15.) Most networks have now turned to a different magic box—a
switch—to extend and enhance an Ethernet network.
Switched Ethernet
As any fighter pilot will tell you, sometimes you just feel the need—the need
for speed. While plain-vanilla 10BaseT Ethernet performed well enough for
first-generation networks (which did little more than basic file and print
sharing), by the early 1990s networks used more-demanding applications,
such as Lotus Notes, SAP business management software, and Microsoft
Exchange, which quickly saturated a 10BaseT network. Fortunately, those
crazy kids over at the IEEE kept expanding the standard, giving the net-
work tech in the trenches a new tool that provided additional bandwidth—
the switch.
The Trouble with Hubs
A classic 10BaseT network with a hub can only have one message on the wire
at any time. When two computers send at the same time, the hub dutifully
Because bridges work with
MAC addresses, they operate at
Layer 2, the Data Link layer, of
the OSI networking model. They
function in the Link/Network
Interface layer of the TCP/IP
model.
SAP originally stood for
Systems Applications and
Products when the company
formed in the early 1970s. Like
IBM, SAP is now just referred to
by the letters.
Tech Tip
Crossing Crossovers
If you mess up your crossover
connections, you won’t cause
any damage, but the connection
will not work. Think about it.
If you take a straight-through
cable (that is, not a crossover
cable) and try to connect two
PCs directly, it won’t work. Both
PCs will try to use the same send
and receive wires. When you
plug the two PCs into a hub, the
hub electronically crosses the
data wires, so one NIC sends
and the other can receive. If you
plug a second hub to the first
hub using regular ports, you
essentially cross the cross and
create a straight connection
again between the two PCs! That
won’t work. Luckily, nothing gets
hurt—except your reputation if
one of your colleagues notes your
mistake!
BaseTech
Chapter 4: Ethernet Basics
81
repeats both signals. The nodes recognize the collision and, following the
rules of CSMA/CD, attempt to resend. Add in enough computers and the
number of collisions increases, lowering the effective transmission speed
for the whole network. A busy network becomes a slow network because
all the computers share the same collision domain.
Switches to the Rescue
An Ethernet switch looks like a hub, because all nodes plug into it (Fig-
ure 4.20). But switches don’t function like hubs inside. Switches come with
extra smarts that enable them to take advantage of MAC addresses, effec-
tively creating point-to-point connections between two conversing comput-
ers. This gives every conversation between two computers the full band-
width of the network.
To see a switch in action, check out Figure 4.21. When you first turn on a
switch, it acts exactly as though it were a hub, passing all incoming frames
Figure 4.20 • Hub (top) and switch (bottom) comparison
One classic difference
between a hub and a switch is in
the repeating of frames during
normal use. Although it’s true
that switches initially forward
all frames, they filter by MAC
address in regular use. Hubs
never learn and always forward
all frames.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
82
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 4
right back out to all the other ports. As it forwards all frames, however, the
switch copies the source MAC addresses and quickly creates an electronic
table of the MAC addresses of each connected computer. The table is called
a Source Address Table (SAT).
As soon as this table is created, the switch begins to do something
amazing. When a computer sends a frame into the switch destined for
another computer on the same switch, the switch acts like a telephone
operator, creating an on-the-fly connection between the two devices.
While these two devices communicate, it’s as though they are the only
two computers on the network. Figure 4.22 shows this in action. Because
the switch handles each conversation individually, each conversation runs
at 10 Mbps.
Each port on a switch is in its own collision domain, plus the switch can
buffer incoming frames. That means that two nodes connected to the switch
can send data at the same time and the switch will handle it without any
collision.
With half-duplex switches, collisions can occur and the rules of CSMA/
CD apply. These collisions can only happen between the switch and a node,
not between two nodes, if the switch tries to send a frame to a node at the
same time as the node tries to send a frame to the switch.
Network developers eventually figured out how to make switches
and NICs run in full-duplex mode, so they could send and receive data at
the same time. With full-duplex Ethernet, CSMA/CD is disabled and no
collisions can occur. Each node will always get the full bandwidth of the
network.
With full-duplex switched Ethernet, you can ignore the old rules about
daisy-chaining that applied to hubs. Feel free to connect your switches
pretty much any way you wish (Figure 4.23).
Figure 4.22 • A switch making two separate connections
Because a switch filters
traffic on MAC addresses (and
MAC addresses run at Layer 2
of the OSI seven-layer model),
they are sometimes called Layer
2 switches.
BaseTech
Chapter 4: Ethernet Basics
83
Figure 4.23 • Switches are very commonly connected in a tree organization.
Unicast messages always go only to the intended recipient when you
use a switch. The switch will send all broadcast messages to all the ports.
You’ll commonly hear a switched network called a broadcast domain to con-
trast it to a hub-based network with its collision domain.
Spanning Tree Protocol
Because you can connect switches together in any fashion, you can create
redundant connections in a network. These are called bridge loops (Fig-
ure 4.24).
Figure 4.24 • A bridge loop
In the early days of switches, making a bridge loop in a network setup
would bring the network crashing down. A frame could get caught in the
loop, so to speak, and not reach its destination.
The Ethernet standards body adopted the Spanning Tree Protocol (STP)
to eliminate the problem of accidental bridge loops. Switches with STP
enabled can detect loops, communicate with other switches, and set the
looped port’s state to blocking.
STP-enabled switches use a frame called a Bridge Protocol Data Unit
(BPDU) to communicate with each other to determine things like the dis-
tances between them and to keep track of changes on the network.
The CompTIA Network+
exam refers to bridge loops as
switching loops. The terms mean
the same thing, but bridge loop
is more common. Be prepared
for either term on the exam.
Switches today all have
STP enabled and network
designers create bridge loops
in their networks to provide
fault tolerance. Ports set as
blocking still listen to the traffic
on the network. If a link fails,
the blocking port can become a
forwarding port, thus enabling
traffic to flow properly.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
84
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 4
Troubleshooting Hubs and Switches
The hubs and simple switches described in this chapter generally function
flawlessly for years without any need for a tech to do more than wipe dust
off the top. Very occasionally you’ll run into a hub or switch that has prob-
lems. These problems fall into three categories:
Obvious physical damage ■
Dead ports ■
General flakiness ■
Diagnosing any of these problems follows a similar pattern. First, you’ll
recognize that a hub or switch might have problems because you’ve plugged
a device in and the device can’t connect to the network. Second, you should
examine the switch for obvious damage. Third, look for link lights. If they’re
not flashing, try a different port. Fourth, don’t forget to look at your cables.
If anything looks bent, broken, or stepped on, you should replace it. A bad
cable or improper cable type can lead to problems that point to a “failed”
hub or switch when the true culprit is really the cable. Finally, use the tried
and true method of replacing the hub or switch or the cable with a known
good device.
When we get to modern
higher-end switches in Chapter
12, you’ll need to follow other
procedures to do proper
diagnostic work. We’ll get there
soon enough!
BaseTech
85
Chapter 4: Ethernet Basics
Chapter 4 Review■■
Chapter Summary ■
After reading this chapter and completing the exercises,
you should understand the following about Ethernet.
Define and describe Ethernet
Ethernet is based on a family of network ■
technologies from a bus topology. Ethernet enables
computers to send data across a network, identify
sending and receiving computers, and determine
which computer should use the cable at which
time. Early Ethernet networks originally used a
single coax cable as a physical bus.
The IEEE 802.3 committee controls the Ethernet ■
standard.
Ethernet networks use a hybrid star-bus topology ■
with a hub at the center. Hubs repeat the incoming
signal to every connected port.
Ethernet frames prevent any single computer ■
from monopolizing the cable while making the
retransmission of lost data efficient.
Ethernet frames contain seven basic parts: the ■
preamble, the MAC address of the destination
computer, the MAC address of the sender, the type
of data, the data itself, a pad, and a frame check
sequence.
CSMA/CD stands for carrier sense multiple ■
access/collision detection. Carrier sense means
that the node checks the network cable before
sending to see if anyone else is transmitting.
Multiple access means all computers have equal
access to the network cable. Collision detection
is when nodes detect that a transmission did not
complete.
Explain early Ethernet implementations
Modern Ethernet networks use 10BaseT cabling. ■
The physical topology of 10BaseT is a physical star; ■
however, the data uses a logical bus topology with
a central hub. Therefore, 10BaseT actually uses a
hybrid star-bus topology to accomplish moving
data frames through the network.
10BaseT supports speeds up to 10 Mbps over ■
baseband.
10BaseT requires the use of CAT 3 or higher, two- ■
pair, unshielded twisted-pair cable. These cables
utilize RJ-45 connectors, which are crimped to the
cable.
Correct crimping follows either the TIA/EIA 568A ■
or the TIA/EIA 568B color-code standard.
A good network technician knows the limits and ■
specifications of 10BaseT, such as the maximum
speed and distance, maximum nodes per hub, and
supported cabling types.
10BaseFL is a fiber-optic version of 10BaseT that ■
uses multimode fiber-optic cable and SC or ST
connectors. One major advantage of 10BaseFL
is its increased maximum distance between hub
and node.
Describe ways to extend and enhance Ethernet
networks
Because hubs act as repeaters, hubs can be used ■
to connect multiple segments together. Most hubs
also have a crossover port, sometimes labeled
uplink, crossover, MDI-X, OUT, or other another
creative name.
A crossover cable may be used to connect two hubs ■
without an uplink port.
A bridge filters and forwards traffic between ■
Ethernet segments based on the MAC addresses
of the computers on those segments. A bridge
monitors and records the network traffic,
eventually forwarding only the traffic that needs
to go from one side of the bridge to the other. This
helps reduce network bandwidth usage.
Busy networks may suffer decreased bandwidth ■
when using hubs. A switch solves this problem
by managing the connection, based on MAC
addresses, between the sending and receiving
nodes.
86
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 4
Switches break up collision domains. If full-duplex ■
is used, collisions are eliminated and CSMA/CD is
disabled.
Connecting switches can lead to bridge loops, ■
which caused early switched networks trouble.
Switches that support the Spanning Tree Protocol
are immune to bridge loops, even if wired in a
physical loop.
Hubs and switches fail from physical abuse or ■
from electrical surges. Troubleshoot by checking
link lights, trying different ports, or swapping
out the hub, switch, or cable for a known-good
replacement.
10BaseFL (76)
10BaseT (73)
802.3 (Ethernet) (67)
bridge (80)
bridge loop (83)
broadcast domain (83)
carrier sense multiple access/collision detection
(CSMA/CD) (71)
collision domain (72)
crimper (75)
crossover cable (79)
Ethernet (67)
frame (68)
frame check sequence (FCS) (71)
full-duplex (75)
half-duplex (75)
hub (67)
MAC addresses (69)
media converter (77)
multimode (77)
node (69)
pad (71)
port (73)
preamble (69)
promiscuous mode (70)
repeater (67)
RJ-45 connector (74)
segment (68)
Sneakernet (66)
sniffer (70)
Source Address Table (SAT) (82)
Spanning Tree Protocol (STP) (83)
straight-through (78)
switch (81)
TIA/EIA 568A (75)
TIA/EIA 568B (75)
uplink port (78)
Key Term Quiz ■
Use the Key Terms list to complete the sentences that
follow. Not all terms will be used.
The _______________ is unique to each 1.
individual NIC.
When extra “filler” data is needed in a packet, 2.
a(n) _______________ is added.
A network connection that can send or receive, 3.
but not send and receive, a signal is called a(n)
_______________ connection.
A NIC that is listening for all packets sent along 4.
the wire is said to be in _______________.
The first item in a data packet is the 5.
_______________.
A hub acts as a(n) _______________ in 6.
that it copies all incoming signals to every
connected port.
Connecting switches incorrectly can create a(n) 7.
_______________, which can make the whole
network stop working.
Key Terms ■
BaseTech
87
Chapter 4: Ethernet Basics
Multiple-Choice Quiz ■
How are the connectors wired on a crossover 1.
cable?
One end is TIA/EIA 568A; the other end is A.
TIA/EIA 568B.
Both ends are TIA/EIA 568A.B.
Both ends are TIA/EIA 568B.C.
One end is an RJ-45; the other end is D.
an RG-6.
What items make up the CSMA/CD system 2.
used in Ethernet networks? (Select three.)
Collision avoidanceA.
Carrier senseB.
Multiple accessC.
Collision detectionD.
What happens when two computers transmit 3.
through a hub simultaneously?
Nothing happens.A.
The terminators prevent any transmission B.
problems.
Their signals are reflected back down the C.
cable to their points of origin.
A collision occurs.D.
What is a group of nodes that can at any point 4.
send messages at the same time, causing a
collision?
Collision domainA.
EthernetB.
Fast EthernetC.
SneakernetD.
Which committee is responsible for Ethernet 5.
standards?
IEEE 803.2A.
IEEE 803.3B.
IEEE 802.2C.
IEEE 802.3D.
What type of cabling did the first star-bus 6.
topology Ethernet networks use?
10Base2A.
10Base5B.
10BaseTC.
10Base-Cat5D.
What is the purpose of a preamble in an Ethernet 7.
frame?
It gives the receiving NIC time to realize A.
a frame is coming and to know when the
frame starts.
It provides the receiving NIC with B.
the sending NIC’s MAC address so
communication can continue.
It provides error-checking to ensure data C.
integrity.
It contains a description of the data that is to D.
follow so the receiving NIC knows how to
reassemble it.
What valuable network tool can you use to 8.
examine all frames on the network, regardless of
their intended recipient?
RepeaterA.
Media converterB.
STPC.
SnifferD.
Hubs can be daisy-chained through 8.
their _______________ or the use of a(n)
_______________.
_______________ has a maximum distance 9.
between node and hub of 100 meters, whereas
_______________ has a maximum distance of
2000 meters.
A(n) _______________ can be used to 10.
interconnect different Ethernet types.
88
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 4
For what purpose is a crimping tool used?9.
To splice a 10BaseT cable with a 10BaseFL A.
cable.
To attach an RJ-45 connector to a UTP cable.B.
To attach a 10BaseT cable to a media C.
converter.
To connect two hubs together.D.
Which of the following is not a limitation on 10.
10BaseT cable?
Maximum speed of 10 MbpsA.
Maximum distance between hub and node of B.
100 feet
Maximum of 1024 nodes per hubC.
Minimum CAT 3 or better UTP with RJ-45 D.
connectors
Which of the following is not a limitation on 11.
10BaseFL cable?
Maximum speed of 10 MbpsA.
Maximum distance between hub and node of B.
2000 meters
Maximum of 1024 nodes per hubC.
Minimum CAT 3 or better UTP with RJ-45 D.
connectors
Upon looking at the front of a hub, you notice 12.
something labeled as MDI-X. What is this for?
It is a special receptacle for the power cable.A.
It is a regular port used to connect B.
computers.
It is an uplink port used to connect the hub C.
to another hub.
It is the brand name of the hub.D.
In a full-duplex switched network, when can 13.
collisions occur?
A collision will occur when two nodes A.
connected to the switch send frames at the
same time.
A collision will occur when a node tries B.
to send to the switch at the same time the
switch tries to send to the node.
A collision will occur when two nodes send C.
broadcast frames at the same time.
A collision will never occur.D.
What feature of switches prevents the problem of 14.
bridging loops?
STPA.
TCP/IPB.
IEEE 802.3C.
UTPD.
What feature of switches keeps track of which 15.
MAC address goes to each port?
FCSA.
SATB.
STPC.
UTPD.
Essay Quiz ■
Describe two ways that using frames helps move 1.
data along a network.
Define the term2. CSMA/CD, using simple
descriptions to explain each of the three parts:
CS, MA, and CD.
Describe what a hub does and some of its 3.
limitations. Then explain how a switch works to
overcome the problems of a hub.
BaseTech
89
Chapter 4: Ethernet Basics
Lab Project 4.2 •
In this chapter, you learned about the basic
functionality of switches. Use the Internet to
delve deeper and research the difference among
a managed switch, an unmanaged switch,
and a smart switch. Create a chart to compare
their similarities and differences. In addition
to the differences in features and functionality,
research and report on the pricing differences for
similarly sized switches. For example, what is
more expensive, a 24-port managed, unmanaged,
or smart switch? What do you get for the extra
money? Is it worth it?
Lab Project 4.1 •
Lab ProjectsLab Projects
On a blank sheet of paper, use one side to list
the basic facts you must know about 10BaseT for
the CompTIA Network+ certification exam. Use
the other side to list the essential facts you must
know about 10BaseFL. Double-check your work,
either by yourself or with a classmate, to ensure
its accuracy. Save this sheet to use as a quick-
reference study aid when you’re preparing to sit
for your exam—it will help!
Lab Project 4.3 •
Use the Internet to research freeware or
shareware programs that will “sniff” the data on
your network. With your instructor’s permission,
download a program that you find, and then
install it on your classroom lab network. Try to
sniff data going to and from your machine, as
well as other traffic. Have fun, and document
your findings.
5
chapter
90
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 5
Modern Ethernet
“To expect the unexpected shows a
thoroughly modern intellect.”
—Oscar Wilde
In this chapter, you will learn
how to
Describe the varieties of ■■
100-megabit Ethernet
Discuss copper- and fiber-based ■■
Gigabit Ethernet
Compare the competing varieties of ■■
10 Gigabit Ethernet
Within a few years of its introduction, 10BaseT proved inadequate to meet the growing networking demand for speed. As with all things in
the computing world, bandwidth is the key. Even with switching, the 10-Mbps
speed of 10BaseT, seemingly so fast when first developed, quickly found a market
clamoring for even faster speeds. This chapter looks at the improvements in
Ethernet since 10BaseT. You’ll read about 100-megabit standards and the several
standards in Gigabit Ethernet. The chapter wraps up with the newest speed
standards, 10 Gigabit Ethernet.
BaseTech
Chapter 5: Modern Ethernet
91
Test Specific
100-Megabit Ethernet■■
The quest to break 10-Mbps network speeds in Ethernet started in the early
1990s. By then, 10BaseT Ethernet had established itself as the most popu-
lar networking technology (although other standards, such as IBM’s Token
Ring, still had some market share). The goal was to create a new speed
standard that made no changes to the actual Ethernet frames themselves.
By doing this, the 802.3 committee ensured that different speeds of Ether-
net could interconnect, assuming you had something that could handle the
speed differences and a media converter if the connections were different.
100BaseT
If you want to make a lot of money in the technology world, create a stan-
dard and then get everyone else to buy into it. For that matter, you can even
give the standard away and still make tons of cash if you have the inside
line on making the hardware that supports the standard.
When it came time to come up with a new standard to replace 10BaseT,
network hardware makers forwarded a large number of potential stan-
dards, all focused on the prize of leading the new Ethernet standard. As
a result, two twisted-pair Ethernet standards appeared, 100BaseT4 and
100BaseTX. 100BaseT4 used CAT 3 cable whereas 100BaseTX used CAT 5.
By the late 1990s, 100BaseTX became the dominant 100-megabit Ethernet
standard. 100BaseT4 disappeared from the market and today has been for-
gotten. As a result, we almost never say 100BaseTX, simply choosing to use
the term 100BaseT.
100BaseTX (100BaseT) Summary
Speed ■ 100 Mbps
Signal type ■ Baseband
Distance ■ 100 meters between the hub and the node
Node limit ■ No more than 1024 nodes per hub
Topology ■ Star-bus topology: physical star, logical bus
Cable type ■ CAT 5e or better UTP or STP cabling with RJ-45
connectors
100BaseT was at one time
called Fast Ethernet. The
term still sticks to the 100-
Mbps standards—including
100BaseFX, which you’ll
read about in an upcoming
section—even though there are
now much faster versions of
Ethernet.
Cross Check
Interconnecting Ethernet Networks
You learned about the devices used to connect different types of Ether-
net networks—hubs and switches—in Chapter 3. Check your memory
now. What’s the difference between the two devices? Which would you
prefer for connections and why?
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
92
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 5
Upgrading a 10BaseT network to 100BaseT is not a small
process. First, you need to make sure you have CAT 5 cable
or better. This part isn’t a big deal because almost all network
cables installed in the past decade are at least CAT 5. Second,
you must replace all the old 10BaseT NICs with 100BaseT
NICs. Third, you need to replace the 10BaseT hub or switch
with a 100BaseT hub or switch. Making this upgrade cost a lot
in the early days of 100BaseT, so people clamored for a way
to make the upgrade a little easier. This was accomplished
via multispeed, auto-sensing NICs and hubs/switches.
Figure 5.1 shows a typical multispeed, auto-sensing
100BaseT NIC from the late 1990s. When this NIC first con-
nects to a network, it starts to negotiate automatically with
the hub or switch to determine the other device’s highest
speed. If they both do 100BaseT, then you get 100BaseT. If the
hub or switch only does 10BaseT, then the NIC does 10BaseT.
All of this happens automatically (Figure 5.2).
Distinguishing a 10BaseT NIC from a 100BaseT NIC
without close inspection is impossible. Look for something
on the card to tell you its speed. Some NICs may have extra
link lights to show the speed (see Chapter 6 for the scoop
on link lights). Of course, you can always simply install the
card, as shown in Figure 5.3, and see what the operating sys-
tem says it sees!
Figure 5.2 • Auto-negotiation in action
Figure 5.3 • Typical 100BaseT NIC in Windows Vista
Tech Tip
Lingo
If you want to sound like a
proper tech, you need to use the
right words. Techs don’t actually
say, “multispeed, auto-sensing,”
but rather “10/100.” As in,
“Hey, is that a 10/100 NIC you
got there?” Now you’re talking
the talk!
You’ll also have trouble finding a true 10BaseT or 100BaseT NIC because
multispeed NICs have been around long enough to have replaced any
single-speed NIC. All modern NICs are multispeed and auto-sensing.
Figure 5.1 • Typical 100BaseT NIC
BaseTech
Chapter 5: Modern Ethernet
93
100BaseFX
Most Ethernet networks use UTP cabling, but quite a few use fiber-based
networks instead. In some networks, using fiber simply makes more sense.
UTP cabling cannot meet the needs of every organization for three key
reasons. First, the 100-meter distance limitation of UTP-based networks is
inadequate for networks covering large buildings or campuses. Second,
UTP’s lack of electrical shielding makes it a poor choice for networks func-
tioning in locations with high levels of electrical interference. Finally, the
Maxwell Smarts and James Bonds of the world find UTP cabling (and cop-
per cabling in general) easy to tap, making it an inappropriate choice for
high-security environments. To address these issues, the IEEE 802.3 stan-
dard provides for a flavor of 100-megabit Ethernet using fiber-optic cable,
called 100BaseFX.
The 100BaseFX standard saw quite a bit of interest for years, as it com-
bined the high speed of 100-megabit Ethernet with the reliability of fiber
optics. Outwardly, 100BaseFX looks exactly like 10BaseFL. Both use the
same multimode fiber-optic cabling, and both use SC or ST connectors.
100BaseFX offers improved data speeds over 10BaseFL and equally long
cable runs, supporting a maximum cable length of two kilometers.
100BaseFX Summary
Speed ■ 100 Mbps
Signal type ■ Baseband
Distance ■ Two kilometers between the hub and the node
Node limit ■ No more than 1024 nodes per hub
Topology ■ Star-bus topology: physical star, logical bus
Cable type ■ Multimode fiber-optic cabling with ST or SC connectors
Full-Duplex Ethernet
Early 100BaseT NICs, just like 10BaseT NICs, could send and receive data,
but not at the same time—a feature called half-duplex (Figure 5.4). The IEEE
addressed this characteristic shortly after adopting 100BaseT as a standard.
Just as the old 10BaseFL was
often called 10BaseF, 100BaseFX
is sometimes called simply
100BaseF.
Tech Tip
Shielded Twisted Pair
Installing networks in areas of
high electrical interference used
to require the use of shielded
twisted-pair (STP) cabling
rather than UTP. Even though
you can still get STP cabling,
its use is rare today. Most
installations use fiber-optic cable
in situations where UTP won’t
cut it. The exception to this rule
is with relatively short cable runs
through high-noise areas, like in a
workshop. Swapping out a UTP
cable with an STP cable is simpler
and much less expensive than
running fiber and changing NICs
as well.
Try This!
Hub Search
At this point, you’ve seen various implementations of Ethernet, from
10BaseT (which you read about in Chapter 4) to 100BaseTX and
100BaseFX. If you planned a network today, what kind of equipment
could you buy? Don’t look at me for the answer—instead, try this!
Go to your local computer store with pen and paper ready, and jot
down the variations you find. Does the store carry any hubs? What about
a hub that supports both fiber and UTP, so you can connect 100BaseFX
and 100BaseTX networks? Finally, how much do these things cost?
The Fiber Distributed Data
Interface (FDDI) flourished on
college campuses during the
1990s because it could cover
long distances and transfer data
at the (then) blazing speed of
100 Mbps. FDDI used fiber-optic
cables with a token bus network
protocol over a ring topology.
Fast Ethernet over UTP offered a
much cheaper alternative when
it became available, plus it was
completely compatible with
10BaseT, so FDDI faded away.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
94
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 5
By the late 1990s, most 100BaseT cards could auto-negotiate for full-duplex.
With full-duplex, a NIC can send and receive at the same time, as shown in
Figure 5.5.
Figure 5.4 • Half-duplex: sending at the top, receiving at the bottom
Almost all NICs today can go full-duplex. The NIC and
the attached hub/switch determine full- or half-duplex dur-
ing the auto-negotiation process. The vast majority of the time
you simply let the NIC do its negotiation. Every operating
system has some method to force the NIC to a certain speed/
duplex, as shown in Figure 5.6.
Gigabit Ethernet■■
By the end of the 1990s, the true speed junkie needed an even
more powerful version of Ethernet. In response, the IEEE cre-
ated Gigabit Ethernet, which today is the most common type
of Ethernet found on new NICs.
The IEEE approved two different versions of Gigabit Ether-
net. The most widely implemented solution, published under
the IEEE 802.3ab standard, is called 1000BaseT. The other
version, published under the 802.3z standard and known as
1000BaseX, is divided into a series of standards, with names
such as 1000BaseCX, 1000BaseSX, and 1000BaseLX.
1000BaseT uses four-pair UTP or STP cabling to achieve
gigabit performance. Like 10BaseT and 100BaseT, 1000BaseT has a maxi-
mum cable length of 100 meters on a segment. 1000BaseT connections
and ports look exactly like the ones on a 10BaseT or 100BaseT network.
1000BaseT is the dominant Gigabit Ethernet standard.
Full-duplex doesn’t increase
network speed, but it doubles
network bandwidth. Imagine a
one-lane road expanded to two
lanes while keeping the speed
limit the same. And if you recall
from the previous chapter, going
full-duplex disables CSMA/CD
and eliminates collisions.
Figure 5.5 • Full-duplex
Figure 5.6 • Forcing speed and duplex in Windows 7
The term Gigabit Ethernet
is more commonly used than
1000BaseT.
BaseTech
Chapter 5: Modern Ethernet
95
The 802.3z standards require a bit more discussion. Let’s look at each of
these solutions in detail to see how they work.
1000BaseCX
1000BaseCX uses a unique cable known as twinaxial cable
(Figure 5.7). Most techs shorten the cable name to twinax.
Twinaxial cables are special shielded 150-Ohm cables with a
length limit of only 25 meters. 1000BaseCX has made little
progress in the Gigabit Ethernet market.
1000BaseSX
Many networks upgrading to Gigabit Ethernet use the 1000BaseSX standard.
1000BaseSX uses multimode fiber-optic cabling to connect systems, with a
generous maximum cable length of 220 to 500 meters; the exact length is
left up to the various manufacturers. 1000BaseSX uses an 850-nm (nanome-
ter) wavelength LED to transmit light on the fiber-optic cable. 1000BaseSX
devices look similar to 100BaseFX devices, and although both standards
can use several types of connectors, 1000BaseSX devices commonly use LC,
while 100BaseFX devices frequently use SC. (See “New Fiber Connectors”
later in the chapter for the scoop on LC connectors.)
1000BaseLX
1000BaseLX is the long-distance carrier for Gigabit Ethernet. 1000BaseLX uses
single-mode (laser) cables to shoot data at distances up to 5 kilometers—and
some manufacturers use special repeaters to increase that to distances as
great as 70 kilometers! The Ethernet folks are trying to position this as the
Ethernet backbone of the future, and already some large carriers are begin-
ning to adopt 1000BaseLX. You may live your whole life and never see a
1000BaseLX device, but odds are good that you will encounter connections
that use such devices in the near future. 1000BaseLX connectors look like
1000BaseSX connectors.
New Fiber Connectors
Around the time that Gigabit Ethernet first started to appear, two prob-
lems began to surface with ST and SC connectors. First, ST connectors are
relatively large, twist-on connectors, requiring the installer to twist the
cable when inserting or removing it. Twisting is not a popular action with
Figure 5.7 • Twinaxial cable
Cross Check
SC and ST
You learned about the common fiber-optic cable SC and ST connectors
way back in Chapter 3, so cross-check your knowledge here. What dis-
tinguishes the two connectors? Can 100BaseFX NICs use either one?
Which do you need to twist like a bayonet?
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
96
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 5
fiber-optic cables, as the delicate fibers may fracture. Also,
big-fingered techs have a problem with ST connectors if the
connectors are too closely packed: they can’t get their fingers
around them. SC connectors snap in and out, making them
much more popular than STs. SC connectors are also large,
however, and the folks who make fiber networking equip-
ment wanted to pack more connectors onto their boxes. This
brought about two new types of fiber connectors, known
generically as Small Form Factor (SFF) connectors. The first
SFF connector—the Mechanical Transfer Registered Jack (MT-
RJ), shown in Figure 5.8—gained popularity with important
companies like Cisco and is still quite common.
You read about the second type of popular SFF connector, the Local Con-
necter (LC), back in Chapter 3—it’s shown in Figure 5.9. LC-type connectors
are very popular, particularly in the United States, and many fiber experts
consider the LC-type connector to be the predominant fiber connector.
LC and MT-RJ are the most popular types of SFF fiber connectors, but
many others exist, as outlined in Table 5.1. The fiber industry has no stan-
dard beyond ST and SC connectors, which means that different makers of
fiber equipment may have different connections.
Table 5.1 Gigabit Ethernet Summary
Standard Cabling Cable Details Connectors Length
1000BaseCX Copper Twinax Twinax 25 m
1000BaseSX Multimode
fiber
850 nm Variable,
commonly
LC
220–500 m
1000BaseLX Single-mode
fiber
1300 nm Variable,
commonly
LC and SC
5 km
1000BaseT CAT 5e/6
UTP
Four-pair/
full-duplex
RJ-45 100 m
Implementing Multiple Types of
Gigabit Ethernet
Because Ethernet packets don’t vary among the many flavors of Ethernet,
network hardware manufacturers have long built devices capable of sup-
porting more than one flavor right out of the box. Ancient hubs supported
10Base2 and 10BaseT at the same time, for example.
You can also use dedicated media converters to connect any type of Eth-
ernet cabling together. Most media converters are plain-looking boxes with
a port or dongle on either side. They come in all flavors:
Single-mode fiber (SMF) to UTP/STP ■
Multimode fiber (MMF) to UTP/STP ■
Fiber to coaxial ■
SMF to MMF ■
The CompTIA Network+
exam competencies erroneously
describe some media converters
as single-mode fiber to
Ethernet and multimode fiber
to Ethernet. It’s all Ethernet!
Don’t be surprised if you get
one of those terms on the exam,
however. Now you’ll know what
they mean.
Figure 5.8 • MT-RJ connector
Figure 5.9 • LC-type connector
BaseTech
Chapter 5: Modern Ethernet
97
Finally, the Gigabit Ethernet folks created a standard for modular
ports called a gigabit interface converter (GBIC). With many Gigabit Ether-
net switches and other hardware, you can simply pull out a GBIC mod-
ule that supports one flavor of Gigabit Ethernet and plug in another.
You can replace an RJ-45 port GBIC, for example, with an SC GBIC, and
it’ll work just fine. Electronically, the switch or other gigabit device is
just that—Gigabit Ethernet—so the physical connections don’t matter.
Ingenious!
10 Gigabit Ethernet■■
The ongoing demand for bandwidth on the Internet means that the net-
working industry is continually reaching for faster LAN speeds. 10 Gigabit
Ethernet (10 GbE) is showing up in high-level LANs, with the anticipation
that it will trickle-down to desktops in the near future.
Because 10 GbE is still a new technology, there are a large number of stan-
dards in existence. Over time some of these standards will certainly grow
in popularity, but most will disappear. For now, though, the landscape is in
flux. 10 GbE has a number of fiber standards and two copper standards. 10
GbE was first and foremost designed with fiber optics in mind. As a result,
10 GbE copper products have only been for sale since 2008.
Fiber-based 10 GbE
When the IEEE members sat down to formalize specifications on Ether-
net running at 10 Gbps, they faced several challenges. First, they had to
maintain the integrity of the Ethernet frame. Data is king, after all, and
the goal was to create a network that could interoperate with any other
Ethernet network. Second, they had to figure out how to transfer those
frames at such blazing speeds. This second challenge had some inter-
esting ramifications because of two factors. They could use the tradi-
tional Physical layer mechanisms defined by the Ethernet standard. But
a perfectly usable ~10-Gbps fiber network, called SONET, was already
in place and being used for wide area networking (WAN) transmissions.
What to do?
The IEEE created a whole set of 10 GbE standards that could use
traditional LAN Physical layer mechanisms, plus a set of standards
that could take advantage of the SONET infrastructure and run over
the WAN fiber. To make the 10-Gbps jump as easy as possible, the IEEE
also recognized the need for different networking situations. Some
implementations require data transfers that can run long distances over
single-mode fiber, for example, whereas others can make do with short-
distance transfers over multimode fiber. This led to a lot of standards
for 10 GbE.
The 10 GbE standards are defined by several factors: the type of fiber
used, the wavelength of the laser or lasers, and the Physical layer signal-
ing type. These factors also define the maximum signal distance.
There are proposed Ethernet
standards that go way beyond
10-Gbps speeds, including a
100 GbE proposal, but nothing
is fully standardized as of this
writing. Today, 10 GbE is the
reigning king of network speeds.
Chapter 14 covers SONET in
great detail. For now, think of it
as a data transmission standard
that’s different from the LAN
Ethernet standard.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
98
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 5
The IEEE uses specific letter codes with the standards to
help sort out the differences so you know what you’re imple-
menting or supporting. All the standards have names in the
following format: “10GBase” followed by two other charac-
ters, what I’ll call xy. The x stands for the type of fiber (usu-
ally, though not officially) and the wavelength of the laser
signal; the y stands for the Physical layer signaling standard.
The y code is always either R for LAN-based signaling or
W for SONET/WAN-based signaling. The x differs a little
more, so let’s take a look.
10GBaseSy uses a short-wavelength (850 nm) signal over
multimode fiber. The maximum fiber length is 300 meters,
although this length will vary depending on the type of multi-
mode fiber used. 10GBaseSR (Figure 5.10) is used for Ethernet
LANs, and 10GBaseSW is used to connect to SONET devices.
Standard Fiber Type Wavelength Physical Layer
Signaling
Maximum
Signal Length
10GBaseSR Multimode 850 nm LAN 26–300 m
10GBaseSW Multimode 850 nm SONET/WAN 26–300 m
10GBaseLy uses a long-wavelength (1310 nm) signal over single-mode
fiber. The maximum fiber length is 10 kilometers, although this length will
vary depending on the type of single-mode fiber used. 10GBaseLR con-
nects to Ethernet LANs and 10GBaseLW connects to SONET equipment.
10GBaseLR is the most popular and least expensive 10 GbE media type.
Standard Fiber Type Wavelength Physical Layer
Signaling
Maximum
Signal Length
10GBaseLR Single-mode 1310 nm LAN 10 km
10GBaseLW Single-mode 1310 nm SONET/WAN 10 km
10GBaseEy uses an extra-long-wavelength (1550 nm) signal over single-
mode fiber. The maximum fiber length is 40 kilometers, although this length
will vary depending on the type of single-mode fiber used. 10GBaseER works
with Ethernet LANs and 10GBaseEW connects to SONET equipment.
Standard Fiber Type Wavelength Physical Layer
Signaling
Maximum
Signal Length
10GBaseER Single-mode 1550 nm LAN 40 km
10GBaseEW Single-mode 1550 nm SONET/WAN 40 km
The 10 GbE fiber standards do not define the type of connector to use
and instead leave that to manufacturers (see the upcoming section “10 GbE
Physical Connections”).
Copper-based 10 GbE
It took until 2006 for the IEEE to come up with a standard for 10 GbE run-
ning on twisted-pair cabling—called, predictably, 10GBaseT. 10GBaseT
Figure 5.10 • A 10GBaseSR NIC (photo courtesy of Intel
Corporation)
BaseTech
Chapter 5: Modern Ethernet
99
looks and works exactly like the slower versions of UTP Ethernet. The only
downside is that 10GBaseT running on CAT 6 has a maximum cable length
of only 55 meters. The updated CAT 6a standard enables 10GBaseT to run
at the standard distance of 100 meters. Table 5.2 summarizes the 10 GbE
standards.
Table 5.2 10 GbE Summary
Standard Cabling Wavelength/
Cable Details
Connectors Length
10GBaseSR/SW Multimode
fiber
850 nm Not defined 26–300 m
10GBaseLR/LW Single-mode
fiber
1310 nm Variable,
commonly LC
10 km
10GBaseER/EW Single-mode
fiber
1550 nm Variable,
commonly LC
and SC
40 km
10GBaseT CAT 6/6a
UTP
Four-pair/
full-duplex
RJ-45 55/100 m
10 GbE Physical Connections
This hodgepodge of 10 GbE types might have been the ultimate disaster for
hardware manufacturers. All types of 10 GbE send and receive the same sig-
nal; only the physical medium is different. Imagine a single router that had
to come out in seven different versions to match all these types! Instead, the
10 GbE industry simply chose not to define the connector types and devised
a very clever, very simple concept called multisource agreements (MSAs). An
MSA transceiver plugs into your 10 GbE equipment, enabling you to convert
from one media type to another by inserting the right transceiver. Unfortu-
nately, there have been as many as four different competing MSA types in
the past few years. Figure 5.11 shows a typical MSA called XENPAK.
For now, 10 GbE equipment is the exclusive domain of high-bandwidth
LANs and WANs, including parts of the big-pipe Internet connections.
Backbones
The beauty and the challenge of the vast selection of Ethernet flavors is
deciding which one to use in your network. The goal is to give your users as
fast a network response time as possible, combined with keeping costs at a
Not all 10 GbE manufacturers
use MSAs in their equipment.
Figure 5.11 • XENPAK MSA
Tech Tip
The Other 10 Gigabit
Ethernet Fiber Standards
Manufacturers have shown,
in these early days of 10 GbE
implementation, both creativity
and innovation in taking
advantage of both existing fiber
and the most cost-effective
equipment. This has led to a
variety of standards that are
not covered by the CompTIA
Network+ competencies, but
that you should know about
nevertheless. The top three as
of this writing are 10GBaseL4,
10GBaseLRM, and 10GBaseZR.
The 10GBaseL4 standard uses
four lasers at a 1300-nanometer
wavelength over legacy fiber. On
FDDI-grade multimode cable,
10GBaseL4 can support up to
300-meter transmissions. The
range increases to 10 kilometers
over single-mode fiber.
The 10GBaseLRM standard
uses the long wavelength signal
of 10GBaseLR but over legacy
multimode fiber. The standard
can achieve a range of up to 220
meters, depending on the grade of
fiber cable.
Finally, some manufacturers
have adopted the 10GBaseZR
“standard,” which isn’t part of
the IEEE standards at all (unlike
10GBaseL4 and 10GBaseLRM).
Instead, the manufacturers
have created their own set of
specifications. 10GBaseZR
networks use a 1550-nanometer
wavelength over single-mode
fiber to achieve a range of a
whopping 80 kilometers. The
standard can work with both
Ethernet LAN and SONET/WAN
infrastructure.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
100
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 5
reasonable level. To combine
these two issues, most network
administrators find that a multi-
speed Ethernet network works
best. In a multispeed network, a
series of high-speed (relative to
the rest of the network) switches
maintain a backbone network.
No computers, other than pos-
sibly servers, attach directly to
this backbone. Figure 5.12
shows a typical backbone net-
work. Each floor has its own
switch that connects to every
node on the floor. In turn, each
of these switches also has a sep-
arate high-speed connection to
a main switch that resides in the
office’s computer room.
To make this work, you
need switches with separate,
dedicated, high-speed ports
like the ones shown in Figure 5.13. The add-on ports on the
switches run straight to the high-speed backbone switch.
Know Your Ethernets!
This single chapter is little more than a breakdown of the
evolution of Ethernet since the old 10BaseT standard. Make
sure you know the details of these Ethernet versions and
take advantage of the summaries and tables to recognize the
important points of each type.
Additionally, keep in mind that you’ve only just begun
to delve into the world of switching. The book has covered
thus far only the functions of a basic switch. There is a lot
more to know in terms of the capabilities of these powerful
devices, but first you need to understand networking at a
deeper level.
Figure 5.13 • Switches with dedicated, high-speed add-on
ports
Try This!
Shopping for Switches
Cisco, one of the industry leaders for Ethernet switches, has a great Web
site for its products. Imagine that you are setting up a network for your
school or business (keep it simple and pick a single building if you’re
in a large organization). Decide what type of switches you’d like to use,
including both the backbone and local switches. If you’re really motivated,
decide where to locate the switches physically. Don’t be afraid to try a fiber
backbone—almost every Cisco switch comes with special ports to enable
you to pick the type of Ethernet you want to use for your backbone.
Figure 5.12 • Typical network configuration showing backbone
BaseTech
101
Chapter 5: Modern Ethernet
Chapter 5 Review■■
Chapter Summary ■
After reading this chapter and completing the exercises,
you should understand the following about Ethernet.
Describe the varieties of 100-megabit Ethernet
Fast Ethernet includes two UTP/STP variations, ■
both arranged in a physical star, but operating in a
logical bus—100BaseTX and 100BaseT4.
In 100BaseTX Ethernet cabling systems, speeds are ■
100 Mbps, wires are twisted copper pairs, signals
are baseband, and distance is limited to 100 meters
from the node to the hub, with a limit of 1024
ports per hub. The cabling used must be CAT 5e or
better UTP/STP crimped with RJ-45 connectors.
In 100BaseT4 Ethernet cabling systems, speeds are ■
100 Mbps, wires are twisted copper pairs, signals
are baseband, and distance is limited to 100 meters
from the node to the hub, with a limit of 1024 ports
per hub. The cabling used is CAT 3 UTP with RJ-45
connectors. The main difference from 100BaseTX
is that all four pairs of wires are used in data
transmission.
Limitations of Fast Ethernet over UTP include ■
distance (only 100 meters), inadequate shielding
for some installations, and relative ease of intruder
break-ins on the physical cable.
The fiber-optic variation of Fast Ethernet, ■
100BaseFX, overcomes these limitations, offering
immunity to electrical interference and a range of
up to two kilometers from node to hub.
A half-duplex NIC can only send or receive at any ■
one time. Full-duplex NICs can send and receive
at the same time, thereby doubling the bandwidth
(but not the speed).
Discuss copper- and fiber-based Gigabit Ethernet
Two Gigabit Ethernet standards have been ■
approved by the IEEE: 802.3z (1000BaseX) and
802.3ab (1000BaseT).
1000BaseT uses four-pair UTP/STP cabling and ■
has a maximum length of 100 meters.
1000BaseX is divided into a number of standards: ■
1000BaseCX, 1000BaseSX, and 1000BaseLX.
1000BaseCX uses twinaxial cable with a maximum ■
length of 25 meters.
1000BaseSX uses multimode fiber-optic cable with ■
a maximum length between 220 and 500 meters,
depending on the manufacturer.
1000BaseLX uses single-mode fiber-optic cable ■
with a maximum length of 5 kilometers. Some
manufacturers use repeaters to extend the
maximum length to 70 kilometers.
The Small Form Factor (SFF) fiber connector ■
includes the Mechanical Transfer Registered Jack
(MT-RJ) and the Local Connector (LC), both of
which were created to overcome problems with the
ST and SC connectors.
Compare the competing varieties of
10 Gigabit Ethernet
10 Gigabit Ethernet (10 GbE) has several fiber ■
standards and two copper standards. Copper
products have only recently become available.
SONET is the networking standard for long- ■
distance optical connections that serve as the main
backbone for the Internet.
10 GbE is organized into six different standards: ■
10GBaseSR, 10GBaseSW, 10GBaseLR, 10GBaseLW,
10GBaseER, and 10GBaseEW.
10GBaseS ■ y uses multimode fiber with a maximum
length of 300 meters. 10GBaseSR is used for
Ethernet LANs, whereas 10GBaseSW is used to
connect to SONET devices.
10GBaseL ■ y uses single-mode fiber with a
maximum length of 10 kilometers. 10GBaseLR is
for Ethernet LANs, whereas 10GBaseLW is used to
connect to SONET devices. 10GBaseLR is the most
popular and least expensive 10 GbE media type.
10GBaseE ■ y uses single-mode fiber with a
maximum length of 40 kilometers. 10GBaseER is
used for Ethernet LANs, whereas 10GBaseEW is
used to connect to SONET devices.
102
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 5
10GBaseT defines 10 Gigabit Ethernet over UTP/ ■
STP cable. It is capable of a maximum distance of
55 meters with CAT 6; however, using CAT 6a, it
can achieve 100 meters.
All types of 10 GbE send and receive the exact ■
same signal. Network devices, such as routers, that
need to support different 10 GbE cable types use
multisource agreements to enable the various cable
types to connect.
Key Terms ■
10GBaseER (98)
10GBaseEW (98)
10GBaseLR (98)
10GBaseLW (98)
10GBaseSR (98)
10GBaseSW (98)
10GBaseT (98)
10 Gigabit Ethernet (10 GbE) (97)
100BaseFX (93)
100BaseT (91)
100BaseT4 (91)
100BaseTX (91)
1000BaseCX (95)
1000BaseLX (95)
1000BaseSX (95)
1000BaseT (94)
1000BaseX (94)
802.3ab (94)
802.3z (94)
Fast Ethernet (91)
full-duplex (94)
Gigabit Ethernet (94)
half-duplex (93)
Local Connecter (LC) (96)
Mechanical Transfer Registered Jack (MT-RJ) (96)
multisource agreement (MSA) (99)
Small Form Factor (SFF) (96)
SONET (97)
Key Term Quiz ■
Use the Key Terms list to complete the sentences that
follow. Not all terms will be used.
When a network device can both send and 1.
receive data at the same time, it is said to be
_______________.
_______________ has a maximum cable length of 2.
two kilometers and uses multimode fiber with
ST or SC connectors.
100BaseT is also known as _______________.3.
_______________ can use CAT, 3 but 4.
_______________ must use CAT 5 or better.
802.3z and 802.3ab are both _______________ 5.
standards.
_______________ supports the longest maximum 6.
distance for Gigabit Ethernet.
The _______________ and _______________ 7.
IEEE standards support the longest maximum
distance for 10 Gigabit Ethernet.
Many fiber experts consider the _______________ 8.
connector to be the predominant fiber connector.
_______________ is the least expensive and most 9.
popular 10 GbE media type.
Routers with _______________ can accept a 10.
variety of 10 GbE media types.
BaseTech
103
Chapter 5: Modern Ethernet
Multiple-Choice Quiz ■
Which of the following are 100BaseT cable types? 1.
(Select three.)
CAT 3A.
CAT 5B.
CAT 5eC.
10BaseFLD.
What is the physical limit for the number of 2.
ports on an Ethernet hub?
24A.
256B.
512C.
1024D.
When a network device can only send data or 3.
receive data, but not both at the same time, it is
operating in what mode?
DuplexA.
Full-duplexB.
Half-duplexC.
HalfplexD.
What important backbone technology is also 4.
known as Gigabit Ethernet?
100BaseTA.
100BaseFLB.
100BaseFXC.
1000BaseTD.
What are the two major UTP variations of Fast 5.
Ethernet? (Select two.)
100BaseTLA.
100BaseTXB.
100BaseFLC.
100BaseT4D.
What are three limitations of Fast Ethernet over 6.
UTP? (Select three.)
Distance is restricted to 100 meters from A.
node to hub.
Shielding may be inadequate for some B.
installations.
Intrusion from outsiders may be possible C.
without detection.
The obsolete technology is insufficient for D.
most networks.
Which standard defines Fast Ethernet using fiber 7.
cabling?
10BaseFLA.
100BaseFXB.
100BaseT4C.
100BaseTXD.
Which of the following are fiber connector types? 8.
(Select three.)
LCA.
LSB.
MT-RJC.
STD.
What do you need to connect varying 10 GbE 9.
cable types to the same router?
SFF connectors on all cablesA.
SC connectors on all cablesB.
Multisource agreements on the routerC.
This is not possible.D.
Which standard defines Gigabit Ethernet over 10.
twisted-pair copper wire?
802.3abA.
802.3eB.
802.3GbUTPC.
802.3zD.
You’ve lost the manual to your router. How can 11.
you tell the difference between a 1000BaseT port
and a 100BaseT port on a router just by looking?
The 1000BaseT ports are noticeably larger.A.
The 100BaseT ports are green, whereas the B.
1000BaseT ports are gray.
1000BaseT ports are reversed with the clip on C.
the top.
You can’t tell the difference by looking. They D.
look exactly the same.
104
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 5
Which statement about Ethernet is correct?12.
Only 10- and 100-megabit Ethernet may use A.
a hub. Gigabit Ethernet must use a switch.
10- and 100-megabit Ethernet has a limit of B.
1024 nodes. Gigabit Ethernet has no limit.
Gigabit Ethernet that uses UTP cabling has C.
a maximum distance between the node and
switch of 250–400 meters, depending on the
manufacturer.
All versions of 10 Gigabit Ethernet use the D.
same cabling.
What will happen if you connect a 10BaseT NIC 13.
to an auto-sensing switch?
The switch will operate in hub mode.A.
The entire switch will operate at 10 megabits, B.
even if 100-megabit devices are attached.
The 10BaseT NIC will operate at 10 megabits C.
while connected 100-megabit devices will
operate at their full speed of 100 megabits.
The 10BaseT NIC will overclock to run at 100 D.
megabits.
What benefit does full-duplex offer?14.
It allows all NICs on a hub to send signals at A.
the same time without collisions.
It doubles the bandwidth of the network.B.
It doubles the speed of the network.C.
It doubles both the bandwidth and the speed D.
of the network.
What is the difference between the15. R and W
designations in 10GBase standards, such as
10GBaseLR and 10GBaseLW, or 10GBaseER
and 10GBaseEW?
TheA. R indicates “regular,” or half-duplex.
The W indicates “wide mode,” which is the
10 Gigabit Ethernet version of full-duplex.
TheB. R indicates “read,” or the ability to
receive signals; the W indicates “write,” or
the ability to send signals.
TheC. R and W indicate differences in the
circuitry, with the W versions used to connect
to SONET equipment.
TheD. R indicates the use of UTP, whereas the
W indicates the use of fiber optics.
Essay Quiz ■
Which types of computer network cable 1.
connections are you familiar with already? Write
a short paragraph describing your experience.
Your manager has just informed you that 2.
several departments at your company will be
switching over to fiber-optic NICs. How many
and what type of connectors will be needed for
each node on the new segment? Document your
recommendations.
Compose a letter to the network administrator 3.
of a nearby telecommunications company or ISP
(Internet service provider). Introduce yourself in
the top part of the letter as a networking student.
Then ask if the company ever gives tours or
holds open houses for the public. Close the letter
by thanking the person reading it for his or her
time. Spell-check and have others proofread
your letter. Consider mailing the letter if you
are serious about your visit and your instructor
approves your final copy.
Prepare a list of questions you would ask a large 4.
organization’s network administrator regarding
cabling, connections, hubs, switches, and even
routers. Use the situation described in Essay 3 to
help you create your list of questions.
Prepare a thank-you note in advance for 5.
having been allowed to participate in a tour, as
described in Essay 3. Mention some of the items
you observed during the visit. If you would be
interested in seeking employment at their facility,
consider mentioning that and asking about the
steps you would need to take to prepare for such
a position. Sometimes a simple thank-you note
can help land a job!
BaseTech
105
Chapter 5: Modern Ethernet
Lab Project 5.1 •
Lab ProjectsLab Projects
Find a hub or switch at your school or company.
Examine the wiring closely to determine what
cable connections it uses. Try to determine
whether the cabling was placed neatly and in an
organized manner, whether the ports are clearly
labeled, and whether all the ends were crimped
well. Be prepared to discuss your findings with
the rest of the class.
Lab Project 5.2 •
Use the Internet to research prices to order
100 each of the connectors from the following
list. Don’t forget to include basic shipping and
handling to your organization’s location, as these
are a price factor in real life.
RJ-45 connectors ■
SC connectors ■
ST connectors ■
MT-RJ connectors ■
LC connectors ■
From your research, which connectors would be
the least costly?
Lab Project 5.3 •
All these standards! How can you remember them?
Make a chart that compares the features
(cabling, connectors, data throughput, and so on)
of the following Ethernet technologies:
10BaseT ■
10BaseFL ■
100BaseTX ■
100BaseFX ■
1000BaseT ■
1000BaseCX ■
1000BaseLX ■
1000BaseSX ■
10GBaseSR/10GBaseSW ■
10GBaseLR/10GBaseLW ■
10GBaseER/10GBaseEW ■
6
chapter
106
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6
Installing a Physical
Network
“I am rarely happier than
when spending an entire day
programming my computer to
perform automatically a task
that it would otherwise take me a
good ten seconds to do by hand.”
—Douglas aDams
In this chapter, you will learn
how to
Recognize and describe the ■■
functions of basic components in
a structured cabling system
Explain the process of installing ■■
structured cable
Install a network interface card■■
Perform basic troubleshooting on ■■
a structured cable network
Armed with the knowledge of previous chapters, it’s time to start going about the business of actually constructing a physical network. This might
seem easy; after all, the most basic network is nothing more than a switch with a
number of cables snaking out to all of the PCs on the network (Figure 6.1).
On the surface, such a network setup is absolutely correct, but if you tried
to run a network using only a switch and cables running to each system, you’d
have some serious practical issues. In the real world, you need to deal with
physical obstacles like walls and ceilings. You also need to deal with those
annoying things called people. People are incredibly adept at destroying physical
networks. They unplug switches, trip over cables, and rip connectors out of
NICs with incredible consistency unless you protect the network from their
destructive ways. Although the simplified switch-and-a-bunch-of-cables type of
network can function in the real world, the network clearly has some problems
that need addressing before it can work safely and efficiently (Figure 6.2).
BaseTech
Chapter 6: Installing a Physical Network
107
This chapter takes the abstract dis-
cussion of network technologies from
previous chapters into the concrete
reality of real networks. To achieve
this goal, it marches you through the
process of installing an entire net-
work system from the beginning. The
chapter starts by introducing you to
structured cabling, the critical set of
standards used all over the world to
install physical cabling in a safe and
orderly fashion. It then delves into
the world of larger networks—those
with more than a single switch—and
shows you some typical methods
used to organize them for peak effi-
ciency and reliability. Next, you’ll
take a quick tour of the most com-
mon NICs used in PCs, and see what
it takes to install them. Finally, you’ll
look at how to troubleshoot cabling and other network devices, including
an introduction to some fun diagnostic tools.
Historical/Conceptual
Understanding Structured Cabling■■
If you want a functioning, dependable, real-world network, you need a solid
understanding of a set of standards, collectively called structured cabling.
These standards, defined by the Telecommunications Industry Association/
Electronic Industries Alliance (TIA/EIA)—yup, the same folks who tell you
how to crimp an RJ-45 onto the end of a UTP cable—give professional cable
installers detailed standards on every aspect of a cabled network, from the
type of cabling to use to the position of wall outlets.
Figure 6.1 • What an orderly looking network!
Figure 6.2 • A real-world network
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
108
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6
The CompTIA Network+ exam requires you to understand the basic
concepts involved in designing a network and installing network cabling
and to recognize the components used in a real network. The CompTIA
Network+ exam does not, however, expect you to be as knowledgeable as a
professional network designer or cable installer. Your goal is to understand
enough about real-world cabling systems to communicate knowledgeably
with cable installers and to perform basic troubleshooting. Granted, by the
end of this chapter, you’ll have enough of an understanding to try running
your own cable (I certainly run my own cable), but consider that knowl-
edge a handy bit of extra credit.
The idea of structured cabling is to create a safe, reliable cabling infra-
structure for all of the devices that may need interconnection. Certainly this
applies to computer networks, but also to telephone, video—anything that
might need low-power, distributed cabling.
You should understand three issues with structured cabling. Cable
basics start the picture, with switches, cabling, and PCs. You’ll then look at
the components of a network, such as how the cable runs through the walls
and where it ends up. This section wraps up with an assessment of connec-
tions leading outside your network.
Cable Basics—A Star Is Born
This exploration of the world of connectivity hardware starts with the most
basic of all networks: a switch, some UTP cable, and a few PCs—in other
words, a typical physical star network (Figure 6.3).
Figure 6.3 • A switch connected by UTP cable to two PCs
No law of physics prevents you from installing a switch in the middle
of your office and running cables on the floor to all the computers in your
network. This setup works, but it falls apart spectacularly when applied to
a real-world environment. Three problems present themselves to the net-
work tech. First, the exposed cables running along the floor are just wait-
ing for someone to trip over them, damaging the network and giving that
person a wonderful lawsuit opportunity. Possible accidents aside, simply
moving and stepping on the cabling will, over time, cause a cable to fail
due to wires breaking or RJ-45 connectors ripping off cable ends. Second,
the presence of other electrical devices close to the cable can create interfer-
ence that confuses the signals going through the wire. Third, this type of
setup limits your ability to make any changes to the network. Before you
can change anything, you have to figure out which cables in the huge rat’s
nest of cables connected to the switch go to which machines. Imagine that
troubleshooting nightmare!
A structured cabling system
is useful for more than just
computer networks. You’ll find
structured cabling defining
telephone networks and video
conferencing setups, for
example.
Tech Tip
The Big Wireless Lie
Anyone who makes a trip to a
local computer store sees plenty
of devices that adhere to the
802.11 (wireless networking)
standard. There’s little doubt
about the popularity of wireless.
This popularity, however, gives
people the impression that 802.11
is pushing wired networks into
oblivion. While this may take
place one day in the future, a
wireless network’s unreliability
and relatively slow speed (as
compared to Gigabit Ethernet)
make it challenging to use in
a network that requires high
reliability and speed. Wireless
makes great sense in homes, your
local coffeehouse, and offices
that don’t need high speed or
reliability, but any network that
can’t afford downtime or slow
speeds still uses wires.
BaseTech
Chapter 6: Installing a Physical Network
109
“Gosh,” you’re thinking (okay, I’m thinking it, but you should be, too),
“there must be a better way to install a physical network.” A better instal-
lation would provide safety, protecting the star from vacuum cleaners,
clumsy coworkers, and electrical interference. It would have extra hard-
ware to organize and protect the cabling. Finally, the new and improved
star network installation would feature a cabling standard with the flex-
ibility to enable the network to grow according to its needs and then to
upgrade when the next great network technology comes along.
As you have no doubt guessed, I’m not just theorizing here. In the real
world, the people who most wanted improved installation standards were
the ones who installed cable for a living. In response to this demand, the
TIA/EIA developed standards for cable installation. The TIA/EIA 568 stan-
dards you learned about in earlier chapters are only part of a larger set of
TIA/EIA standards all lumped together under the umbrella of structured
cabling.
Test Specific
Structured Cable Network
Components
Successful implementation of a basic structured
cabling network requires three essential ingre-
dients: a telecommunications room, horizontal
cabling, and a work area. Let’s zero in on one
floor of Figure 5.12 from the previous chapter.
All the cabling runs from individual PCs to a
central location, the telecommunications room
(Figure 6.4). What equipment goes in there—a
switch or a telephone system—is not the impor-
tant thing. What matters is that all the cables
concentrate in this one area.
All cables run horizontally (for the most part)
from the telecommunications room to the PCs.
This cabling is called, appropriately, horizontal
cabling. A single piece of installed horizontal
cabling is called a run. At the opposite end of
the horizontal cabling from the telecommunica-
tions room is the work area. The work area is
often simply an office or cubicle that potentially
Cross Check
TIA/EIA Standards
You should remember the TIA/EIA 568 standards from Chapter 4, but
do you remember how to tell the difference between 568A and 568B?
Why were the standards considered necessary?
Tech Tip
Professional Cabling
Certifications with BICSI
Installing structured cabling
properly takes a startlingly
high degree of skill. Thousands
of pitfalls await inexperienced
network people who think they
can install their own network
cabling. Pulling cable requires
expensive equipment, a lot of
hands, and the ability to react
to problems quickly. Network
techs can cost employers a lot of
money—not to mention losing
their good jobs—by imagining
they can do it themselves without
the proper knowledge. If you
are interested in learning more
details about structured cabling,
an organization called BICSI
(www.bicsi.org) provides a series
of widely recognized certifications
for the cabling industry.
Figure 6.4 • Telecommunications room
www.bicsi.org
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
110
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6
contains a PC and a telephone. Figure 6.5 shows both the horizontal cabling
and work areas.
Figure 6.5 • Horizontal cabling and work area
Each of the three parts of a basic star network—the telecommunications
room, the horizontal cabling, and the work area(s)—must follow a series of
strict standards designed to ensure that the cabling system is reliable and
easy to manage. The cabling standards set by TIA/EIA enable techs to make
sensible decisions on equipment installed in the telecommunications room,
so let’s tackle horizontal cabling first, and then return to the telecommuni-
cations room. We’ll finish up with the work area.
Horizontal Cabling
A horizontal cabling run is the cabling that goes more or less horizontally
from a work area to the telecommunications room. In most networks, this
cable is a CAT 5e or better UTP, but when you move into structured cabling,
the TIA/EIA standards define a number of other aspects of the cable, such
as the type of wires, number of pairs of wires, and fire ratings.
Solid Core vs. Stranded Core All UTP cables come in one of two types: solid
core or stranded core. Each wire in solid core UTP uses a single solid wire.
With stranded core, each wire is actually a bundle of tiny wire strands. Each
of these cable types has its benefits and downsides. Solid core is a better
conductor, but it is stiff and will break if handled too often or too roughly.
Stranded core is not quite as good a conductor, but it will stand up to sub-
stantial handling without breaking. Figure 6.6 shows a close-up of solid and
stranded core UTP.
A single piece of cable
that runs from a work area to
a telecommunications room is
called a run.
BaseTech
Chapter 6: Installing a Physical Network
111
contains a PC and a telephone. Figure 6.5 shows both the horizontal cabling
and work areas.
Each of the three parts of a basic star network—the telecommunications
room, the horizontal cabling, and the work area(s)—must follow a series of
strict standards designed to ensure that the cabling system is reliable and
easy to manage. The cabling standards set by TIA/EIA enable techs to make
sensible decisions on equipment installed in the telecommunications room,
so let’s tackle horizontal cabling first, and then return to the telecommuni-
cations room. We’ll finish up with the work area.
Horizontal Cabling
A horizontal cabling run is the cabling that goes more or less horizontally
from a work area to the telecommunications room. In most networks, this
cable is a CAT 5e or better UTP, but when you move into structured cabling,
the TIA/EIA standards define a number of other aspects of the cable, such
as the type of wires, number of pairs of wires, and fire ratings.
Solid Core vs. Stranded Core All UTP cables come in one of two types: solid
core or stranded core. Each wire in solid core UTP uses a single solid wire.
With stranded core, each wire is actually a bundle of tiny wire strands. Each
of these cable types has its benefits and downsides. Solid core is a better
conductor, but it is stiff and will break if handled too often or too roughly.
Stranded core is not quite as good a conductor, but it will stand up to sub-
stantial handling without breaking. Figure 6.6 shows a close-up of solid and
stranded core UTP.
Figure 6.6 • Solid and stranded core UTP
TIA/EIA specifies that horizontal cabling should always
be solid core. Remember, this cabling is going into your
walls and ceilings, safe from the harmful effects of shoes and
vacuum cleaners. The ceilings and walls enable you to take
advantage of the better conductivity of solid core without
the risk of cable damage. Stranded cable also has an impor-
tant function in a structured cabling network, but I need to
discuss a few more parts of the network before I talk about
where to use stranded UTP cable.
Number of Pairs Pulling horizontal cables into your walls
and ceilings is a time-consuming and messy business, and
not a process you want to repeat, if at all possible. For this
reason, most cable installers recommend using the high-
est CAT rating you can afford. Many years ago, I would
also mention that you should use four-pair UTP, but today, four-pair is
assumed. Four-pair UTP is so common that it’s difficult, if not impossible,
to find two-pair UTP.
You’ll find larger bundled UTP cables in higher-end telephone setups.
These cables hold 25 or even 100 pairs of wires (Figure 6.7).
Choosing Your Horizontal Cabling In the real world, network people only
install CAT 5e or CAT 6 UTP, although CAT 6a is also starting to show up as
10GBaseT begins to see acceptance. Installing higher-rated cabling is done
primarily as a hedge against new network technologies that may require a
more advanced cable. Networking caveat emptor (buyer beware): many net-
work installers take advantage of the fact that a lower CAT level will work
on most networks and bid a network installation using the lowest-grade
cable possible.
The Telecommunications Room
The telecommunications room is the heart of the basic star. This room—
technically called the intermediate distribution frame (IDF)—is where all the
horizontal runs from all the work areas come together. The concentration of
all this gear in one place makes the telecommunications room potentially
one of the messiest parts of the basic star. Even if you do a nice, neat job of
organizing the cables when they are first installed, networks change over
time. People move computers, new work areas are added, network topolo-
gies are added or improved, and so on. Unless you impose some type of
organization, this conglomeration of equipment and cables decays into a
nightmarish mess.
Unlike previous CAT
standards, TIA/EIA defines CAT
5e and later as four-pair-only
cables.
Figure 6.7 • 25-pair UTP
The telecommunications
room is also known as an
intermediate distribution frame
(IDF), as opposed to the main
distribution frame (MDF), which
we will discuss later in the
chapter.
Cross Check
Fire Ratings
You saw another aspect of cabling way back in Chapter 3, so check your
memory here. What are fire ratings? When should you use plenum-
grade cabling and when should you use riser-grade cabling? What
about PVC? What are the differences?
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
112
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6
Fortunately, the TIA/EIA struc-
tured cabling standards define the
use of specialized components in the
telecommunications room that make
organizing a snap. In fact, it might
be fair to say that there are too many
options! To keep it simple, we’re going
to stay with the most common tele-
communications room setup and then
take a short peek at some other fairly
common options.
Equipment Racks The central compo-
nent of every telecommunications
room is one or more equipment racks.
An equipment rack provides a safe,
stable platform for all the different
hardware components. All equipment
racks are 19 inches wide, but they vary
in height from two- to three-foot-high
models that bolt onto a wall (Fig-
ure 6.8) to the more popular floor-to-ceiling models (Figure 6.9).
You can mount almost any network hardware component into a rack.
All manufacturers make rack-mounted switches that mount into a rack
with a few screws. These switches are available with a wide assortment of
ports and capabilities. There are even rack-mounted servers, complete
with slide-out keyboards, and rack-mounted uninterruptible power
supplies (UPSs) to power the equipment (Figure 6.10).
All rack-mounted equipment uses a height measurement known sim-
ply as a U. A U is 1.75 inches. A device that fits in a 1.75-inch space is called
a 1U; a device designed for a 3.5-inch space is a 2U; and a device that goes
into a 7-inch space is called a 4U. Most rack-mounted devices are 1U, 2U,
or 4U. The rack in Figure 6.9 is called a 42U rack to reflect the total number
of Us it can hold.
Patch Panels and Cables Ideally, once you install horizontal cabling, you
should never move it. As you know, UTP horizontal cabling has a solid
core, making it pretty stiff. Solid core cables can handle some rearranging,
but if you insert a wad of solid core cables directly into your switches, every
time you move a cable to a different port on the switch, or move the switch
itself, you will jostle the cable. You don’t have to move a solid core cable
many times before one of the solid copper wires breaks, and there goes a
network connection!
Figure 6.8 • A short equipment rack
Figure 6.10 • A rack-mounted UPS
Figure 6.9 • A floor-to-ceiling rack
Equipment racks evolved
out of the railroad signaling
racks from the 19th century.
The components in a rack
today obviously differ a lot
from railroad signaling, but
the 19” width has remained
the standard for well over a
100 years.
BaseTech
Chapter 6: Installing a Physical Network
113
Luckily for you, you can easily avoid this problem by using a patch
panel. A patch panel is simply a box with a row of female connectors (ports)
in the front and permanent connections in the back, to which you connect
the horizontal cables (Figure 6.11).
The most common type of patch panel today uses a special type of con-
necter called a 110 block, or sometimes a 110-punchdown block. UTP cables
connect to a 110 block using a punchdown tool. Figure 6.12 shows a typical
punchdown tool, and Figure 6.13 shows the punchdown tool punching
down individual strands.
The punchdown block has small metal-lined grooves for the individ-
ual wires. The punchdown tool has a blunt end that forces the wire into
the groove. The metal in the groove slices the cladding enough to make
contact.
At one time, the older 66-punchdown block patch panel, found in just
about every commercial telephone installation (Figure 6.14), saw some use
in PC networks. The 110 block introduces less crosstalk than 66 blocks, so
most high-speed network installations use the former for both telephone
Figure 6.11 • Typical patch panels
Figure 6.13 • Punching down a 110 block
Make sure you insert the
wires according to the same
standard (TIA/EIA 568A or
TIA/EIA 568B) on both ends
of the cable. If you don’t, you
might swap the sending and
receiving wires (known as TX/
RX reversed) and inadvertently
create a crossover cable.
Figure 6.14 • 66-block patch panels
Figure 6.12 • Punchdown tool
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
114
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6
service and PC LANs. Given their large installed base, it’s still common to
find a group of 66-block patch panels in a telecommunications room sepa-
rate from the PC network’s 110-block patch panels.
Not only do patch panels prevent the horizontal cabling from being
moved, but they are also your first line of defense in organizing the cables.
All patch panels have space in the front for labels, and these labels are the
network tech’s best friend! Simply place a tiny label on the patch panel to
identify each cable, and you will never have to experience that sinking feel-
ing of standing in the telecommunications room of your nonfunctioning
network, wondering which cable is which. If you want to be a purist, there
is an official, and rather confusing, TIA/EIA labeling methodology called
TIA/EIA 606, but a number of real-world network techs simply use their
own internal codes (Figure 6.15).
Figure 6.15 • Typical patch panels with labels
Patch panels are available in a wide variety of configurations that
include different types of ports and numbers of ports. You can get UTP,
STP, or fiber ports, and some manufacturers combine several different
types on the same patch panel. Panels are available with 8, 12, 24, 48, or
even more ports.
UTP patch panels, like UTP cables, come with CAT ratings, which you
should be sure to check. Don’t blow a good CAT 6 cable installation by
buying a cheap patch panel—get a CAT 6 patch panel! A CAT 6 panel can
handle the 250-MHz frequency used by CAT 6 and offers lower crosstalk
and network interference. A higher-rated panel supports earlier standards,
so you can use a CAT 6 or even CAT 6a rack with CAT 5e cabling. Most
manufacturers proudly display the CAT level right on the patch panel
(Figure 6.16).
Once you have installed the patch panel, you need to connect the ports
to the switch through patch cables. Patch cables are short (typically two- to
five-foot) UTP cables. Patch cables use stranded rather than solid cable, so
they can tolerate much more handling. Even though you can make your
The CompTIA Network+
exam uses the terms 110 block
and 66 block exclusively to
describe the punchdown blocks
common in telecommunication.
In the field, in contrast, and in
manuals and other literature,
you’ll see the punchdown blocks
referred to as 110-punchdown
blocks and 66-punchdown blocks
as well. Some manufacturers
even split punchdown into two
words, i.e., punch down. Be
prepared to be nimble in the
field, but expect 110 block and 66
block on the exam.
Figure 6.16 • CAT level on patch panel
Tech Tip
Serious Labeling
The TIA/EIA 606 standard covers
proper labeling and documentation
of cabling, patch panels, and wall
outlets. If you want to know how
the pros label and document a
structured cabling system (and
you’ve got US$360 to blow), check
out the TIA/EIA 606 standard
hardcopy from TIA.
BaseTech
Chapter 6: Installing a Physical Network
115
own patch cables, most people buy premade ones. Buying patch
cables enables you to use different-colored cables to facilitate orga-
nization (yellow for accounting, blue for sales, or whatever scheme
works for you). Most prefabricated patch cables also come with a
reinforced (booted) connector specially designed to handle multiple
insertions and removals (Figure 6.17).
A telecommunications room doesn’t have to be a special room
dedicated to computer equipment. You can use specially made cabi-
nets with their own little built-in equipment racks that sit on the
floor or attach to a wall, or you can use a storage room as long as
the equipment can be protected from the other items stored there.
Fortunately, the demand for telecommunications rooms has been
around for so long that most office spaces have premade telecom-
munications rooms, even if they are no more than closets in smaller
offices.
At this point, the network is taking shape (Figure 6.18). The
TIA/EIA horizontal cabling is installed and the telecommunications
room is configured. Now it’s time to address the last part of the structured
cabling system: the work area.
Cable runs
Figure 6.18 • Network taking shape, with racks installed and horizontal cabling run
The Work Area
From a cabling standpoint, a work area is nothing more than a wall outlet
that serves as the termination point for horizontal network cables: a con-
venient insertion point for a PC and a telephone. (In practice, of course,
Figure 6.17 • Typical patch cable
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
116
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6
the term “work area” includes the office or cubicle.) A wall outlet itself
consists of one or two female jacks to accept the cable, a mounting bracket,
and a face-plate. You connect the PC to the wall outlet with a patch cable
(Figure 6.19).
The female RJ-45 jacks in these wall outlets also have CAT ratings. You
must buy CAT-rated jacks for wall outlets to go along with the CAT rating
of the cabling in your network. In fact, many network connector manufac-
turers use the same connectors in the wall outlets that they use on the
patch panels. These modular outlets significantly increase ease of installa-
tion. Make sure you label the outlet to show the job of each connector
(Figure 6.20). A good outlet will also have some form of label that identi-
fies its position on the patch panel. Proper documentation of your outlets
will save you an incredible amount of work later.
The last step is connecting the PC to the wall outlet. Here again, most
folks use a patch cable. Its stranded cabling stands up to the abuse caused
by moving PCs, not to mention the occasional kick.
You’ll recall from Chapter 5 that 10/100/1000BaseT networks specify
a limit of 100 meters between a hub or switch and a node. Interestingly,
though, the TIA/EIA 568 specification allows only UTP cable lengths
of 90 meters. What’s with the missing 10 meters? Have you figured it
out? Hint: the answer lies in the discussion we’ve just been having. Ding!
Time’s up! The answer is … the patch cables! Patch cables add extra dis-
tance between the switch and the PC, so TIA/EIA compensates by reduc-
ing the horizontal cabling length.
The work area may be the simplest part of the structured cabling sys-
tem, but it is also the source of most network failures. When a user can’t
access the network and you suspect a broken cable, the first place to look
is the work area.
Structured Cable—Beyond the Star
Thus far you’ve seen structured cabling as a single star topology on a
single floor of a building. Let’s now expand that concept to an entire
building and learn the terms used by the structured cabling folks, such as
the demarc and NIU, to describe this much more complex setup.
You can hardly find a building today that isn’t connected to both the
Internet and the telephone company. In many cases, this is a single con-
nection, but for now, let’s treat them as separate connections.
As you saw in the previous chapter, a typical building-wide network
consists of a high-speed backbone that runs vertically through the build-
ing and connects to multispeed switches on each floor that, in turn, ser-
vice the individual PCs on that floor. A dedicated telephone cabling back-
bone that enables the distribution of phone calls to individual telephones
runs alongside the network cabling. While every telephone installation
varies, most commonly you’ll see one or more strands of 25-pair UTP
cables running to the 66 block in the telecommunications room on each
floor (Figure 6.21).
Demarc
Connections from the outside world—whether network or telephone—
come into a building at a location called a demarc, short for demarcation
Figure 6.19 • Typical work area outlet
Figure 6.20 • Properly labeled outlet
Structured cabling goes
beyond a single building
and even describes methods
for interconnecting multiple
buildings. The CompTIA
Network+ certification exam
does not cover interbuilding
connections.
BaseTech
Chapter 6: Installing a Physical Network
117
the term “work area” includes the office or cubicle.) A wall outlet itself
consists of one or two female jacks to accept the cable, a mounting bracket,
and a face-plate. You connect the PC to the wall outlet with a patch cable
(Figure 6.19).
The female RJ-45 jacks in these wall outlets also have CAT ratings. You
must buy CAT-rated jacks for wall outlets to go along with the CAT rating
of the cabling in your network. In fact, many network connector manufac-
turers use the same connectors in the wall outlets that they use on the
patch panels. These modular outlets significantly increase ease of installa-
tion. Make sure you label the outlet to show the job of each connector
(Figure 6.20). A good outlet will also have some form of label that identi-
fies its position on the patch panel. Proper documentation of your outlets
will save you an incredible amount of work later.
The last step is connecting the PC to the wall outlet. Here again, most
folks use a patch cable. Its stranded cabling stands up to the abuse caused
by moving PCs, not to mention the occasional kick.
You’ll recall from Chapter 5 that 10/100/1000BaseT networks specify
a limit of 100 meters between a hub or switch and a node. Interestingly,
though, the TIA/EIA 568 specification allows only UTP cable lengths
of 90 meters. What’s with the missing 10 meters? Have you figured it
out? Hint: the answer lies in the discussion we’ve just been having. Ding!
Time’s up! The answer is … the patch cables! Patch cables add extra dis-
tance between the switch and the PC, so TIA/EIA compensates by reduc-
ing the horizontal cabling length.
The work area may be the simplest part of the structured cabling sys-
tem, but it is also the source of most network failures. When a user can’t
access the network and you suspect a broken cable, the first place to look
is the work area.
Structured Cable—Beyond the Star
Thus far you’ve seen structured cabling as a single star topology on a
single floor of a building. Let’s now expand that concept to an entire
building and learn the terms used by the structured cabling folks, such as
the demarc and NIU, to describe this much more complex setup.
You can hardly find a building today that isn’t connected to both the
Internet and the telephone company. In many cases, this is a single con-
nection, but for now, let’s treat them as separate connections.
As you saw in the previous chapter, a typical building-wide network
consists of a high-speed backbone that runs vertically through the build-
ing and connects to multispeed switches on each floor that, in turn, ser-
vice the individual PCs on that floor. A dedicated telephone cabling back-
bone that enables the distribution of phone calls to individual telephones
runs alongside the network cabling. While every telephone installation
varies, most commonly you’ll see one or more strands of 25-pair UTP
cables running to the 66 block in the telecommunications room on each
floor (Figure 6.21).
Demarc
Connections from the outside world—whether network or telephone—
come into a building at a location called a demarc, short for demarcation
Figure 6.21 • 25-pair running to local 66-block
Figure 6.22 • Typical home network interface box
point. The term “demarc” refers to the physical location of
the connection and marks the dividing line of responsibil-
ity for the functioning of the network. You take care of the
internal functioning; the person or company that supplies the
upstream service to you must support connectivity and func-
tion on the far side of the demarc.
In a private home, the DSL or cable modem supplied by
your ISP is a network interface unit (NIU) that serves as a
demarc between your home network and your ISP, and most
homes have a network interface box, like the one shown in
Figure 6.22, that provides the connection for your telephone.
In an office environment, the demarc is usually more
complex, given that a typical building simply has to serve
a much larger number of telephones and computers. Fig-
ure 6.23 shows the demarc for a midsized building, showing
both Internet and telephone connections coming in from the
outside.
One challenge to companies that supply ISP/telephone
services is the need to diagnose faults in the system. Most of
today’s NIUs come with extra “smarts” that enable the ISP or telephone
company to determine if the customer has disconnected from the NIU.
These special (and very common) NIUs are known as smart jacks. Smart
jacks also have the very handy capability to set up a remote loopback—
critical for loopback testing when you’re at one end of the connection
and the other connection is blocks or even miles away.
Tech Tip
NIU=NIB=NID: Huh?
The terms used to describe the
devices that often mark the
demarcation point in a home or
office get tossed about with wild
abandon. Various manufacturers
and technicians call them network
interface units, network interface
boxes, or network interface
devices. (Some techs call them
demarcs, just to muddy the waters
further, but we won’t go there.)
By name or by initial—NIU,
NIB, or NID—it’s all the same
thing, the box that marks the
point where your responsibility
begins on the inside.
The best way to think
of a demarc is in terms of
responsibility. If something
breaks on one side of the
demarc, it’s your problem; on
the other side, it’s the ISP/phone
company’s problem.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
118
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6
Connections Inside the Demarc
After the demarc, network and telephone cables connect
to some type of box, owned by the customer, that acts as
the primary distribution tool for the building. Any cabling
that runs from the NIU to whatever box is used by the
customer is the demarc extension. For telephones, the
cabling might connect to a special box called a multiplexer
and, on the LAN side, almost certainly to a powerful
switch. This switch usually connects to a patch panel.
This patch panel, in turn, leads to every telecommunica-
tions room in the building. This main patch panel is called
a vertical cross-connect. Figure 6.24 shows an example of
a fiber patch panel acting as a vertical cross-connect for a
building.
Telephone systems also use vertical cross-connects.
Figure 6.25 shows a vertical cross-connect for a telephone
system. Note the large number of 25-pair UTP cables feed-
ing out of this box. Each 25-pair cable leads to a telecom-
munications room on a floor of the building.
The combination of demarc, telephone cross-connects,
and LAN cross-connects needs a place to live in a build-
ing. The room that stores all of this equipment is known
as a main distribution frame (MDF) to distinguish it from
the multiple IDF rooms (a.k.a. telecommunications rooms)
that serve individual floors.
The ideal that every building should have a single
demarc, a single MDF, and multiple IDFs is only that—
an ideal. Every structured cabling installation is unique
and must adapt to the physical constraints of the building provided. One
building may serve multiple customers, creating the need for multiple
NIUs each serving a different customer. A smaller building may combine
a demarc, MDF, and IDF into a single room. With structured cabling, the
idea is to appreciate the terms while, at the same time, appreciate that
it’s the actual building and the needs of the customers that determine the
actual design of a structured cabling system.
Figure 6.24 • LAN vertical cross-connect Figure 6.25 • Telephone vertical cross-connect
Figure 6.23 • Typical office demarc
BaseTech
Chapter 6: Installing a Physical Network
119
Installing Structured Cabling■■
A professional installer always begins a structured cabling installation
by first assessing your site and planning the installation in detail before
pulling a single piece of cable. As the customer, your job is to work closely
with the installer. That means locating floor plans, providing access, and
even putting on old clothes and crawling along with the installer as he or
she combs through your ceilings, walls, and closets. Even though you’re
not the actual installer, you must understand the installation process, so
you can help the installer make the right decisions for your network.
Structured cabling requires a lot of planning. You need to know if the
cables from the work areas can reach the telecommunications room—
is the distance less than the 90-meter limit dictated by the TIA/EIA
standard?
How will you route the cable? What path should each run take to get
to the wall outlets? Don’t forget that just because a cable looks like it will
reach, there’s no guarantee that it will. Ceilings and walls often include
hidden surprises like firewalls—big, thick, concrete walls designed into
buildings that require a masonry drill or a jackhammer to punch through.
Let’s look at the steps that go into proper planning.
Getting a Floor Plan
First, you need a blueprint of the area. If
you ever contact an installer and he or she
doesn’t start by asking for a floor plan, fire
them immediately and get one who does.
The floor plan is the key to proper planning;
a good floor plan shows you the location of
closets that could serve as telecommunica-
tions rooms, alerts you to any firewalls in
your way, and gives you a good overall feel
for the scope of the job ahead.
If you don’t have a floor plan—and this
is often the case with homes or older build-
ings—you’ll need to create your own. Go get
a ladder and a flashlight—you’ll need them
to poke around in ceilings, closets, and crawl
spaces as you map out the location of rooms,
walls, and anything else of interest to the
installation. Figure 6.26 shows a typical do-it-
yourself floor plan, drawn out by hand.
Mapping the Runs
Now that you have your floor plan, you need to map the cable runs. Here’s
where you run around the work areas, noting the locations of existing or
planned systems to determine where to place each cable drop. A cable drop
is the location where the cable comes out of the wall in the workstation.
You should also talk to users, management, and other interested parties
Figure 6.26 • Hand-drawn network floor plan
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
120
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6
to try to understand their plans for the future. Installing a few extra drops
now is much easier than installing them a year from now when those two
unused offices suddenly find themselves with users who immediately need
networked computers!
At this point, cost first raises its ugly head. Face it: cables, drops, and the
people who install them cost money! The typical price for a network instal-
lation is around US $150 per drop. Find out how much you want to spend
and make some calls. Most network installers price their network jobs by
quoting a per-drop cost.
While you’re mapping your runs, you have to
make another big decision: Do you want to run the
cables in the walls or outside them? Many companies
sell wonderful external raceway products that adhere
to your walls, making for a much simpler, though less
neat, installation than running cables in the walls (Fig-
ure 6.27). Raceways make good sense in older buildings
or when you don’t have the guts—or the rights—to go
into the walls.
Determining the Location of the
Telecommunications Room
While mapping the runs, you should decide on the location of your tele-
communications room. When deciding on this location, keep five issues
in mind:
Distance ■ The telecommunications room must be located in a
spot that won’t require cable runs longer than 90 meters. In most
locations, keeping runs under 90 meters requires little effort, as long
as the telecommunications room is placed in a central location.
Power ■ Many of the components in your telecommunications room
need power. Make sure you provide enough! If possible, put the
telecommunications room on its own dedicated circuit; that way,
when someone blows a circuit in the kitchen, it doesn’t take out the
entire network.
Humidity ■ Electrical components and water don’t mix well.
(Remind me to tell you about the time I installed a rack in an
abandoned bathroom and the toilet that later exploded.) Remember
that dryness also means low humidity. Avoid areas with the
potential for high humidity, such as a closet near a pool or the room
where the cleaning people leave mop buckets full of water. Of
course, any well air-conditioned room should be fine—which leads
to the next big issue…
Cooling ■ Telecommunications rooms tend to get warm, especially if
you add a couple of server systems and a UPS. Make sure your
telecommunications room has an air-conditioning outlet or some
other method of keeping the room cool. Figure 6.28 shows how I
installed an air-conditioning duct in my small equipment closet. Of
course, I did this only after I discovered that the server was
repeatedly rebooting due to overheating!
Watch out for the word
drop, as it has more than one
meaning. A single run of cable
from the telecommunications
room to a wall outlet is often
referred to as a “drop.” The word
“drop” is also used to define a
new run coming through a wall
outlet that does not yet have a
jack installed.
Figure 6.27 • A typical raceway
BaseTech
Chapter 6: Installing a Physical Network
121
to try to understand their plans for the future. Installing a few extra drops
now is much easier than installing them a year from now when those two
unused offices suddenly find themselves with users who immediately need
networked computers!
At this point, cost first raises its ugly head. Face it: cables, drops, and the
people who install them cost money! The typical price for a network instal-
lation is around US $150 per drop. Find out how much you want to spend
and make some calls. Most network installers price their network jobs by
quoting a per-drop cost.
While you’re mapping your runs, you have to
make another big decision: Do you want to run the
cables in the walls or outside them? Many companies
sell wonderful external raceway products that adhere
to your walls, making for a much simpler, though less
neat, installation than running cables in the walls (Fig-
ure 6.27). Raceways make good sense in older buildings
or when you don’t have the guts—or the rights—to go
into the walls.
Determining the Location of the
Telecommunications Room
While mapping the runs, you should decide on the location of your tele-
communications room. When deciding on this location, keep five issues
in mind:
Distance ■ The telecommunications room must be located in a
spot that won’t require cable runs longer than 90 meters. In most
locations, keeping runs under 90 meters requires little effort, as long
as the telecommunications room is placed in a central location.
Power ■ Many of the components in your telecommunications room
need power. Make sure you provide enough! If possible, put the
telecommunications room on its own dedicated circuit; that way,
when someone blows a circuit in the kitchen, it doesn’t take out the
entire network.
Humidity ■ Electrical components and water don’t mix well.
(Remind me to tell you about the time I installed a rack in an
abandoned bathroom and the toilet that later exploded.) Remember
that dryness also means low humidity. Avoid areas with the
potential for high humidity, such as a closet near a pool or the room
where the cleaning people leave mop buckets full of water. Of
course, any well air-conditioned room should be fine—which leads
to the next big issue…
Cooling ■ Telecommunications rooms tend to get warm, especially if
you add a couple of server systems and a UPS. Make sure your
telecommunications room has an air-conditioning outlet or some
other method of keeping the room cool. Figure 6.28 shows how I
installed an air-conditioning duct in my small equipment closet. Of
course, I did this only after I discovered that the server was
repeatedly rebooting due to overheating!
Figure 6.28 • An A/C duct cooling a telecommunications room
Access ■ Access involves two different issues.
First, it means preventing unauthorized access.
Think about the people you want and don’t want
messing around with your network, and act
accordingly. In my small office, the equipment
closet literally sits eight feet from me, so I don’t
concern myself too much with unauthorized
access. You, on the other hand, may want to
consider placing a lock on the door of your
telecommunications room if you’re concerned that
unscrupulous or unqualified people might try to
access it.
One other issue to keep in mind when choosing your
telecommunications room is expandability. Will this tele-
communications room be able to grow with your net-
work? Is it close enough to be able to service any addi-
tional office space your company may acquire nearby?
If your company decides to take over the floor above you, can you eas-
ily run vertical cabling to another telecommunications room on that floor
from this room? While the specific issues will be unique to each installa-
tion, keep thinking “expansion” as you design—your network will grow,
whether or not you think so now!
So, you’ve mapped your cable runs and established your telecommuni-
cations room—now you’re ready to start pulling cable!
Pulling Cable
Pulling cable is easily one of the most thankless and
unpleasant jobs in the entire networking world. It may
not look that hard from a distance, but the devil is in
the details. First of all, pulling cable requires two peo-
ple if you want to get the job done quickly; having
three people is even better. Most pullers like to start
from the telecommunications room and pull toward
the drops. In an office area with a drop ceiling, pullers
will often feed the cabling along the run by opening
ceiling tiles and stringing the cable via hooks or cable
trays that travel above the ceiling (Figure 6.29). Profes-
sional cable pullers have an arsenal of interesting tools
to help them move the cable horizontally, including
telescoping poles, special nylon pull ropes, and even
nifty little crossbows and pistols that can fire a pull
rope long distances!
Cable trays are standard today, but a previous
lack of codes or standards for handling cables led to
a nightmare of disorganized cables in drop ceilings all
over the world. Any cable puller will tell you that the
hardest part of installing cables is the need to work
around all the old cable installations in the ceiling
(Figure 6.30).
Figure 6.29 • Cable trays over a drop ceiling
Figure 6.30 • Messy cabling nightmare
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
122
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6
Local codes, TIA/EIA, and the
National Electrical Code (NEC) all
have strict rules about how you pull
cable in a ceiling. A good installer
uses either hooks or trays, which
provide better cable management,
safety, and protection from electrical
interference (Figure 6.31). The faster
the network, the more critical good
cable management becomes. You
probably won’t have a problem lay-
ing UTP directly on top of a drop
ceiling if you just want a 10BaseT
network, and you might even get
away with this for 100BaseT—but
forget about doing this with Gigabit
or beyond. Cable installation com-
panies are making a mint from all the CAT 5 and earlier network cabling
installations that need to be redone to support Gigabit Ethernet.
Running cable horizontally requires relatively little effort, compared to
running the cable down from the ceiling to a pretty faceplate at the work
area, which often takes a lot of skill. In a typical office area with sheetrock
walls, the installer first decides on the position for the outlet, generally
using a stud finder to avoid cutting on top of a stud. Once the worker cuts
the hole (Figure 6.32), most installers drop a line to the hole using a weight
tied to the end of a nylon pull rope (Figure 6.33). They can then attach the
network cable to the pull rope and pull it down to the hole. Once the cable
is pulled through the new hole, the installer puts in an outlet box or a low-
voltage mounting bracket (Figure 6.34). This bracket acts as a holder for the
faceplate.
Back in the telecommunications room, the many cables leading to
each work area are consolidated and organized in preparation for the next
Figure 6.31 • Nicely run cables
Figure 6.33 • Locating a dropped pull rope Figure 6.34 • Installing a mounting bracket
Figure 6.32 • Cutting a hole
BaseTech
Chapter 6: Installing a Physical Network
123
stage: making connections. A truly professional installer
takes great care in organizing the equipment closet. Fig-
ure 6.35 shows a typical installation using special cable
guides to bring the cables down to the equipment rack.
Making Connections
Making connections consists of connecting both ends
of each cable to the proper jacks. This step also includes
the most important step in the entire process: testing
each cable run to ensure that every connection meets
the requirements of the network that will use it. Install-
ers also use this step to document and label each cable
run—a critical step too often forgotten by inexperienced
installers, and one you need to verify takes place!
Connecting the Work Areas
Let’s begin by watching an installer connect a cable run.
In the work area, that means the cable installer will now
crimp a jack onto the end of the wire and mount the face-
plate to complete the installation (Figure 6.36).
Note the back of the jack shown in Figure 6.36. This
jack uses the popular 110-punchdown connection just
like the one shown earlier in the chapter for patch pan-
els. All 110 connections have a color code that tells you
which wire to punch into which connection on the back
of the jack.
Rolling Your Own Patch Cables
Although most people prefer simply to purchase pre-
made patch cables, making your own is fairly easy. To
make your own, use stranded UTP cable that matches the
CAT level of your horizontal cabling. Stranded cable also
requires specific crimps, so don’t use crimps designed for
solid cable. Crimping is simple enough, although getting
it right takes some practice.
Figure 6.37 shows the two main tools of the crimping
trade: an RJ-45 crimper with built-in stripper and a pair
of wire snips. Professional cable installers naturally have
a wide variety of other tools as well.
Here are the steps for properly crimping an RJ-45
onto a UTP cable. If you have some crimps, cable, and a
crimping tool handy, follow along!
Cut the cable square using RJ-45 crimpers or 1.
scissors.
Strip off ½ inch of plastic jacket from the end of 2.
the cable (Figure 6.38).
Figure 6.35 • End of cables guided to rack
Figure 6.36 • Crimping a jack
Figure 6.37 • Crimper and snips
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
124
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6
Slowly and carefully insert each individual wire 3.
into the correct location according to either TIA/
EIA 568A or B (Figure 6.39). Unravel as little as
possible.
Insert the crimp into the crimper and press 4.
(Figure 6.40). Don’t worry about pressing too hard;
the crimper has a stop to prevent you from using
too much pressure.
Figure 6.41 shows a nicely crimped cable. Note how
the plastic jacket goes into the crimp.
A good patch cable should include a boot. Figure 6.42
shows a boot being slid onto a newly crimped cable.
Don’t forget to slide each boot onto the patch cable before
you crimp both ends!
After making a cable, you need to test it to make sure
it’s properly crimped. Read the section on testing cable
runs later in this chapter to see how to test them.
Connecting the Patch Panels
Connecting the cables to patch panels requires you
to deal with three issues. The first issue is patch cable
management. Figure 6.43 shows the front of a small net-
work’s equipment rack—note the complete lack of cable
management!
Managing patch cables means using the proper
cable management hardware. Plastic D-rings guide the
patch cables neatly along the sides and front of the patch
panel. Finger boxes are rectangular cylinders with slots
in the front; the patch cables run into the open ends of
the box, and individual cables are threaded through the fingers on their
way to the patch panel, keeping them neatly organized.
Creativity and variety abound in the world of cable-management
hardware—there are as many different solutions to cable management as
Figure 6.38 • Properly stripped cable
Figure 6.39 • Inserting the individual strands
Figure 6.40 • Crimping the cable Figure 6.41 • Properly crimped cable
BaseTech
Chapter 6: Installing a Physical Network
125
Slowly and carefully insert each individual wire 3.
into the correct location according to either TIA/
EIA 568A or B (Figure 6.39). Unravel as little as
possible.
Insert the crimp into the crimper and press 4.
(Figure 6.40). Don’t worry about pressing too hard;
the crimper has a stop to prevent you from using
too much pressure.
Figure 6.41 shows a nicely crimped cable. Note how
the plastic jacket goes into the crimp.
A good patch cable should include a boot. Figure 6.42
shows a boot being slid onto a newly crimped cable.
Don’t forget to slide each boot onto the patch cable before
you crimp both ends!
After making a cable, you need to test it to make sure
it’s properly crimped. Read the section on testing cable
runs later in this chapter to see how to test them.
Connecting the Patch Panels
Connecting the cables to patch panels requires you
to deal with three issues. The first issue is patch cable
management. Figure 6.43 shows the front of a small net-
work’s equipment rack—note the complete lack of cable
management!
Managing patch cables means using the proper
cable management hardware. Plastic D-rings guide the
patch cables neatly along the sides and front of the patch
panel. Finger boxes are rectangular cylinders with slots
in the front; the patch cables run into the open ends of
the box, and individual cables are threaded through the fingers on their
way to the patch panel, keeping them neatly organized.
Creativity and variety abound in the world of cable-management
hardware—there are as many different solutions to cable management as
Figure 6.42 • Adding a boot
there are ways to screw it up. Figure 6.44 shows a rack using
good cable management—these patch cables are well secured
using cable-management hardware, making them much less
susceptible to damage from mishandling. Plus, it looks much
nicer!
The second issue to consider when connecting cables is the
overall organization of the patch panel as it relates to the orga-
nization of your network. Organize your patch panel so it mir-
rors the layout of your network. You can organize according
to the physical layout, so the different parts of the patch panel
correspond to different parts of your office space—for example,
the north and south sides of the hallway. Another popular way
to organize patch panels is to make sure they match the logical
layout of the network, so the different user groups or company
organizations have their own sections of the patch panel.
Try This!
Crimping Your Own Cable
If you’ve got some spare CAT 5 lying around (and what tech enthusiast
doesn’t?) as well as a cable crimper and some crimps, go ahead and
use the previous section as a guide and crimp your own cable. This
skill is essential for any network technician. Remember, practice makes
perfect!
Figure 6.43 • Bad cable management Figure 6.44 • Good cable management
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
126
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6
Finally, proper patch panel cable management means documenting
everything clearly and carefully. This way, any competent technician can
follow behind you and troubleshoot connectivity problems. Good techs
draw diagrams!
Testing the Cable Runs
Well, in theory, your horizontal cabling system is now installed and ready
for a switch and some systems. Before you do this, though, you must test
each cable run. Someone new to testing cable might think that all you need
to do is verify that each jack has been properly connected. Although this is
an important and necessary step, the interesting problem comes after that:
verifying that your cable run can handle the speed of your network.
Before I go further, let me be clear: a typical network admin/tech can-
not properly test a new cable run. TIA/EIA provides a series of incredibly
complex and important standards for testing cable, requiring a professional
cable installer. The testing equipment alone totally surpasses the cost of
most smaller network installations. Advanced network testing tools easily
cost over US$5,000, and some are well over US$10,000! Never fear, though—
a number of lower-end tools work just fine for basic network testing.
Most network admin types staring at a potentially bad cable want to
know the following:
How long is this cable? If it’s too long, the signal will degrade to the ■
point that it’s no longer detectable on the other end.
Are any of the wires broken or not connected in the crimp? If a ■
wire is broken, it no longer has continuity (a complete, functioning
connection).
If there is a break, where is it? It’s much easier to fix if the location is ■
detectable.
Are all of the wires terminated in the right place in the plug or jack? ■
Is there electrical or radio interference from outside sources? UTP is ■
susceptible to electromagnetic interference.
Is the signal from any of the pairs in the same cable interfering with ■
another pair?
To answer these questions you must verify that both
the cable and the terminated ends are correct. Making these
verifications requires a cable tester. Various models of cable
testers can answer some or all of these questions, depend-
ing on the amount of money you are willing to pay. At the
low end of the cable tester market are devices that only test
for continuity. These inexpensive (under US$100) testers are
often called continuity testers (Figure 6.45). Many of these
testers require you to insert both ends of the cable into the
tester. Of course, this can be a bit of a problem if the cable is
already installed in the wall!
Better testers can run a wiremap test that goes beyond
mere continuity, testing that all the wires on both ends of
the cable connect to the right spot. A wiremap test will pick
up shorts, crossed wires, and more.
The test tools described here
also enable you to diagnose
network problems.
Figure 6.45 • Continuity tester
BaseTech
Chapter 6: Installing a Physical Network
127
Finally, proper patch panel cable management means documenting
everything clearly and carefully. This way, any competent technician can
follow behind you and troubleshoot connectivity problems. Good techs
draw diagrams!
Testing the Cable Runs
Well, in theory, your horizontal cabling system is now installed and ready
for a switch and some systems. Before you do this, though, you must test
each cable run. Someone new to testing cable might think that all you need
to do is verify that each jack has been properly connected. Although this is
an important and necessary step, the interesting problem comes after that:
verifying that your cable run can handle the speed of your network.
Before I go further, let me be clear: a typical network admin/tech can-
not properly test a new cable run. TIA/EIA provides a series of incredibly
complex and important standards for testing cable, requiring a professional
cable installer. The testing equipment alone totally surpasses the cost of
most smaller network installations. Advanced network testing tools easily
cost over US$5,000, and some are well over US$10,000! Never fear, though—
a number of lower-end tools work just fine for basic network testing.
Most network admin types staring at a potentially bad cable want to
know the following:
How long is this cable? If it’s too long, the signal will degrade to the ■
point that it’s no longer detectable on the other end.
Are any of the wires broken or not connected in the crimp? If a ■
wire is broken, it no longer has continuity (a complete, functioning
connection).
If there is a break, where is it? It’s much easier to fix if the location is ■
detectable.
Are all of the wires terminated in the right place in the plug or jack? ■
Is there electrical or radio interference from outside sources? UTP is ■
susceptible to electromagnetic interference.
Is the signal from any of the pairs in the same cable interfering with ■
another pair?
To answer these questions you must verify that both
the cable and the terminated ends are correct. Making these
verifications requires a cable tester. Various models of cable
testers can answer some or all of these questions, depend-
ing on the amount of money you are willing to pay. At the
low end of the cable tester market are devices that only test
for continuity. These inexpensive (under US$100) testers are
often called continuity testers (Figure 6.45). Many of these
testers require you to insert both ends of the cable into the
tester. Of course, this can be a bit of a problem if the cable is
already installed in the wall!
Better testers can run a wiremap test that goes beyond
mere continuity, testing that all the wires on both ends of
the cable connect to the right spot. A wiremap test will pick
up shorts, crossed wires, and more.
Many techs and network
testing folks use the term
wiremap to refer to the proper
connectivity for wires, as in,
“Hey Joe, check the wiremap!”
A multimeter works perfectly well to test for continuity, assuming you
can place its probes on each end of the cable. Set the multimeter to its conti-
nuity setting if it has one (Figure 6.46) or to Ohms. With the latter setting, if
you have a connection, you get zero Ohms, and if you don’t have a connec-
tion, you get infinite Ohms.
Medium-priced testers (~US$400) certainly test continuity and wiremap
and include the additional capability to determine the length of a cable;
they can even tell you where a break is located on any of the individual wire
strands. This type of cable tester (Figure 6.47) is generically called a time
domain reflectometer (TDR). Most medium-priced testers come with a small
loopback device to insert into the far end of the cable, enabling the tester to
work with installed cables. This is the type of tester you want to have
around!
Figure 6.46 • Multimeter Figure 6.47 • A typical medium-priced TDR called a Microscanner
Tech Tip
Fat Probes
If you have a multimeter with
probes too large to connect to
individual contacts on an RJ-45,
you can use an old tech trick to
finesse the problem. Take a patch
cable and cut off about two feet,
so you have a short cable with
one end bare. Strip an inch of
the cladding away from the bare
end to expose the wires. Strip a
little of the sheath off each wire
and plug the cable into the jack.
Now you can test continuity by
putting the probes directly onto
the wire!
If you want a device that fully tests a cable run to the very complex
TIA/EIA standards, the price shoots up fast. These higher-end testers can
detect things the lesser testers cannot, such as crosstalk and attenuation.
Crosstalk poses a threat to properly functioning cable runs. Today’s
UTP cables consist of four pairs of wires, all squished together inside a
plastic tube. When you send a signal down one of these pairs, the other
pairs pick up some of the signal, as shown in Figure 6.48. This is called
crosstalk.
Every piece of UTP in existence generates crosstalk. Worse, when you
crimp the end of a UTP cable to a jack or plugs, crosstalk increases. A
poor-quality crimp creates so much crosstalk that a cable run won’t oper-
ate at its designed speed. To detect crosstalk, a normal-strength signal is
sent down one pair of wires in a cable. An electronic detector, connected
on the same end of the cable as the end emanating the signal, listens on
the other three pairs and measures the amount of interference, as shown
in Figure 6.49. This is called near-end crosstalk (NEXT).
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
128
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6
If you repeat this test, sending the signal down one pair of wires, but
this time listening on the other pairs on the far end of the connection, you
test for far-end crosstalk (FEXT), as shown in Figure 6.50.
As if that’s not bad enough, as a signal progresses down a
piece of wire, it becomes steadily weaker: this is called atten-
uation. As a cable run gets longer, the attenuation increases,
and the signal becomes more susceptible to crosstalk. A tes-
ter must send a signal down one end of a wire, test for NEXT
and FEXT on the ends of every other pair, and then repeat
this process for every pair in the UTP cable.
This process of verifying that every cable run meets the
exacting TIA/EIA standards requires very powerful testing
tools, generally known as cable certifiers or just certifiers.
Cable certifiers can both do the high-end testing and gener-
ate a report that a cable installer can print out and hand to a
customer to prove that the installed cable runs pass TIA/
EIA standards. Figure 6.51 shows an example of this type of
Both NEXT and FEXT are
measured in decibels (db).
Figure 6.49 • Near-end crosstalk
Listening on
wire pair 3 and 6
Figure 6.50 • Far-end crosstalk
Figure 6.48 • Crosstalk
BaseTech
Chapter 6: Installing a Physical Network
129
If you repeat this test, sending the signal down one pair of wires, but
this time listening on the other pairs on the far end of the connection, you
test for far-end crosstalk (FEXT), as shown in Figure 6.50.
As if that’s not bad enough, as a signal progresses down a
piece of wire, it becomes steadily weaker: this is called atten-
uation. As a cable run gets longer, the attenuation increases,
and the signal becomes more susceptible to crosstalk. A tes-
ter must send a signal down one end of a wire, test for NEXT
and FEXT on the ends of every other pair, and then repeat
this process for every pair in the UTP cable.
This process of verifying that every cable run meets the
exacting TIA/EIA standards requires very powerful testing
tools, generally known as cable certifiers or just certifiers.
Cable certifiers can both do the high-end testing and gener-
ate a report that a cable installer can print out and hand to a
customer to prove that the installed cable runs pass TIA/
EIA standards. Figure 6.51 shows an example of this type of
Figure 6.51 • A typical cable certifier—a Microtest OMNI-
Scanner (photo courtesy of Fluke Networks)
scanner made by Fluke (www.fluke.com) in its Microtest
line. Most network techs don’t need these advanced tes-
ters, so unless you have some deep pockets or find your-
self doing serious cable testing, stick to the medium-priced
testers.
Testing Fiber
Fiber-optic cabling is an entirely different beast in terms
of termination and testing. The classic termination method
requires very precise stripping, polishing the end of the
tiny fiber cable, adding epoxy glue, and inserting the con-
nector. A fiber technician uses a large number of tools (Fig-
ure 6.52) and an almost artistic amount of skill. Over the
years, easier terminations have been developed, but put-
ting an ST, SC, LC, or other connector on the end of a piece
of fiber is still very challenging.
Figure 6.52 • Older fiber termination kit
A fiber-optic run has problems that are both similar to and different
from those of a UTP run. Fiber-optic runs don’t experience crosstalk or
interference (as we usually think of it) because they use light instead of an
electrical current.
Fiber-optic cables still break, however, so a good tech always keeps
an optical time domain reflectometer (OTDR) handy (Figure 6.53). OTDRs
determine continuity and, if there’s a break, tell you exactly how far down
the cable to look for the break.
www.fluke.com
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
130
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6
TIA/EIA has very complex requirements for testing fiber runs,
and the cabling industry sells fiber certifiers to make sure a fiber
will carry its designed signal speed.
The three big issues with fiber are attenuation, light leakage,
and modal distortion. The amount of light propagating down
the fiber cable diffuses over distance, which causes attenuation
or dispersion (when the light signal spreads). If you bend a fiber-
optic cable too much you get light leakage, as shown in Figure
6.54. Every type of fiber cabling has a very specific maximum
bend radius. Modal distortion is unique to multimode fiber-optic
cable. As the light source illuminates, it sends out light in differ-
ent modes. Think of a mode as a slightly different direction. Some
light shoots straight down the fiber; other modes bounce back and
forth at a sharp angle.
The process of installing a structured cabling system is rather involved,
requires a great degree of skill, and should be left to professionals. By
understanding the process, however, you can tackle most of the problems
that come up in an installed structured cabling system. Most importantly,
you’ll understand the lingo used by the structured cabling installers so you
can work with them more efficiently.
NICs■■
Now that the network is completely in place, it’s time to turn to the final
part of any physical network: the NICs. A good network tech must recog-
nize different types of NICs by sight and know how to install and trou-
bleshoot them. Let’s begin by reviewing the differences between UTP and
fiber-optic NICs.
Figure 6.54 • Light leakage—note the colored glow at the bends but the dark
cable at the straight.
Attenuation is the weakening
of a signal as it travels long
distances. Dispersion is when
a signal spreads out over long
distances. Both attenuation
and dispersion are caused
when wave signals travel too
far without help over fiber-
optic media. The confusing part
is that dispersion can cause
attenuation and vice versa.
Figure 6.53 • An optical time domain reflectometer
(photo courtesy of Fluke Networks)
BaseTech
Chapter 6: Installing a Physical Network
131
All UTP Ethernet NICs use the RJ-45 connector. The
cable runs from the NIC to a hub or a switch (Figure
6.55). It is impossible to tell one from the other simply
by looking at the connection.
Fiber-optic NICs come in a wide variety; worse,
manufacturers use the same connector types for mul-
tiple standards. You’ll find a 100BaseFX card designed
for multimode cable with an SC connector, for exam-
ple, and an identical card designed for single-mode
cable, also with an SC connector. You simply must see
the documentation that comes with the two cards to tell
them apart. Figure 6.56 shows a typical fiber-optic net-
work card.
Figure 6.56 • Typical fiber NIC (photo courtesy of 3Com Corp.)
Buying NICs
Some folks may disagree with me, but I always purchase name-brand NICs.
For NICs, I recommend sticking with big names, such as 3Com or Intel. The
NICs are better made, have extra features, and are easy to return if they turn
out to be defective.
Plus, replacing a missing driver on a name-brand NIC is easy, and you
can be confident the drivers work well. The type of NIC you purchase
depends on your network. Try to think about the future and go for multi-
speed cards if your wallet can handle the extra cost. Also, where possible,
try to stick with the same model of NIC. Every different model you buy
means another set of driver discs you need to haul around in your tech bag.
Using the same model of NIC makes driver updates easier, too.
Physical Connections
I’ll state the obvious here: If you don’t plug the NIC into the computer, the
NIC won’t work! Many users happily assume some sort of quantum magic
when it comes to computer communications, but as a tech, you know better.
Fortunately, most PCs come with built-in NICs, making physical installation
Many people order desktop
PCs with NICs simply because
they don’t take the time to ask
if the system has a built-in
NIC. Take a moment and ask
about this!
Tech Tip
Onboard NICs
It’s a rare motherboard these days
that doesn’t include an onboard
NIC. This, of course, completely
destroys the use of the acronym
“NIC” for network interface
card because no card is actually
involved. But heck, we’re nerds
and, just as we’ll probably never
stop using the term “RJ-45”
when the correct term is “8P8C,”
we’ll keep using the term “NIC.”
I know! Let’s just pretend it
stands for network interface
connection!
Figure 6.55 • Typical UTP NIC
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
132
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6
a nonissue. If you’re buying a NIC, physically inserting
the NIC into one of the PC’s expansion slots is the easi-
est part of the job. Most PCs today have two types of
expansion slots. The older, but still common, expansion
slot is the Peripheral Component Interconnect (PCI)
type (Figure 6.57).
The newer PCI Express (PCIe) expansion slots are
now more widely adopted by NIC suppliers. PCIe NICs
usually come in either one-lane (×1) or two-lane (×2)
varieties (Figure 6.58).
If you’re not willing to open a PC case, you can get
NICs with USB or PC Card connections. While conve-
nient, USB 2.0 (the most common version available) has
a maximum speed of 480 Mbps—slower than Gigabit
Ethernet, and PC Card is only a laptop solution (Figure
6.59). If, however, you manage to find a USB 3.0 NIC,
which can handle speeds up to 5 Gbps, you shouldn’t
have a problem. USB NICs are handy to keep in your
toolkit. If you walk up to a machine that might have a
bad NIC, test your suspicions by inserting a USB NIC
and moving the network cable from the potentially bad
NIC to the USB one. (Don’t forget to bring your driver
disc along!)
Drivers
Installing a NIC’s driver into a Windows, Mac, or Linux
system is easy: just insert the driver CD when prompted
by the system. Unless you have a very offbeat NIC, the
operating system will probably already have the driver
preinstalled, but there are benefits to using the driver on
the manufacturer’s CD. The CDs that comes with many
NICs, especially the higher-end, brand-name ones,
include extra goodies such as enhanced drivers and
handy utilities, but you’ll only be able to access them if
you install the driver that comes with the NIC.
Every operating system has some method to verify
that the computer recognizes the NIC and is ready to use
it. Windows systems have the Device Manager, Ubuntu
Linux users have the Network applet under the Admin-
istration menu, and your Macintosh has the Network
utility in System Preferences. Actually, most operating
systems have multiple methods to show that the NIC is
in good working order. Learn the various ways to verify
the NIC for your OS as this is the ultimate test of a good
NIC installation.
Bonding
Most switches enable you to use multiple NICs for a single machine, a pro-
cess called bonding or link aggregation. Bonding effectively doubles (or more)
the speed between a machine and a switch. In preparing for this book, for
example, I found that the connection between my graphics development
Figure 6.58 • PCIe NIC
Figure 6.59 • USB NIC
computer and my file server was getting pounded by my constant sending
and receiving of massive image files, slowing down everyone else’s file access.
Rather than upgrading the switches and NICs from Gigabit to 10-Gigabit
Ethernet—still fairly expensive at this writing—I found that simply doubling
the connections among those three machines—graphics computer, switch,
and file server—increased performance all around. If you want to add link
aggregation to your network to increase performance, use identical NICs and
switches from the same companies to avoid the hint of incompatibility.
Link Lights
All UTP NICs made today have some type of light-emitting
diodes (LEDs) that give information about the state of the
NIC’s link to whatever’s on the other end of the connection.
Even though you know the lights are actually LEDs, get used
to calling them link lights, as that’s the term all network techs
use. NICs can have between one and four different link lights,
and the LEDs can be any color. These lights give you clues
about what’s happening with the link and are one of the first
items to check whenever you think a system is disconnected
from the network (Figure 6.60).
A link light tells you that the NIC is connected to a hub
or switch. Hubs and switches also have link lights, enabling
you to check the connectivity at both ends of the cable. If a
PC can’t access a network and is acting disconnected, always check the link
lights first. Multispeed devices usually have a link light that tells you the
speed of the connection. In Figure 6.61, the light for port 2 in the top photo
is orange, signifying that the other end of the cable is plugged into either
a 10BaseT or 100BaseT NIC. The same port connected to a Gigabit NIC—
that’s the lower picture—displays a green LED.
A properly functioning link light is on and steady when the NIC is con-
nected to another device. No flickering, no on and off, just on. A link light
that is off or flickering indicates a connection problem.
Another light is the activity light. This little guy turns on when the
card detects network traffic, so it intermittently flickers when operating
The Link Aggregation
Control Protocol (LACP) controls
how multiple network devices
send and receive data as a
single connection.
Figure 6.57 • PCI NIC
BaseTech
Chapter 6: Installing a Physical Network
133
computer and my file server was getting pounded by my constant sending
and receiving of massive image files, slowing down everyone else’s file access.
Rather than upgrading the switches and NICs from Gigabit to 10-Gigabit
Ethernet—still fairly expensive at this writing—I found that simply doubling
the connections among those three machines—graphics computer, switch,
and file server—increased performance all around. If you want to add link
aggregation to your network to increase performance, use identical NICs and
switches from the same companies to avoid the hint of incompatibility.
Link Lights
All UTP NICs made today have some type of light-emitting
diodes (LEDs) that give information about the state of the
NIC’s link to whatever’s on the other end of the connection.
Even though you know the lights are actually LEDs, get used
to calling them link lights, as that’s the term all network techs
use. NICs can have between one and four different link lights,
and the LEDs can be any color. These lights give you clues
about what’s happening with the link and are one of the first
items to check whenever you think a system is disconnected
from the network (Figure 6.60).
A link light tells you that the NIC is connected to a hub
or switch. Hubs and switches also have link lights, enabling
you to check the connectivity at both ends of the cable. If a
PC can’t access a network and is acting disconnected, always check the link
lights first. Multispeed devices usually have a link light that tells you the
speed of the connection. In Figure 6.61, the light for port 2 in the top photo
is orange, signifying that the other end of the cable is plugged into either
a 10BaseT or 100BaseT NIC. The same port connected to a Gigabit NIC—
that’s the lower picture—displays a green LED.
Figure 6.61 • Multispeed lights
A properly functioning link light is on and steady when the NIC is con-
nected to another device. No flickering, no on and off, just on. A link light
that is off or flickering indicates a connection problem.
Another light is the activity light. This little guy turns on when the
card detects network traffic, so it intermittently flickers when operating
Figure 6.60 • Mmmm, pretty lights!
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
134
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6
properly. The activity light is a lifesaver for detecting problems, because in
the real world, the connection light will sometimes lie to you. If the connec-
tion light says the connection is good, the next step is to try to copy a file or
do something else to create network traffic. If the activity light does not
flicker, there’s a problem.
You might run into yet another light on some much older NICs, called
a collision light. As you might suspect from the name, the collision light
flickers when it detects collisions on the network. Modern NICs don’t have
these, but you might run into this phrase on the CompTIA
Network+ certification exam.
Keep in mind that the device on the other end of the NIC’s
connection has link lights, too! Figure 6.62 shows the link
lights on a modern switch. Most switches have a single LED
per port to display connectivity and activity.
No standard governs how NIC manufacturers use their
lights, and, as a result, they come in an amazing array of
colors and layouts. When you encounter a NIC with a num-
ber of LEDs, take a moment to try to figure out what each
one means. Although different NICs have various ways of
arranging and using their LEDs, the functions are always the
same: link, activity, and speed.
Many fiber-optic NICs don’t have lights, making diagno-
sis of problems a bit more challenging. Nevertheless, most
physical connection issues for fiber can be traced to the con-
nection on the NIC itself. Fiber-optic cabling is incredibly
delicate; the connectors that go into NICs are among the few
places that anyone can touch fiber optics, so the connectors
are the first thing to check when problems arise. Those who
work with fiber always keep around a handy optical tester to
enable them to inspect the quality of the connections. Only a
trained eye can use such a device to judge a good fiber con-
nection from a bad one—but once you learn how to use it,
this kind of tester is extremely handy (Figure 6.63).
Diagnostics and Repair ■■
of Physical Cabling
“The network’s down!” is easily the most terrifying phrase a network tech
will ever hear. Networks fail for many reasons, and the first thing to know
is that good-quality, professionally installed cabling rarely goes bad. Chap-
ter 20 covers principles of network diagnostics and support that apply to all
networking situations, but let’s take a moment now to discuss what to do
when you think you’ve got a problem with your physical network.
Diagnosing Physical Problems
Look for errors that point to physical disconnection. A key clue that you
may have a physical problem is that a user gets a “No server is found” error,
Figure 6.62 • Link lights on a switch
Figure 6.63 • Optical connection tester
BaseTech
Chapter 6: Installing a Physical Network
135
or tries to use the operating system’s network explorer utility (like Network
in Windows 7) and doesn’t see any systems besides his or her own. First, try
to eliminate software errors: if one particular application fails, try another.
If the user can browse the Internet, but can’t get e-mail, odds are good that
the problem is with software, not hardware—unless someone unplugged
the e-mail server!
Multiple systems failing to access the network often points to hardware
problems. This is where knowledge of your network cabling helps. If all
the systems connected to one switch suddenly no longer see the network,
but all the other systems in your network still function, you not only have a
probable hardware problem, but also you have a suspect—the switch.
Check Your Lights
If you suspect a hardware problem, first check the link lights on the NIC
and switch. If they’re not lit, you know the cable isn’t connected some-
where. If you’re not physically at the system in question (if you’re on a tech
call, for example), you can have the user check his or her connection status
through the link lights or through software. Every operating system has
some way to tell you on the screen if it detects the NIC is disconnected. The
network status icon in the Notification Area in Windows 7, for example,
will display a little red × when a NIC is disconnected (Figure 6.64). A user
who’s unfamiliar with link lights (or who may not want to crawl under
his or her desk) will have no problem telling you if the icon says “Not
Connected.”
If your problem system is clearly not connecting, eliminate the possi-
bility of a failed switch or other larger problem by checking to make sure
other people can access the network, and that other systems can access the
shared resource (server) that the problem system can’t see. Make a quick
visual inspection of the cable running from the back of the PC to the outlet.
Finally, if you can, plug the system into a known good outlet and see if it
works. A good network tech always keeps a long patch cable for just this
purpose. If you get connectivity with the second outlet, you should begin
to suspect the structured cable running from the first outlet to the switch.
Assuming the cable is installed properly and has been working correctly
before this event, a simple continuity test will confirm your suspicion in
most cases.
Check the NIC
Be warned that a bad NIC can also generate this “can’t see the network”
problem. Use the utility provided by your OS to verify that the NIC works.
If you’ve got a NIC with diagnostic software, run it—this software will
check the NIC’s circuitry. The NIC’s female connector is a common failure
point, so NICs that come with diagnostic software often include a special
test called a loopback test. A loopback test sends data out of the NIC and
checks to see if it comes back. Some NICs perform only an internal loop-
back, which tests the circuitry that sends and receives, but not the actual
connecting pins. A true external loopback requires a loopback plug inserted
into the NIC’s port (Figure 6.65). If a NIC is bad, replace it—preferably with
an identical NIC so you don’t have to reinstall drivers!
Figure 6.64 • Disconnected NIC in
Windows 7
Onboard NICs on laptops are
especially notorious for breaking
due to constant plugging and
unplugging. On some laptops,
the NICs are easy to replace;
others require a motherboard
replacement.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
136
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6
Cable Testing
The vast majority of network disconnect problems occur at the
work area. If you’ve tested those connections, though, and the
work area seems fine, it’s time to consider deeper issues.
With the right equipment, diagnosing a bad horizontal cabling
run is easy. Anyone with a network should own a midrange tester
with TDR such as the Fluke MicroScanner.
With a little practice, you can easily determine not only
whether a cable is disconnected but also where the disconnection
takes place. Sometimes patience is required, especially if you’ve
failed to label your cable runs, but you will find the problem.
When you’re testing a cable run, always include the patch
cables as you test. This means unplugging the patch cable from
the PC, attaching a tester, and then going to the telecommunica-
tions room. Here you’ll want to unplug the patch cable from the
switch and plug the tester into that patch cable, making a complete test, as
shown in Figure 6.66.
Testing in this manner gives you a complete test from the switch to the
system. In general, a broken cable must be replaced. A bad patch cable is
easy, but what happens if the horizontal cable is to blame? In these cases, I
get on the phone and call my local installer. If a cable’s bad in one spot, the
risk of it being bad in another is simply too great to try anything other than
total replacement.
Problems in the Telecommunications Room
Even a well-organized telecommunications room is a complex maze of
equipment racks, switches, and patch panels. The most important issue to
remember as you work is to keep your diagnostic process organized and
Figure 6.65 • Loopback plug
Figure 6.66 • Loopback plug in action
BaseTech
Chapter 6: Installing a Physical Network
137
documented. For example, if you’re testing a series of cable runs along a
patch panel, start at one end and don’t skip connections. Place a sticker as
you work to keep track of where you are on the panel.
Your biggest concerns in the telecommunications room are power and
environmental issues.
All those boxes in the rack need good-quality power. Even the smallest
rack should run off of a good uninterruptible power supply (UPS), a battery
backup that plugs into the wall. Make sure you get one that can handle the
amount of wattage used by all the equipment in the rack.
But what if the UPS reports lots of times when it’s kicking on? Don’t
assume the power coming from your physical plant (or power company) is
okay. If your UPS comes on too often, it might be time to install a voltage
event recorder (Figure 6.67). As its name implies, a voltage event recorder
plugs into your power outlet and tracks the voltage over time. These
devices often reveal interesting issues. For example, a small network was
having trouble sending an overnight report to a main branch—the upload-
ing servers reported that they were not able to connect to the Internet. Yet,
in the morning, the report could be run manually with no problems. After
placing a voltage event recorder in the telecommunications room, we dis-
covered that the building management was turning off the power as a
power-saving measure. This would have been hard to determine without
the proper tool.
The temperature in the telecommunications room
should be maintained and monitored properly. If you
lose the air conditioning, for example, and leave sys-
tems running, the equipment will overheat and shut
down—sometimes with serious damage. To prevent
this, all serious telecommunications rooms should have
temperature monitors.
Likewise, you need to control the level of humidity
in a telecommunications room. You can install environ-
mental monitors that keep a constant watch on humidity,
temperature, and more, for just a few hundred dollars.
The devices cost little in comparison to the equipment in
the telecommunications room that you’re protecting.
Toners
It would be nice to say that all cable installations are per-
fect and that over the years they won’t tend to grow into
horrific piles of spaghetti-like, unlabeled cables. In the
real world, though, you might eventually find yourself
having to locate or trace cables. Even in the best-planned
networks, labels fall off ports and outlets, mystery
cables appear behind walls, new cable runs are added,
and mistakes are made counting rows and columns on
patch panels. Sooner or later, most network techs will
have to be able to pick out one particular cable or port
from a stack.
Figure 6.67 • An excellent voltage event recorder (photo
courtesy of Fluke Networks)
Tech Tip
Online vs. Standby
Power Supplies
You can purchase two different
types of UPSs—online and
standby. An online UPS
continuously charges a battery
that, in turn, powers the
computer components. If the
telecommunications room loses
power, the computers stay powered
up without missing a beat, at least
until the battery runs out.
A standby power supply
(SPS) also has a big battery but
doesn’t power the computer unless
the power goes out. Circuitry
detects the power outage and
immediately kicks on the battery.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
138
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6
When the time comes to trace cables, network techs turn to a device
called a toner for help. Toner is the generic term for two separate devices
that are used together: a tone generator and a tone probe. The tone generator
connects to the cable using alligator clips, tiny hooks, or a network jack, and
it sends an electrical signal along the wire at a certain frequency. The tone
probe emits a sound when it is placed near a cable connected to the tone
generator (Figure 6.68). These two devices are often referred to by the brand-
name Fox and Hound, a popular model of toner made by the Triplett Cor-
poration.
To trace a cable, connect the tone generator to the known end of the
cable in question, and then position the tone probe next to the other end of
each of the cables that might be the right one. The tone probe makes a sound
when it’s placed next to the right cable. Some toners have one tone probe
that works with multiple tone generators. Each generator emits a separate
frequency, and the probe sounds a different tone for each one. Even good
toners are relatively inexpensive (US$75); although inexpensive toners can
cost less than US$25, they don’t tend to work well, so spending a little more
is worthwhile. Just keep in mind that if you have to support a network,
you’d do best to own a decent toner.
More advanced toners include phone jacks, enabling the person manip-
ulating the tone generator to communicate with the person manipulating
the tone probe: “Jim, move the tone generator to the next port!” These either
come with their own headset or work with a butt set, the classic tool used by
telephone repair technicians for years (Figure 6.69).
A good, medium-priced cable tester and a good toner are the most
important tools for folks who must support, but not install, networks. A
final tip: be sure to bring along a few extra batteries—there’s nothing worse
than sitting on the top of a ladder holding a cable tester or toner that has
just run out of juice!
Figure 6.69 • Technician with a butt set
You’ll see a tone probe
referred to on the CompTIA
Network+ exam as a toner
probe.
Figure 6.68 • Fox and Hound
BaseTech
139
Chapter 6: Installing a Physical Network
Chapter 6 Review■■
Chapter Summary ■
After reading this chapter and completing the exercises,
you should understand the following about installing a
physical network.
Recognize and describe the functions of basic
components in a structured cabling system
Structured cabling refers to a set of standards ■
established by the TIA/EIA regarding network
cabling. The three basic structured cabling network
components are the telecommunications room
(a.k.a. server room), the horizontal cabling, and the
work area (or the actual workers’ office space).
Although wireless networks are popular, they lack ■
the reliability and speed of wired networks.
All cabling should run from individual PCs to a ■
telecommunications room.
A telecommunications room should have one ■
or more sturdy equipment racks, used to hold
mountable network devices (hubs, switches, and
routers); this space also houses server PCs, patch
panels, UPSs, monitors, keyboards, mice, tape
backup drives, and more.
Horizontal cabling usually refers to the cabling ■
that runs from the telecommunications room out to
the work areas of a single office building floor.
The work area is where PCs and printers connect ■
to the ends of the horizontal cabling. In other
words, the work area is the actual office space
where the jacks should be located for connecting to
the network.
UTP cable comes in one of two types: solid core ■
and stranded core. Horizontal cabling should
always be solid core.
Solid core UTP is a better conductor than stranded ■
core but breaks easily if handled roughly. Stranded
core holds up better to substantial handling.
Equipment racks are 19 inches wide and come in ■
a variety of heights. Rack-mounted equipment is
manufactured to fit in the 19-inch width, but they
too vary by height.
Rack-mounted equipment heights are measured in ■
Us, each U being equal to just under 1.75 inches.
UTP cables can be connected to a 110 block in a ■
patch panel by using a punchdown tool.
The TIA/EIA 606 labeling standard can help a ■
technician keep track of cables.
Patch cables are used to connect the ports on ■
a patch panel to a switch. Although solid core
horizontal runs typically connect to the 110 block,
patch cables are usually stranded core.
Patch cables are also used in the work area to ■
connect a PC to the RJ-45 wall jack.
TIA/EIA 568 limits horizontal runs to 90 meters, ■
allowing 10 meters for patch cables before the 100-
meter UTP cable limit is reached.
The demarc location is where the connection is ■
made from the outside world to a private network.
An Internet service provider or telephone company
provides service through its demarc.
A network interface unit, such as a cable modem, ■
may sit between the demarc and local network.
Demarcs and cross-connects typically reside in a ■
room called the main distribution frame.
Explain the process of installing structured cable
A good installation entails planning the cabling ■
runs with an actual floor plan, as well as poking
around in walls and ceilings.
Raceway products may be used to run cable ■
externally rather than inside walls.
When planning cable runs, keep five things in ■
mind: distance, power, dryness, temperature, and
access.
Cable trays may be used to aid in pulling cable ■
within a drop ceiling.
If you make your own patch cables, be sure to use ■
the correct crimp, as they differ for solid core and
stranded core UTP.
A variety of cable testers, including time ■
domain reflectometers and optical time domain
reflectometers, can be used to test for continuity,
attenuation, and crosstalk.
Big issues with fiber include attenuation, light ■
leakage, and modal distortion.
140
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6
Install a network interface card
All UTP Ethernet NICs use an RJ-45 connector. ■
Fiber-optic NICs use a variety of connectors,
depending on the manufacturer.
Most motherboards now include an onboard NIC. ■
Using the same model of NIC for all the PCs on ■
your network makes installing and updating
drivers much easier.
The most common type of expansion card for NICs is ■
PCI, but there are also PCIe × 1 and PCIe × 2 options.
USB NICs are convenient and you don’t have ■
to open the computer case to install one. The
maximum speed of USB 2.0 is 480 Mbps, which
is slower than Gigabit Ethernet, but you might be
able to find USB 3.0 NICs; USB 3.0 is capable of
speeds up to 5 Gbps, which is plenty of bandwidth
for a Gigabit Ethernet connection.
The link lights on a NIC indicate the status of the ■
NIC, such as if it’s connected to a network and
if there is any network activity. Link lights may
include the activity light and collision light.
Perform basic troubleshooting on a structured cable
network
A “no server found” error is likely caused by a ■
physical connection problem. If one program (such
as a Web browser) works but another (such as e-mail)
does not, the problem is likely software related.
If you suspect a hardware problem, check the link ■
lights on the NIC and the switch. If the lights are
not on, the cable is probably disconnected or the
port may be faulty.
A loopback test can check a NIC’s circuitry, but not ■
the actual connecting pins.
When testing cables, be sure to test the entire run, ■
including the patch cable in the work area, the
cable leading from the work area wall back to the
telecommunications room, and the patch cable
from the patch panel to the switch.
Tools that are helpful for troubleshooting a ■
structured cable network include a voltage event
recorder and a toner.
Key Terms ■
110 block (113)
activity light (133)
attenuation (128)
bonding (132)
cable certifier (128)
cable drop (119)
cable tester (126)
cable tray (121)
collision light (134)
continuity (126)
continuity tester (126)
crosstalk (127)
demarc (116)
demarc extension (118)
dispersion (130)
environmental monitor (137)
equipment rack (112)
far-end crosstalk (FEXT) (128)
horizontal cabling (109)
intermediate distribution frame
(IDF) (111)
light leakage (130)
link light (133)
loopback plug (135)
loopback test (135)
main distribution frame
(MDF) (118)
mounting bracket (122)
multiplexer (118)
near-end crosstalk (NEXT) (127)
network interface unit (NIU) (117)
optical time domain reflectometer
(OTDR) (129)
patch cable (114)
patch panel (113)
punchdown tool (113)
raceway (120)
run (109)
smart jack (117)
solid core (110)
stranded core (110)
structured cabling (107)
telecommunications room (109)
temperature monitor (137)
TIA/EIA 606 (114)
time domain reflectometer
(TDR) (127)
tone generator (138)
tone probe (138)
toner (138)
U (112)
uninterruptible power supply
(UPS) (137)
vertical cross-connect (118)
voltage event recorder (137)
wiremap (126)
work area (109)
BaseTech
141
Chapter 6: Installing a Physical Network
Key Term Quiz ■
Use the Key Terms list to complete the sentences that
follow. Not all terms will be used.
All the cabling from individual work areas runs 1.
via _______________ to a central location.
The central location that all cabling runs to is 2.
called the _______________.
A single piece of installed horizontal cabling is 3.
called a(n) _______________.
The set of standards established by the TIA/4.
EIA regarding network cabling is called
_______________.
You use a(n) _______________ to connect a 5.
strand of UTP to a 110 block or 66 block.
A short UTP cable that uses stranded, rather than 6.
solid, cable is called a(n) _______________ and
can tolerate much more handling near a patch
panel.
The type of network interface unit (NIU) 7.
that enables an ISP or telephone company
to determine if a home DSL box or cable
router has been disconnected is called a(n)
_______________.
The spot where a cable comes out of the wall at 8.
the workstation is called a(n) _______________.
The height measurement known as U is used for 9.
devices that fit into a(n) _______________.
The term _______________ describes the process 10.
of a signal weakening as it progresses down a
piece of wire.
Multiple-Choice Quiz ■
Which item describes the length of cable 1.
installed within walls from a telecommunications
room out to a jack?
Cable dropA.
Cable runB.
Cable testerC.
Cable trayD.
What is the term used to describe where the 2.
network hardware and patch panels are kept?
Drop roomA.
Telecommunications roomB.
Routing roomC.
Telecloset roomD.
Aside from outright breakage, what’s the 3.
primary worry with bending a fiber-optic cable
too much?
AttenuationA.
BondingB.
Light leakageC.
Near-end crosstalkD.
When connecting a cable run onto a patch panel, 4.
which tool should you use?
110-punchdown toolA.
CrimperB.
TDRC.
Tone generatorD.
Which of the following NIC types offers the most 5.
versatility?
10A.
10/100B.
10/100/1000C.
Only a nonmultispeed NICD.
What is the structured cabling name for the end 6.
user’s office space where network computers are
set up?
BackboneA.
Building entranceB.
Cable dropC.
Work areaD.
What type of twisted-pair cabling would work 7.
best within ceilings near lighting?
Solid core plenumA.
Solid core PVCB.
Stranded core plenumC.
Stranded core PVCD.
142
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6
Why would network techs use stranded core 8.
cabling from a patch panel’s ports to a switch?
CostA.
Fire ratingB.
FlexibilityC.
SafetyD.
What is the first thing a professional cable 9.
installer should do when providing an estimate
at a site?
Power on additional lighting.A.
Put on a grounding wrist strap.B.
Request a floor plan.C.
Set up ladders.D.
What component best enables you to install 10.
more servers in the limited space of a
telecommunications room?
Cable trayA.
Outlet boxB.
Patch panelC.
Equipment rackD.
How tall is a network router that is 8U?11.
8 inchesA.
8 centimetersB.
14 inchesC.
14 centimetersD.
Your first day on the job, you get a call from the 12.
owner complaining that her network connection
is down. A quick check of the central switch
verifies that it’s in good working order, as is the
boss’s PC. As luck would have it, your supervisor
calls at just that time and tells you not to worry;
she’ll be by in a jiffy with her TDR to help root out
the problem. What is she talking about?
Tune domain resonator, her network tone A.
generator
Time detuning resonator, her network testerB.
Time domain reflectometer, her network testerC.
Time detail resource, her network schematicD.
Jenny’s office building recently had sections 13.
renovated, and now some users are complaining
that they can’t see the network. She suspects
that the workers might have inadvertently
broken wires when they did ceiling work.
George suggests she use a toner to figure out
which wires go to the complaining users. Erin
disagrees, saying that Jenny should use a Fox
and Hound. Who’s right?
Only George is right.A.
Only Erin is right.B.
Both George and Erin are right.C.
Neither George nor Erin is right.D.
What is generated by every piece of UTP cable in 14.
existence?
Modal distortionA.
CrosstalkB.
EMIC.
ESDD.
Which statement about structured cable is correct?15.
The term “demarc” refers to a physical A.
location, whereas the phrase “network
interface unit” refers to a piece of equipment
provided by an ISP.
The term “demarc” refers to a piece of B.
equipment provided by an ISP, whereas the
phrase “network interface unit” refers to a
piece of equipment provided by the customer.
The terms “demarc” and “network interface C.
unit” refer to pieces of equipment provided
by an ISP.
A demarc is used for fiber cabling, whereas a D.
network interface unit is used for UTP.
Essay Quiz ■
Sketch a rough draft of your classroom, office, 1.
or the room you are in right now. Indicate
any doors, windows, closets, lights, plumbing
fixtures, desks or tables, and even any visible
electrical wall outlets. Then indicate with a large
letter X where you would place a new cable
drop. Jot down some notes explaining why you
would choose the location you did.
Your CompTIA A+ Certified coworker is listening 2.
in on a conversation you are having with your boss,
and he thinks he knows what a “demarc” is. Write
a quick note to him describing the true meaning of
BaseTech
143
Chapter 6: Installing a Physical Network
a structured cabling building entrance, so you can
put it on his desk before you leave for the day.
The management team at your company wants to 3.
network five offices with low-cost PVC stranded
core cabling throughout the dropped ceiling in your
offices. Compose a memo that justifies the cost of
using more expensive cabling. Use any standard
memo format that you are already familiar with.
The youth group at a local community 4.
organization has received funding to help
with creating a computer network. They have
already purchased the required number of PCI
10/100/1000 NICs. You have been asked by one
of the group’s leaders to assist with installing the
NICs. You want to help, but time doesn’t permit
you to volunteer any more hours in a week than
you already do. It makes better sense to organize
a step-by-step fact sheet that describes installing
a NIC into an open slot on a computer. When you
have finished, e-mail the fact sheet you created to
your instructor (or a friend) for comments.
Lab Project 6.1 •
You are a recently hired network technician at
a local business. During the interview phase
with the company, some questions were raised
about installing cable. You made it clear that
professional cable installation was the way to go.
You justified your statements and impressed the
interviewers with your knowledge and honesty,
so they hired you.
Now you need to research the company
names and “per drop” prices of professional
cable installers in your area. Use the Internet to
gather research from at least two companies.
Prepare a PowerPoint presentation to present
your findings to management. Be sure to use
color, graphics, and slide transitions (as time
permits) to further impress your new bosses!
Lab Project 6.2 •
You have become the de facto network
administrator for your employer at a nearby tax
preparation company. The owner of this small
business stays close to all expenses. She realizes
that you could use additional tools to help with
installing cable for her soon-to-be-expanded
office network. You see this as the opportunity
to purchase a cable tester and a tone generator.
Your boss casually says to check out some prices.
You know that well-laid-out numbers could
mean approval on the toys you’d like!
Prepare a spreadsheet that shows three levels,
including prices, for each of these items. Arrange
your spreadsheet in a “good/better/best” layout,
with “best” listed on top for the most attention.
Use the following chart as a guide:
“BEST” Brand/Model Price
Cable Tester A $ .
Tone Generator A $ .
Total for A Items $ .
“BETTER” Brand/Model Price
Cable Tester B $ .
Tone Generator B $ .
Total for B Items $ .
“GOOD” Brand/Model Price
Cable Tester C $ .
Tone Generator C $ .
Total for C Items $ .
Lab ProjectsLab Projects
7
chapter
144
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7
TCP/IP Basics
“If it’s sent by ship then it’s a
cargo, if it’s sent by road then it’s
a shipment.”
—Dave allen
In this chapter, you will learn
how to
Describe how the TCP/IP protocol ■■
suite works
Explain CIDR and subnetting■■
Describe the functions of static ■■
and dynamic IP addresses
The mythical MHTechEd network (remember that from Chapter 2?) provided an overview of how networks work. At the bottom of every network, at OSI
Layers 1 and 2 (the Link/Network Interface layer of the TCP/IP model), resides
the network hardware: the wires, network cards, switches, and more that enable
data to move physically from one computer to another. Above the Physical
and Data Link layers, the “higher” layers of the model—such as Network and
Transport—work with the hardware to make the network magic happen.
Chapters 3 through 6 provided details of the hardware at the Physical and
Data Link layers of the OSI model and the Link/Network Interface layer of the
TCP/IP model. You learned about the network protocols, such as Ethernet, that
create uniformity within networks so that the data frame created by one NIC can
be read properly by another NIC.
BaseTech
Chapter 7: TCP/IP Basics
145
This chapter begins a fun journey into the software side of networking.
You’ll learn the details about the IP addressing scheme that enables com-
puters on one network to communicate with each other and computers on
other networks. You’ll get the full story on how TCP/IP networks divide
into smaller units—subnets—to make management of a large TCP/IP net-
work easier. And you won’t just get it from a conceptual standpoint. This
chapter provides the details you’ve undoubtedly been craving—it teaches
you how to set up a network properly. The chapter finishes with an in-
depth discussion on implementing IP addresses.
Historical/Conceptual
Standardizing Networking ■■
Technology
The early days of networking software saw several competing standards
that did not work well together. Novell NetWare, Microsoft Windows, and
Apple Macintosh ran networking software to share folders and printers,
while the UNIX/Linux world did crazy things like sharing terminals—
handy for the UNIX/Linux users, but it made no sense to the Windows
folks—and then there was this new thing called e-mail (like that was ever
going to go anywhere). The Internet had just been opened to the public. The
World Wide Web was merely a plaything for programmers and scientists.
All of these folks made their own software, interpreting (or totally ignoring)
the OSI model in various ways, and all trying (arguably) to become the way
the whole world networked computers. It was an unpleasant, ugly world
for guys like me who had the audacity to try to make, for example, a UNIX
box work with a Windows computer.
The problem was that no one agreed on how a network should run.
Everyone’s software had its own set of Rules of What a Network Should Do
and How to Do It. These sets of rules—and the software written to follow
these rules—were broken down into individual rules called protocols. Each
set of rules had many protocols lumped together under the term protocol
suite. Novell NetWare called its protocol suite IPX/SPX; Microsoft’s was
called NetBIOS/NetBEUI; Apple used AppleTalk; and the UNIX folks used
this wacky protocol suite called TCP/IP.
Well, TCP/IP won. Sure, you may find the occasional network still run-
ning one of these other protocol suites, but they’re rare these days. To get
ahead in today’s world, to get on the Internet, and to pass the CompTIA
Network+ exam, you only need to worry about TCP/IP. Novell, Microsoft,
and Apple no longer actively support anything but TCP/IP. You live in
a one-protocol-suite world, the old stuff is forgotten, and you kids don’t
know how good you got it!
Even in the old days
companies created methods
to connect different operating
systems together. Microsoft
created software to enable a
Windows client to connect
to a NetWare server, for
example. This software,
called the Microsoft IPX/SPX
Protocol or NWLINK, shows
up as a possible answer on
the CompTIA Network+ exam.
Because NWLINK is long gone,
don’t assume it’s going to be
the correct answer!
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
146
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7
Test Specific
The TCP/IP Protocol Suite■■
Chapter 2 introduced you to the TCP/IP model. Let’s take a second look
and examine some of the more critical protocols that reside at each layer. I’ll
also explore and develop the IP packet in more detail to show you how it
organizes all of these protocols. Remember, TCP/IP is so powerful because
IP packets can exist in almost any type of network technology. The Link
layer, therefore, counts on technologies outside the TCP/IP protocol
suite (like Ethernet, cable modem, or DSL) to get the IP packets from
one system to the next (Figure 7.1).
When discussing the software layers of the TCP/IP protocol suite,
let’s focus on only the three top layers in the TCP/IP model: Internet,
Transport, and Application (Figure 7.2). I’ll revisit each of these layers
and add representative protocols from the protocol suite so you gain a
better understanding of “who’s who” in TCP/IP.
If you look at an IP packet, certain parts of that packet fit per-
fectly into layers of the TCP/IP model. The parts consist of a series
of nested headers with data. The header for a higher layer is part of
the data for a lower layer. The packet’s payload, for example, can be
a TCP segment that consists of data from layers above and a sequence
number (Figure 7.3). The higher you go up the model, more headers
are stripped away until all you have left is the data delivered to the
application that needs it.
Internet Layer Protocols
The Internet Protocol (IP) works at the Internet layer, taking data chunks
from the Transport layer, adding addressing, and creating the final IP
packet. The Internet Protocol software then hands the IP packet to Layer 2
for encapsulation into a frame. Let’s look at the addressing in more depth.
I think it’s safe to assume that most folks have seen IP addresses before.
Here’s a typical example:
192.168.1.115
This type of address—four values ranging from 0 to 255, separated by three
periods—is known officially as an Internet Protocol version four (IPv4)
address.
This chapter introduces you to IPv4 addresses. You should
understand the correct name for this older type of address because
the world is moving to a newer, longer type of IP address called
IPv6. Here’s an example of an IPv6 address:
2001:0:4137:9e76:43e:2599:3f57:fe9a
IPv4 and IPv6 addresses aren’t the only protocols that work
at the Internet layer. A number of applications test basic issues
at this layer, such as “Is there a computer with the IP address
of 192.168.1.115?” These applications use the Internet Control
The TCP/IP protocol suite
consists of thousands of
different protocols doing
thousands of different things.
For the most part, the rest of
this book discusses TCP/IP
protocols. Right now, my goal
is to give you an idea of which
protocols go where in the TCP/IP
protocol suite.
Segment
IP Packet
IP Header
Figure 7.3 • IP packet showing headers
Transport
Internet
Link
Application
Figure 7.2 • The TCP/IP model redux
I feel so left out.
Figure 7.1 • The Link layer is important, but it’s
not part of the TCP/IP protocol suite.
BaseTech
Chapter 7: TCP/IP Basics
147
Message Protocol (ICMP). TCP/IP users rarely start a program that uses
ICMP. For the most part, ICMP features are called automatically by appli-
cations as needed without your ever knowing. There is one very famous
program that runs under ICMP, however: the venerable ping utility. Run
ping from a command prompt to query if a host is reachable. Ping will
show the round trip time (RTT)—some call this the real transfer time—for the
ICMP packet, usually in seconds. If ping can’t find the host, the packet will
time out and ping will show you that information too.
When thinking about the Internet layer, remember the following three
protocols:
IPv4 (sometimes you just say IP) ■
IPv6 ■
ICMP ■
Figure 7.4 shows a highly simplified IP header.
The full IP packet header has 14 different fields. As you
would expect, the destination and source IP addresses are
part of the Network/Internet layer. Other fields include ver-
sion, header length, and more. Dissecting the entire set of
fields isn’t important, but here are a few descriptions just to
whet your appetite:
Version ■ The version (Ver) field defines the IP address type: 4 for
IPv4, 6 for IPv6.
Header Length ■ The total size of the IP portion of the packet in
words (32-bits) is displayed in the header length field.
Differentiated Services Code Point (DSCP) ■ The DSCP field
contains data used by bandwidth-sensitive applications like Voice
over IP. (Network techs with long memories will note that this field
used to be called the Type of Service field.)
Time to Live ■ Routers on the Internet are not perfect and sometimes
create loops. The Time to Live (TTL) field prevents an IP packet from
indefinitely spinning through the Internet by using a counter that
decrements by one every time a packet goes through a router. This
number cannot start higher than 255; many applications start at 128.
Protocol ■ In the vast majority of cases, the protocol field is either
TCP or UDP. See the next section for more information.
Transport Layer Protocols
When moving data from one system to another, the TCP/IP protocol suite
needs to know if the communication is connection-oriented or connec-
tionless. When you want to be positive that the data moving between two
systems gets there in good order, use a connection-oriented application.
If it’s not a big deal for data to miss a bit or two, then connectionless is
the way to go. The connection-oriented protocol used with TCP/IP is
called the Transmission Control Protocol (TCP). The connectionless one
is called the User Datagram Protocol (UDP).
Let me be clear: you don’t choose TCP or UDP. The people who devel-
oped the applications decide which protocol to use. When you fire up your
The TCP/IP model’s Internet
layer corresponds roughly to the
OSI model’s Network layer.
32-bits DSCP TTL TCPVer
Figure 7.4 • Simplified IP header
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
148
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7
Web browser, for example, you’re using TCP because Web browsers use an
Application layer protocol called HTTP. HTTP is built on TCP.
TCP
Over 95 percent of all TCP/IP applications use TCP—that’s why we call
the protocol suite “TCP/IP” and not “UDP/IP.” TCP gets an application’s
data from one machine to another reliably and completely. As a result, TCP
comes with communication rules that require both
the sending and receiving machines to acknowl-
edge the other’s presence and readiness to send and
receive data. We call this process ACK/NACK or just
ACK (Figure 7.5). TCP also chops up data into seg-
ments, gives the segments a sequencing number, and
then verifies that all sent segments were received. If
a segment goes missing, the receiving system must
request the missing segments.
Figure 7.6 shows a simplified TCP header. Notice
the source port and the destination port. Port num-
bers are values ranging from 1 to 65535 and are used
by systems to determine what application needs the
received data. Each application is assigned a specific
port number. Web servers use port 80 (HTTP), for example, whereas port
110 is used to receive e-mail messages from e-mail servers (POP3). The client
uses the source port number to remember which client application requested
the data. The rest of this book dives much deeper into ports. For now, know
that the TCP or UDP headers of an IP packet store these values.
Figure 7.6 • TCP header
Ports aren’t the only items of interest in the TCP header. The header also
contains these fields:
Sequence number ■ This value is used to assemble/disassemble data.
ACK number ■ This value tracks the readiness of the two
communicating systems to send/receive data.
Flags ■ These individual bits give both sides detailed information
about the state of the connection.
Checksum ■ The checksum checks the TCP header for errors.
UDP is the “fire and forget” missile of the TCP/IP protocol suite. As you
can see in Figure 7.7, a UDP datagram doesn’t possess any of the extras you
see in TCP to make sure the data is received intact. UDP works best when
you have a lot of data that doesn’t need to be perfect or when the systems
are so close to each other that the chances of a problem occurring are too
small to bother worrying about. A few dropped frames on a Voice over
IP call, for example, won’t make much difference in the communication
Figure 7.5 • ACK in action
between two people. So there’s a good reason to use UDP: it’s smoking fast
compared to TCP.
Application Layer Protocols
TCP/IP applications use TCP/IP protocols to move data back and forth
between servers and clients. Because every application has different needs,
I can’t show you a generic application header. Instead, we’ll look at one
sample header from one function of possibly the most popular application
protocol of all: HTTP.
As mentioned previously, Web servers and Web browsers use HTTP to
communicate. Figure 7.8 shows a sample header for HTTP. Specifically, this
header is a response segment from the Web server telling the remote system
that the last set of data transfers is complete. This header begins with the
value “HTTP/1.1” and the number “200” followed by “OK\r\n,” which
means “OK, go to the next line.” The data (the contents of the Web page)
begins below the header.
You saw this back in
Chapter 2, but I’ll mention it
again here. Data gets chopped
up into chunks at the Transport
layer. The chunks are called
segments with TCP and
datagrams with UDP.
BaseTech
Chapter 7: TCP/IP Basics
149
between two people. So there’s a good reason to use UDP: it’s smoking fast
compared to TCP.
Figure 7.7 • UDP header
Application Layer Protocols
TCP/IP applications use TCP/IP protocols to move data back and forth
between servers and clients. Because every application has different needs,
I can’t show you a generic application header. Instead, we’ll look at one
sample header from one function of possibly the most popular application
protocol of all: HTTP.
As mentioned previously, Web servers and Web browsers use HTTP to
communicate. Figure 7.8 shows a sample header for HTTP. Specifically, this
header is a response segment from the Web server telling the remote system
that the last set of data transfers is complete. This header begins with the
value “HTTP/1.1” and the number “200” followed by “OK\r\n,” which
means “OK, go to the next line.” The data (the contents of the Web page)
begins below the header.
Figure 7.8 • HTTP header
I’m simplifying the call and
response interaction between a
Web server and a Web client. The
explanation here is only the first
part of the process in accessing
a Web page.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
150
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7
Super! Now that you’re comfortable with how the TCP/IP protocols fit
into clear points on the TCP/IP model, let’s head back to the Internet layer
and explore IP addressing.
IP in Depth■■
TCP/IP supports simple networks and complex networks. You can use the
protocol suite to connect a handful of computers to a switch and create a
local area network (LAN). TCP/IP also enables you to interconnect mul-
tiple LANs into a wide area network (WAN).
At the LAN level, all the computers use Ethernet, and this creates a
hurdle for WAN-wide communication. For one computer to send a frame
to another computer, the sending computer must know the MAC address
of the destination computer. This begs the question: How does the sender
get the recipient’s MAC address?
In a small network, this is easy. The sending computer simply broad-
casts by sending a frame to MAC address FF-FF-FF-FF-FF-FF, the universal
MAC address for broadcast. Figure 7.9 shows a computer broadcasting for
another computer’s MAC address.
Cross Check
Broadcasting
You first ran into broadcasting in Chapter 2, so check your memory
now. What happens to the broadcast frame? Does it reach all the com-
puters on a LAN? How many computers actually process that broad-
cast frame?
Figure 7.9 • PC broadcasting for a MAC address
Broadcasting takes up some of the network bandwidth, but in a small
network, the amount is acceptably small. But what would happen if the
BaseTech
Chapter 7: TCP/IP Basics
151
entire Internet used broadcasting (Figure 7.10)? In this case, the whole Inter-
net would come to a grinding halt.
Figure 7.10 • Broadcasting won’t work for the entire Internet!
TCP/IP networks use IP addressing to overcome the limitations inher-
ent in Ethernet networks. IP addresses provide several things. First, every
machine on a TCP/IP network—small or large—gets a unique IP address
that identifies the machine on that network. Second, IP addresses group
together sets of computers into logical networks, so you can, for exam-
ple, distinguish one LAN from another. Finally, because TCP/IP network
equipment understands the IP addressing scheme, computers can com-
municate with each other between LANs, in a WAN, and without broad-
casting for MAC addresses (other than for the default gateway). Chapter
2 touched on IP addresses briefly, but network techs need to understand
them intimately. Let’s look at the structure and function of the IP address-
ing scheme.
IP Addresses
The most common type of IP address (officially called IPv4, but usually
simplified to just “IP”) consists of a 32-bit value. Here’s an example of an
IP address:
11000000101010000000010000000010
Whoa! IP addresses are just strings of 32 binary digits? Yes, they are,
but to make IP addresses easier for humans to use, the 32-bit binary value
is broken down into four groups of eight, separated by periods or dots
like this:
11000000.10101000.00000100.00000010
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
152
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7
Each of these 8-bit values is, in turn, converted into a decimal number
between 0 and 255. If you took every possible combination of eight binary
values and placed them in a spreadsheet, it would look something like the
list in the left column. The right column shows the same list with a decimal
value assigned to each.
00000000 00000000 = 0
00000001 00000001 = 1
00000010 00000010 = 2
00000011 00000011 = 3
00000100 00000100 = 4
00000101 00000101 = 5
00000110 00000110 = 6
00000111 00000111 = 7
00001000 00001000 = 8
(skip a bunch in the middle) (skip a bunch in the middle)
11111000 11111000 = 248
11111001 11111001 = 249
11111010 11111010 = 250
11111011 11111011 = 251
11111100 11111100 = 252
11111101 11111101 = 253
11111110 11111110 = 254
11111111 11111111 = 255
Converted, the original value of 11000000.10101000.00000100.00000010
is displayed as 192.168.4.2 in IPv4’s dotted decimal notation (also referred
to as the dotted-octet numbering system). Note that dotted decimal is sim-
ply a shorthand way for people to discuss and configure the binary IP
addresses computers use.
People who work on TCP/IP networks must know how to convert
dotted decimal to binary and back. You can convert easily using any oper-
ating system’s calculator. Every OS has a calculator (UNIX/Linux systems
have about 100 different ones to choose from) that has a scientific or pro-
grammer mode like the one shown in Figure 7.11.
To convert from decimal to binary, just go to decimal view, type in the
value, and then switch to binary view to get the result. To convert to deci-
mal, just go into binary view, enter the binary value, and switch to deci-
mal view to get the result. Figure 7.12 shows the result of Windows 7’s
Calculator converting the decimal value 47 into binary. Notice the result
is 101111—the leading two zeroes do not appear. When you work with IP
addresses you must always have eight digits, so just add two more to the
left to get 00101111.
Just as every MAC address must be unique on a network, every IP
address must be unique as well. For logical addressing to work, no two
computers on the same network may have the same IP address. In a small
network running TCP/IP, every computer has both an IP address and a
MAC address (Figure 7.13).
When you type an IP
address into a computer, the
computer ignores the periods
and immediately converts the
decimal numbers into binary.
People need dotted decimal
notation, but computers do not.
Using a calculator utility
to convert to and from binary/
decimal is a critical skill for a
network tech. Later on you’ll do
this again, but by hand!
BaseTech
Chapter 7: TCP/IP Basics
153
Figure 7.13 • A small network with both IP and MAC addresses
Every operating system comes with a utility (usually more than one
utility) to display a system’s IP address and MAC address. Figure 7.14
shows a Mac OS X system’s Network utility. Note the MAC address
(00:14:51:65:84:a1) and the IP address (192.168.4.57).
Every operating system also has a command-line utility that gives you
this information. In Windows, for example, you can use ipconfig to display
the IP and MAC addresses. Run ipconfig /all to see the results shown
in Figure 7.15.
Figure 7.12 • Converting decimal to binary with Windows 7’s CalculatorFigure 7.11 • Mac OS X Calculator in Programmer mode
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
154
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7
Figure 7.14 • Macintosh OS X Network utility
Figure 7.15 • Results from running ipconfig /all in Windows
BaseTech
Chapter 7: TCP/IP Basics
155
In the UNIX/Linux/Mac OS X world, you can run the very similar
ifconfig command. Figure 7.16, for example, shows the result of an ifconfig
(“eth0” is the NIC) in Ubuntu.
Figure 7.16 • Results from running ifconfig in Ubuntu
IP Addresses in Action
IP addresses support both LANs and WANs. This can create problems in
some circumstances, such as when a computer needs to send data both to
computers in its own network and to computers in other networks. How
can this be accomplished?
To make all this work, IP must do three things:
Create some way to use IP addresses so that each LAN has its own ■
identification.
Interconnect all of the LANs using routers and give those routers ■
some way to use the network identification to send packets to the
right network.
Give each computer on the network some way to recognize if a ■
packet is for the LAN or for a computer on the WAN so it knows
how to handle the packet.
Network IDs
To differentiate LANs from one another, each computer on a single LAN
must share a very similar IP address. Some parts of the IP address will
match all the others on the LAN. Figure 7.17 shows a LAN where all of the
computers share the first three numbers of the IP address, with only the last
number being unique on each system.
Make sure you know
that ipconfig and ifconfig
provide a tremendous amount
of information regarding a
system’s TCP/IP settings.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
156
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7
Figure 7.17 • IP addresses for a LAN
In this example, every computer has an IP address of 202.120.10.x.
That means the network ID is 202.120.10.0. The x part of the IP address is
the host ID. Combine the network ID (after dropping the ending 0) with
the host ID to get an individual system’s IP address. No individual com-
puter can have an IP address that ends with 0 because that is reserved for
network IDs.
Interconnecting
To organize all those individual LANs into a larger network,
every TCP/IP LAN that wants to connect to another TCP/IP
LAN must have a router connection. There is no exception to
this critical rule. A router, therefore, needs an IP address on
the LANs that it serves (Figure 7.18), so it can correctly route
packets.
That router is known as the default gateway. When config-
uring a client to access the network beyond the router, you use
the IP address for the default gateway.
Most network administrators give the LAN-side NIC on the
default gateway the lowest host address in the network, usu-
ally the host ID of 1.
Routers use network IDs to determine network traffic.
Figure 7.19 shows a diagram for a small, two-NIC router simi-
lar to the ones you see in many homes. Note that one port (202.120.10.1)
connects to the LAN and the other port connects to the Internet service pro-
vider’s network (14.23.54.223). Built into this router is a routing table, the
The network ID and the
host ID are combined to make a
system’s IP address.
actual instructions that tell the router what to do with incoming
packets and where to send them.
Now let’s add in the LAN and the Internet (Figure 7.20).
When discussing networks in terms of network IDs, by the way,
especially with illustrations in books, the common practice is to
draw circles around stylized networks. Here, you should con-
centrate on the IDs—not the specifics of the networks.
Network IDs are very flexible, as long as no two intercon-
nected networks share the same network ID. If you wished,
you could change the network ID of the 202.120.10.0 network
to 202.155.5.0, or 202.21.8.0, just as long as you can guarantee
no other LAN on the WAN shares the same network ID. On
the Internet, powerful governing
bodies carefully allocate network
IDs to ensure no two LANs share
the same network ID. I’ll talk more
about how this works later in the
chapter.
So far you’ve only seen exam-
ples of network IDs where the last
value is zero. This is common for
small networks, but it creates a
limitation. With a network ID of
202.120.10.0, for example, a net-
work is limited to IP addresses
from 202.120.10.1 to 202.120.10.254. (202.120.10.255 is a broadcast address
used to talk to every computer on the LAN.) This provides only 254 IP
addresses: enough for a small network, but many organizations need
many more IP addresses. No worries! You can simply use a network ID
with more zeroes, such as 170.45.0.0 (for a total of 65,534 hosts) or even
12.0.0.0 (for around 16.7 million hosts).
Network IDs enable you to connect multiple LANs into a WAN. Rout-
ers then connect everything together, using routing tables to keep track of
which packets go where. So that takes care of the second task: intercon-
necting the LANs using routers and giving those routers a way to send
packets to the right network.
Now that you know how IP addressing works with LANs and WANs,
let’s turn to how IP enables each computer on a network to recognize if a
packet is going to a computer on the LAN or to a computer on the WAN.
The secret to this is something called the subnet mask.
Subnet Mask
Picture this scenario. Three friends sit at their computers—Computers A,
B, and C—and want to communicate with each other. Figure 7.21 illus-
trates the situation. You can tell from the drawing that Computers A and
B are in the same LAN, whereas Computer C is on a completely different
LAN. The IP addressing scheme can handle this communication, so let’s
see how it works.
Routing tables are covered
in more detail in Chapter 8.
Figure 7.18 • LAN with router
BaseTech
Chapter 7: TCP/IP Basics
157
actual instructions that tell the router what to do with incoming
packets and where to send them.
Now let’s add in the LAN and the Internet (Figure 7.20).
When discussing networks in terms of network IDs, by the way,
especially with illustrations in books, the common practice is to
draw circles around stylized networks. Here, you should con-
centrate on the IDs—not the specifics of the networks.
Network IDs are very flexible, as long as no two intercon-
nected networks share the same network ID. If you wished,
you could change the network ID of the 202.120.10.0 network
to 202.155.5.0, or 202.21.8.0, just as long as you can guarantee
no other LAN on the WAN shares the same network ID. On
the Internet, powerful governing
bodies carefully allocate network
IDs to ensure no two LANs share
the same network ID. I’ll talk more
about how this works later in the
chapter.
So far you’ve only seen exam-
ples of network IDs where the last
value is zero. This is common for
small networks, but it creates a
limitation. With a network ID of
202.120.10.0, for example, a net-
work is limited to IP addresses
from 202.120.10.1 to 202.120.10.254. (202.120.10.255 is a broadcast address
used to talk to every computer on the LAN.) This provides only 254 IP
addresses: enough for a small network, but many organizations need
many more IP addresses. No worries! You can simply use a network ID
with more zeroes, such as 170.45.0.0 (for a total of 65,534 hosts) or even
12.0.0.0 (for around 16.7 million hosts).
Network IDs enable you to connect multiple LANs into a WAN. Rout-
ers then connect everything together, using routing tables to keep track of
which packets go where. So that takes care of the second task: intercon-
necting the LANs using routers and giving those routers a way to send
packets to the right network.
Now that you know how IP addressing works with LANs and WANs,
let’s turn to how IP enables each computer on a network to recognize if a
packet is going to a computer on the LAN or to a computer on the WAN.
The secret to this is something called the subnet mask.
Subnet Mask
Picture this scenario. Three friends sit at their computers—Computers A,
B, and C—and want to communicate with each other. Figure 7.21 illus-
trates the situation. You can tell from the drawing that Computers A and
B are in the same LAN, whereas Computer C is on a completely different
LAN. The IP addressing scheme can handle this communication, so let’s
see how it works.
Figure 7.19 • Router diagram
Figure 7.20 • LAN, router, and the Internet
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
158
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7
Figure 7.21 • The three amigos, separated by walls or miles
The process to get a packet to a local computer is very different from
the process to get a packet to a faraway computer. If one computer wants
to send a packet to a local computer, it must send a broadcast to get the
other computer’s MAC address, as you’ll recall from earlier in the chapter
and Figure 7.9. (It’s easy to forget about the MAC address, but remember
that the network uses Ethernet and must have the MAC address to get the
packet to the other computer.) If the packet is for some computer on a far-
away network, the sending computer must send the packet to the default
gateway (Figure 7.22).
Figure 7.22 • Sending a packet remotely
In the scenario illustrated in Figure 7.21, Computer A wants to send a
packet to Computer B. Computer B is on the same LAN as Computer A,
but that begs a question: How does Computer A know this? Every TCP/IP
computer needs a tool to tell the sending computer whether the destination
IP address is local or long distance. This tool is the subnet mask.
BaseTech
Chapter 7: TCP/IP Basics
159
A subnet mask is nothing more than a string of ones followed by some
number of zeroes, always totaling exactly 32 bits, typed into every TCP/IP
host. Here’s an example of a typical subnet mask:
11111111111111111111111100000000
For the courtesy of the humans reading this (if any computers are read-
ing this book, please call me—I’d love to meet you!), let’s convert this to
dotted decimal. First, add some periods:
11111111.11111111.11111111.00000000
Then convert each octet into decimal (use a calculator):
255.255.255.0
When you line up an IP address with a corresponding subnet mask in
binary, the portion of the IP address that aligns with the ones of the subnet
mask is the network ID portion of the IP address. The portion that aligns
with the zeroes is the host ID. With simple IP addresses, you can see this
with dotted decimal, but you’ll want to see this in binary for a true under-
standing of how the computers work.
The IP address 192.168.5.23 has a subnet mask of 255.255.255.0. Convert
both numbers to binary and then compare the full IP address to the ones
and zeroes of the subnet mask:
Dotted Decimal Binary
IP address 192.168.5.23 11000000.10101000.00000101.00010111
Subnet
mask
255.255.255.0 11111111.11111111.11111111.00000000
Network ID 192.168.5.0 11000000.10101000.00000101.x
Host ID x.x.x.23 x.x.x.00010111
Before a computer sends out any data, it first compares the destination
IP address to its own IP address using the subnet mask. If the destination IP
address matches the computer’s IP wherever there’s a 1 in the subnet mask,
then the sending computer knows the destination is local. The network IDs
match. If even one bit of the destination IP address where the 1s are on
the subnet mask is different, then the sending computer knows it’s a long-
distance call. The network IDs do not match.
Let’s head over to Computer A and see how the subnet mask works.
Computer A’s IP address is 192.168.5.23. Convert that into binary:
11000000.10101000.00000101.00010111
Now drop the periods because they mean nothing to the computer:
11000000101010000000010100010111
Let’s say Computer A wants to send a packet to Computer B. Computer
A’s subnet mask is 255.255.255.0. Computer B’s IP address is 192.168.5.45.
Convert this address to binary:
11000000101010000000010100101101
At this point, you should
memorize that 0 = 00000000
and 255 = 11111111. You’ll find
knowing this very helpful
throughout the rest of the book.
The explanation about
comparing an IP address to
a subnet mask simplifies the
process, leaving out how the
computer uses its routing table
to accomplish the goal. We’ll get
to routing and routing tables in
Chapter 8. For now, stick with the
concept of the node using the
subnet mask to determine the
network ID.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
160
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7
Computer A compares its IP address to Computer
B’s IP address using the subnet mask, as shown in
Figure 7.23. For clarity, I’ve added a line to show you
where the ones end and the zeroes begin in the sub-
net mask. Computers certainly don’t need the pretty
red line!
A-ha! Computer A’s and Computer B’s network
IDs match! It’s a local call. Knowing this, Computer A
can now send out an ARP request, which is a broadcast, as shown in Fig-
ure 7.24, to determine Computer B’s MAC address. The Address Resolution
Protocol (ARP) is how a TCP/IP network figures out the MAC address
based on the destination IP address.
The addressing for the ARP frame looks like Figure 7.25. Note that
Computer A’s IP address and MAC address are included.
Computer B responds to the ARP request by sending Computer A an
ARP response (Figure 7.26). Once Computer A has Computer B’s MAC
address, it starts sending packets.
But what happens when Computer A wants to send a packet to Com-
puter C? First, Computer A compares Computer C’s IP address to its own
using the subnet mask (Figure 7.27). It sees that the IP addresses do not
match in the 1s part of the subnet mask—meaning the network IDs don’t
match; therefore, this is a long-distance call.
Header ARP Frame
Broadcast
MAC
Source
MAC
Source
MAC
Source
IP
Target
IP
?
Figure 7.25 • Simplified ARP frame
Figure 7.23 • Comparing addresses
Figure 7.24 • Sending an ARP request
The long-dead Reverse
Address Resolution Protocol
(RARP) was used to get a Layer
3 address when the computer’s
MAC address was known, thus,
the reverse of an ARP. You’ll see
this sometimes as an incorrect
answer on the CompTIA
Network+ exam.
Cross Check
ARP and the OSI Model
Remember the OSI model from way back in Chapter 2? Which layer
does IP work on? How about MAC addresses? Where do you think ARP
fits into the OSI model?
BaseTech
Chapter 7: TCP/IP Basics
161
Figure 7.27 • Comparing addresses again
Try This!
ARP in Windows
To show Windows’ current ARP table, open a command line and type:
arp –a
You should see results similar to this:
Interface: 192.168.4.71 --- 0x4
Internet Address Physical Address Type
192.168.4.76 00-1d-e0-78-9c-d5 dynamic
192.168.4.81 00-1b-77-3f-85-b4 dynamic
Now delete one of the entries in the ARP table with this command:
arp –d [ip address from the previous results]
Run the arp –a command again. The line for the address you speci-
fied should be gone. Now ping the address you deleted and check the
ARP table again. Did the deleted address return?
Figure 7.28 • Sending an ARP request to the gateway
Figure 7.26 • Computer B responds.
Whenever a computer wants to send to an IP
address on another LAN, it knows to send the packet to
the default gateway. It still sends out an ARP request,
but this time to the default gateway (Figure 7.28). Once
Computer A gets the default gateway’s MAC address,
it then begins to send packets.
Subnet masks are represented in dotted decimal
like IP addresses—just remember that both are really
32-bit binary numbers. All of the following (shown in
both binary and dotted decimal formats) can be subnet
masks:
11111111111111111111111100000000 = 255.255.255.0
11111111111111110000000000000000 = 255.255.0.0
11111111000000000000000000000000 = 255.0.0.0
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
162
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7
Most network folks represent subnet masks using special shorthand: a /
character followed by a number equal to the number of ones in the subnet
mask. Here are a few examples:
11111111111111111111111100000000 = /24 (24 ones)
11111111111111110000000000000000 = /16 (16 ones)
11111111000000000000000000000000 = /8 (8 ones)
An IP address followed by the / and number tells you the IP address
and the subnet mask in one statement. For example, 201.23.45.123/24 is
an IP address of 201.23.45.123 with a subnet mask of 255.255.255.0. Simi-
larly, 184.222.4.36/16 is an IP address of 184.222.4.36 with a subnet mask of
255.255.0.0.
Fortunately, computers do all of this subnet filtering automatically. Net-
work administrators need only to enter the correct IP address and subnet
mask when they first set up their systems, and the rest happens without
any human intervention.
If you want a computer to work in a routed internetwork (like the Inter-
net), you absolutely must have an IP address that’s part of its network ID, a
subnet mask, and a default gateway. No exceptions!
Class IDs
The Internet is by far the biggest and the most complex TCP/IP internet-
work. Numbering over half a billion computers way back in 2009, it has
grown so quickly that now it’s nearly impossible to find an accurate num-
ber. The single biggest challenge for the Internet is to make sure no two
devices share the same public IP address. To support the dispersion of IP
addresses, an organization called the Internet Assigned Numbers Author-
ity (IANA) was formed to track and disperse IP addresses to those who
need them. Initially handled by a single person (the famous Jon Postel)
until 1998, the IANA has grown dramatically and now oversees a num-
ber of Regional Internet Registries (RIRs) that parcel out IP addresses to
large ISPs and major corporations. The RIR for North America is called
the American Registry for Internet Numbers (ARIN). The vast majority of
end users get their IP addresses from their respective ISPs. IANA passes
out IP addresses in contiguous chunks called class licenses, which are out-
lined in the following table:
First Decimal
Value Addresses
Hosts per
Network ID
Class A 1–126 1.0.0.0–126.255.255.255 16,277,214
Class B 128–191 128.0.0.0–191.255.255.255 65,534
Class C 192–223 192.0.0.0–223.255.255.255 254
Class D 224–239 224.0.0.0–239.255.255.255 Multicast
Class E 240–254 240.0.0.0–254.255.255.255 Experimental
A typical Class A license, for example, has a network ID that starts
between 1 and 126; hosts on that network have only the first octet in
By definition, all computers
on the same network have
the same subnet mask and
network ID.
BaseTech
Chapter 7: TCP/IP Basics
163
common, with any numbers for the other three octets. Having three octets
to use for hosts means you have an enormous number of possible hosts,
over 16 million different number combinations. The subnet mask for Class
A licenses is 255.0.0.0, which means you have 24 bits for host IDs.
Do you remember binary math? 224 = 16,277,216. Because the host can’t
use all zeroes or all ones (those are reserved for the network ID and broad-
cast IP, respectively), you subtract two from the final number to get the
available host IDs.
A Class B license, with a subnet mask of 255.255.0.0, uses the first two
octets to define the network ID. This leaves two octets to define host IDs,
which means each Class B network ID can have up to 65,534 different hosts.
A Class C license uses the first three octets to define only the network
ID. All hosts in network 192.168.35.0, for example, would have all three first
numbers in common. Only the last octet defines the host IDs, which leaves
only 254 possible unique addresses. The subnet mask for Class C licenses
is 255.255.255.0.
Multicast class licenses are used for one-to-many communication,
such as in streaming video conferencing. There are three ways to send
a packet: a broadcast, which is where every computer on the LAN hears
the message; a unicast, where one computer sends a message directly to
another user; and a multicast, where a single computer sends a packet to a
group of interested computers. Multicast is often used when routers talk
to each other.
Experimental addresses are reserved and never used except for
occasional experimental reasons. These were originally called reserved
addresses.
IP class licenses worked well for the first few years of the Internet but
quickly ran into trouble due to the fact that they didn’t quite fit for every-
one. Early on, IANA gave away IP class licenses rather generously, per-
haps too generously. Over time, unallocated IP addresses became scarce.
Additionally, the IP class licenses concept didn’t scale well. If an organiza-
tion needed 2,000 IP addresses, for example, it either had to take a single
Class B license (wasting 63,000 addresses) or eight Class C licenses. As a
result, a new method of generating blocks of IP addresses, called Classless
Inter-Domain Routing (CIDR), was developed.
CIDR and Subnetting■■
CIDR is based on a concept called subnetting: taking a single class of IP
addresses and chopping it up into multiple smaller groups. CIDR and
subnetting are virtually the same thing. Subnetting is done by an organi-
zation—it is given a block of addresses and then breaks the single block
of addresses into multiple subnets. CIDR is done by an ISP—it is given
a block of addresses, subnets the block into multiple subnets, and then
passes out the smaller individual subnets to customers. Subnetting and
CIDR have been around for quite a long time now and are a critical part
of all but the smallest TCP/IP networks. Let’s first discuss subnetting and
then visit CIDR.
The Internet Corporation for
Assigned Names and Numbers
(ICANN) manages the IANA.
Make sure you memorize
the IP class licenses! You
should be able to look at any
IP address and know its class
license. Here’s a trick to help: The
first binary octet of a Class A
address always begins with a 0
(0xxxxxxx); for Class B, it begins
with a 10 (10xxxxxx); for Class
C, with 110 (110xxxxx); for Class
D, with 1110 (1110xxxx); and
for Class E, it begins with 1111
(1111xxxx).
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
164
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7
Subnetting
Subnetting enables a much more efficient use of IP addresses compared to
class licenses. It also enables you to separate a network for security (sepa-
rating a bank of public access computers from your more private comput-
ers) and for bandwidth control (separating a heavily used LAN from one
that’s not so heavily used).
The cornerstone to subnetting lies in the subnet mask. You take an exist-
ing /8, /16, or /24 subnet and extend the subnet mask by adding more ones
(and taking away the corresponding number of zeroes). For example, let’s
say you have an Internet café with about 50 computers, 40 of which are for
public use and 10 of which are used in the back office for accounting and
such (Figure 7.29). Your network ID is 192.168.4.0/24. You want to prevent
people using the public systems from accessing your private machines, so
you decide to create subnets. You also have wireless Internet and want to
separate wireless clients (never more than 10) on their own subnet.
Figure 7.29 • Layout of the network
You need to keep two things in mind about subnetting. First, start with
the given subnet mask and move it to the right until you have the number
of subnets you need. Second, forget the dots. They no longer define the
subnets.
You need to know how to
subnet to pass the CompTIA
Network+ exam.
BaseTech
Chapter 7: TCP/IP Basics
165
Never try to subnet without first converting to binary. Too many techs
are what I call “victims of the dots.” They are so used to working only
with class licenses that they forget there’s more to subnets than just /8,
/16, and /24 networks. There is no reason network IDs must end on the
dots. The computers, at least, think it’s perfectly fine to have subnets that
end at points between the periods, such as /26, /27, or even /22. The trick
here is to stop thinking about network IDs and subnet masks just in their
dotted decimal format and instead return to thinking of them as binary
numbers.
Let’s begin subnetting the café’s network of 192.168.4/24. Start by chang-
ing a zero to a one on the subnet mask so the /24 becomes a /25 subnet:
11111111111111111111111110000000
Calculating Hosts
Before going even one step further, you need to answer this question: On a
/24 network, how many hosts can you have? Well, if you used dotted deci-
mal notation you might say
192.168.4.1 to 192.168.4.254 = 254 hosts
But do this from the binary instead. In a /24 network, you have eight zeroes
that can be the host ID:
00000001 to 11111110 = 254
There’s a simple piece of math here: 2x – 2, where x represents the number
of zeroes in the subnet mask.
28 – 2 = 254
If you remember this simple formula, you can always determine the num-
ber of hosts for a given subnet. This is critical! Memorize this!
If you have a /16 subnet mask on your network, what is the maximum
number of hosts you can have on that network?
Because a subnet mask always has 32 digits, a /16 subnet means you 1.
have 16 zeroes left after the 16 ones.
22. 16 – 2 = 65,534 total hosts.
If you have a /26 subnet mask on your network, what is the maximum
number of hosts you can have on that network?
Because a subnet mask always has 32 digits, a /26 subnet means you 1.
have 6 zeroes left after the 26 ones.
22. 6 – 2 = 62 total hosts.
Excellent! Knowing how to determine the number of hosts for a particu-
lar subnet mask will help you tremendously in a moment.
Your First Subnet
Let’s now make a subnet. All subnetting begins with a single network ID. In
this scenario, you need to convert the 192.168.4/24 network ID for the café
into three network IDs: one for the public computers, one for the private
computers, and one for the wireless clients.
Many authors will drop the
trailing zeroes when using CIDR
notation. I always do this when
teaching because it’s faster
to write. So you might see a
network ID like 192.168.4/24. The
last octet of zero is implied by
the /24. Either way works.
You cannot subnet without
using binary!
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
166
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7
The primary tool for subnetting is the existing subnet
mask. Write it out in binary. Place a line at the end of the
ones, as shown in Figure 7.30.
Now draw a second line one digit to the right, as shown
in Figure 7.31. You’ve now separated the subnet mask into
three areas that I call (from left to right) the default subnet
mask (DSM), the network ID extension (NE), and the hosts
(H). These are not industry terms so you won’t see them on
the CompTIA Network+ exam, but they’re a handy Mike
Trick that makes the process of subnetting a lot easier.
You now have a /25 subnet mask. At this point, most
people first learning how to subnet start to freak out.
They’re challenged by the idea that a subnet mask of /25
isn’t going to fit into one of the three pretty subnets of
255.0.0.0, 255.255.0.0, or 255.255.255.0. They think, “That
can’t be right! Subnet masks are made out of only 255s
and 0s.” That’s not correct. A subnet mask is a string of ones followed by a
string of zeroes. People only convert it into dotted decimal to enter things
into computers. So convert /25 into dotted decimal. First write out 25 ones,
followed by seven zeroes. (Remember, subnet masks are always 32 binary
digits long.)
11111111111111111111111110000000
Insert the periods in between every eight digits:
11111111.11111111.11111111.10000000
Then convert them to dotted decimal:
255.255.255.128
Get used to the idea of subnet masks that use more than 255s and 0s.
Here are some examples of perfectly legitimate subnet masks. Try convert-
ing these to binary to see for yourself.
255.255.255.224
255.255.128.0
255.248.0.0
Calculating Subnets
When you subnet a network ID, you need to follow the rules and conven-
tions dictated by the good folks who developed TCP/IP to ensure that your
new subnets can interact properly with each other and with
larger networks. All you need to remember for subnetting
is this: start with a beginning subnet mask and extend the
subnet extension until you have the number of subnets you
need. The formula for determining how many subnets you
create is 2y, where y is the number of bits you add to the
subnet mask.
Let’s practice this a few times. Figure 7.32 shows a
starting subnet of 255.255.255.0. If you move the network
ID extension over one, it’s only a single digit, 21.
Figure 7.30 • Step 1 in subnetting
Figure 7.31 • Organizing the subnet mask
Figure 7.32 • Organizing the subnet mask
BaseTech
Chapter 7: TCP/IP Basics
167
That single digit is only a zero or a one, which gives you two
subnets. You have only one problem—the café needs three subnets,
not just two! So let’s take /24 and subnet it down to /26. Extending
the network ID by two digits creates four new network IDs, 22 = 4.
To see each of these network IDs, first convert the original network
ID—192.168.4.0—into binary. Then add the four different network ID
extensions to the end, as shown in Figure 7.33.
Figure 7.34 shows a sample of the IP addresses for each of the
four new network IDs.
Now convert these four network IDs back to dotted decimal:
Network ID Host Range
192.168.4.0/26 (192.168.4.1 – 192.168.4.62)
192.168.4.64/26 (192.168.4.65 – 192.168.4.126)
192.168.4.128/26 (192.168.4.129 – 192.168.4.190)
192.168.4.192/26 (192.168.4.193 – 192.168.4.254)
Congratulations! You’ve just taken a single network ID,
192.168.4.0/24, and subnetted it into four new network IDs! Figure 7.35
shows how you can use these new network IDs in a network.
Figure 7.35 • Three networks using the new network IDs
You may notice that the café only needs three subnets, but you created
four—you’re wasting one. Because subnets are created by powers of two,
you will often create more subnets than you need—welcome to subnetting.
If wasting subnets seems
contrary to the goal of efficient
use, keep in mind that subnetting
has two goals: efficiency and
making multiple network IDs
from a single network ID. This
example is geared more toward
the latter goal.
Original network ID: 192.168.4.0 /24
Translates to this in binary:
11000000.10101000.00000100.00000000
Figure 7.33 • Creating the new network IDs
Figure 7.34 • New network ID address ranges
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
168
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7
For a little more subnetting practice, let’s create eight
subnets on a /27 network. First, move the NE over three
digits (Figure 7.36).
To help you visualize the address range, I’ll calculate
the two of the subnets—using 001 and 011 (Figure 7.37).
Please do the other six for practice.
Note that in this case you only get 25 – 2 = 30 hosts
per network ID! These better be small networks!
Converting these to dotted decimal, you get:
192.168.4.0/27 (192.168.4.1 – 192.168.4.30)
192.168.4.32/27 (192.168.4.33 – 192.168.4.62)
192.168.4.64/27 (192.168.4.65 – 192.168.4.94)
192.168.4.96/27 (192.168.4.97 – 192.168.4.126)
192.168.4.128/27 (192.168.4.129 – 192.168.4.158)
192.168.4.160/27 (192.168.4.161 – 192.168.4.190)
192.168.4.192/27 (192.168.4.193 – 192.168.4.222)
192.168.4.224/27 (192.168.4.225 – 192.168.4.254)
These two examples began with a Class C address.
However, you can begin with any starting network ID.
Nothing changes about the process you just learned.
Manual Dotted Decimal to Binary Conversion
The best way to convert from dotted decimal to binary
and back is to use a calculator. It’s easy, fast, and accu-
rate. There’s always a chance, however, that you may
find yourself in a situation where you need to convert
without a calculator. Fortunately, manual conversion,
although a bit tedious, is also fairly easy. You just have to remember a single
number: 128.
Take a piece of paper and write the number 128 in the top-left corner.
Now, what is half of 128? That’s right, 64. Write 64 next to 128. Now keep
dividing the previous number in half until you get to the number 1. The
result will look like this:
128 64 32 16 8 4 2 1
Notice that you have eight numbers. Each of these numbers corresponds
to a position of one of the eight binary digits. To convert an 8-bit value to
dotted decimal, just take the binary value and put the numbers under the
corresponding eight digits. Wherever there’s a 1, add that decimal value.
Let’s take the binary value 10010110 into decimal. Write down the num-
bers as shown, and then write the binary values underneath each corre-
sponding decimal number:
128 64 32 16 8 4 2 1
1 0 0 1 0 1 1 0
Add the decimal values that have a 1 underneath:
128 + 16 + 4 + 2 = 150
Figure 7.36 • Moving the network ID extension three digits
11000000101010000000010000100000
11000000101010000000010000100001
11000000101010000000010000100010
11000000101010000000010000111101
11000000101010000000010000111110
11000000101010000000010000111111
11000000101010000000010001100000
11000000101010000000010001100001
11000000101010000000010001100010
11000000101010000000010001111101
11000000101010000000010001111110
11000000101010000000010001111111
Figure 7.37 • Two of the eight network ID address ranges
Tech Tip
ISPs and Classless
Addresses
If you order real, unique, ready-
for-the-Internet IP addresses from
your local ISP, you’ll invariably
get a classless set of IP addresses.
More importantly, when you
order them for clients, you need
to be able to explain why their
subnet mask is 255.255.255.192,
when all the books they read tell
them it should be 255.255.255.0!
All this assumes you can get an
IPv4 address by the time you’re
reading this book. See Chapter
13 for the scoop on IPv6, the
addressing scheme of the future.
BaseTech
Chapter 7: TCP/IP Basics
169
Converting from decimal to binary is a bit more of a challenge. You still
start with a line of decimal numbers starting with 128, but this time, you
place the decimal value above. If the number you’re trying to convert is
greater than or equal to the number underneath, subtract it and place a 1
underneath that value. If not, then place a 0 under it and move the number
to the next position to the right. Let’s give this a try by converting 221 to
binary. Begin by placing 221 over the 128:
221
128 64 32 16 8 4 2 1
93
1
Now place the remainder, 93, over the 64:
93
128 64 32 16 8 4 2 1
29
1 1
Place the remainder, 29, over the 32. The number 29 is less than 32, so place
a 0 underneath the 32 and move to 16:
29
128 64 32 16 8 4 2 1
13
1 1 0 1
Then move to the 8:
13
128 64 32 16 8 4 2 1
5
1 1 0 1 1
Then the 4:
5
128 64 32 16 8 4 2 1
1
1 1 0 1 1 1
Then the 2. The number 1 is less than 2, so drop a 0 underneath and move
to 1:
1
128 64 32 16 8 4 2 1
1 1 0 1 1 1 0 1
Finally, the 1; 1 is equal to 1, so put a 1 underneath and you’re done. The
number 221 in decimal is equal to 11011101 in binary.
CIDR: Subnetting in the Real World
I need to let you in on a secret—there’s a better than average chance that
you’ll never have to do subnetting in the real world. That’s not to say that
Make sure you can manually
convert decimal to binary and
binary to decimal.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
170
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7
subnetting isn’t important. It’s a critical part of the Internet’s structure. Sub-
netting most commonly takes place in two situations: ISPs that receive class
licenses from IANA and then subnet those class licenses for customers, and
very large customers that take subnets (sometimes already subnetted class
licenses from ISPs) and make their own subnets. Even if you’ll never make
a working subnet in the real world, there are a number of reasons to learn
subnetting.
First and most obvious, the CompTIA Network+ exam expects you to
know subnetting. For the exam, you need to be able to take any existing
network ID and break it down into a given number of subnets. You need to
know how many hosts the resulting network IDs possess. You need to be
able to calculate the IP addresses and the new subnet masks for each of the
new network IDs.
Second, even if you never do your own subnetting, you will most likely
contact an ISP and get CIDR addresses. You can’t think about subnet masks
in terms of dotted decimal. You need to think of subnets in terms of CIDR
values like /8, /22, /26, and so on.
Third, there’s a better than average chance you’ll look to more advanced
IT certifications. Most Cisco, many Microsoft, and a large number of other
certifications assume you understand subnetting. Subnetting is a compe-
tency standard that everyone who’s serious about networking understands
in detail—it’s a clear separation between those who know networks and
those who do not.
You’ve done well, my little padawan. Subnetting takes a little getting
used to. Go take a break. Take a walk. Play some World of Warcraft. Or fire
up your Steam client and see if I’m playing Counter-Strike or Left 4 Dead
(player name “desweds”). After a good mental break, dive back into sub-
netting and practice. Take any old network ID and practice making multiple
subnets—lots of subnets!
Using IP Addresses■■
Whew! After all that subnetting, you’ve reached the point where it’s time
to start actually using some IP addresses. That is, after all, the goal of going
through all that pain. There are two ways to give a computer an IP address,
subnet mask, and default gateway: either by typing in all the information
(called static addressing) or by having a server program running on a sys-
tem that automatically passes out all the IP information to systems as they
boot up on or connect to a network (called dynamic addressing). Addition-
ally, you must learn about a number of specialty IP addresses that have
unique meanings in the IP world to make this all work.
Static IP Addressing
Static addressing means typing all of the IP information into each of your
clients. But before you type in anything, you have to answer two questions:
What are you typing in and where do you type it? Let’s visualize a four-
node network like the one shown in Figure 7.38.
BaseTech
Chapter 7: TCP/IP Basics
171
subnetting isn’t important. It’s a critical part of the Internet’s structure. Sub-
netting most commonly takes place in two situations: ISPs that receive class
licenses from IANA and then subnet those class licenses for customers, and
very large customers that take subnets (sometimes already subnetted class
licenses from ISPs) and make their own subnets. Even if you’ll never make
a working subnet in the real world, there are a number of reasons to learn
subnetting.
First and most obvious, the CompTIA Network+ exam expects you to
know subnetting. For the exam, you need to be able to take any existing
network ID and break it down into a given number of subnets. You need to
know how many hosts the resulting network IDs possess. You need to be
able to calculate the IP addresses and the new subnet masks for each of the
new network IDs.
Second, even if you never do your own subnetting, you will most likely
contact an ISP and get CIDR addresses. You can’t think about subnet masks
in terms of dotted decimal. You need to think of subnets in terms of CIDR
values like /8, /22, /26, and so on.
Third, there’s a better than average chance you’ll look to more advanced
IT certifications. Most Cisco, many Microsoft, and a large number of other
certifications assume you understand subnetting. Subnetting is a compe-
tency standard that everyone who’s serious about networking understands
in detail—it’s a clear separation between those who know networks and
those who do not.
You’ve done well, my little padawan. Subnetting takes a little getting
used to. Go take a break. Take a walk. Play some World of Warcraft. Or fire
up your Steam client and see if I’m playing Counter-Strike or Left 4 Dead
(player name “desweds”). After a good mental break, dive back into sub-
netting and practice. Take any old network ID and practice making multiple
subnets—lots of subnets!
Using IP Addresses■■
Whew! After all that subnetting, you’ve reached the point where it’s time
to start actually using some IP addresses. That is, after all, the goal of going
through all that pain. There are two ways to give a computer an IP address,
subnet mask, and default gateway: either by typing in all the information
(called static addressing) or by having a server program running on a sys-
tem that automatically passes out all the IP information to systems as they
boot up on or connect to a network (called dynamic addressing). Addition-
ally, you must learn about a number of specialty IP addresses that have
unique meanings in the IP world to make this all work.
Static IP Addressing
Static addressing means typing all of the IP information into each of your
clients. But before you type in anything, you have to answer two questions:
What are you typing in and where do you type it? Let’s visualize a four-
node network like the one shown in Figure 7.38.
Figure 7.38 • A small network
To make this network function, each com-
puter must have an IP address, a subnet mask,
and a default gateway. First, decide what net-
work ID to use. In the old days, your ISP gave
you a block of IP addresses to use. Assume
that’s still the method and you’ve been allo-
cated a Class C license for 197.156.4/24. The
first rule of Internet addressing is ... no one
talks about Internet addressing. Actually, we
can maul the Fight Club reference and instead
say, “The first rule of Internet addressing is
that you can do whatever you want with
your own network ID.” There are no rules
other than to make sure every computer gets
a legit IP address and subnet mask for your
network ID and make sure every IP address
is unique. You don’t have to use the numbers
in order, you don’t have to give the default
gateway the 192.156.4.1 address—you can
do it any way you want. That said, most net-
works follow a common set of principles:
Give the default gateway the first IP 1.
address in the network ID.
Try to use the IP addresses in some 2.
kind of sequential order.
Try to separate servers from clients. 3.
For example, servers could have the IP
addresses 197.156.4.10 to 197.156.4.19,
whereas the clients range from
197.156.4.200 to 197.156.4.254.
Write down whatever you choose to 4.
do so the person who comes after you
understands.
These principles have become unofficial stan-
dards for network techs, and following them
will make you very popular with whoever
has to manage your network in the future.
Now you can give each of the comput-
ers an IP address, subnet mask, and default
gateway.
Every operating system has some method
for you to enter in the static IP information.
In Windows, you use the Internet Protocol
Version 4 (TCP/IPv4) Properties dialog, as shown in Figure 7.39.
In Mac OS X, run the Network utility in System Preferences to enter in
the IP information (Figure 7.40).
Figure 7.39 • Entering static IP information in Windows Internet Protocol
Version 4 (TCP/IPv4) Properties
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
172
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7
The only universal tool for
entering IP information on UNIX/
Linux systems is the command-line
ifconfig command, as shown in Fig-
ure 7.41. A warning about setting
static IP addresses with ifconfig: any
address entered will not be perma-
nent and will be lost on reboot. To
make the new IP permanent, you
need to find and edit your network
configuration files. Fortunately,
modern distributions (distros) make
your life a bit easier. Almost every
flavor of UNIX/Linux comes with
some handy graphical program,
such as Network Configuration in
the popular Ubuntu Linux distro
(Figure 7.42).
Once you’ve added the IP infor-
mation for at least two systems, you
should always verify using the ping
command, as shown in Figure 7.43.
If you’ve entered an IP address and your ping is not successful, first
check your IP settings. Odds are good you made a typo. Otherwise, check
your connections, driver, and so forth. Static addressing has been around
for a long time and is still heavily used for more critical systems on your
network. Static addressing poses one big problem, however: making any
changes to the network is a serious pain. Most systems today use a far
easier and more flexible method to get their IP information: dynamic IP
addressing.
Always verify with ping—it’s
too easy to make a typo when
you enter static IP addresses.
Figure 7.40 • Entering static IP information in the OS X Network utility
Figure 7.41 • Using the ifconfig command to set static IP addresses
Figure 7.42 • Ubuntu’s Network Configuration utility
BaseTech
Chapter 7: TCP/IP Basics
173
Dynamic IP Addressing
Dynamic IP addressing, better known as Dynamic Host Configuration Pro-
tocol (DHCP) or the older (and long vanished) Bootstrap Protocol (BOOTP),
automatically assigns an IP address whenever a computer connects to the
network. DHCP (and BOOTP, though for simplicity I’ll just say DHCP)
works very simply. First, configure a computer to use DHCP. Every OS has
some method to tell the computer to use DHCP, as in the Windows example
shown in Figure 7.44.
How DHCP Works
Once a computer is configured to use DHCP, we call it a DHCP client.
When a DHCP client boots up, it automatically sends out a special DHCP
Discover packet using the broadcast address. This DHCP Discover mes-
sage asks “Are there any DHCP servers out there?” (See Figure 7.45.)
For DHCP to work, one system on the LAN must be running special
DHCP server software. This server is designed to respond to DHCP Discover
requests with a DHCP Offer. The DHCP server is configured to pass out IP
addresses from a range (called a DHCP
scope) and a subnet mask (Figure 7.46).
Figure 7.43 • Two pings (successful ping on top, unsuccessful ping on bottom)
Figure 7.44 • Setting up for DHCP
Figure 7.45 • Computer sending out a
DHCP Discover message Figure 7.46 • DHCP server main screen
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
174
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7
It also passes out other information, known generically as options, that cover
an outrageously large number of choices, such as your default gateway, DNS
server, Network Time server, and so on.
Figure 7.47 shows the configuration screen from the popular DHCP
Server that comes with Windows Server 2008. Note the single scope. Fig-
ure 7.48 shows the same DHCP Server tool, in this case, detailing the options
screen. At this point, you’re probably not sure what any of these options are
for. Don’t worry. I’ll return to these topics in later chapters.
The DHCP client sends out a DHCP Request—a poor name choice as it
is really accepting the offer. The DHCP server then sends a DHCP Acknowl-
edge and lists the MAC address as well as the IP information given to the
DHCP client in a database (Figure 7.49).
The acceptance from the DHCP client of the DHCP server’s data is
called a DHCP lease. A DHCP lease is set for a fixed amount of time, gen-
erally five to eight days. Near the end of the lease time, the DHCP client
simply makes another DHCP Discover message. The DHCP server looks at
the MAC address information and, unless another computer has taken the
lease, always gives the DHCP client the same IP information, including the
same IP address.
DHCP servers can be set
up to reserve addresses for
specific machines through what’s
called, appropriately, DHCP
reservations. You use these for
servers inside your network, for
example, so if you had to change
their IP addresses for some
reason, you could do it from a
central location. The other option
is to use static IPs, but then you’d
need to log in to each server to
change the IP addresses.
Figure 7.47 • DHCP Server configuration screen
Figure 7.48 • DHCP Server options screen
BaseTech
Chapter 7: TCP/IP Basics
175
Living with DHCP
DHCP is very convenient and, as such, very popular. It’s so
popular that you’ll very rarely see a user’s computer on any
network using static addressing.
You should know how to deal with DHCP problems. The
single biggest issue is when a DHCP client tries to get a DHCP
address and fails. You’ll know when this happens because the
operating system will post some form of error telling you there’s
a problem (Figure 7.50) and the DHCP client will have a rather
strange address in the 169.254/16 network ID.
This special IP address is generated by Automatic Private IP
Addressing (APIPA). All DHCP clients are designed to generate
an APIPA address automatically if they do not receive a response
to a DHCP Discover message. The client only generates the last
two octets of an APIPA address. This enables the dynamic cli-
ents on a single network to continue to communicate with each
other because they are on the same network ID.
Unfortunately, APIPA cannot issue a default gateway, so
you’ll never get on the Internet using APIPA. That provides a
huge clue to a DHCP problem: you can communicate with other
computers on your network, but you can’t get to the Internet.
If you can’t get to the Internet, use whatever tool your OS
provides to check your IP address. If it’s an APIPA address, you
know instantly that you have a DHCP problem. First of all, try
to reestablish the lease manually. Every OS has some way to do
this. In Windows, you can type the following command:
ipconfig /renew
On a Mac, go to System Preferences and use the Network
utility (Figure 7.51).
Systems that use static
IP addressing can never have
DHCP problems.
Figure 7.49 • DHCP Request and DHCP Acknowledge
Figure 7.51 • Network utility in System Preferences
Figure 7.50 • DHCP error in Windows 7
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
176
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7
Sometimes you might find yourself
in a situation where your computer gets
confused and won’t grab an IP address
no matter what you try. In these cases,
you should first force the computer to
release its lease. In Windows, get to a
command prompt and type these two
commands; follow each by pressing
enter:
ipconfig /release
ipconfig /renew
In UNIX/Linux and Mac OS X, use the ifconfig command to release
and renew a DHCP address. Here’s the syntax to release:
sudo ifconfig eth0 down
And here’s the syntax to renew:
sudo ifconfig eth0 up
Depending on your distribution, you may not need to type sudo first,
but you will need to have root privileges to use ifconfig. Root privileges are
Linux’s version of administrative privileges in Windows.
Special IP Addresses
The folks who invented TCP/IP created a number of special IP addresses
you need to know about. The first special address is 127.0.0.1—the loopback
address. When you tell a device to send data to 127.0.0.1, you’re telling that
device to send the packets to itself. The loopback address has a number of
uses. One of the most common is to use it with the ping command. I use the
command ping 127.0.0.1 to test a NIC’s capability to send and receive
packets.
Lots of folks use TCP/IP in networks that either aren’t connected to the
Internet or want to hide their computers from the rest of Internet. Certain
groups of IP addresses, known as private IP addresses, are available to help in
these situations. All routers destroy private IP addresses. Those addresses
can never be used on the Internet, making them a handy way to hide sys-
tems. Anyone can use these private IP addresses, but they’re useless for
systems that need to access the Internet—unless you use the mysterious
and powerful NAT, which I’ll discuss in the next chapter. (Bet you’re dying
to learn about NAT now!) For the moment, however, let’s just look at the
ranges of addresses that are designated as private IP addresses:
10.0.0.0 through 10.255.255.255 (1 Class A license) ■
172.16.0.0 through 172.31.255.255 (16 Class B licenses) ■
192.168.0.0 through 192.168.255.255 (256 Class C licenses) ■
All other IP addresses are public IP addresses.
CompTIA loves TCP and
UDP port numbers, so make
sure you know that DHCP and
BOOTP servers use UDP ports
67 and 68. You’ll also see the
term BOOTPS on the exam,
which simply refers to a BOOTP
server (as opposed to BOOTPC
for a BOOTP client).
Make sure you know how to
configure your computers to use
static IP addressing and know
that you use ping to ensure they
can communicate. For dynamic
IP addressing, make sure you
know the common protocol—
DHCP—and the much older
protocol—BOOTP. Understand
that each client must have some
way to “turn on” DHCP. Also
understand the concept of a
DHCP client and a DHCP server.
Last but not least, be comfortable
with APIPA and releasing and
renewing a lease on a client.
Even though, by convention,
you use 127.0.0.1 as the
loopback address, the entire
127.0.0.0/8 subnet is reserved for
loopback addresses. You can use
any address in the 127.0.0.0/8
subnet as a loopback address.
Make sure you can quickly
tell the difference between a
private and a public IP address
for the CompTIA Network+ exam.
Tech Tip
Case Matters
With UNIX, Linux, and Mac OS X command-line commands, case matters. If
you run sudo ifconfig eth0 down all in lowercase, for example, your
Ethernet connection will drop as the DHCP or BOOTP lease is released. If you
try running the same command in uppercase, on the other hand, the Linux et
al. command prompt will look at you quizzically and then snort with derision.
“What’s this SUDO of which you speak?” And then give you a prompt for a
“real” command. Watch your case with UNIX/Linux/OS X!
BaseTech
177
Chapter 7: TCP/IP Basics
Chapter 7 Review■■
Chapter Summary ■
After reading this chapter and completing the exercises,
you should understand the following about TCP/IP.
Describe how the TCP/IP protocol suite works
Whereas MAC addresses are physical addresses ■
burned into the NIC, IP addresses are logical and
are assigned via software.
An IP address consists of 32 binary digits, often ■
written in dotted decimal notation to make it easier
for humans to read.
Every IP address must be unique on its network. ■
The utilities ipconfig (Windows) and ifconfig ■
(UNIX/Linux/Mac OS X) can be used to view IP
address information.
Every IP address contains both a network ID and ■
a host ID. Computers on the same network will
have the same network ID portion of an IP address
whereas the host ID portion will be unique.
The network’s router’s interface is called the ■
default gateway. Its IP address is used by hosts
to communicate off the network. The router uses
an internal routing table and network IDs to
determine where to send network packets.
A subnet mask helps to define the network ID of ■
an IP address. All computers on a specific network
share the same subnet mask.
An Address Resolution Protocol (ARP) broadcast ■
is used to determine the MAC address of the
destination computer based on its IP address.
Subnet masks are often written with the IP ■
address in slash notation, such as 201.23.45.123/24.
In this example, the IP address is 201.23.45.123
and the subnet mask consists of 24 ones, or
11111111.11111111.11111111.00000000 (255.255.255.0).
The Internet Assigned Numbers Authority (IANA) ■
is the organization responsible for tracking
and dispersing IP addresses to Internet service
providers.
A broadcast is sent to every computer on the ■
network. A unicast is sent from one node to one
other node. A multicast is sent from one computer
to multiple nodes.
Explain CIDR and subnetting
Subnet masks enable network adapters to ■
determine whether incoming packets are being
sent to a local network address or a remote
network.
A subnet mask is similar in form to an IP address. ■
Subnet masks consist of some number of ones,
followed by zeroes, for a total of 32 bits.
Subnetting is done by organizations when they ■
need to create multiple networks.
Classless Inter-Domain Routing (CIDR) is when an ■
ISP subnets a block of addresses and passes them
out to smaller customers.
Computers use subnet masks to distinguish (sub) ■
network IDs from host IDs. Any bit on the full IP
address that corresponds to a 1 on the subnet mask
is part of the network ID. Any uncovered (turned
off or = “0”) bits show the host ID of an IP address.
Assignable IP addresses come in three basic classful ■
address types: Class A, Class B, and Class C.
The Class A range of addresses has its first octet ■
anywhere from 1 through 126. The default Class A
subnet mask is 255.0.0.0.
A Class B address has its first octet anywhere from ■
128 through 191. Class B subnets use a mask of
255.255.0.0.
Class C addresses range from 192 through 223, ■
with the standard Class C subnet mask set to
255.255.255.0.
Classless subnets do away with neat subnet ■
masks. These subnet masks employ other binary
representations in the masking process. For
example, 255.255.255.0 is a standard Class C subnet
mask, allowing for one subnet of 254 systems.
Contrast that example with using subnet mask
255.255.255.240, which would allow for 14 subnets
with 14 systems each.
178
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7
Describe the functions of static and dynamic
IP addresses
Static addressing requires the IP address, subnet ■
mask, and default gateway to be entered manually.
Dynamic addressing uses the Dynamic Host ■
Configuration Protocol (DHCP) to assign an IP
address, subnet mask, and default gateway to a
network client.
A network client is assigned an IP address from ■
a DHCP server by exchanging the following
packets: DHCP Discover, DHCP Offer, DHCP
Request, and DHCP Acknowledge.
The data accepted by the DHCP client is called ■
the DHCP lease, which is good for a fixed period
of time. The time varies based on how the DHCP
server was configured.
A DHCP client that fails to acquire a DHCP ■
lease from a DHCP server self-generates an IP
address and subnet mask via Automatic Private IP
Addressing (APIPA). This address falls in the Class
B range of 169.254.x.x /16.
The 127.0.0.1 loopback address used in testing is a ■
reserved IP address.
Private IP addresses include the following ranges: ■
10.0.0.0–10.255.255.255 (Class A)
172.16.0.0–172.31.255.255 (Class B)
192.168.0.0–192.168.255.255 (Class C)
Key Terms ■
Address Resolution Protocol (ARP) (160)
Automatic Private IP Addressing (APIPA) (175)
Bootstrap Protocol (BOOTP) (173)
broadcast (163)
Classless Inter-Domain Routing (CIDR) (163)
class license (162)
datagram (148)
default gateway (156)
DHCP lease (174)
dotted decimal notation (152)
dynamic addressing (170)
Dynamic Host Configuration Protocol (DHCP) (173)
host ID (156)
ifconfig (155)
Internet Assigned Numbers Authority (IANA) (162)
Internet Control Message Protocol (ICMP) (146)
Internet Protocol (IP) (146)
Internet Protocol version four (IPv4) (146)
IP addressing (151)
ipconfig (153)
loopback address (176)
multicast (163)
network ID (156)
protocol (145)
protocol suite (145)
routing table (156)
segment (148)
static addressing (170)
subnet mask (159)
subnetting (163)
Transmission Control Protocol (TCP) (147)
unicast (163)
User Datagram Protocol (UDP) (147)
Key Term Quiz ■
Use the Key Terms list to complete the sentences that
follow. Not all terms will be used.
The _______________ portion of an IP address 1.
resembles 192.168.17.0.
The _______________ portion of an IP address 2.
assigned to a host computer consists of from one
to three octets, with the final octet between 1
and 254.
The single organization that distributes IP 3.
addresses is called _______________.
The IP address 10.11.12.13 is a valid 4.
_______________ address.
BaseTech
179
Chapter 7: TCP/IP Basics
The command _______________ is a utility that 5.
comes with Microsoft Windows to show TCP/IP
settings.
The command _______________ is a utility for 6.
UNIX/Linux/Mac OS X used to show TCP/IP
settings.
The _______________ is used to translate IP 7.
addresses to MAC addresses.
Computers set for dynamic addressing 8.
that cannot locate a DHCP server use
_______________ to assign themselves an IP
address.
The router interface is commonly known as the 9.
_______________.
The _______________ is a 32-bit binary number 10.
common to all computers on a network that is
used to determine to which network a computer
belongs.
Multiple-Choice Quiz ■
What is the result of converting 1.
11110000.10111001.00001000.01100111 to dotted
decimal notation?
4.5.1.5A.
240.185.8.103B.
15.157.16.230C.
103.8.185.240D.
What does IANA stand for?2.
International Association Numbers AuthorityA.
International Association Numbering B.
Authority
Internet Assigned Numbering AuthorityC.
Internet Assigned Numbers AuthorityD.
Which of the following describe IPv4? 3.
(Select three.)
Uses decimal, not hexadecimal numbersA.
Uses periods, not colons, as separatorsB.
Uses four octetsC.
Uses eight sets of charactersD.
What is the result of converting 192.168.0.1 to 4.
binary?
11000000.10101000.00000000.00000001A.
11000000.10101000.00000000.10000000B.
11000000.10101000.00000000.1C.
11.10101.0.1D.
Which of the following are not valid IP 5.
addresses to assign to a Windows-based system?
(Select two.)
1.1.1.1/24A.
127.0.0.1/24B.
250.250.250.255/24C.
192.168.0.1/24D.
Which of the following is a valid assignable 6.
Class A IP address?
22.33.44.55A.
127.0.0.1B.
250.250.250.250C.
192.168.0.1D.
Which of the following is a valid Class B IP 7.
address?
10.10.10.253A.
191.254.254.254B.
192.168.1.1C.
223.250.250.1D.
Which of the following is a valid Class C IP 8.
address?
50.50.50.50A.
100.100.100.100B.
192.168.0.254C.
250.250.250.250D.
Which method sends a packet from a single 9.
computer to a group of interested computers?
Select the best answer.
BroadcastA.
UnicastB.
MulticastC.
OmnicastD.
180
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7
What processes are used to take a single class of 10.
IP addresses and chop it up into multiple smaller
groups? (Select two.)
CIDRA.
pingB.
SubnettingC.
SubnittingD.
Which statements about subnet masks are true? 11.
(Select two.)
Every network client has a unique subnet A.
mask.
Every client on a network shares the same B.
subnet mask.
A subnet mask consists of a string of zeroes C.
followed by a string of ones.
A subnet mask consists of a string of ones D.
followed by a string of zeroes.
In which order are packets created and sent 12.
when a client requests an IP address from a
DHCP server?
DHCP Discover, DHCP Offer, DHCP A.
Request, DHCP Acknowledge
DHCP Discover, DHCP Request, DHCP B.
Offer, DHCP Acknowledge
DHCP Request, DHCP Offer, DHCP C.
Discover, DHCP Acknowledge
DHCP Request, DHCP Offer, DHCP D.
Acknowledge, DHCP Discover
Which of the following is13. not a valid classful
subnet mask?
255.0.0.0A.
255.255.0.0B.
255.255.255.0C.
255.255.255.255D.
Which command would you use to force a 14.
DHCP request on a Windows computer?
ifconfig /allA.
ifconfig /renewB.
ipconfig /releaseC.
ipconfig /renewD.
Which of the following IP addresses indicates 15.
a computer configured for dynamic addressing
was unable to locate a DHCP server?
255.255.255.255A.
192.168.1.1B.
127.0.0.1C.
169.254.1.30D.
Essay Quiz ■
Use your Web browser to go to the following 1.
Web site: www.webopedia.com. Search for the
full term TCP/IP. Write down its definition on a
piece of paper, being sure to cite the exact Web
site link to give credit to where you obtained the
information.
You and a classmate are trying to calculate the 2.
number of possible IPv4 addresses versus IPv6
addresses. (The TCP/IP powers that be created
the IPv6 addressing system to replace the IPv4
system discussed in this chapter. Because I
feel IPv6 is going to be extremely important
for all techs to understand in the future, this
book devotes a full chapter to the subject—
Chapter 13.) Research the Internet to discover
exactly how many addresses are available for
each of these numbering schemes. Document
your findings in a short essay.
A new intern is confused about the CIDR 3.
notation for subnets, such as 192.168.1/24. In
your own words, explain to him why the part
in front of the slash represents only three of the
four octets in an IP address and what the number
after the slash is.
www.webopedia.com
BaseTech
181
Chapter 7: TCP/IP Basics
Lab Project 7.1 •
Lab ProjectsLab Projects
Use the Internet to research the components of
what an individual TCP packet and an IP packet
might look like. You can search on keywords
such as “sample,” “TCP,” “IP,” “session,” and
“packet.” Create a reference document that has
links to five sites with appropriate information.
Save the document, so the links contain
hyperlinks that you can click. Then write an
additional paragraph describing your overall
findings. Print one copy as well.
Lab Project 7.2 •
Starting with the IP address 192.42.53.12, create a
list of IP address ranges for six subnets.
Lab Project 7.3 •
Log in to any available networked Windows
computer. Select Start | Run or just Start, type
cmd, and press enter to open a command
prompt; from the command prompt, type
ipconfig /all, and then press enter. Fill
in as much information as you can from your
screen onto a sheet like the following (or create
one as directed by your instructor):
Host Name:
Primary DNS Suffix:
Node Type:
IP Routing Enabled:
WINS Proxy Enabled:
DNS Suffix Search List:
Connection-specific DNS Suffix:
Description: Physical Address:
DHCP Enabled:
Autoconfiguration Enabled:
IP Address:
Subnet Mask:
Default Gateway:
DHCP Server:
DNS Servers:
Primary WINS Server:
Lease Obtained:
Lease Expires:
8
chapter
182
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8
The Wonderful World
of Routing
“Youngsters read it, grown men
understand it, and old people
applaud it.”
—Miguel de Cervantes
In this chapter, you will learn
how to
Explain how routers work■■
Describe dynamic routing ■■
technologies
Install and configure a router ■■
successfully
The true beauty and amazing power of TCP/IP lies in one word: routing. Routing enables us to interconnect individual LANs into WANs. Routers,
the magic boxes that act as the interconnection points, have all the built-in
smarts to inspect incoming packets and forward them toward their eventual LAN
destination. Routers are, for the most part, automatic. They require very little in
terms of maintenance once their initial configuration is complete because they can
talk to each other to determine the best way to send IP packets. The goal of this
chapter is to take you into the world of routers and show you how they do this.
The chapter discusses how routers work, including an in-depth look at
different types of Network Address Translation (NAT), and then dives into an
examination of various dynamic routing protocols. You’ll learn about distance
vector protocols, including Routing Information Protocol (RIP) and Border
Gateway Protocol (BGP), among others. The chapter finishes with the nitty-
gritty details of installing and configuring a router successfully. Not only will
you understand how routers work, you should be able to set up a basic home
router and diagnose common router issues by the end of this chapter.
BaseTech
Chapter 8: The Wonderful World of Routing
183
Historical/Conceptual
How Routers Work■■
A router is any piece of hardware that forwards packets based on their des-
tination IP address. Routers work, therefore, at the Network layer of the
OSI model and at the Internet layer of the TCP/IP model.
Classically, routers are dedicated boxes that contain at least two con-
nections, although many routers contain many more connections. In a
business setting, for example, you might see a Cisco 2600 Series device,
one of the most popular routers ever
made. These routers are a bit on the
older side, but Cisco builds their rout-
ers to last. With occasional software
upgrades, a typical router will last for
many years. The 2611 router shown
in Figure 8.1 has two connections (the
other connections are used for maintenance and
configuration). The two “working” connections are
circled. One port leads to one network; the other
leads to another network. The router reads the IP
addresses of the packets to determine where to send
the packets. (I’ll elaborate on how that works in a
moment.)
Most techs today get their first exposure to rout-
ers with the ubiquitous home routers that enable PCs
to connect to a DSL modem or a cable modem (Fig-
ure 8.2). The typical home router, however, serves
multiple functions, often combining a router, a switch, and other
features like a firewall (for protecting your network from intrud-
ers), a DHCP server, and much more into a single box.
Figure 8.3 shows the electronic diagram for a two-port Cisco
router, whereas Figure 8.4 shows the diagram for a Linksys
home router.
Note that both boxes connect two networks. The big difference
is that the LAN side of the Linksys home router connects immedi-
ately to the built-in switch. That’s convenient! You don’t have to
Figure 8.1 • Cisco 2611 router
See Chapter 16 for an in-
depth look at firewalls and other
security options.
Figure 8.2 • Business end of a typical home router
Figure 8.4 • Linksys home router diagramFigure 8.3 • Cisco router diagram
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
184
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8
buy a separate switch to connect multiple computers to the cable modem
or DSL receiver. Many users and even some new techs look at that router,
though, and say, “It has five ports so it’ll connect to five different networks,”
when in reality it can connect only two networks. The extra physical ports
belong to the built-in switch.
All routers—big and small, plain or bundled with a switch—examine
packets and then send the packets to the proper destination. Let’s take a
look at that process in more detail now.
Test Specific
Routing Tables
Routing begins as packets come into the router for
handling (Figure 8.5). The router immediately
strips off any of the Layer 2 information and drops
the resulting IP packet into a queue (Figure 8.6).
The important point to make here is that the router
doesn’t care where the packet originated. Every-
thing is dropped into the same queue based on the
time it arrived.
The router inspects each packet’s destination
IP address and then sends the IP packet out the
correct port. To perform this inspection, each
router comes with a routing table that tells the
router exactly where to send the packets. Fig-
ure 8.7 shows the simple routing table for a typi-
cal home router. This router has only two ports
Figure 8.6 • All incoming packets stripped of Layer 2 data and dropped into a common
queue
Figure 8.5 • Incoming packets
BaseTech
Chapter 8: The Wonderful World of Routing
185
internally: one that connects to whichever type of service provider you
use to bring the Internet into your home (cable/DSL/fiber or whatever)—
labeled as WAN in the Interface column of the table—and another one
that connects to a built-in four-port switch—labeled LAN in the table. Fig-
ure 8.8 is a diagram for the router. Let’s inspect this router’s routing table;
this table is the key to understanding and controlling the process of for-
warding packets to their proper destination.
Each row in this little router’s simple routing table
defines a single route. Each column identifies specific
criteria. Reading Figure 8.7 from left to right shows the
following:
Destination LAN IP ■ A defined network ID.
Every network ID directly connected to one of the
router’s ports is always listed here.
Subnet Mask ■ To define a network ID, you need
a subnet mask (described in Chapter 7).
Your router uses the combination of the destination
LAN IP and subnet mask to see if a packet matches that
route. For example, if you had a packet with the destina-
tion 10.12.14.26 coming into the router, the router would
check the network ID and subnet mask. It would quickly
determine that the packet matches the first route shown
in Figure 8.7. The other two columns in the routing table
then tell the router what to do with the packet:
Gateway ■ The IP address for the next hop router;
in other words, where the packet should go. If the
outgoing packet is for a network ID that’s not directly connected
to the router, the Gateway column tells the router the IP address
of a router to which to send this packet. That router then handles
the packet and your router is done (you count on well-configured
routers to make sure your packet will get to where it needs to go!). If
the network ID is directly connected, then you don’t need a gateway.
Based on what’s needed, this is set to 0.0.0.0 or to the IP address of
the directly connected port.
Interface ■ Tells the router which of its ports to use. On this router,
it uses the terms “LAN” and “WAN.” Other routing tables use the
port’s IP address or some other type of abbreviation. Cisco routers,
for example, use f0/0, f0/1, and so on.
Figure 8.7 • Routing table from a home router
Destination LAN IP
Routing Table Entry List
Subnet mask Gateway Interface
10.12.14.0 255.255.255.0 0.0.0.0 LAN
76.30.4.0 255.255.254.0 0.0.0.0 WAN
0.0.0.0 0.0.0.0 76.30.4.1 WAN
Refresh
Close
Figure 8.8 • Electronic diagram of the router
Cross Check
What’s Up with Layer 2?
You first read about routers stripping packets of all their Layer 2 (OSI)/
Link layer (TCP/IP) information way back in Chapter 2, so check your
memory now. What defines the Layer 2 information? How is it assigned?
How does it interact with Layer 1? Are there any differences between
the TCP/IP model’s Link layer and the OSI’s Data Link layer?
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
186
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8
The router compares the destination IP address on a packet to every list-
ing in the routing table and then sends the packet out.
The router reads every line and then decides what to do. Some routers
compare a packet to the routing table by starting from the top down and
other routers read from the bottom up. The direction the router chooses to
read the routing table isn’t important because the router must compare the
destination IP address to every route in the routing table. The most impor-
tant trick to reading a routing table is to remember that a zero (0) means
“anything.” For example, in Figure 8.7, the first route’s destination LAN
IP is 10.12.14.0. You can compare that to the subnet mask (255.255.255.0) to
confirm that this is a /24 network. This tells you that any value (between 1
and 254) is acceptable for the last value in the 10.12.14/24 network ID.
Routing tables tell you a lot about the network connections. From just
this single routing table, for example, the diagram in Figure 8.9 can be
drawn.
So how do I know the 76.30.4.1 port connects to another network? The
third line of the routing table shows the default route for this router, and
every router has one. (There’s one exception to this. See the Tech Tip “Top
o’ the Internet.”) This line says
(Any destination address) (with any subnet mask) (forward it to 76.30.4.1)
(using my WAN port)
Destination LAN IP Subnet Mask Gateway Interface
0.0.0.0 0.0.0.0 76.30.4.1 WAN
The default route is very important because this tells the router exactly
what to do with every incoming packet unless another line in the routing
table gives another route. Excellent! Interpret the other two lines of the rout-
ing table in Figure 8.7 in the same fashion:
(Any packet for the 10.12.14.0) (/24 network ID) (don’t use a gateway)
(just ARP on the LAN interface to get the MAC address and send it
directly to the recipient)
Figure 8.9 • The network based on the routing table in Figure 8.7
Tech Tip
Top o’ the Internet
There are two places where you’ll
find routers that do not have
default routes: private (as in not
on the Internet) internetworks,
where every router knows about
every single network, and the
monstrous “Tier One” backbone,
where you’ll find the routers that
make the main connections of the
Internet. Every other router has a
default route.
BaseTech
Chapter 8: The Wonderful World of Routing
187
Destination LAN IP Subnet Mask Gateway Interface
10.12.14.0 255.255.255.0 0.0.0.0 LAN
(Any packet for the 76.30.4.0) (/23 network ID) (don’t use a gateway) (just
ARP on the WAN interface to get the MAC address and send it directly to
the recipient)
Destination LAN IP Subnet Mask Gateway Interface
76.30.4.0 255.255.254.0 0.0.0.0 WAN
I’ll let you in on a little secret. Routers aren’t the only devices that use
routing tables. In fact, every node (computer, printer, TCP/IP-capable soda
dispenser, whatever) on the network also has a routing table.
At first, this may seem silly—doesn’t every computer only have a sin-
gle Ethernet connection and, therefore, all data traffic has to go out that
port? First of all, many computers have more than one NIC. (These are
called multihomed computers. See the Tech Tip “Multihoming” for more
details.) But even if your computer has only a single NIC, how does it
know what to do with an IP address like 127.0.01? Second, every packet
sent out of your computer uses the routing table to figure out where the
packet should go, whether directly to a node on your network or to your
gateway. Here’s an example of a routing table in Windows. This machine
connects to the home router described earlier, so you’ll recognize the IP
addresses it uses.
Tech Tip
Multihoming
Multihoming is using more
than one NIC in a system, either
as a backup or to speed up a
connection. Systems that can’t
afford to go down (like Web
servers) often have two NICs that
share the same IP address. If one
NIC goes down, the other kicks in
automatically.
C:\>route print
===========================================================================
Interface List
0x1 ……………………… MS TCP Loopback interface
0x2 …00 11 d8 30 16 c0 …… NVIDIA nForce Networking Controller
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.12.14.1 10.12.14.201 1
10.12.14.0 255.255.255.0 10.12.14.201 10.12.14.201 1
10.12.14.201 255.255.255.255 127.0.0.1 127.0.0.1 1
10.12.14.255 255.255.255.255 10.12.14.201 10.12.14.201 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 10.12.14.201 10.12.14.201 20
224.0.0.0 240.0.0.0 10.12.14.201 10.12.14.201 1
255.255.255.255 255.255.255.255 10.12.14.201 10.12.14.201 1
Default Gateway: 10.12.14.1
===========================================================================
Persistent Routes:
None
C:\>
Unlike the routing table for the typical home router you saw in Fig-
ure 8.7, this one seems a bit more complicated, if for no other reason than
it has a lot more routes. My PC has only a single NIC, though, so it’s not
quite as complicated as it might seem at first glance. Take a look at the
details. First note that my computer has an IP address of 10.12.14.201/24
and 10.12.14.1 as the default gateway.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
188
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8
You should note two differences in the columns from what you
saw in the previous routing table. First, the interface has an actual IP
address—10.12.14.201, plus the loopback of 127.0.0.1—instead of the word
“LAN.” Second—and this is part of the magic of routing—is something
called the metric.
A metric is just a relative value that defines the “cost” of using this
route. The power of TCP/IP is that a packet can take more than one route
to get to the same place. Figure 8.10 shows a networked router with two
routes to the same place. The router has a route to Network B with a metric
of 1 using Route 1, and a second route to Network B using Route 2 with a
metric of 10.
Figure 8.10 • Two routes to the same network
Lowest routes always win. In this case, the router will always use the
route with the metric of 1, unless that route suddenly stopped working. In
that case, the router would automatically switch to the route with the 10
metric (Figure 8.11). This is the cornerstone of how the Internet works! The
entire Internet is nothing more than a whole bunch of big, powerful routers
connected to lots of other big, powerful routers. Connections go up and
down all the time, and routers (with multiple routes) constantly talk to each
other, detecting when a connection goes down and automatically switching
to alternate routes.
I’ll go through this routing table
one line at a time. Remember, every
address is compared to every line in
the routing table before it goes out, so
it’s no big deal if the default route is
at the beginning or the end. Windows
machines read from bottom up, going
through all local addresses before
going out to the router, so that’s how
I’ll go through it here.
The bottom line defines the default
IP broadcast. If you send out an IP broad-
cast (255.255.255.255), your NIC knows
to send it out to the local network.
When a router has more
than one route to the same
network, it’s up to the person in
charge of that router to assign a
different metric for each route.
With dynamic routing protocols
(discussed in detail later in the
chapter in “Dynamic Routing”),
the routers determine the proper
metric for each route.
Figure 8.11 • When a route no longer works, the router automatically switches.
Tech Tip
Viewing Routing
Tables in Linux and OS X
Every modern operating system
gives you tools to view a
computer’s routing table. Most
techs use the command line or
terminal window interface—often
called simply terminal—because
it’s fast. To see your routing table
in Windows, Linux, or in Mac
OS X, for example, type this
command at a terminal:
netstat –r
In Windows, try this command
as an alternative:
route print
Network Destination Netmask Gateway Interface Metric
255.255.255.255 255.255.255.255 10.12.14.201 10.12.14.201 1
BaseTech
Chapter 8: The Wonderful World of Routing
189
The next line up is the multicast address range. Odds are good you’ll
never need it, but most operating systems put it in automatically.
Network Destination Netmask Gateway Interface Metric
224.0.0.0 240.0.0.0 10.12.14.201 10.12.14.201 1
The next route says that any addresses in the 169.254/16 network ID are
part of the LAN (remember, whenever the gateway and interface are the
same, the connection is local). If your computer uses Dynamic Host Con-
figuration Protocol (DHCP) and can’t get an IP address, this route would
enable you to communicate with other computers on the network that are
also having the same DHCP problem. Note the high metric.
Network Destination Netmask Gateway Interface Metric
169.254.0.0 255.255.0.0 10.12.14.201 10.12.14.201 20
This next line is another loopback, but examine it carefully. Earlier you
learned that only 127.0.0.1 is the loopback, but according to this route, any
127/8 address is the loopback.
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
The next line up is the directed broadcast. Occasionally your computer
needs to send a broadcast to the other computers on the same network ID.
That’s what this row signifies. This difference between a directed broadcast
and a full broadcast is the former goes only to the targeted subnet, not the
full broadcast domain.
Network Destination Netmask Gateway Interface Metric
10.12.14.255 255.255.255.255 0.12.14.201 10.12.14.201 1
Okay, on to the next line. This one’s easy. Anything addressed to this
machine should go right back to it through the loopback (127.0.0.1).
Network Destination Netmask Gateway Interface Metric
10.12.14.201 255.255.255.255 127.0.0.1 127.0.0.1 1
The next line defines the local connection: (Any packet for the 10.12.14.0)
(/24 network ID) (don’t use a gateway) (just ARP on the LAN interface to get the
MAC address and send it directly to the recipient) (Cost of 1 to use this route).
Network Destination Netmask Gateway Interface Metric
10.12.14.0 255.255.255.0 10.12.14.201 10.12.14.201 1
So, if a gateway of 10.12.14.201 here means “don’t use a gateway,” why
put a number in at all? Local connections don’t use the default gateway,
although every routing table has a gateway column. The Microsoft folks
had to put something there, thus they put the IP address of the NIC. That’s
Try This!
Getting Looped
Try pinging any 127/8 address to see if it loops back like 127.0.0.1. What
happens?
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
190
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8
why the gateway address is the same as the interface address. The NIC is
the gateway between the local PC and the destination. Just pass it out the
NIC and the destination will get it.
This is how Windows XP displays the gateway on this line. In Windows
Vista and Windows 7, the gateway value for local connections just says “on-
link”—a clear description! Part of the joy of learning routing tables is get-
ting used to how different operating systems deal with issues like these.
The top line defines the default route: (Any destination address) (with any
subnet mask) (forward it to my default gateway) (using my NIC) (Cost of 1 to use
this route). Anything that’s not local goes to the router and from there out to
the destination (with the help of other routers).
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.12.14.1 10.12.14.201 1
Just for fun, let’s add one more routing table; this time from my old
Cisco 2811, which is still connecting me to the Internet after all these years!
I access the Cisco router remotely from my Windows 7 system using a tool
called PuTTY (you’ll see more of PuTTY throughout this book), log in, and
then run this command:
show ip route
Don’t let all the text confuse you. The first part, labeled Codes, is just
a help screen to let you know what the letters at the beginning of each
row mean:
Gateway#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is 208.190.121.38 to network 0.0.0.0
C 208.190.121.0/24 is directly connected, FastEthernet0/1
C 192.168.4.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 208.190.121.38
These last three lines are the routing table. The router has two Ethernet
interfaces called FastEthernet0/1 and FastEthernet0/0. This is how Cisco
names router interfaces.
Reading from the top, you see that FastEthernet 0/1 is directly con-
nected (the C at the beginning of the line) to the network 208.190.121.0/24.
Any packets that match 208.190.121.0/24 go out on FastEthernet0/1.
Equally, any packets for the connected 192.168.4.0/24 network go out on
FastEthernet0/0. The last route gets an S for static because I entered it in
manually. The asterisk (*) shows that this is the default route.
In this section, you’ve seen three different types of routing tables from
three different types of devices. Even though these routing tables have
BaseTech
Chapter 8: The Wonderful World of Routing
191
different ways to list the routes and different ways to show the categories,
they all perform the same job: moving IP packets to the correct interface to
ensure they get to where they need to go.
Freedom from Layer 2
Routers enable you to connect different types of network technologies. You
now know that routers strip off all of the Layer 2 data from the incoming
packets, but thus far you’ve only seen routers that connect to different Eth-
ernet networks—and that’s just fine with routers. But routers can connect to
almost anything that stores IP packets. Not to
take away from some very exciting upcoming
chapters, but Ethernet is not the only network-
ing technology out there. Once you want to
start making long-distance connections, Eth-
ernet disappears, and technologies with
names like Data-Over-Cable Service Interface
Specification (DOCSIS) (cable modems),
Frame Relay, and Asynchronous Transfer
Mode (ATM) take over. These technologies
are not Ethernet, and they all work very dif-
ferently than Ethernet. The only common fea-
ture of these technologies is they all carry IP
packets inside their Layer 2 encapsulations.
Most serious (that is, not home) routers enable you to add interfaces.
You buy the router and then snap in different types of interfaces depending
on your needs. Note the Cisco router in Figure 8.12. Like most Cisco rout-
ers, it comes with removable modules.
If you’re connecting Ethernet to ATM, you buy an Ethernet module and
an ATM module. If you’re connecting Ethernet to a DOCSIS (cable modem)
network, you buy an Ethernet module and a DOCSIS module.
Network Address Translation
The ease of connecting computers together using TCP/IP and routers cre-
ates a rather glaring security risk. If every computer on a network must
have a unique IP address, and TCP/IP applications enable you to do some-
thing on a remote computer, what’s to stop a malicious programmer from
writing a program that does things on your computer that you don’t want
done? All he or she would need is the IP address for your computer and the
attacker could target you from anywhere on the network. Now expand this
concept to the Internet. A computer sitting in Peoria can be attacked by a
program run from Bangkok as long as both computers connect directly to
the Internet. And this happens all the time.
Security is one problem. The other is a deal breaker—the IANA assigned
the last of the IPv4 addresses as of February 2011. Although you can still
get an IP address from an ISP, the days of easy availability are over. Rout-
ers running some form of Network Address Translation (NAT) hide the IP
addresses of computers on the LAN but still enable those computers to
Figure 8.12 • Modular Cisco router
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
192
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8
communicate with the broader Internet. NAT extended the useful life of
IPv4 addressing on the Internet for many years. NAT is extremely common
and heavily in use, so learning how it works is important. Note that many
routers offer NAT as a feature in addition to the core capability of routing.
NAT is not routing, but a separate technology. With that said, you are ready
to dive into how NAT works to protect computers connected by router tech-
nology and conserve IP addresses as well.
The Setup
Here’s the situation. You have a LAN with eight computers that need
access to the Internet. With classic TCP/IP and routing, several things
have to happen. First, you need to get a block of legitimate, unique,
expensive IP addresses from an Internet service provider (ISP). You could
call up an ISP and purchase a network ID, say 1.2.3.136/29. Second, you
assign an IP address to each computer and to the LAN connection on the
router. Third, you assign the IP address for the ISP’s router to the WAN
connection on the local router, such as 1.2.4.1. After everything is config-
ured, the network looks like Figure 8.13. All of the clients on the network
have the same default gateway (1.2.3.137). This router, called a gateway
router (or simply a gateway), acts as the default gateway for a number of
client computers.
Figure 8.13 • Network setup
BaseTech
Chapter 8: The Wonderful World of Routing
193
This style of network mirrors how computers in LANs throughout the
world connected to the Internet for the first 20 years, but the major prob-
lems of security and a finite number of IP addresses worsened as more and
more computers connected.
NAT solved both of these issues for many years. NAT is a simple con-
cept: The router replaces the source IP address of a computer with its out-
side interface address on outgoing packets. The simplest NAT, called basic
NAT, does exactly that, translating the private or internal IP address to a
global IP address on a one-to-one basis.
Port Address Translation
Most internal networks today don’t have one machine, of course. Instead,
they use a block of private IP addresses for the hosts inside the network.
They connect to the Internet through one or more public IP addresses.
The most common form of NAT that handles this
one-to-many connection—called Port Address Trans-
lation (PAT)—uses port numbers to map traffic from
specific machines in the network. Let’s use a simple
example to make the process clear. John has a net-
work at his office that uses the private IP address-
ing space of 192.168.1.0/24. All the computers in
the private network connect to the Internet through
a single PAT router with the global IP address of
208.190.121.12/24. See Figure 8.14.
When an internal machine initiates a session
with an external machine, such as a Web browser
accessing a Web site, the source and destination IP
addresses and port numbers for the TCP segment
or UDP datagram are recorded in the PAT’s transla-
tion table, and the private IP address is swapped for
the public IP address on each packet. Plus, the port
number used by the internal computer for the session is also translated into
a unique port number and the router records this as well. See Figure 8.15.
Figure 8.15 • PAT in action—changing the source IP address and port number to something usable
on the Internet
NAT replaces the source
IP address of a computer with
the source IP address from
the outside router interface
on outgoing packets. NAT is
performed by NAT-capable
routers.
Figure 8.14 • John’s network setup
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
194
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8
Table 8.1 shows a sample of the translation table inside the PAT router.
Note that more than one computer translation has been recorded.
Table 8.1 Sample NAT Translation Table
Source Translated Source Destination
192.168.1.12:7000 208.190.121.12:7500
192.168.1.24:13245 208.190.121.12:15000 17.5.85.11:80
When the receiving system sends the packet back, it reverses the IP
addresses and ports. The PAT router compares the incoming destination
port and source IP address to the entry in the NAT translation table to deter-
mine which IP address to put back on the packet. It then sends the packet to
the correct computer on the network.
This mapping of internal IP address and port number to a translated
IP address and port number enables perfect tracking of packets out and in.
PAT can handle many internal computers with a single public IP address
because the TCP/IP port number space is big, as you’ll recall from Chap-
ter 7, with values ranging from 1 to 65535. Some of those port numbers are
used for common protocols, but many thousands are available for PAT to
work its magic.
PAT takes care of all of the problems facing a network exposed to the
Internet. You don’t have to use legitimate Internet IP addresses on the LAN
and the IP addresses of the computers behind the routers are invisible and
protected from the outside world.
Since the router is revising the packets and recording the IP address and
port information already, why not enable it to handle ports more aggres-
sively? Enter port forwarding, stage left.
Port Forwarding
The obvious drawback to relying exclusively on PAT for network address
translation is that it only works for outgoing communication, not incoming
communication. For traffic originating outside the network to access an
internal machine, such as a Web server hosted inside your network, you
need to use other technologies.
Static NAT (SNAT) maps a single routable (that is, not private) IP
address to a single machine, enabling you to access that machine from
outside the network. The NAT keeps track of the IP address or addresses
and applies them permanently on a one-to-one basis with computers on
the network.
With port forwarding, you can designate a specific local address for
various network services. Computers outside the network can request a
service using the public IP address of the router and the port number
of the desired service. The port-forwarding router would examine the
packet, look at the list of services mapped to local addresses, and then
send that packet along to the proper recipient.
Chapter 9 goes into port
numbers in great detail.
Despite the many uses in
the industry of the acronym
SNAT, the CompTIA Network+
exam uses SNAT for Static NAT
exclusively.
Tech Tip
Dynamic NAT
With dynamic NAT, many
computers can share a pool of
routable IP addresses that number
fewer than the computers. The
NAT might have 10 routable IP
addresses, for example, to serve
40 computers on the LAN. LAN
traffic uses the internal, private
IP addresses. When a computer
requests information beyond the
network, the NAT doles out a
routable IP address from its pool
for that communication. Dynamic
NAT is also called Pooled NAT.
This works well enough—unless
you’re the unlucky 11th person
to try to access the Internet from
behind the company NAT—but
has the obvious limitation of still
needing many true, expensive,
routable IP addresses.
BaseTech
Chapter 8: The Wonderful World of Routing
195
You can use port forwarding to hide a service hosted inside your
network by changing the default port number for that service. To hide
an internal Web server, for example, you could change the request port
number to something other than port 80, the default for HTTP traffic. The
router in Figure 8.16, for example, is configured to forward all port 8080
packets to the internal Web server at port 80.
Figure 8.16 • Setting up port forwarding on a home router
To access that internal Web site from outside your local network, you
would have to change the URL in the Web browser by specifying the port
request number. Figure 8.17 shows a browser that has :8080 appended to
the URL, which tells the browser to make the HTTP request to port 8080
rather than port 80.
Most browsers require
you to write out the full URL,
including HTTP://, when using a
nondefault port number.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
196
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8
Configuring NAT
Configuring NAT on home routers is a no-brainer as these boxes invari-
ably have NAT turned on automatically. Figure 8.18 shows the screen on
my home router for NAT. Note the radio buttons that say Gateway and
Router.
By default, the router is set to Gateway, which is
Linksys-speak for “NAT is turned on.” If I wanted to turn
off NAT, I would set the radio button to Router.
Figure 8.19 shows a router configuration screen on a
Cisco router. Commercial routers enable you to do a lot
more with NAT.
Dynamic Routing■■
Based on what you’ve read up to this point, it would seem that routes in
your routing tables come from two sources: either they are manually entered
or they are detected at setup by the router. In either case, a route seems to
be a static beast, just sitting there and never changing. And based on what
you’ve seen so far, that is absolutely true. Routers have static routes. But
most routers also have the capability to update their routes dynamically,
assuming they’re provided with the extra smarts in the form of dynamic
routing protocols.
Figure 8.17 • Changing the URL to access a Web site using a nondefault port number
Figure 8.18 • NAT setup on home router
BaseTech
Chapter 8: The Wonderful World of Routing
197
If you’ve been reading carefully, you might be tempted at this point to
say, “Why do I need this dynamic routing stuff? Don’t routers use metrics
so I can add two or more routes to another network ID in case I lose one of
my routes?” Yes, but metrics really only help when you have direct connec-
tions to other network IDs. What if your routers look like Figure 8.20?
Figure 8.20 • Lots of routers
Figure 8.19 • Configuring NAT on a commercial-grade router
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
198
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8
Do you really want to try to set up all these routes statically? What hap-
pens when something changes? Can you imagine the administrative night-
mare? Why not just give routers the brainpower to talk to each other so they
know what’s happening not only to the other directly connected routers
but also to routers two or more routers away? A hop is defined as each time
a packet goes through a router. Let’s talk about hops for a moment. Fig-
ure 8.21 shows a series of routers. If you’re on a computer in Network ID X
and you ping a computer in Network ID Y, you go one hop. If you ping a
computer in Network ID Z, you go two hops.
Figure 8.21 • Hopping through a WAN
Routing protocols have been around for a long time, and, like any tech-
nology, there have been a number of different choices and variants over
those years. CompTIA Network+ competencies break these many types of
routing protocols into three distinct groups: distance vector, link state, and
hybrid. CompTIA obsesses over these different types of routing protocols,
so this chapter does too!
Routing Metrics
Earlier in the chapter, you learned that routing tables contain a factor called
a metric. A metric is a relative value that routers use when they have more
than one route to get to another network. Unlike the gateway routers in our
homes, a more serious router will often have multiple connections to get to
a particular network. This is the beauty of routers combined with dynamic
protocols. If a router suddenly loses a connection, it has alternative routes to
the same network. It’s the role of the metric setting for the router to decide
which route to use.
There is no single rule to set the metric value in a routing table. The
various types of dynamic protocols use different criteria. Here are the most
common criteria for determining a metric.
Maximum Transmission Unit ■ Better known by the abbreviation
MTU, this determines the largest frame a particular technology can
handle. Ethernet likes to use 1,500-byte frames. Other technologies
use smaller or larger frames. If an IP packet is too big for a particular
technology, that packet is broken into pieces to fit into the network
If a routing table has two
or more valid routes for a
particular IP address destination,
it always chooses the route with
the lowest value.
BaseTech
Chapter 8: The Wonderful World of Routing
199
protocol in what is called fragmentation. Fragmentation is bad
because it slows down the movement of IP packets (see “Latency”).
By setting the optimal MTU size before IP packets are sent, you
avoid or at least reduce fragmentation.
Costs ■ Connecting to the Internet isn’t free. Some connections cost
more than others, and some incur costs based on usage.
Bandwidth ■ Some connections handle more data than others. An
old dial-up connection moves at best 64 Kbps. A cable modem easily
handles many millions of bits per second.
Latency ■ Say you have a race car that has a top speed of 200 miles
per hour, but it takes 25 minutes to start the car. If you press the gas
pedal, it takes 15 seconds to start accelerating. If the engine runs
for more than 20 minutes, the car won’t go faster than 50 miles per
hour. These issues prevent the car from doing what it should be
able to do: go 200 miles per hour. Latency is like that. Hundreds of
issues occur that slow down network connections between routers.
These issues are known collectively as latency. A great example is
a satellite connection. The distance between the satellite and the
antenna causes a delay that has nothing to do with the speed of the
connection.
Different dynamic routing protocols use one or more of these routing
metrics to calculate their own routing metric. As you learn about these
protocols, you will see how each of these calculates their own metrics
differently.
Distance Vector
Distance vector routing protocols were the first to appear in the TCP/IP
routing world. The cornerstone of all distance vector routing protocols is
some form of total cost. The simplest total cost sums the hops (the hop
count) between a router and a network, so if you had a router one hop
away from a network, the cost for that route would be 1; if it were two hops
away, the cost would be 2.
All network connections are not equal. A router might have two one-
hop routes to a network—one using a fast connection and the other using a
slow connection. Administrators set the metric of the routes in the routing
table to reflect the speed. The slow single-hop route, for example, might be
given the metric of 10 rather than the default of 1 to reflect the fact that it’s
slow. The total cost for this one-hop route is 10, even though it’s only one
hop. Don’t assume a one-hop route always has a cost of 1.
Distance vector routing protocols calculate the total cost to get to a par-
ticular network ID and compare that cost to the total cost of all the other
routes to get to that same network ID. The router then chooses the route
with the lowest cost.
For this to work, routers using a distance vector routing protocol trans-
fer their entire routing table to other routers in the WAN. Each distance
vector routing protocol has a maximum number of hops that a router will
send its routing table to keep traffic down.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
200
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8
Assume you have four routers connected as shown in Figure 8.22. All of
the routers have static routes set up between each other with the metrics
shown. You add two new networks, one that connects to Router A and the
other to Router D. For simplicity, call them Network ID X and Network ID
Y. A computer on one network wants to send packets to a computer on the
other network, but the routers in between Routers A and D don’t yet know
the two new network IDs. That’s when distance vector routing protocols
work their magic.
Because all of the routers use a
distance vector routing protocol,
the problem gets solved quickly.
At a certain defined time interval
(usually 30 seconds or less), the
routers begin sending each other
their routing tables (the routers
each send their entire routing
table, but for simplicity just con-
centrate on the two network IDs in
question). On the first iteration,
Router A sends its route to Net-
work ID X to Routers B and C.
Router D sends its route to Net-
work ID Y to Router C (Fig-
ure 8.23).
This is great—Routers B and
C now know how to get to Net-
work ID X, and Router C can get
to Network ID Y. There’s still no
complete path, however, between
Network ID X and Network ID Y.
That’s going to take another inter-
val. After another set amount of
time, the routers again send their
now updated routing tables to each
other, as shown in Figure 8.24.
Router A knows a path now to
Network ID Y, and Router D
knows a path to Network ID X. As
a side effect, Router B and Router
C have two routes to Network ID
X. Router B can get to Network ID
X through Router A and through
Router C. Similarly, Router C can
get to Network ID X through
Router A and through Router B.
What to do? In cases where the
router discovers multiple routes
to the same network ID, the dis-
tance vector routing protocol
deletes all but the route with the
lowest total cost (Figure 8.25).
Figure 8.22 • Getting a packet from Network ID X to Network ID Y? No clue!
Figure 8.23 • Routes updated
Figure 8.24 • Updated routing tables
BaseTech
Chapter 8: The Wonderful World of Routing
201
Assume you have four routers connected as shown in Figure 8.22. All of
the routers have static routes set up between each other with the metrics
shown. You add two new networks, one that connects to Router A and the
other to Router D. For simplicity, call them Network ID X and Network ID
Y. A computer on one network wants to send packets to a computer on the
other network, but the routers in between Routers A and D don’t yet know
the two new network IDs. That’s when distance vector routing protocols
work their magic.
Because all of the routers use a
distance vector routing protocol,
the problem gets solved quickly.
At a certain defined time interval
(usually 30 seconds or less), the
routers begin sending each other
their routing tables (the routers
each send their entire routing
table, but for simplicity just con-
centrate on the two network IDs in
question). On the first iteration,
Router A sends its route to Net-
work ID X to Routers B and C.
Router D sends its route to Net-
work ID Y to Router C (Fig-
ure 8.23).
This is great—Routers B and
C now know how to get to Net-
work ID X, and Router C can get
to Network ID Y. There’s still no
complete path, however, between
Network ID X and Network ID Y.
That’s going to take another inter-
val. After another set amount of
time, the routers again send their
now updated routing tables to each
other, as shown in Figure 8.24.
Router A knows a path now to
Network ID Y, and Router D
knows a path to Network ID X. As
a side effect, Router B and Router
C have two routes to Network ID
X. Router B can get to Network ID
X through Router A and through
Router C. Similarly, Router C can
get to Network ID X through
Router A and through Router B.
What to do? In cases where the
router discovers multiple routes
to the same network ID, the dis-
tance vector routing protocol
deletes all but the route with the
lowest total cost (Figure 8.25).
Figure 8.25 • Deleting higher-cost routes
On the next iteration, Routers
A and D get updated information
about the lower total-cost hops to
connect to Network IDs X and Y
(Figure 8.26).
Just as Routers B and C only
kept the routes with the lowest
costs, Routers A and D keep only
the lowest-cost routes to the net-
works (Figure 8.27).
Now Routers A and D have
a lower-cost route to Network
IDs X and Y. They’ve removed
the higher-cost routes and begin
sending data.
At this point, if routers were
human they’d realize that each
router has all the information
about the network and stop send-
ing each other routing tables.
Routers using distance vector
routing protocols, however, aren’t
that smart. The routers continue
to send their complete routing
tables to each other, but because
the information is the same, the
routing tables don’t change.
At this point, the routers are
in convergence (also called steady
state), meaning the updating of the
routing tables for all the routers
has completed. Assuming nothing
changes in terms of connections,
the routing tables will not change.
In this example, it takes three iter-
ations to reach convergence.
So what happens if the route
between Routers B and C breaks?
The routers have deleted the
higher-cost routes, only keeping
the lower-cost route that goes
between Routers B and C. Does
this mean Router A can no lon-
ger connect to Network ID Y and
Router D can no longer connect to
Network ID X? Yikes! Yes, it does.
At least for a while.
Routers that use distance vec-
tor routing protocols continue
to send to each other their entire
Figure 8.26 • Argh! Multiple routes!
Figure 8.27 • Last iteration
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
202
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8
routing table at regular intervals. After a few iterations, Routers A and D
will once again know how to reach each other, although they will connect
through the once-rejected slower connection.
Distance vector routing protocols work fine in a scenario such as the
previous one that has only four routers. Even if you lose a router, a few
minutes later the network returns to convergence. But imagine if you had
tens of thousands of routers (the Internet). Convergence could take a very
long time indeed. As a result, a pure distance vector routing protocol works
fine for a network with a few (less than 10) routers, but it isn’t good for large
networks.
Routers can use one of three distance vector routing protocols: RIPv1,
RIPv2, or BGP.
RIPv1
The granddaddy of all distance vector routing protocols is the Routing
Information Protocol (RIP). The first version of RIP—called RIPv1—dates
from the 1980s, although its predecessors go back all the way to the begin-
nings of the Internet in the 1960s. RIP has a maximum hop count of 15 so
your router will not talk to another router more than 15 routers away. This
ended up being a problem because a routing table request could literally
loop all the way around back to the initial router.
RIPv1 sent out an update every 30 seconds. This also turned into a big
problem because every router on the network would send its routing table
at the same time, causing huge network overloads.
As if these issues weren’t bad enough, RIPv1 didn’t know how to use
variable-length subnet masking (VLSM), where networks connected through
the router used different subnet masks. Plus RIPv1 routers had no authen-
tication, leaving them open to hackers sending false routing table informa-
tion. RIP needed an update.
RIPv2
RIPv2, adopted in 1994, is the current version of RIP. It works the same way
as RIPv1, but fixes many of the problems. VLSM has been added, and
authentication is built into the protocol. (The maximum hop count of 15
continues to apply to RIPv2.)
Most routers still support RIPv2, but RIP’s many problems, especially
the time to convergence for large WANs, makes it obsolete for all but small,
private WANs that consist of a few routers. The growth of
the Internet demanded a far more robust dynamic routing
protocol. That doesn’t mean RIP rests in peace! RIP is both
easy to use and simple for manufacturers to implement in
their routers, so most routers, even home routers, have the
ability to use RIP (Figure 8.28). If your network consists of
only two, three, or four routers, RIP’s easy configuration
often makes it worth putting up with slower convergence.
BGP
The explosive growth of the Internet in the 1980s required a fundamental
reorganization in the structure of the Internet itself and one big part of this
reorganization was the call to make the “big” routers use a standardized
dynamic routing protocol. Implementing this was much harder than you
Figure 8.28 • Setting RIP in a home router
BaseTech
Chapter 8: The Wonderful World of Routing
203
might think because the entities that govern how the Internet works do so
in a highly decentralized fashion. Even the organized groups, such as the
Internet Society (ISOC), the Internet Assigned Numbers Authority (IANA),
and the Internet Engineering Task Force (IETF), are made up of many indi-
viduals, companies, and government organizations from across the globe.
This decentralization made the reorganization process take time and many
meetings.
What came out of the reorganization eventually was a multitiered
structure. At the top of the structure sit many Autonomous Systems. An
Autonomous System (AS) is one or more networks that are governed by a
single dynamic routing protocol within that AS. Figure 8.29 illustrates the
central structure of the Internet.
Figure 8.29 • The Internet
Autonomous Systems do not use IP addresses, but rather use a special
globally unique Autonomous System Number (ASN) assigned by the
IANA. Originally a 16-bit number, the current ASNs are 32 bits,
displayed as two 16-bit numbers separated by a dot. So, 1.33457
would be a typical ASN. Just as you would assign an IP address
to a router, you would configure the router to use or be the ASN
assigned by the IANA. See Figure 8.30.
Autonomous Systems communicate with each other using
a protocol, called generically an Exterior Gateway Protocol (EGP).
The network or networks within an AS communicate with pro-
tocols as well; these are called generically Interior Gateway Protocols (IGPs).
Let me repeat this to make sure you understand the difference between
EGP and IGP. Neither EGP nor IGP are dynamic routing protocols; rather
these are terms used by the large Internet service providers to separate
their interconnected routers using ASNs from other interconnected net-
works that are not part of this special group of companies. The easy way to
keep these terms separate is to appreciate that although many protocols are
used within Autonomous Systems, such as RIP, the Internet has settled on
Figure 8.30 • Configuring a Cisco router to use an ASN
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
204
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8
one protocol for communication
between each AS: the Border Gate-
way Protocol (BGP-4). BGP is the
glue of the Internet, connecting all
of the Autonomous Systems. Other
dynamic routing protocols such as
RIP are, by definition, IGP. The cur-
rent version of BGP is BGP-4.
The CompTIA Network+ exam
objectives list BGP as a distance
vector routing protocol, but it’s really somewhat different. BGP doesn’t
have the same type of routing table as you’ve seen so far. Instead, BGP rout-
ers are manually configured (these types of connections aren’t the type that
go down very often!) and advertise information passed to them from differ-
ent Autonomous Systems’ edge routers—that’s what the AS-to-AS routers
are called. BGP forwards these advertisements that include the ASN and
other very non-IP items.
BGP also knows how to handle a number of situations unique to the
Internet. If a router advertises a new route that isn’t reliable, most BGP rout-
ers will ignore it. BGP also supports policies for limiting which and how
other routers may access an ISP.
BGP is an amazing and powerful dynamic routing protocol, but unless
you’re working deep in the router room of an AS, odds are good you’ll
never see it in action. Those who need to connect a few routers together
usually turn to a family of dynamic routing protocols that work very differ-
ently from distance vector routing protocols.
Link State
The limitations of RIP motivated the demand for a faster protocol that
took up less bandwidth on a WAN. The basic idea was to come up with
a dynamic routing protocol that was more efficient than routers that sim-
ply sent out their entire routing table at regular intervals. Why not instead
simply announce and forward individual route changes as they appeared?
That is the basic idea of a link state dynamic routing protocol. There are
only two link state dynamic routing protocols: OSPF and IS-IS.
OSPF
Open Shortest Path First (OSPF) is the most commonly used IGP on the
Internet. Most large Internet users (as opposed to ISPs) use OSPF on their
internal networks. Even an AS, while still using BGP on its edge routers,
will use OSPF internally because OSPF was designed from the ground up to
work within a single AS. OSPF converges dramatically faster and is much
more efficient than RIP. Odds are good that if you are using dynamic rout-
ing protocols, you’re using OSPF.
Before you see OSPF in action, I need to warn you that OSPF is a com-
plex protocol for routers. You won’t find OSPF on inexpensive home rout-
ers because making it work takes a lot of computational firepower. But
OSPF’s popularity and CompTIA’s coverage make this an important area
for you to understand. The description here, although more than enough to
You can use BGP within an
AS to connect networks, so you
can and do run into situations
where BGP is both the interior
and exterior protocol for an AS. To
distinguish between the two uses
of the protocol, network folks
refer to the BGP on the interior
as the internal BGP (iBGP); the
exterior connection then becomes
the exterior BGP (eBGP).
Please remember that in
the earlier general distance
vector routing example, I chose
not to show that every update
was an entire routing table! I
only showed the changes, but
trust me, the entire routing
table is transmitted roughly
every 30 seconds (with some
randomization).
Try This!
Discovering the Autonomous System Numbers
You can see the AS for most Web sites by using this handy little Firefox
add-on:
www.asnumber.networx.ch
It doesn’t work for every Web site, but it’s still interesting.
www.asnumber.networx.ch
BaseTech
Chapter 8: The Wonderful World of Routing
205
get you through the CompTIA Network+ exam successfully, is still only a
light touch on the fascinating world of OSPF.
Let’s head back to the four-router setup used to explain RIP, but this
time replace RIP with OSPF. Because OSPF is designed to work with the
Internet, let’s give Router B an upstream connection to the organization’s
ISP. When you first launch OSPF-capable routers, they send out link state
advertisements (LSAs), called Hello packets, looking for other OSPF routers
(Figure 8.31).
Figure 8.31 • Hello!
A new router sends a lot of LSAs when it first starts. This is called
flooding.
One of the big differences between OSPF and RIP is the hop cost.
Whereas single hops in RIP have a cost of 1 unless manually changed, the
cost in OSPF is based on the speed of the link. The formula is
100,000,000/bandwidth in bps
A 10BaseT link’s OSPF cost is 100,000,000/10,000,000 = 10. The faster the
bandwidth, the lower the cost. You can override this manually if you wish.
To appreciate the power of OSPF, look at Figure 8.32. When OSPF rout-
ers send LSA Hellos, they exchange this information and update their link
state databases.
Figure 8.32 • Link states
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
206
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8
These LSA Hellos are forwarded to every OSPF router in the network.
Every router knows the link state for every other router. This happens in a
few seconds.
You don’t want the routers to flood anywhere beyond your own rout-
ers, so every router is assigned an Area ID. Area IDs (unfortunately, in my
opinion) look exactly like IP addresses. Every OSPF router is designed to
accept an Area ID that you enter in the routers. In this case, all of the routers
are given the Area ID of 0.0.0.0. This is commonly called Area 0.
Area 0 is rather important in the world of OSPF. If your network gets
more complex, you can make multiple areas. Area 0 is the most important
area, however, and, therefore, is called the backbone. In this example, all of
the routers are part of Area 0 (Figure 8.33).
Figure 8.33 • Area defined
Areas are very important for OSPF. To minimize router traffic, every
area has one “El Supremo” router that relays information to all of the
other routers in the area. This router is called the designated router (DR).
A second router is called the backup designated router (BDR) in case the
DR isn’t available. As the routers first begin to communicate, a DR and
BDR election automatically begins. The router with the lowest total pri-
ority wins. In this case, Router B becomes the DR and Router A becomes
the BDR. This election actually takes place during the initial Hello packet
exchange (Figure 8.34). In most cases, you simply let the routers decide,
but you can manually set a router as the DR and BDR if you desire (which
is rare).
Once the elections take place, it’s finally time to distribute some
routes across the area. Routers A and B send a separate LSA telling all
routers in the area that they are connected to Network IDs X and Y, respec-
tively. These are not the entire routing tables, but rather only a single route
that is almost instantly dispersed across the routers in the OSPF area
(Figure 8.35).
As you can see, OSPF areas almost instantly gain convergence compared
to RIP. Once convergence is reached, all of the routers in the area send each
other Hello LSAs every 30 minutes or so unless they detect a break in the
Even though OSPF Area IDs
look like IP addresses, they have
nothing to do with IP!
BaseTech
Chapter 8: The Wonderful World of Routing
207
link state. Also notice that OSPF routers keep alternate routes to the same
network ID.
So what happens when something changes? For example, what if the
connection between Routers A and B were to disconnect? In that case, both
Routers A and B would almost instantly detect the break (as traffic between
the two would suddenly stop). Each router would first attempt to recon-
nect. If reconnecting was unsuccessful (over a few seconds), the routers
would then send out an LSA announcing the connection between the two
was broken (Figure 8.36). Again, we’re talking about a single route, not the
entire routing table. Each router updates its routing table to remove the
route that no longer works.
Figure 8.34 • DR and BDR
Figure 8.35 • All routers updated
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
208
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8
Figure 8.36 • Announcing a disconnect
OSPF isn’t popular by accident. It scales to large networks quite well
and is supported by all but the most basic routers. By the way, did I forget to
mention that OSPF also supports authentication and that the shortest-path-
first method, by definition, prevents loops?
Why would anyone use anything else? Well, OSPF had one problem
that wasn’t repaired until fairly recently: support for something called IPv6
(see Chapter 13 for details on IPv6). Not to preempt Chapter 13, but IPv6 is
a new addressing system for IP that dumps the old 32-bit address, replacing
it with a 128-bit address. IPv6 is quickly gaining popularity and will one
day replace 32-bit IP addressing. Just for the record, I’ve been predicting the
end of 32-bit IP addressing for so long I’m now afraid to predict anymore
when it’s going to happen—but it will eventually.
IS-IS
If you want to use a link state dynamic routing protocol and you don’t want
to use OSPF, your only other option is Intermediate System to Intermediate
System (IS-IS). IS-IS is extremely similar to OSPF. It uses the concept of areas
and send-only updates to routing tables. IS-IS was developed at roughly
the same time as OSPF and had the one major advantage of working with
IPv6 from the start. IS-IS has some adoption with ISPs, but, for the most
part, plays a distant second to the popularity of OSPF. Make sure you know
that IS-IS is a link state dynamic routing protocol, and if you ever see two
routers using it, call me as I’ve never seen IS-IS in action.
EIGRP—the Lone Hybrid
There is exactly one protocol that doesn’t really fit into either the distance
vector or link state camp: Cisco’s proprietary Enhanced Interior Gateway
Routing Protocol (EIGRP). Back in the days when RIP was dominant, there
OSPF corrects link failures
and creates convergence almost
immediately, making it the
routing protocol of choice in
most large enterprise networks.
OSPF Version 2 is used for IPv4
networks, and OSPF Version 3
includes updates to support IPv6.
BaseTech
Chapter 8: The Wonderful World of Routing
209
was a huge outcry for an improved RIP, but OSPF wasn’t yet out. Cisco,
being the dominant router company in the world (a crown it still wears
to this day), came out with the Interior Gateway Routing Protocol (IGRP),
which was quickly replaced with EIGRP.
EIGRP has aspects of both distance vector and link state protocols, plac-
ing it uniquely into its own “hybrid” category. EIGRP is (arguably) fading
away in the face of nonproprietary IGP protocols, especially OSPF.
Dynamic Routing Makes the Internet
Without dynamic routing, the complex, self-healing Internet we all enjoy
today couldn’t exist. So many routes come and go so often that manually
updating static routes would be impossible. Review Table 8.2 to familiarize
yourself with the differences among the different types of dynamic routing
protocols.
Table 8.2 Dynamic Routing Protocols
Protocol Type
IGP or
BGP? Notes
RIPv1 Distance vector IGP Old; only used variable subnets
within an AS
RIPv2 Distance vector IGP Supports VLSM and discontiguous
subnets
BGP-4 Distance vector BGP Used on the Internet, connects
Autonomous Systems
OSPF Link state IGP Fast, popular, uses Area IDs
(Area 0/backbone)
IS-IS Link state IGP Alternative to OSPF
EIGRP Hybrid IGP Cisco proprietary
Working with Routers■■
Understanding the different ways routers work is one thing. Actually walk-
ing up to a router and making it work is a different animal altogether. This
section examines practical router installation. Physical installation isn’t
very complicated. With a home router, you give it power and then plug in
connections. With a business-class router, you insert it into a rack, give it
power, and plug in connections.
The complex part of installation comes with the specialized equipment
and steps to connect to the router and configure it for your network needs.
This section, therefore, focuses on the many methods and procedures used
to access and configure a router.
The single biggest item to keep in mind here is that although there are
many different methods for connecting, hundreds of interfaces, and prob-
ably millions of different configurations for different routers, the functions
are still the same. Whether you’re using an inexpensive home router or a
hyper-powerful Internet backbone router, you are always working to do
one main job: connect different networks.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
210
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8
Also keep in mind that routers, especially gateway routers, often have
a large number of other features that have nothing to do with routing.
Because gateway routers act as a separator between the computers and
“The Big Scary Rest of the Network,” they are a convenient place for all
kinds of handy features like DHCP, protecting the network from intrusion
(better known as firewalls), and NAT.
Connecting to Routers
When you take a new router out of the box, it’s not good for very much.
You need to somehow plug into that shiny new router and start telling it
what you want to do. There are a number of different methods, but one of
the oldest (yet still very common) methods is using a special serial con-
nection. This type of connection is almost completely unique to Cisco-
brand routers, but Cisco’s massive market share
makes understanding this type of connection a
requirement for anyone who wants to know how
to configure routers. Figure 8.37 shows the classic
Cisco console cable, more commonly called a roll-
over or Yost cable.
At this time, I need to make an important point:
switches as well as routers often have some form of
configuration interface. Granted, you have nothing
to configure on a basic switch, but in later chapters,
you’ll discover a number of network features that
you’ll want to configure more advanced switches
to use. Both routers and these advanced switches
are called managed devices. In this section, I use the
term router, but it’s important for you to appreciate
that all routers and many better switches are all
managed devices. The techniques shown here work
for both!
When you first unwrap a new Cisco router, you
plug the rollover cable into the console port on the
router (Figure 8.38) and a serial port on a PC. If you
don’t have a serial port, then buy a USB-to-serial
adapter.
Once you’ve made this connection, you need
to use a terminal emulation program to talk to
the router. The two most popular programs are
PuTTY (www.chiark.greenend.org.uk/~sgtatham/
putty) and HyperTerminal (www.hilgraeve.com/
hyperterminal-trial). Using these programs requires
that you to know a little about serial ports, but these basic settings should
get you connected:
9600 baud ■
8 data bits ■
1 stop bit ■
No parity ■
Figure 8.37 • Cisco console cable
The term Yost cable comes
from its creator’s name, Dave
Yost. For more information visit
http://yost.com/computers/RJ45-
serial.
Figure 8.38 • Console port
www.chiark.greenend.org.uk/~sgtatham/putty
www.chiark.greenend.org.uk/~sgtatham/putty
www.hilgraeve.com/hyperterminal-trial
www.hilgraeve.com/hyperterminal-trial
http://yost.com/computers/RJ45-serial
http://yost.com/computers/RJ45-serial
BaseTech
Chapter 8: The Wonderful World of Routing
211
Every terminal emulator has some way for you to
configure these settings. Figure 8.39 shows these set-
tings using PuTTY.
Now it’s time to connect. Most Cisco products run
Cisco IOS, Cisco’s proprietary operating system. If
you want to configure Cisco routers, you must learn
IOS. Learning IOS in detail is a massive job and out-
side the scope of this book. No worries, Cisco pro-
vides a series of certifications to support those who
wish to become “Cisco People.” Although the Comp-
TIA Network+ exam won’t challenge you in terms of
IOS, it’s important to get a taste of how this amazing
operating system works.
Once you’ve connected to the router and started
a terminal emulator, you should see the initial router
prompt, as shown in Figure 8.40. (If you plugged in
and then started the router, you can actually watch
the router boot up first.)
Figure 8.40 • Initial router prompt
This is the IOS user mode prompt—you can’t do too much here. To
get to the fun, you need to enter privileged exec mode. Type enable, press
enter, and the prompt changes to
Router#
From here, IOS gets very complex. For example, the commands to set
the IP address for one of the router’s ports look like this:
Router#configure terminal
Router(config)#interface Ethernet 0/0
Router(config-if)#ip address 192.168.4.10 255.255.255.0
Router(config-if)#^Z
Router#copy run start
IOS used to stand for
Internetwork Operating System,
but it’s just IOS now with a little
trademark symbol.
A new Cisco router often
won’t have a password, but all
good admins know to add one.
Figure 8.39 • Configuring PuTTY
Tech Tip
Terminals and Consoles
Much initial router configuration
harkens back to the methods used
in the early days of networking
when massive mainframe
computers were the computing
platform available. Researchers
used dumb terminals—
machines that were little more
than a keyboard, monitor, and
network connection—to connect
to the mainframe and interact.
You connect to and configure
many modern routers using
software that enables your PC to
pretend to be a dumb terminal.
These programs are called
terminal emulators; the screen
you type into is called a console.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
212
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8
Cisco has long appreciated that initial setup is a bit of a challenge, so a
brand-new router will show you the following prompt:
Would you like to enter the initial configuration dialog?
[yes/no]?
Simply follow the prompts and the most basic setup is handled for you.
You will run into Cisco equipment as a network tech, and you will
need to know how to use the console from time to time. For the most part,
though, you’ll access a router—especially one that’s already configured—
through Web access or network management software.
Web Access
Most routers come with a built-in
Web interface that enables you to
do everything you need on your
router and is much easier to use
than Cisco’s command-line IOS.
For a Web interface to work, how-
ever, the router must have a built-in
IP address from the factory, or you
have to enable the Web interface
after you’ve given the router an IP
address. Bottom line? If you want
to use a Web interface, you have to
know the router’s IP address. If a
router has a default IP address, you
will find it in the documentation,
as shown in Figure 8.41.
Never plug a new router into an
existing network! There’s no telling
what that router might start doing.
Does it have DHCP? You might
now have a rogue DHCP server. Are there routes on that router that match
up to your network addresses? Then you see packets disappearing into the
great bit bucket in the sky. Always fully configure your router before you
place it online.
Most router people use a laptop and a crossover cable to connect to
the new router. To get to the Web interface, first set a static address for
your computer that will place your PC on the same network ID as the
router. If, for example, the router is set to 192.168.1.1/24 from the factory,
set your computer’s IP address to 192.168.1.2/24. Then connect to the
router (some routers tell you exactly where to connect, so read the docu-
mentation first), and check the link lights to verify you’re properly con-
nected. Open up your Web browser and type in the IP address, as shown
in Figure 8.42.
Assuming you’ve done everything correctly, you almost always need
to enter a default user name and password, as shown in Figure 8.43.
The default user name and password come with the router’s docu-
mentation. If you don’t have that information, plenty of Web sites list this
data. Do a Web search on “default user name password” to find one.
Many routers are also
DHCP servers, making the initial
connection much easier. Check
the documentation to see if you
can just plug in without setting
an IP address on your PC.
Figure 8.42 • Entering the IP address
Figure 8.41 • Default IP address
BaseTech
Chapter 8: The Wonderful World of Routing
213
Cisco has long appreciated that initial setup is a bit of a challenge, so a
brand-new router will show you the following prompt:
Would you like to enter the initial configuration dialog?
[yes/no]?
Simply follow the prompts and the most basic setup is handled for you.
You will run into Cisco equipment as a network tech, and you will
need to know how to use the console from time to time. For the most part,
though, you’ll access a router—especially one that’s already configured—
through Web access or network management software.
Web Access
Most routers come with a built-in
Web interface that enables you to
do everything you need on your
router and is much easier to use
than Cisco’s command-line IOS.
For a Web interface to work, how-
ever, the router must have a built-in
IP address from the factory, or you
have to enable the Web interface
after you’ve given the router an IP
address. Bottom line? If you want
to use a Web interface, you have to
know the router’s IP address. If a
router has a default IP address, you
will find it in the documentation,
as shown in Figure 8.41.
Never plug a new router into an
existing network! There’s no telling
what that router might start doing.
Does it have DHCP? You might
now have a rogue DHCP server. Are there routes on that router that match
up to your network addresses? Then you see packets disappearing into the
great bit bucket in the sky. Always fully configure your router before you
place it online.
Most router people use a laptop and a crossover cable to connect to
the new router. To get to the Web interface, first set a static address for
your computer that will place your PC on the same network ID as the
router. If, for example, the router is set to 192.168.1.1/24 from the factory,
set your computer’s IP address to 192.168.1.2/24. Then connect to the
router (some routers tell you exactly where to connect, so read the docu-
mentation first), and check the link lights to verify you’re properly con-
nected. Open up your Web browser and type in the IP address, as shown
in Figure 8.42.
Assuming you’ve done everything correctly, you almost always need
to enter a default user name and password, as shown in Figure 8.43.
The default user name and password come with the router’s docu-
mentation. If you don’t have that information, plenty of Web sites list this
data. Do a Web search on “default user name password” to find one.
Figure 8.43 • User name and password
Once you’ve accessed the Web inter-
face, you’re on your own to poke around
to find the settings you need. There’s no
standard interface—even between differ-
ent versions of the same router make and
model. When you encounter a new inter-
face, take some time and inspect every
tab and menu to learn about the router’s
capabilities. You’ll almost always find
some really cool features!
Network Management Software
The idea of a “Web-server-in-a-router” works well for single routers, but as
a network grows into lots of routers, administrators need more advanced
tools that describe, visualize, and configure their entire network. These
tools, known as Network Management Software (NMS), know how to talk
to your routers, switches, and even your computers to give you an overall
view of your network. In most cases, NMS manifests as a Web site where
administrators may inspect the status of the network and make adjustments
as needed.
I divide NMS into two camps: proprietary tools made by the folks who
make managed devices (OEM) and third-party tools. OEM tools are gener-
ally very powerful and easy to use, but only work on that OEM’s devices.
Figure 8.44 shows an example of Cisco Network Assistant, one of Cisco’s
NMS applications. Others include the Security Device Manager and Cisco-
Works, their enterprise-level tool.
Figure 8.44 • Cisco Network Assistant
Tech Tip
Default Names and
Passwords
Every brand of router tends to
use the same default user name
and password. Just about every
Linksys router, for example, uses a
blank user name and the password
“admin.” An admin who fails to
change the default password is
asking to get hacked!
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
214
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8
A number of third-party NMS tools are out there as well; you can even
find some pretty good freeware NMS options. These tools are invariably
harder to configure and must constantly be updated to try to work with as
many devices as possible.
They usually lack the amount of detail you see with OEM NMS and lack
interactive graphical user interfaces. For example, CiscoWorks enables you
to change the IP address of a port, whereas third-party tools will only let
you see the current IP settings for that port. Figure 8.45 shows OpenNMS, a
popular open source NMS.
Unfortunately, no single NMS tool works perfectly. Network adminis-
trators are constantly playing with this or that NMS tool in an attempt to
give themselves some kind of overall picture of their networks.
Other Connection Methods
Be aware that most routers have even more ways to connect. Many home
routers come with USB ports and configuration software. More powerful
routers may enable you to connect using the ancient Telnet protocol or its
newer and safer equivalent Secure Shell (SSH). These are terminal emula-
tion protocols that look exactly like the terminal emulators seen earlier in
this chapter but use the network instead of a serial cable to connect (see
Chapter 9 for details on these protocols).
Figure 8.45 • OpenNMS
The PuTTY utility works with
the old-style terminal emulation
as well as Telnet and SSH.
BaseTech
Chapter 8: The Wonderful World of Routing
215
Basic Router Configuration
A router, by definition, must have at least two con-
nections. When you set up a router, you must con-
figure every port on the router properly to talk to its
connected network IDs, and you must make sure the
routing table sends packets to where you want them
to go. As a demonstration, Figure 8.46 uses an incred-
ibly common setup: a single gateway router used in a
home or small office that’s connected to an ISP.
Step 1: Set Up the WAN Side
To start, you need to know the network IDs for each side of your router.
The WAN side invariably connects to an ISP, so you need to know what
the ISP wants you to do. If you bought a static IP address, type it in now.
However—brace yourself for a crazy fact—most home Internet connections
use DHCP! That’s right, DHCP isn’t just for your PC. You can set up your
router’s WAN connection to use it too. DHCP is by far the most common
connection to use for home routers. Access your router and locate the WAN
connection setup. Figure 8.47 shows the setup for my
home router set to DHCP.
But what if I called my ISP and bought a single
static IP address? This is rarely done anymore, but
virtually every ISP will gladly sell you one (although
you will pay three to four times as much for the con-
nection). If you use a static IP, your ISP will tell you
what to enter, usually in the form of an e-mail mes-
sage like the following:
Dear Mr. Meyers,
Thank you for requesting a static IP address from
totalsem.com!
Here’s your new static IP information:
IP address: 1.151.35.55
Default Gateway: 1.151.32.132
Subnet Mask: 255.255.128.0
Installation instructions can be found at:
http://totalsem.com/setup/
Support is available at:
http://helpdesk.totalsem.com or by calling
(281)922-4166.
In such a case, I would need to change the router
setting to Static IP (Figure 8.48). Note how changing
the drop-down menu to Static IP enables me to enter
the information needed.
Once you’ve set up the WAN side, it’s time to
head over to set up the LAN side of the router.
Figure 8.46 • The setup
Figure 8.47 • WAN router setup
I’m ignoring a number
of other settings here for the
moment. I’ll revisit most of
these in later chapters.
Figure 8.48 • Entering a static IP
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
216
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8
Step 2: Set Up the LAN
Unlike the WAN side, you usually have total control on the
LAN side of the router. You need to choose a network ID, almost
always some arbitrarily chosen private range unless you do not
want to use NAT. This is why so many home networks have net-
work IDs of 192.168.1/24, 192.168.0/24, and so forth. Once you
decide on your LAN-side network ID, you need to assign the
correct IP information to the LAN-side NIC. Figure 8.49 shows
the configuration for a LAN NIC on my home router.
Step 3: Establish Routes
Most routers are pretty smart and use the information you provided for
the two interfaces to build a routing table automatically. If you need to add
more routes, every router provides some method to add routes. The follow-
ing shows the command line entered on a Cisco router to add a router to
one of its NICs. The term “fa0/0” is used here to describe Ethernet NICs in
its device software. It is short for FastEthernet, which you may remember
as being the common name for 100BaseTX. Can you guess what Cisco calls
gigabit ports or even ancient 10BaseT ports?
ip route 192.168.100.0 255.255.255.0 fa0/0 192.168.1.10
Step 4 (Optional): Configure a Dynamic Protocol
The rules to using any dynamic routing protocol are fairly straightforward.
First, dynamic routing protocols are tied to individual NICs, not the entire
router. Second, when you connect two routers together, make sure those
two NICs are configured to use the same dynamic routing protocol. Third,
unless you’re in charge of two or more routers, you’re probably not going
to use any dynamic routing protocol.
The amazing part of a dynamic routing protocol is how easy it is to set
up. In most cases you just figure out how to turn it on and that’s about it. It
just starts working.
Document and Back Up
Once you’ve configured your routes, take some time to document what
you’ve done. A good router works for years without interaction, so by that
time in the future when it goes down, odds are good you’ve forgotten why
you added the routes. Last, take some time to back up the configuration. If
a router goes down, it will most likely forget everything and you’ll need to
set it up all over again. Every router has some method to back up the con-
figuration, however, so you can restore it later.
Router Problems
The CompTIA Network+ exam will challenge you on some basic router
problems. All of these questions should be straightforward for you as long
as you do the following:
Consider other issues first because routers don’t fail very often. ■
Keep in mind what your router is supposed to do. ■
Know how to use a few basic tools that can help you check the router. ■
Figure 8.49 • Setting up an IP address for the LAN
side
BaseTech
Chapter 8: The Wonderful World of Routing
217
Any router problem starts with someone not connecting to someone
else. Even a small network has a number of NICs, computers, switches,
and routers between you and whatever it is you’re not connecting to. Com-
pared to most of these, a router is a pretty robust device and shouldn’t be
considered as the problem until you’ve checked out just about everything
else first.
In their most basic forms, routers route traffic. Yet you’ve seen in this
chapter that routers can do more than just plain routing—for example,
NAT. As this book progresses, you’ll find that the typical router often han-
dles a large number of duties beyond just routing. Know what your router
is doing and appreciate that you may find yourself checking a router for
problems that don’t really have anything to do with routing at all.
Be aware that routers have some serious but rare potential problems.
One place to watch is your routing table. For the most part, today’s rout-
ers automatically generate directly connected routes, and dynamic routing
takes care of itself leaving one type of route as a possible suspect: the static
routes. This is the place to look when packets aren’t getting to the places
you expect them to go. Look at the following sample static route:
Net Destination Netmask Gateway Interface Metric
22.46.132.0 255.255.255.255 22.46.132.1 22.46.132.11 1
No incoming packets for network ID are getting out on interface
22.46.132.11. Can you see why? Yup, the Netmask is set to 255.255.255.255,
and there are no computers that have exactly the address 22.46.132.0. Enter-
ing the wrong network destination, subnet mask, gateway, and so on, is
very easy. If a new static route isn’t getting the packets moved, first assume
you made a typo.
Make sure to watch out for missing routes. These usually take place due
to you forgetting to add them (if you’re entering static routes) or, more com-
monly, there is a convergence problem in the dynamic routing protocols.
For the CompTIA Network+ exam, be ready to inspect a routing table to
recognize these problems.
When it comes to tools, the networking world comes with so many utili-
ties and magic devices that it staggers the imagination. Some, like good old
ping and route, you’ve already seen, but let’s add two more tools: trace-
route and MTR.
The traceroute tool, as its name implies, records the route between any
two hosts on a network. On the surface, traceroute is something like ping in
that it sends a single packet to another host, but as it progresses, it returns
information about every router between them.
Every operating system comes with traceroute, but the actual com-
mand varies among them. In Windows, the command is tracert and
looks like this (I’m running a traceroute to the router connected to my
router—a short trip):
C:\>tracert 96.165.24.1
Tracing route to 96.165.24.1 over a maximum of 30 hops:
1 1 ms 1 ms 1 ms 10.12.14.1
2 10 ms 10 ms 8 ms 96.165.24.1
Trace complete.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
218
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8
The UNIX/Linux command is traceroute and looks like this:
michaelm@ubuntu:~$ traceroute 96.165.24.1
traceroute to 96.165.24.1 (96.165.24.1), 30 hops max, 40 byte
packets
1 10.12.14.1 (10.12.14.1) 0.763 ms 0.432 ms 0.233 ms
2 96.165.24.1 (96.165.24.1) 12.233 ms 11.255 ms 14.112 ms
michaelm@ubuntu:~$
The traceroute tool is handy, not so much for what it tells you when
everything’s working well, but for what it tells you when things are not
working. Take a look at the following:
:\>tracert 96.165.24.1
Tracing route to 96.165.24.1 over a maximum of 30 hops
1 1 ms 1 ms 1 ms 10.12.14.1
2 * * * Request timed out
3 96.165.24.1 reports: Destination host unreachable.
If this traceroute worked in the past but now no longer works, you know
that something is wrong between your router and the next router upstream.
You don’t know what’s wrong exactly. The connection may be down; the
router may not be working; but at least traceroute gives you an idea where
to look for the problem and where not to look.
My traceroute (mtr) is very similar to traceroute, but it’s dynamic, con-
tinually updating the route that you’ve selected (Figure 8.50). You won’t
find mtr in Windows; mtr is a Linux tool. Instead, Windows users can use
pathping. This utility will ping each node on the route just like mtr, but
instead of showing the results of each ping in real time, the pathping utility
computes the performance over a set time and then shows you the sum-
mary after it has finished.
Figure 8.50 • mtr in action
BaseTech
219
Chapter 8: The Wonderful World of Routing
Chapter 8 Review■■
Chapter Summary ■
After reading this chapter and completing the exercises,
you should understand the following about routing.
Explain how routers work
A router is any piece of hardware that forwards ■
network packets based on their destination IP
addresses.
A routing table is the chart of information kept ■
on a router to aid in directing the flow of packets
through computer networks.
Some routers have only two ports—one to connect ■
to the Internet and another to connect to a LAN
switch. Some routers, however, have an integrated
switch and thus have more than two ports.
Routers learn new routes as they go, interacting ■
with each other by exchanging routing table
information. The routing tables are checked and
can be updated dynamically as data flows across
a network, with routers chatting with each other
for the latest network and IP address information
periodically.
Routers can connect dissimilar networks, such as ■
Ethernet, Frame Relay, ATM, and DOCSIS.
NAT saves a table of information, so it knows ■
which system is communicating with which
external site. NAT solutions can be software based
or included as part of a hardware device such as a
router.
Static NAT maps a single IP address to a single ■
machine, enabling you to access that machine from
outside the network.
PAT is the most common form of NAT that handles ■
a one-to-many connection, using port numbers to
map traffic from specific machines in the network.
Dynamic NAT can share a pool of routable IP ■
addresses with multiple computers.
Port forwarding hides port numbers from the ■
public side of a network. The router simply
forwards packets from one port number to another
as the packet passes from the public to the private
side of the router.
Describe dynamic routing technologies
Routing table entries are entered manually on ■
static routers and do not change. Dynamic routers,
in contrast, automatically update their routing
table. This is accomplished by using special
routing protocols.
There are three distinct groups of routing ■
protocols: distance vector, link state, and hybrid.
Routing tables are shared with other routers, ■
and the complete route with the lowest cost is
automatically chosen.
Distance vector routing protocols are not ■
recommended for networks with more than 10
routers because of the time it takes for the routers
to reach convergence.
Distance vector routing protocols include RIPv1, ■
RIPv2, and BGP.
RIPv1 has a maximum hop count of 15, with ■
routing table updates sent every 30 seconds.
Because RIPv1 lacked authentication and
experienced network overloads as every router
sent its routing table at the same time, the RIPv2
update was developed.
RIPv2 supports VLSM and discontiguous subnets ■
and provides authentication to prevent hackers
from sending false routing table information.
RIPv2’s lengthy time to convergence for large
networks led to the development of better routing
protocols such as OSPF.
An Autonomous System (AS) consists of one ■
or more networks that are governed by a single
protocol. Autonomous Systems do not use IP
addresses, but instead use a special globally
unique Autonomous System Number assigned
by IANA.
The protocol used by Autonomous Systems to ■
communicate with each other is generically called
an Exterior Gateway Protocol (EGP). Networks
within an Autonomous System use an Interior
Gateway Protocol (IGP). Edge routers connect an
AS network to another AS network.
220
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8
Interior Gateway Protocols include RIP or other ■
protocols. At this time, the Border Gateway
Protocol (BGP) is the only Exterior Gateway
Protocol used on the Internet. It connects all of the
Autonomous Systems.
Link state protocols include OSPF and IS-IS. ■
Link state protocols overcome the relatively slow
and bandwidth-heavy usage of distance vector
protocols.
OSPF stands for the Open Shortest Path First ■
routing protocol. It is the most commonly used
Interior Gateway Protocol on the Internet. It is
more efficient than RIP, converges dramatically
faster than RIP, and supports IPv6 as of OSPF
Version 3.
OSPF broadcasts link state advertisements (Hello ■
packets) when an OSPF-enabled router first boots
up. Routers are assigned an Area ID to prevent
LSAs from flooding routers on other networks. An
Area ID looks like an IP address but has nothing to
do with IP.
The most important area is called Area 0, or the ■
backbone, and has an Area ID of 0.0.0.0.
The designated router (DR) relays information ■
to all other routers in the area whereas the
backup designated router (BDR) takes over if the
designated router is unavailable.
Intermediate System to Intermediate System (IS- ■
IS) is another link state dynamic routing protocol,
similar to OSPF. It has supported IPv6 from the
start, but is far behind OSPF in popularity and
usage.
Enhanced Interior Gateway Routing Protocol ■
(EIGRP) is a hybrid protocol, proprietary to Cisco,
that has aspects of both distance vector and link
state protocols.
Install and configure a router successfully
A Yost cable (rollover cable) is a special serial ■
cable used to connect directly to a Cisco router for
configuration purposes.
Once a direct connection has been made to a ■
router, use a terminal emulation program such as
PuTTY or HyperTerminal to communicate.
Most Cisco products run Cisco’s proprietary ■
operating system, Cisco IOS. Although not covered
on the CompTIA Network+ certification exam,
understanding IOS is a must for anyone who
wants to become Cisco Certified.
Most routers include a built-in Web interface for ■
configuration. You must know the router’s IP
address to make this type of connection.
Many techs use a laptop and a crossover cable to ■
connect to a Web server–enabled router for the
initial configuration. This method also requires
setting a static IP address on the connected laptop,
unless the router includes a DHCP server.
Network Management Software (NMS) is used ■
to describe, visualize, and configure an entire
network. NMS is made both by the companies
that make managed devices and by third-party
companies.
In general, NMS made by the companies that make ■
managed devices is easy to use but only works
on specific hardware. Much third-party NMS is
available as freeware, but is typically harder to use
and must be constantly updated to work with as
many devices as possible.
Some routers may be connected to via USB, Telnet, ■
or SSH.
When you set up a router, you must configure ■
every port on the router properly to talk to its
connected network IDs and to make sure the
routing table sends packets to where you want
them to go.
Setting up a router can be broken down into ■
five steps: set up the WAN side, set up the LAN,
establish routes, optionally configure a dynamic
routing protocol, and finally document and back
up your settings.
The traceroute utility records the route between ■
any two hosts on a network and can be used to
troubleshoot routing problems.
BaseTech
221
Chapter 8: The Wonderful World of Routing
Key Terms ■
Area ID (206)
Autonomous System (AS) (203)
backup designated router (BDR) (206)
basic NAT (193)
Border Gateway Protocol (BGP-4) (204)
Cisco IOS (211)
convergence (201)
cost (199)
designated router (DR) (206)
distance vector (199)
dynamic NAT (194)
dynamic routing (196)
edge routers (204)
Enhanced Interior Gateway Routing Protocol
(EIGRP) (208)
gateway router (192)
hop (198)
Intermediate System to Intermediate System
(IS-IS) (208)
link state (204)
managed device (210)
metric (188)
My traceroute (mtr) (218)
NAT translation table (194)
Network Address Translation (NAT) (191)
Network Management Software (NMS) (213)
next hop (185)
Open Shortest Path First (OSPF) (204)
Port Address Translation (PAT) (193)
port forwarding (194)
RIPv1 (202)
RIPv2 (202)
router (183)
Routing Information Protocol (RIP) (202)
routing table (184)
Static NAT (SNAT) (194)
static route (196)
traceroute (217)
Yost cable (210)
Key Term Quiz ■
Use the Key Terms list to complete the sentences that
follow. Not all the terms will be used.
A device called a(n) _______________ is also 1.
called a Layer 3 switch.
The external routing protocol used on the 2.
Internet is _______________.
The variety of _______________ methods would 3.
include RIP, OSPF, BGP, and IGRP.
A(n) _______________ is normally entered 4.
manually into a router.
A(n) _______________ connects one Autonomous 5.
System to another Autonomous System.
_______________ is a routing protocol that 6.
updates routing tables about every 30 seconds,
resulting in overloaded network traffic.
When all routers can communicate with each 7.
other efficiently, they are said to have reached
_______________.
Multiple networks that do not use IP addresses 8.
and are governed by a single protocol are known
as _______________.
You can use the _______________ utility to 9.
troubleshoot routing problems.
__________________ uses IP addresses and port 10.
numbers to enable many internal computers to
share a single public IP address.
222
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8
Multiple-Choice Quiz ■
How many IP addresses should a router have?1.
OneA.
One or moreB.
TwoC.
Two or moreD.
Choose the Cisco Systems proprietary routing 2.
protocols from the following items. (Select two.)
BGP-4A.
EIGRPB.
IGRPC.
OSPFD.
If specialty accounting software being used at 3.
your company requires that packet headers
remain unchanged, which item cannot be used
on your network?
RIPA.
NATB.
OSPFC.
tracerouteD.
How does a router use a routing table to 4.
determine over which path to send a packet?
The first line in the routing table is used if the A.
path is available; otherwise, the router tries
the next line down, and so on.
The last line in the routing table is used if the B.
path is available; otherwise, the router tries
the next line up, and so on.
After examining all rows in the routing table, C.
the router sends the packet along the path
with the highest metric.
After examining all rows in the routing table, D.
the router sends the packet along the path
with the lowest metric.
Which version of NAT maps a single routable IP 5.
address to a single network node?
Static NATA.
Dynamic NATB.
Pooled NATC.
SecureNATD.
What technology enables you to designate a 6.
specific local address for various network services?
Dynamic NATA.
Port Address TranslationB.
Port forwardingC.
Port filteringD.
How is the distance between routers measured?7.
In metersA.
In hopsB.
In routesC.
In segmentsD.
Distance vector routing protocols include which 8.
of the following? (Select two.)
RIPA.
OSPFB.
BGPC.
ASND.
Which of the following are benefits of RIPv2 over 9.
RIPv1? (Select two.)
Longer convergence timesA.
Support for authenticationB.
Support for VLSMC.
Support for metricsD.
What is one way in which Autonomous Systems 10.
differ from typical Ethernet networks?
They require a minimum of 10 nodes.A.
They cannot exceed a maximum of 255 B.
nodes.
They are not able to interact with the C.
Internet.
They do not use IP addresses.D.
Why are link state protocols more efficient than RIP?11.
Entire routing tables are updated on a stricter A.
schedule.
They forward only changes to individual B.
routes instead of forwarding entire routing
tables.
Packets can be sent along multiple routes at C.
the same time.
Link state can send larger packets.D.
BaseTech
223
Chapter 8: The Wonderful World of Routing
What happens when you first connect and turn 12.
on an OSPF router?
It floods the network with Hello packets as it A.
looks for other OSPF routers.
It floods the network by requesting routing B.
tables from every computer on the network.
It is unavailable for several hours as it builds C.
its default routing table.
It runs a self-test to determine if it should D.
run in hybrid mode (RIP and OSPF) or native
mode (OSPF only).
Which of the following is a valid Area ID for an 13.
Area 0 backbone?
0A.
0.0.0.0B.
1.0C.
255D.
How can you connect directly to a router for 14.
configuration purposes? (Select three.)
Parallel cableA.
USB cableB.
Crossover cableC.
Rollover cableD.
Once you have made a physical direct 15.
connection to a router, what utility/program can
you use to issue commands and instructions?
(Select three.)
PuTTYA.
HyperTerminalB.
IOSC.
Internet ExplorerD.
Essay Quiz ■
You have been introduced to a lot more 1.
“alphabet soup” in this chapter. Quickly jot
down what each of the following stands for:
BGP-4, NAT, RIP, OSPF, NMS, PAT, EIGRP, IS-IS,
AS, ASN, EGP, IGP, DR, and BDR.
Explain why a router is sometimes called a 2.
Layer 3 switch.
Write a short essay about OSPF and its uses, as 3.
well as its benefits over using RIPv2.
Lab Project 8.1 •
Lab ProjectsLab Projects
A classmate of yours is all excited about some
upcoming classes available at your school that
will cover Cisco routing. He keeps talking about
EIGRP and its importance in the workplace,
as well as how much cash can be earned if
you know EIGRP. Use the Internet to research
EIGRP—its history, its uses, what devices
run using EIGRP, and what salaries Cisco
Certified professionals earn (possibly your
next certification after passing the CompTIA
Network+ exam). Then share this information
with your instructor and your classmate to
compare your findings. What does EIGRP
do for corporate networks? What salaries are
realistically possible? What were your sources?
Lab Project 8.2 •
Start a command prompt at your computer and
enter netstat –nr to view its routing table.
Create a screenshot of the output and paste it into
a word processing document. Under the pasted
screenshot, briefly explain what each column is for.
Compare your routing table to your classmates’
routing tables and explain to each other what the
differences are and why differences occur.
9
chapter
224
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9
TCP/IP Applications
“The World Wide Web is the only
thing I know of whose shortened
form—www—takes three times
longer to say than what it’s
short for.”
—Douglas aDams
In this chapter, you will learn
how to
Describe common Transport and ■■
Network layer protocols
Explain the power of port numbers■■
Define common TCP/IP ■■
applications such as HTTP,
HTTPS, Telnet, e-mail (SMTP,
POP3, and IMAP4), and FTP
We network to get work done. Okay, sometimes that “work” involves a mad gaming session in which I lay some smack down on my editors,
but you know what I mean. Thus far in the book, everything you’ve read about
networking involves connecting computers together. This chapter moves further
up the OSI seven-layer model and the TCP/IP model to look at applications such
as Web browsers, e-mail messaging, and more.
To understand the applications that use TCP/IP networks, a tech needs
to know the structures below those applications that make them work. Have
you ever opened multiple Web pages on a single computer? Have you ever run
multiple Internet programs, such as a Web browser, an e-mail client, and a chat
program, all at the same time? Clearly, a lot of data is moving back and forth
between your computer and many other computers. With packets coming in
from two, three, or more computers, there has to be a mechanism or process
that knows where to send and receive that data.
In this chapter, you’ll discover the process used by TCP/IP networks to
ensure the right data gets to the right applications on your computer. This
process uses very important Transport and Network layer protocols—TCP, UDP,
and ICMP—and port numbering. When used together, TCP and UDP along with
port numbers enable you to get work done on a network.
BaseTech
Chapter 9: TCP/IP Applications
225
Historical/Conceptual
Transport Layer and Network ■■
Layer Protocols
I hate to tell you this, but you’ve been lied to. Not by me. Even though I’ve
gone along with this Big Lie, I need to tell you the truth.
There is no such thing as TCP/IP. TCP over IP is really many other
things, such as HTTP, DHCP, POP, and about 500 more terms over TCP, plus
UDP and ICMP over IP. Given that this overly complex but much more cor-
rect term is too hard to use, the people who invented this network protocol
stack decided to call it TCP/IP, even though that term is way too simplistic
to cover all the functionality involved.
So you can appreciate how TCP/IP applications work, this chapter
breaks down the many unmentioned protocols and shows how they help
make applications work. To start this process, let’s consider how human
beings communicate; you’ll see some very interesting commonalities
between computers and people.
How People Communicate
Imagine you walk into a school cafeteria to get some lunch. You first walk
up to the guy making custom deli sandwiches (this is a great cafeteria!) and
say, “Hello!” He says, “How may I help you?” You say, “I’d like a sandwich
please.” He says, “What kind of sandwich would you like?” and you order
your sandwich. After you get your sandwich, you say, “Thanks!” and he
says, “You’re welcome.” What a nice guy! In the networking world, we
would call this a connection-oriented communication. Both you and the
lunch guy first acknowledge each other. You then conduct your communi-
cation; finally, you close the communication.
While you’re in line, you see your friend Janet sitting at your usual table.
The line is moving fast so you yell out, “Janet, save me a seat!” before you
rush along in the line. In this case, you’re not waiting for her to answer; you
just yell to her and hope she hears you. We call this a connectionless com-
munication. There is no acknowledgment or any closing. You just yell out
your communication and hope she hears it.
In the networking world, any single communication between a com-
puter and another computer is called a session. When you open a Web page,
you make a session. When you text chat with your buddy, you create a ses-
sion. All sessions must begin and eventually end.
Test Specific
TCP
The Transmission Control Protocol (TCP) enables connection-oriented com-
munication in networks that use the TCP/IP protocol suite. TCP is by far
There is a strong movement
toward using the term Internet
Protocol instead of the term
TCP/IP. This movement has
not yet reached the CompTIA
Network+ certification.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
226
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9
the most common type of session on a typical TCP/IP network.
Figure 9.1 shows two computers. One computer (Server) runs
a Web server and the other (Client) runs a Web browser. When
you enter a computer’s address in the browser running on
Client, it sends a single SYN (synchronize) packet to the Web
server. If Server gets that packet, it returns a single SYN, ACK
(synchronize, acknowledge) packet. Client then sends Server a
single ACK packet and immediately requests that Server begin
sending the Web page. This process is called the TCP three-way
handshake.
Once Server finishes sending the Web page, it sends a FIN,
ACK (finished, acknowledge) packet. Client responds with an
ACK (acknowledge) packet and then sends its own FIN, ACK
packet. The server then responds with an ACK; now both par-
ties consider the session closed (Figure 9.2).
Most TCP/IP applications use TCP because connection-
oriented sessions are designed to check for errors. If a receiving
computer detects a missing packet, it just asks for a repeat as
needed.
UDP
User Datagram Protocol (UDP) runs a distant second place to
TCP in terms of the number of applications that use it, but
that doesn’t mean UDP is not important. UDP is perfect for
the types of sessions that don’t require the overhead of all that
connection-oriented stuff.
DHCP
Probably the best example of an application that uses UDP is
the Dynamic Host Configuration Protocol (DHCP). DHCP can’t
assume another computer is ready on either side of the session,
so each step of a DHCP session just sends the information for
that step without any confirmation (Figure 9.3). As you learned
in Chapter 7, DHCP uses two port numbers. DHCP clients use
port 67 for sending data to the DHCP server and DHCP servers
use port 68 for sending data to DHCP clients.
NTP/SNTP
Two popular applications that use UDP are Network Time Pro-
tocol (NTP) and his lightweight little brother, Simple Network
Time Protocol (SNTP). These protocols synchronize the clocks
of devices on a network. Computers need to use the same time
so things like Kerberos authentication work properly. If a device
requires NTP/SNTP, you will be able to enter the IP address for
an NTP/SNTP server. NTP/SNTP uses port 123.
TFTP
You might also be tempted to think that UDP wouldn’t
work for any situation in which a critical data transfer takes
Figure 9.2 • A connection-oriented session ending
Figure 9.1 • A connection-oriented session starting
Figure 9.3 • DHCP steps
BaseTech
Chapter 9: TCP/IP Applications
227
place—untrue! Trivial File Transfer Protocol (TFTP) enables you to transfer
files from one machine to another. TFTP, using UDP, doesn’t have any data
protection, so you would never use TFTP between computers across the
Internet. TFTP is popular for moving files between computers on the same
LAN, where the chances of losing packets is very small. TFTP uses port 69.
ICMP
While TCP and UDP differ dramatically—the former connection-oriented
and the latter connectionless—both manage and modify packets in the clas-
sic sense with a destination IP address, source IP address, destination port
numbers, and source port numbers. A single session might be one packet or
a series of packets.
On the other hand, sometimes applications are so simple that they’re
always connectionless and never need more than a single packet. The
Internet Control Message Protocol (ICMP) works at Layer 3 to deliver con-
nectionless packets. ICMP handles mundane issues such as disconnect
messages (host unreachable) that applications use to let the other side of a
session know what’s happening.
Good old ping is one place where you’ll see ICMP in action. Ping is an
ICMP application that works by sending a single ICMP packet called an
echo request to an IP address you specify. All computers running TCP/IP
(assuming no firewall is involved) respond to echo requests with an echo
reply, as shown in Figure 9.4.
Figure 9.4 • Ping in action
IGMP
Do you remember the idea of IP multicast addresses, described in Chap-
ter 7? The challenge of multicasting is determining who wants to receive
the multicast and who does not. The Internet Group Management Protocol
(IGMP) enables routers to communicate with hosts to determine a “group”
A firewall is a device or
software that filters all the
packets between two computers
(or groups of computers) and
acts like a club bouncer deciding
who gets in and who gets
blocked. Firewalls are vital for
securing modern networks and
will be discussed in Chapter 16.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
228
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9
membership. As you might remember from Chapter 7, multicast is in the
Class D range (224/4). Multicast addresses only use a small subnet of the
Class D range; specifically, they are assigned the network ID of 224.0.0.0/4.
Multicast doesn’t, however, assign IP addresses to individual hosts in the
same manner as you’ve seen thus far. Instead, a particular multicast (called
an IGMP group) is assigned to a 224.0.0.0/4 address, and those who wish to
receive this multicast must tell their upstream router or switch (which must
be configured to handle multicasts) that they wish to receive it. To do so,
they join the IGMP group (Figure 9.5).
The Power of Port Numbers■■
If you want to understand the power of TCP/IP, you have to get seriously
into port numbers. If you want to pass the CompTIA Network+ exam, you
need to know how TCP/IP uses port numbers and you have to memorize a
substantial number of common port numbers. As you saw in the previous
chapter, port numbers make NAT work. As you progress through this book,
you’ll see a number of places where knowledge of port numbers is critical
to protect your network, make routers work better, and address a zillion
other issues. There is no such thing as a network administrator who isn’t
deeply into the magic of port numbers and who cannot manipulate them
for his or her network’s needs.
Let’s review and expand on what you learned about port numbers in
the previous chapter. Thus far, you know that every TCP/IP application
requires a server and a client. Clearly defined port numbers exist for every
popular or well-known TCP/IP application. A port number is a 16-bit value
between 0 and 65535. Web servers, for example, use port number 80. Port
numbers from 0 to 1023 are called well-known port numbers and are reserved
for specific TCP/IP applications.
Figure 9.5 • IGMP in action
TCP/IP port numbers
between 0 and 1023 are the well-
known port numbers. You’ll find
them at every party.
Cross Check
Multicast
You first saw multicast in Chapter 7 when you learned about classful IP
addressing. Refer to that chapter and see if you can answer these ques-
tions. What IP numbers are reserved for multicast? What Class is that?
What is the difference between unicast and multicast?
BaseTech
Chapter 9: TCP/IP Applications
229
When a Web client (let’s say your computer running Firefox) sends
an HTTP ACK to a Web server to request the Web page, your comput-
er’s IP packet looks like Figure 9.6.
As you can see, the destination port number is 80. The computer
running the Web server reads the destination port number, telling it to
send the incoming packet to the Web server program (Figure 9.7).
Figure 9.7 • Dealing with the incoming packet
The Web client’s source port number is generated pseudo-
randomly by the Web client computer. This value varies by operat-
ing system, but generally falls within the values 1024–5000—the port
numbers classically assigned as ephemeral port numbers—and 49152–
65535—the dynamic or private port numbers.
In the early days of the Internet, only ports 1024–5000 were used,
but modern computers can use up all of those. More port numbers
were added later. The Internet Assigned
Numbers Authority (IANA) today rec-
ommends using only ports 49152–65535
as ephemeral port numbers. That’s what
current versions of Windows use as well.
Let’s redraw Figure 9.6 to show the more
complete packet (Figure 9.8).
When the serving system responds
to the Web client, it uses the ephemeral
port number as the destination port to
get the information back to the Web cli-
ent running on the client computer (Fig-
ure 9.9).
A C K
Figure 9.6 • HTTP ACK packet
A C K
Figure 9.8 • A more complete IP packet
Figure 9.9 • Returning the packet
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
230
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9
Registered Ports
The port numbers from 1024 to 49151 are called registered ports. Less-
common TCP/ IP applications can register their ports with the IANA.
Unlike well-known ports, anyone can use these port numbers for their
servers or for ephemeral numbers on clients. Most operating systems steer
away (or are in the process of steering away) from using these port numbers
for ephemeral ports, opting instead for the dynamic/private port numbers.
Here’s the full list of ports:
0–1023 Well-known port numbers
1024–49151 Registered ports
49152–65535 Dynamic or private ports
Each computer on each side of a session must keep track of the status of
the communication. In the TCP/IP world, the session information (a combi-
nation of the IP address and port number) stored in RAM is called a socket
or endpoint. When discussing the data each computer stores about the con-
nection between two computers’ TCP/IP applications, the term to use is
socket pairs or endpoints. A session or connection refers to the connection in
general, rather than anything specific to TCP/IP. Many people still use the
term session, however. Here’s a summary of the terms used:
Terms for the connection data stored on a single computer— ■ socket or
endpoint
Terms for the connection data stored on two computers about the ■
same connection—socket pairs or endpoints
Terms for the whole interconnection— ■ connection or session
As two computers begin to communicate, they store the information about
the session—the endpoints—so they know where to send and receive data.
At any given point in time, your computer probably has a large number of
communications going on. If you want to know who your computer is com-
municating with, you need to see this list of endpoints. As you’ll recall from
Chapter 8, Windows, Linux, and Mac OS X come with netstat, the universal
“show me the endpoint” utility. The netstat utility works at the command
line, so open one up and type netstat –n to see something like this:
C:\>netstat –n
Active Connections
Proto Local Address Foreign Address State
TCP 192.168.4.27:57913 209.29.33.25:80 ESTABLISHED
TCP 192.168.4.27:61707 192.168.4.10:445 ESTABLISHED
C:\>
When you run netstat –n on a typical computer, you’ll see many
more than just two connections! The preceding example is simplified for
purposes of discussing the details. It shows two connections: My comput-
er’s IP address is 192.168.4.27. The top connection is an open Web page
(port 80) to a server at 209.29.33.25. The second connection is an open Win-
dows Network browser (port 445) to my file server (192.168.4.10). Looking
on my Windows Desktop, you would certainly see at least these two win-
dows open (Figure 9.10).
Even though almost all
operating systems use netstat,
there are subtle differences in
options and output among the
different versions.
BaseTech
Chapter 9: TCP/IP Applications
231
Figure 9.10 • Two open windows
Don’t think that a single open application always means a single con-
nection. The following example shows what netstat –n looks like when
I open the well-known www.microsoft.com Web site (I took out the con-
nections that were not involved with the Web browser’s connections to
www.microsoft.com):
C:\>netstat -n
Active Connections
Proto Local Address Foreign Address State
TCP 192.168.4.27:50015 80.12.192.40:80 ESTABLISHED
TCP 192.168.4.27:50016 80.12.192.40:80 ESTABLISHED
TCP 192.168.4.27:50017 80.12.192.40:80 ESTABLISHED
TCP 192.168.4.27:50018 80.12.192.40:80 ESTABLISHED
TCP 192.168.4.27:50019 80.12.192.40:80 ESTABLISHED
TCP 192.168.4.27:50020 80.12.192.51:80 ESTABLISHED
TCP 192.168.4.27:50021 80.12.192.40:80 ESTABLISHED
TCP 192.168.4.27:50022 80.12.192.40:80 ESTABLISHED
TCP 192.168.4.27:50023 80.12.192.40:80 ESTABLISHED
TCP 192.168.4.27:50024 80.12.192.40:80 ESTABLISHED
TCP 192.168.4.27:50025 80.12.192.51:80 ESTABLISHED
TCP 192.168.4.27:50027 80.12.192.40:80 ESTABLISHED
TCP 192.168.4.27:50028 80.12.192.40:80 ESTABLISHED
TCP 192.168.4.27:50036 80.12.192.75:80 ESTABLISHED
www.microsoft.com
www.microsoft.com
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
232
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9
A single simple Web page needs only a single connection, but this Web
page is very complex. Different elements in the Web page, such as adver-
tisements, each have their own connection.
You will see the powerful netstat tool used throughout this book. The
CompTIA Network+ exam also tests your netstat skills. On the other hand,
connections come and go constantly on your computer and netstat, being
a command-line utility, can’t update to reflect changes automatically. All of
the cool, hip, network techs use graphical endpoint tools. Take a moment
right now and download the popular, powerful, and completely free
TCPView, written by Mark Russinovich, the Guru of Windows utilities. Just
type TCPView into your search engine to find it or try going here:
http://technet.microsoft.com/en-us/sysinternals/default.aspx
Click the Networking Utilities icon
to get the latest copy. Figure 9.11
shows TCPView in action. Note the
red and green bars: red is for clos-
ing connections and green shows
new connections as they appear.
TCPView won’t work on any-
thing but Windows, but other
operating systems have equivalent
programs. Linux folks often use the
popular Net Activity Viewer (Fig-
ure 9.12). You can grab a copy of
this program here:
http://netactview.sourceforge.net
Connection Status
Connection states change continu-
ally and it’s helpful when using
tools such as netstat or TCPView
to understand their status at any
given moment. Let’s look at the
status of connections so you under-
stand what each means—this infor-
mation is useful for determining
what’s happening on networked
computers.
A socket that is prepared to respond to any IP packets destined for that
socket’s port number is called an open port or listening port. Every serving
application has an open port. If you’re running a Web server on a computer,
for example, it will have an open port 80. That’s easy enough to appreciate,
but you’ll be amazed at the number of open ports on just about any com-
puter. Fire up a copy of netstat and type netstat –an to see all of your
The netstat utility enables
you to see active TCP/IP
connections at a glance.
Figure 9.11 • TCPView in action
listening ports. Running netstat –an gives a lot of information, so let’s
just look at a small amount:
The –a switch tells netstat
to show all used ports. The –n
instructs netstat to show raw
port numbers and IP addresses.
http://technet.microsoft.com/en-us/sysinternals/default.aspx
http://netactview.sourceforge.net
BaseTech
Chapter 9: TCP/IP Applications
233
listening ports. Running netstat –an gives a lot of information, so let’s
just look at a small amount:
Figure 9.12 • Net Activity Viewer in action
C:\>netstat –an
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:7 0.0.0.0:0 LISTENING
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:912 0.0.0.0:0 LISTENING
TCP 0.0.0.0:990 0.0.0.0:0 LISTENING
TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING
TCP 127.0.0.1:52144 127.0.0.1:52145 ESTABLISHED
TCP 127.0.0.1:52145 127.0.0.1:52144 ESTABLISHED
TCP 127.0.0.1:52146 127.0.0.1:52147 ESTABLISHED
TCP 127.0.0.1:52147 127.0.0.1:52146 ESTABLISHED
TCP 192.168.4.27:139 0.0.0.0:0 LISTENING
TCP 192.168.4.27:52312 74.125.47.108:80 TIME_WAIT
TCP 192.168.4.27:57913 63.246.140.18:80 CLOSE_WAIT
TCP 192.168.4.27:61707 192.168.4.10:445 ESTABLISHED
First, look at this line:
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
This line shows a listening port ready for incoming packets that have a
destination port number of 445. Notice the local address is 0.0.0.0. This is
how Windows tells you that the open port works on all NICs on this PC.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
234
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9
In this case, my PC has only one NIC (192.168.4.27), but even if you have
only one NIC, netstat still shows it this way. This computer is sharing some
folders on the network. At this moment, no one is connected, so netstat
shows the Foreign Address as 0.0.0.0. Incoming requests use port number
445 to connect to those shared folders. If another computer on my network
(192.168.4.83) was accessing the shared folders, this line would look like
TCP 192.168.4.27:445 192.168.4.83:1073 ESTABLISHED
Established ports are active, working endpoint pairs.
Over time all connections eventually close like this one:
TCP 192.168.4.27:57913 63.246.140.18:80 CLOSE_WAIT
This line shows a Web browser making a graceful closure, meaning each
side of the conversation sees the session closing normally.
Not all connections close gracefully. The following line shows a Web
browser that has lost the connection to the other side and is waiting a
defined amount of time:
TCP 192.168.4.27:52312 74.125.47.108:80 TIME_WAIT
This is called a timeout period. Most Web browsers time out in approxi-
mately two minutes.
If data’s going to move back and forth between computers, some pro-
gram must always be doing the sending and/or receiving. Take a look at
this line from netstat –an:
TCP 192.168.4.27:52312 74.125.47.108:80 ESTABLISHED
You see the 80 and might assume the connection is going out to a Web
server. But what program on the computer is sending it? Enter the com-
mand netstat –ano (the –o switch tells netstat to show the process ID).
Although you’ll see many lines, the one for this connection looks like this:
Proto Local Address Foreign Address State PID
TCP 192.168.4.27:52312 74.125.47.108:80 ESTABLISHED 112092
Every running program on your computer gets a process ID (PID), a
number used by the operating system to track all the running programs.
Numbers aren’t very helpful to you, though, because you want to know the
name of the running program. In most operating systems, finding this out
is fairly easy to do. In Windows, type netstat –b:
Proto Local Address Foreign Address State
TCP 127.0.0.1:43543 Sabertooth:43544 ESTABLISHED
[firefox.exe]
In Linux, you can use the ps command:
michaelm@ubuntu:~$ ps
PID TTY TIME CMD
3225 pts/1 00:00:00 bash
3227 pts/1 00:00:00 ps
If you want to find out the PID of a process, you can use the trusty Task
Manager. The PIDs are hidden, by default, in modern versions of Windows,
but they are easy to enable. Simply fire up Task Manager, select the Pro-
cesses tab, select the View menu, and click the Select Columns… option.
BaseTech
Chapter 9: TCP/IP Applications
235
The first option in the list will be PID (Process Identifier). Check the box
and then click OK. Task Manager will now show you the PID for all run-
ning programs.
Another great tool for discovering a process PID (and a whole lot more)
is Mark Russinovich’s Process Explorer; it is a perfect tool for this (Fig-
ure 9.13). The figure shows Process Explorer scrolled down to the bottom
so you can see the program using PID 112092—good old Firefox!
Figure 9.13 • Process Explorer
You might be tempted to say “Big whoop, Mike—what else would use
port 80?” Then consider the possibility that you run netstat and see a line
like the one just shown, but you don’t have a browser open! You determine the
PID and discover the name of the process is “Evil_Overlord.exe.” Some-
thing is running on your computer that should not be there.
To get Process Explorer,
enter Process Explorer in your
search engine to find it or try
going here:
http://technet.microsoft.com/
en-us/sysinternals/default.aspx
Click the Process Utilities icon
to get the latest copy.
http://technet.microsoft.com/en-us/sysinternals/default.aspx
http://technet.microsoft.com/en-us/sysinternals/default.aspx
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
236
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9
Understanding how TCP/IP uses ports is a base skill for any network
tech. To pass the CompTIA Network+ exam, you need to memorize a num-
ber of different well-known ports and even a few of the more popular regis-
tered ports. You must appreciate how the ports fit into the process of TCP/
IP communications and know how to use netstat and other tools to see
what’s going on inside your computer.
The biggest challenge is learning what’s supposed to be running and
what’s not. No one on Earth can run a netstat command and instantly recog-
nize every connection and why it’s running, but a good network tech should
know most of them. For those connections that a tech doesn’t recognize, he
or she should know how to research them to determine what they are.
Rules for Determining Good
vs. Bad Communications
Here is the general list of rules I follow for determining good versus bad
communications (as far as networking goes, at least!):
Memorize a bunch of known ports for common TCP/IP 1.
applications. The next section in this chapter will get you started.
Learn how to use netstat to see what’s happening on your computer. 2.
Learn to use switches such as –a, –n, –o, and –b to help you define
what you’re looking for.
Take the time to learn the ports that normally run on your operating 3.
system. When you see a connection using ports you don’t recognize,
figure out the process running the connection using a utility such as
Linux’s ps or Process Explorer for Windows.
Take the time to learn the processes that normally run on your 4.
operating system. Most operating systems have their own internal
programs (such as Windows’ SVCHOST.EXE) that are normal and
important processes.
When you see a process you don’t recognize, just enter the filename of 5.
the process in a Web search. Hundreds of Web sites are dedicated to
researching mystery processes that will tell you what the process does.
Get rid of bad processes.6.
Common TCP/IP Applications■■
Finally! You now know enough about the Transport layer, port numbering,
and sockets to get into some of the gritty details of common TCP/IP appli-
cations. There’s no pretty way to do this, so let’s start with the big daddy of
them all, the Web.
The World Wide Web
Where would we be without the World Wide Web? If you go up to a non-
nerd and say “Get on the Internet,” most of them will automatically open
a Web browser, because to them the Web is the Internet. The Internet is the
BaseTech
Chapter 9: TCP/IP Applications
237
infrastructure that enables the Web
to function, but it’s certainly more
than just the Web. I think it’s safe
to assume you’ve used the Web,
firing up your Web browser to
surf to one cool site after another,
learning new things, clicking
links, often ending up somewhere
completely unexpected . . . it’s all
fun! This section looks at the Web
and the tools that make it func-
tion, specifically the protocols
that enable communication over
the Internet.
The Web is composed of serv-
ers that store specially format-
ted documents using a language
called Hypertext Markup Lan-
guage (HTML). Figure 9.14 shows
the Web interface built into my
router.
HTML has been around for
a long time and, as a result, has
gone through many versions.
Today many pages are being written in an updated HTML version called
HTML 5, though the specification has not been finalized as of this writing.
See Figure 9.15.
Figure 9.15 • HTML 5 source code
HTML is the most well-
known markup language,
but many others roam the
Web today. Expect to see the
Extensible Markup Language
(XML) on the exam as well.
XML provides the basic format
or language for everything
from application programming
interfaces (APIs) to Microsoft
Office documents.
Figure 9.14 • My router’s Web page
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
238
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9
Web browsers are designed to request HTML pages from Web servers
and then open them. To access a Web page, you enter http:// plus the IP
address of the Web server. When you type the address of a Web server, such
as http://192.168.4.1, you tell the browser to go to 192.168.4.1 and ask for a
Web page. All Web servers have a default Web page that they open unless
you enter something more complex like http://192.168.4.1/status.
Granted, most people don’t enter IP addresses into browsers, but
rather enter text like www.totalsem.com or www.google.com. Memoriz-
ing text addresses is much easier than memorizing IP addresses. Web site
text addresses use a naming protocol called Domain Name System (DNS),
which you will learn about in the next chapter. For now, just enter the IP
address as shown.
HTTP
The Hypertext Transfer Protocol (HTTP) is the underlying protocol used by
the Web, and it runs, by default, on TCP port 80. When you enter http:// at
the beginning of a Web server’s IP address, you are identifying how mes-
sages are formatted and transmitted, requesting and responding to the
transfer of HTML-formatted files. HTTP defines what actions Web servers
and browsers should take in response to various commands.
HTTP has a general weakness in its handling of Web pages: it relays
commands executed by users without reference to any commands pre-
viously executed. The problem with this is that Web designers continue
to design more complex and truly interactive Web pages. HTTP is pretty
dumb when it comes to remembering what people have done on a Web
site. Luckily for Web designers everywhere, other technologies exist to help
HTTP relay commands and thus support more-interactive, intelligent Web
sites. These technologies include JavaScript/AJAX, server-side scripting,
Adobe Flash, and cookies.
Publishing Web Pages
Once you’ve designed and created an HTML document, you can share it
with the rest of the world. To do so, you find a Web server that will “host”
the page. You most certainly can install a Web server on a computer, acquire
a public IP address for that computer, and host the Web site yourself. Self-
hosting is a time-consuming and challenging project, though, so most peo-
ple use other methods. Most Internet service providers (ISPs) provide Web
servers of their own, or you can find relatively inexpensive Web hosting
service companies. The price of Web hosting usually depends on the ser-
vices and drive space offered. Web hosts typically charge around US$10 a
month for simple Web sites.
One option that has been available for a while is free Web hosting. Usu-
ally the services are not too bad, but free Web hosts have limitations. Nearly
all free Web hosts insist on the right to place ads on your Web page. Third-
party ads are not as much of an issue if you are posting a basic blog or fan
Web page, but if you do any sort of business with your Web site, ads can be
most annoying to your customers. The worst sort of free Web host services
place pop-up ads over your Web page. Beyond annoying!
Once you have uploaded your HTML pages to your Web host, the Web
server takes over. What’s a Web server? I’m glad you asked!
Most Web browsers are
pretty forgiving. If you only type
in 192.168.4.1, forgetting the
“http://” part, they just add it
for you.
Before connections to
the Web became fast, many
people used a completely
different Internet service for
swapping information, ideas,
and files. USENET enjoyed
great popularity for some years,
though it barely survives today.
Clients used the Network News
Transfer Protocol (NNTP) to
access USENET over TCP port
119. It might show up as an
incorrect answer on the exam.
www.totalsem.com
www.google.com
BaseTech
Chapter 9: TCP/IP Applications
239
Web Servers and Web Clients
A Web server is a computer that delivers (or serves up) Web pages. Web
servers listen on port 80, fetching requested HTML pages and sending them
to browsers. You can turn any computer into a Web server by installing
server software and connecting the machine to the Internet, but you need to
consider the operating system and Web server program you’ll use to serve
your Web site. Microsoft pushes Internet Information Services (IIS), shown
in Figure 9.16.
Figure 9.16 • IIS in action
IIS enables you to set a maximum connection limit on your Web server
based on available bandwidth and memory. This enables you to protect
your network against an overwhelming number of requests due to a partic-
ularly popular page or a type of malicious attack called a denial of service
(DoS) attack. (More on the latter in Chapter 16.)
Microsoft builds an artificial 20-connection limit into Windows XP, Win-
dows Vista, and Windows 7 so you should only run IIS on Server versions
of Windows (unless you don’t expect too many people to visit your Web
site at one time).
UNIX/Linux-based operating systems run Apache HTTP Server. As of
this writing, Apache serves over 50 percent of the Web sites on the Inter-
net. Apache is incredibly popular, runs on multiple operating systems
(including Windows), and, best of all, is free! In comparison, even with the
weight of Microsoft behind it, IIS still only commands about 25 percent
market share.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
240
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9
Apache is nothing more than an executable program and a bunch of text
files, so it isn’t much to look at. To ease configuration, most Web adminis-
trators use add-on graphical user interfaces (GUIs) such as Webmin that
make administering Apache a breeze. Figure 9.17 illustrates the wonderful
simplicity that is Webmin.
IIS and Apache are by far the most common Web servers on the Internet.
In third place is Google Web Server (GWS). GWS, used only by Google’s
servers, has about 5 percent of the total Web server market! After those
three, there are literally hundreds of other Web servers, but you’ll rarely see
them outside of small personal Web sites.
Web clients are the programs used to surf the Web. A client program
(a Web browser) reads Web pages supplied by the Web server. To access a
server, type either an IP address or, more commonly, the complete name of
the Web server in the address bar. The complete name is often referred to as
the uniform resource locator (URL).
Most browsers handle multiple functions, from reading HTML docu-
ments to offering FTP services, and even serving as e-mail or newsgroup
readers. (You’ll learn all about these functions later in the chapter.) The
most popular Web browsers are Microsoft Internet Explorer, Mozilla Fire-
fox, Apple Safari, Opera, and Google Chrome.
Figure 9.17 • Webmin Apache module
In early 2009, China released
numbers for a Chinese-only Web
server called QZHTTP server
and, as with anything to do
with China and population, the
numbers for hosted sites are
staggeringly large. If accurate
and sustained, QZHTTP would
supplant GWS as the third most
popular Web server software.
Most Windows users just
use Internet Explorer since it
comes with Windows by default.
BaseTech
Chapter 9: TCP/IP Applications
241
Secure Sockets Layer and HTTPS
HTTP is not a secure protocol. Any nosy person who can plug into a net-
work can see and read the HTTP packets moving between a Web server and
a Web client. Less than nice people can easily create a fake Web site to trick
people into thinking it’s a legitimate Web site and then steal their user names
and passwords. For an Internet application to be secure, it must have
Authentication ■ user names and passwords
Encryption ■ stirring up the data so others can’t read it
Nonrepudiation ■ source not able to deny a sent message
While all of Chapter 11 is dedicated to these concepts, I can’t mention
HTTP without at least touching on its secure counterpart, HTTPS. The Web
has blossomed into a major economic player, requiring serious security
for those who wish to do online transactions (e-commerce). In the early
days of e-commerce, people feared that a simple credit card transaction on
a less-than-secure Web site
could transform their dreams
of easy online buying into a
nightmare of being robbed
blind and ending up living in
a refrigerator box. I can safely
say that it was never as bad as
all that. And nowadays, many
safeguards exist that can pro-
tect your purchases and your
anonymity. One such safe-
guard is called Secure Sockets
Layer (SSL). SSL is a protocol
developed by Netscape for
transmitting private docu-
ments over the Internet. SSL
works by using a public key
to encrypt communication.
This encrypted communica-
tion is sent over an SSL con-
nection and then decrypted
at the receiving end using a
private key. All the popular
Web browsers and Web serv-
ers support SSL, and many
Web sites use the protocol to
obtain confidential user infor-
mation, such as credit card
numbers. One way to tell if a site is using SSL is by looking at the Web page
address. By convention, Web pages that use an SSL connection start with
https instead of http.
HTTPS stands for Hypertext Transfer Protocol over SSL. HTTPS uses TCP
port 443. You can also look for a small lock icon in the lower-right corner
of your browser window. Figure 9.18 shows a typical secure Web page. The
https: in the address and the lock icon are circled.
Many techs refer to HTTPS
as Hypertext Transfer Protocol
Secure, probably because it’s
easier to explain to non-techs
that way. Don’t be surprised
to see it listed this way on the
CompTIA Network+ exam.
Figure 9.18 • Secure Web page
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
242
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9
The last few years have seen SSL replaced with the more powerful Trans-
port Layer Security (TLS). Your secure Web page still looks the same as with
SSL, so only the folks setting this up really care. Just make sure you know
that SSL and TLS are functionally the same with Web pages. Read Chapter
11 for more details on SSL and TLS.
Telnet
Roughly one billion years ago, there was no such thing as the Internet or
even networks… Well, maybe it was only about 40 years ago, but as far as
nerds like me are concerned, a world before the Internet was filled with
brontosauruses and palm fronds. The only computers were huge monsters
called mainframes and to access them required a dumb terminal like the
one shown in Figure 9.19.
Operating systems didn’t have windows and pretty
icons. The interface to the mainframe was a command line,
but it worked just fine for the time. Then the cavemen who
first lifted their heads up from the computer ooze known as
mainframes said to themselves, “Wouldn’t it be great if we
could access each other’s computers from the comfort of our
own caves?” That was what started the entire concept of a
network. Back then, the idea of sharing folders or printers or
Web pages hadn’t been considered yet. The entire motivation
for networking was so people could sit at their dumb termi-
nals and, instead of accessing only their local mainframes,
access totally different mainframes. The protocol to do this
was called the Telnet Protocol or simply Telnet.
Even though PCs have replaced mainframes for the most
part, Telnet still exists as the way to connect remotely to
another computer via the command line (Figure 9.20). Tel-
net runs on TCP port 23, enabling you to connect to a Telnet
server and run commands on that server as if you were sit-
ting right in front of it.
HTTP enables you to access
the Web, but HTTPS gets you
there securely. HTTPS uses TLS
to provide the security.
Figure 9.19 • Dumb terminal (photo courtesy of DVQ)
Figure 9.20 • Telnet client
BaseTech
Chapter 9: TCP/IP Applications
243
This way, you can remotely administer a server and communicate
with other servers on your network. As you can imagine, this is sort of
risky. If you can remotely control a computer, what is to stop others from
doing the same? Thankfully, Telnet does not allow just anyone to log on
and wreak havoc with your network. You must enter a user name and
password to access a Telnet server. Unfortunately, Telnet does not have
any form of encryption. If someone intercepted the conversation between
a Telnet client and Telnet server, he or she would see all of the commands
you type as well as the results from the Telnet server. As a result, Telnet is
rarely used on the Internet and has been replaced with Secure Shell (SSH),
a terminal emulation program that looks exactly like Telnet but encrypts
the data.
Even though Telnet is less common than SSH, Telnet is a popular sec-
ond option to connect to almost anything on a trusted TCP/IP network.
Most routers have Telnet access capability (although many router admins
turn it off for security). Almost every operating system has a built-in Tel-
net client and most operating systems—though not all Windows oper-
ating systems—come with built-in Telnet servers. Almost every type of
server application has some way for you to access it with Telnet. It was
once quite common, for example, to administer Apache-based Web serv-
ers through Telnet.
Telnet Servers and Clients
The oldest Telnet server, found on UNIX
and Linux systems, is the venerable telnetd.
Like most UNIX/Linux servers, telnetd isn’t
much to look at, so let’s move over to the
Windows world. Since the halcyon days of
Windows NT, Windows has come with a
basic Telnet server. It is disabled, by default,
in modern Windows systems, and for good
reason: Telnet is a gaping security hole. The
built-in server is very limited and Microsoft
discourages its use. I prefer to use this great
little third-party server called freeSSHd (Fig-
ure 9.21). Note the name—freeSSHd, not
“freeTelnet.” As Telnet fades away and SSH
becomes more dominant, finding a Telnet-
only server these days is hard. All of the
popular Telnet servers are also SSH servers.
A Telnet client is the computer from
which you log onto the remote server. Most
operating systems have a built-in Telnet cli-
ent that you run from a command prompt.
Figure 9.22 shows the Telnet client built into
Ubuntu Linux. Just open a terminal window
and type telnet and the IP address of the
Telnet server.
Telnet only enables
command-line remote access;
it does not enable GUI access.
If you want to access another
computer’s desktop remotely,
you need another type of
program.
Some versions of Windows
Server came with a rather poor
Telnet server that only allowed
a maximum of two client
connections.
Figure 9.21 • freeSSHd
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
244
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9
Figure 9.22 • Ubuntu Telnet
Command-prompt Telnet clients lack a number of handy features. They
can’t, for example, remember the IP addresses, user names, or passwords
for Telnet servers, so every time you use Telnet, you have to enter all that
information again. Third-party Telnet clients, such as the very popular
PuTTY, which you saw in Chapter 8, store all this information and much
more (Figure 9.23).
Figure 9.23 • PuTTY
BaseTech
Chapter 9: TCP/IP Applications
245
Configuring a Telnet Client
When you configure a Telnet client, you must provide the host name, your
user login name, and the password. As I mentioned previously, you must
have permission to access the server to use Telnet. A host name is the name
or IP address of the computer to which you want to connect. For instance,
you might connect to a Web server with the host name websrv.mhteched.
com. The user login name you give Telnet should be the same login name
you’d use if you logged into the server at its location. Some computers,
usually university libraries with online catalogs, have open systems that
enable you to log in with Telnet. These sites either display a banner before
the login prompt that tells you what login name to use, or they require no
login name at all. As with the login name, you use the same password for
a Telnet login that you’d use to log into the server directly. It’s that simple.
Computers with open access either tell you what password to use when
they tell you what login name to use, or they require no login name/
password at all.
Rlogin, RSH, and RCP
The CompTIA Network+ exam tests you on rlogin, RSH, and RCP. These
are three old-school programs in the UNIX world. The R stands for remote,
and, like Telnet and SSH, these programs provide remote access and control
of servers. Also like Telnet, they do not encrypt data and thus should not be
used across the Internet. Here is a quick breakdown of the suite:
■ Remote Login (rlogin) works very similarly to Telnet. You simply
run the program with the host name of the server, and you can
connect and run commands just like with Telnet. Rlogin has one
very nice advantage over Telnet in that you can configure it to log in
automatically without needing to enter a user name and password.
It only connects to UNIX hosts, unlike Telnet. Rlogin works over
TCP port 513.
■ Remote Shell (RSH) enables you to send single commands to the
remote server. Whereas rlogin is designed to be used interactively,
RSH can be easily integrated into a script. RSH runs over TCP port
514 by default.
■ Remote Copy Protocol (RCP) provides the capability to copy files to
and from the remote server without needing to resort to FTP or NFS
(Network File System, the UNIX form of folder sharing). RCP can
also be used in scripts and shares TCP port 514 with RSH.
SSH and the Death of Telnet
From the earliest days of the Internet, Telnet has seen long and heavy use in
the TCP world, but it suffers from lack of any security. Telnet passwords as
well as data are transmitted in cleartext and are thus easily hacked. To that
end, SSH has now replaced Telnet for any serious terminal emulation. In
terms of what it does, SSH is extremely similar to Telnet in that it creates a
terminal connection to a remote host. Every aspect of SSH, however, includ-
ing both login and data transmittal, is encrypted. SSH also uses TCP port 22
instead of Telnet’s port 23.
Telnet enables you to control
a remote computer from a local
computer over a network.
SSH enables you to control
a remote computer from a local
computer over a network, just
like Telnet. Unlike Telnet, SSH
enables you to do it securely!
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
246
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9
E-mail
Electronic mail (e-mail) has been a major part of the Internet revolution and
not just because it has streamlined the junk mail industry. E-mail provides
an extremely quick way for people to communicate with one another, letting
you send messages and attachments (like documents and pictures) over the
Internet. It’s normally offered as a free service by ISPs. Most e-mail client
programs provide a rudimentary text editor for composing messages, but
many can be configured to let you edit your messages using more sophis-
ticated editors.
E-mail consists of e-mail clients and e-mail servers. When a message is
sent to your e-mail address, it is normally stored in an electronic mailbox on
your e-mail server until you tell the e-mail client to download the message.
Most e-mail client programs can be configured to signal you in some way
when a new message has arrived or to download e-mails automatically as
they come to you. Once you read an e-mail message, you can archive it, for-
ward it, print it, or delete it. Most e-mail programs are configured to delete
messages from the e-mail server automatically when you download them
to your local machine, but you can usually change this configuration option
to suit your circumstances.
E-mail programs use a number of application-level protocols to send
and receive information. Specifically, the e-mail you find on the Internet
uses SMTP to send e-mail, and either POP3 or IMAP4 to receive e-mail.
SMTP, POP3, and IMAP4, Oh My!
The following is a list of the different protocols that the Internet uses to
transfer and receive mail:
SMTP The Simple Mail Transfer Protocol (SMTP) is used to send e-mail.
SMTP travels over TCP port 25 and is used by clients to send messages.
POP3 Post Office Protocol version 3 (POP3) is one of the two protocols that
receive e-mail from SMTP servers. POP3 uses TCP port 110. Most e-mail
clients use this protocol, although some use IMAP4.
IMAP4 Internet Message Access Protocol version 4 (IMAP4) is an alternative
to POP3. Like POP3, IMAP4 retrieves e-mail from an e-mail server. IMAP4
uses TCP port 143 and supports some features that are not supported in
POP3. For example, IMAP4 enables you to search through messages on the
mail server to find specific keywords and select the messages you want to
download onto your machine. IMAP4 also supports the concept of fold-
ers that you can place on the IMAP4 server to organize your e-mail. Some
POP3 e-mail clients have folders, but that’s not a part of POP3, just a nice
feature added to the client.
Alternatives to SMTP, POP3, and IMAP4
Although SMTP, POP3, and IMAP4 are by far the most common and most
traditional tools for sending and receiving e-mail, two other options are
widely popular: Web-based e-mail and proprietary solutions. Web-based
mail, as the name implies, requires a Web interface. From a Web browser,
BaseTech
Chapter 9: TCP/IP Applications
247
you simply surf to the Web-
mail server, log in, and access
your e-mail. The cool part is
that you can do it from any-
where in the world where
you find a Web browser and
an Internet hookup! You get
the benefit of e-mail with-
out even needing to own a
computer. Some of the more
popular Web-based services
are Google’s Gmail (Figure
9.24), Microsoft’s Windows
Live Hotmail, and Yahoo!’s
Yahoo! Mail.
The key benefits of Web-
based e-mail services are as
follows:
You can access your ■
e-mail from anywhere.
They’re free. ■
They’re handy for throw-away accounts (like when you’re required ■
to give an e-mail address to download something, but you know
you’re going to get spammed if you do).
E-mail Servers
The e-mail server world is
much more fragmented than
the Web server world. The
current leader is sendmail
used on Linux and UNIX
operating systems. Like
Apache, sendmail doesn’t
really have an interface, but
many different third-party
interfaces are available to
help configure sendmail,
such as Webmin shown in
Figure 9.25.
Sendmail controls about
20 percent of all e-mail serv-
ers but only uses SMTP. You
must run a POP3 or IMAP4
server program to support
e-mail clients. Programs like
Eudora’s Qpopper handle
sending mail to POP3 e-mail
Figure 9.24 • Gmail in action
Figure 9.25 • Webmin with the sendmail module
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
248
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9
clients. Microsoft, of course,
has its own e-mail server,
Microsoft Exchange Server,
and like IIS, it only runs
on Windows (Figure 9.26).
Exchange Server is both an
SMTP and a POP3 server in
one package.
E-mail servers accept
incoming mail and sort out
the mail for recipients into
individual storage area
mailboxes. These mailboxes
are special separate holding
areas for each user’s e-mail.
An e-mail server works
much like a post office, sort-
ing and arranging incoming
messages, and kicking back
those messages that have no
known recipient.
E-mail servers are difficult to manage. E-mail servers store user lists,
user rights, and messages, and are constantly involved in Internet traffic
and resources. Setting up and administering an e-mail server takes a lot
of planning, although it’s getting easier. Most e-mail server software runs
in a GUI, but even the command-line-based interface of e-mail servers is
becoming more intuitive.
E-mail Client An e-mail
client is a program that runs
on a computer and enables
you to send, receive, and
organize e-mail. The e-mail
client program communi-
cates with the SMTP e-mail
server to send mail and com-
municates with the IMAP or
POP e-mail server to down-
load the messages from the
e-mail server to the client
computer. There are hun-
dreds of e-mail programs,
some of the most popu-
lar of which are Microsoft
Outlook, Microsoft’s Win-
dows Mail (Figure 9.27),
Mozilla Thunderbird, and
Qualcomm’s Eudora.
Configuring an E-mail
Client Configuring a cli-
ent is an easy matter. Your
Figure 9.26 • Microsoft Exchange Server
Figure 9.27 • Windows Mail
BaseTech
Chapter 9: TCP/IP Applications
249
mail administrator will give
you the server’s domain
name and your mailbox’s
user name and password.
You need to enter the POP3
or IMAP4 server’s domain
name and the SMTP server’s
domain name to the e-mail
client (Figure 9.28). Every
e-mail client has a different
way to add the server domain
names or IP addresses, so you
may have to poke around,
but you’ll find the option
there somewhere! In many
cases, this may be the same
name or address for both the
incoming and outgoing serv-
ers—the folks administering
the mail servers will tell you.
Besides the e-mail server
domain names or addresses,
you must also enter the user
name and password of the e-mail account the client will be managing.
FTP
File Transfer Protocol (FTP) is the original protocol used on the Internet for
transferring files. Although HTTP can be used to transfer files as well, the
transfer is often not as reliable or as fast as with FTP. In addition, FTP can
do the transfer with security and data integrity. FTP uses TCP ports 21 and
20 by default, although passive FTP only uses port 21 for a default. See the
discussion on active versus passive FTP later in this chapter.
FTP sites are either anonymous sites, meaning that anyone can log on,
or secured sites, meaning that you must have a user name and password to
access the site and transfer files. A single FTP site can offer both anonymous
access and protected access, but you’ll see different resources depending on
which way you log in.
FTP Servers and FTP Clients
The FTP server does all the real work of storing the files, accepting incom-
ing connections and verifying user names and passwords, and transferring
the files. The client logs onto the FTP server (either from a Web site, a com-
mand line, or a special FTP application) and downloads the requested files
onto the local hard drive.
FTP Servers We don’t set up servers for Internet applications nearly as
often as we set up clients. I’ve set up only a few Web servers over the years
whereas I’ve set up thousands of Web browsers. FTP servers are the one
exception, as we nerds like to exchange files. If you have a file you wish to
share with a lot of people (but not the entire Internet), there are few options
Figure 9.28 • Entering server information in Windows Mail
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
250
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9
better than whipping up a quick FTP server. Most versions of Linux/UNIX
have built-in FTP servers, but many third-party applications offer better
solutions. One of the best, especially for those “let me put up an FTP server
so you guys can get a copy” type of situations, is Mozilla’s FileZilla Server
(Figure 9.29).
FTP is not very secure
because data transfers are
not encrypted, so you don’t
want to use FTP for sensi-
tive data. But you can add
user names and passwords
to prevent all but the most
serious hackers from access-
ing your FTP server. I avoid
using the anonymous login
because unscrupulous peo-
ple could use the server for
exchanging illegal software.
Another thing to check
when deciding on an FTP
server setup is the number of
clients you want to support.
Most anonymous FTP sites
limit the number of users
who may download at any
one time to around 500. This
protects you from a sudden
influx of users flooding your
server and eating up all your
Internet bandwidth.
Most Web servers are also
FTP servers. These bundled
versions of FTP servers are
robust but do not provide all the
options one might want.
Figure 9.29 • FileZilla Server
Try This!
Doing FTP
Never done FTP? Do a Web search for “Public FTP servers” and try
accessing them from your Web browser. Then download a dedicated FTP
client and try again! There are thousands of public FTP servers out there.
FTP Clients FTP clients, as noted before, can access an FTP server through a
Web site, a command line, or a special FTP application. Usually special FTP
applications offer the most choices for accessing and using an FTP site.
You have many choices when it comes to FTP clients. For starters, some
Web browsers handle FTP as well as HTTP, although they lack a few fea-
tures. For example, Firefox only supports an anonymous login. To use your
Web browser as an FTP client, type ftp:// followed by the IP address or
domain name of the FTP server (Figure 9.30).
Every operating system has
a command-line FTP client. I
avoid using them unless I have
no other choice because they
lack important features like the
ability to save FTP connections
to use again later.
BaseTech
Chapter 9: TCP/IP Applications
251
The best way to use FTP is to
use a dedicated FTP client. So
many good ones are available
that I find myself using a differ-
ent one all the time. FileZilla
comes in a client version, but
these days, I’m using an add-on
to Firefox called FireFTP (Fig-
ure 9.31).
Passive vs. Active FTP
FTP has two ways to transfer
data: active and passive FTP. Tra-
ditionally, FTP uses the active
process—let’s see how this
works. Remember that FTP uses
TCP ports 20 and 21? Well, when
your client sends an FTP request,
it goes out on port 21. When your
FTP server responds, however,
it sends the data back using an
ephemeral destination port and
port 20 as a source port.
Active FTP works great unless your client uses NAT. Since your client
didn’t initiate the incoming port 20, your NAT router has no idea where to
send this incoming packet. Additionally, any good firewall sees this incom-
ing connection as something evil because it doesn’t have anything inside
the network that started the link on port 20. No problem! Good FTP clients
Figure 9.31 • FireFTP hard at work
FTP Clients FTP clients, as noted before, can access an FTP server through a
Web site, a command line, or a special FTP application. Usually special FTP
applications offer the most choices for accessing and using an FTP site.
You have many choices when it comes to FTP clients. For starters, some
Web browsers handle FTP as well as HTTP, although they lack a few fea-
tures. For example, Firefox only supports an anonymous login. To use your
Web browser as an FTP client, type ftp:// followed by the IP address or
domain name of the FTP server (Figure 9.30).
Figure 9.30 • FTP in a Web browser
Tech Tip
Firefox Add-Ons
Firefox enables programmers to
create add-ons, small programs
that extend the capabilities of
the browser with some pretty
impressive results. Are you
unfamiliar with Firefox add-ons?
Start Firefox. Click Firefox/Add-
ons (or Tools/Add-ons in older
versions), and a whole new world
will open for you. A couple of my
favorites are Mouse Gestures—
where you can flick the mouse
left or right to navigate through
windows and Web sites you’ve
visited—and Speed Dial—quick
access to your favorite sites.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
252
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9
all support passive FTP. With passive FTP, the server doesn’t use port 20.
Instead, the client sends an FTP request on port 21, just like active FTP. But
then the server sends back a random port number, telling the client which
port it’s listening on for data requests. The client, in turn, sends data to the
port specified by the FTP server. Because the client initiates all conversa-
tions, the NAT router knows where to send the packet.
The only trick to passive FTP is that the client needs to expect this other
incoming data. When you configure an FTP client for passive, you’re telling
it to expect these packets.
Internet Applications
Use this table as a review tool to help you remember each Internet
application:
Application TCP/UDP Port Notes
HTTP TCP 80 The Web
HTTPS TCP 443 The Web, securely
Telnet TCP 23 Terminal emulation
SSH TCP 22 Secure terminal emulation
SMTP TCP 25 Sending e-mail
POP3 TCP 110 E-mail delivery
IMAP4 TCP 143 E-mail delivery
FTP TCP 20/21 (active)
21 (passive)
File transfer
TFTP UDP 69 File transfer
Trivial File Transfer Protocol
(TFTP) is used for transferring
files and has a similar-sounding
name to FTP, but beyond that
it is very different. TFTP uses
UDP port 69 and does not use
user names and passwords,
although you can usually set
some restrictions based on the
client’s IP address. TFTP is not
at all secure, so never use it
on any network that’s less than
trustworthy.
BaseTech
253
Chapter 9: TCP/IP Applications
Chapter 9 Review■■
Chapter Summary ■
After reading this chapter and completing the exercises,
you should understand the following about the basics
of TCP/IP.
Describe common Transport and Network layer
protocols
TCP/IP involves many more protocols other ■
than just TCP over IP. HTTP, DHCP, POP, UDP,
and ICMP are just a few of the hundreds of other
protocols that operate over IP.
Connections between computers are called ■
sessions. If every communication requires an
acknowledgment from the receiving computer,
the session is said to be connection-oriented.
Otherwise, the session is connectionless.
TCP is a connection-oriented protocol whereas ■
UDP is connectionless. Most TCP/IP applications
use TCP because connection-oriented sessions
are designed to check for errors. If a receiving
computer detects a missing packet, it just asks for a
repeat as needed.
ICMP works at Layer 3 to deliver connectionless ■
packets. ICMP handles mundane issues such
as disconnect messages (host unreachable) that
applications use to let the other side of a session
know what’s happening.
IGMP enables routers to forward multicast IP ■
packets to IGMP groups.
Explain the power of port numbers
Well-known port numbers fall within the range ■
0–1023. Web servers use port 80.
Ephemeral port numbers fall within the range ■
1024–5000—the classic ephemeral ports—and
49152–65535—the dynamic or private ports. Most
current operating systems use ports 49152–65535
for the ephemeral ports.
Registered ports are those that have been ■
registered with the Internet Assigned Numbers
Authority and fall within the range 1024–49151.
Information about a session is stored in RAM ■
and is called a socket. The sockets stored by two
computers in a session with each other are called
socket pairs or endpoints.
The netstat command-line utility, with the ■ –n
switch, is used to view a list of endpoints. It
can’t automatically update to display real-time
information, however.
An open port, or listening port, is a socket ■
prepared to respond to incoming IP packets.
You can type netstat –an to see all of your
listening ports.
You can use the ■ netstat –ano command to
identify which application is using a specific port,
allowing you to identify malicious software.
The netstat switches ■ –a, –n, -b, and –o are
important for any tech to know.
Define common TCP/IP applications, such as HTTP,
HTTPS, Telnet, e-mail (SMTP, POP3, and IMAP4),
and FTP
HTTP stands for the Hypertext Transfer Protocol. ■
HTTP uses port 80 to transmit the common data
used in Web pages.
To make Web pages available to the public, the ■
Web pages must reside on a computer with
Web server software installed and configured.
Microsoft’s Internet Information Services and
Apache HTTP Server are the most common Web
server software.
A Web client is a program, such as a Web browser, ■
that displays or reads Web pages.
HTTPS stands for Hypertext Transfer Protocol ■
over Secure Sockets Layer (SSL), which uses port
443. HTTPS protects sensitive data, like credit
card numbers and personal information, by
encrypting it.
Telnet is a protocol that enables a user with the ■
proper permissions to log onto a host computer,
acting as a Telnet client. The user can then perform
tasks on a remote computer, called a Telnet server,
as if he or she were sitting at the remote computer
itself.
254
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9
Telnet sends passwords and data in easily detected ■
cleartext or plaintext, so most servers use Secure
Shell (SSH) now.
The UNIX utilities rlogin, RSH, and RCP enable a ■
user to issue commands to a server remotely. They
should not be used across the Internet because
none of them encrypt data.
The term e-mail stands for electronic mail. E-mail ■
is sent using the SMTP protocol on port 25 and is
received using either POP3 (on port 110) or IMAP4
(on port 143).
E-mail servers are needed to help forward, store, ■
and retrieve e-mail messages for end users, who
need a valid user name and password to gain
access. E-mail can also contain attachments like
pictures or small programs or data files.
Sendmail is the leading e-mail server for Linux and ■
UNIX, but it only supports SMTP. Exchange Server
is the e-mail server software from Microsoft, and it
supports both SMTP and POP.
A mailbox is a storage area with an e-mail server ■
that holds all the e-mail for a specific user.
An e-mail client allows you to send, receive, and ■
organize e-mail. Popular e-mail clients include
Microsoft Outlook, Windows Mail, Mozilla
Thunderbird, and Qualcomm’s Eudora.
FTP stands for File Transfer Protocol, which uses ■
ports 20 and 21, and efficiently transmits large
files. Many FTP sites allow anonymous access
to avoid end users sending their passwords in
cleartext format.
Active FTP uses both ports 20 and 21 and can be ■
problematic if you are using NAT. The incoming
connection from the server can appear to be
unsolicited. These make firewalls unhappy.
Passive FTP uses only port 21 and works fine ■
with NAT.
Trivial FTP (TFTP) uses UDP port 69 and does ■
not use user names or passwords, making it very
insecure.
A good network tech knows the port numbers for ■
popular Internet applications and protocols such
as HTTP, Telnet, SSH, SMTP, POP3, IMAP4, FTP,
and TFTP.
Key Terms ■
Apache HTTP Server (239)
connection (230)
connectionless (225)
connection-oriented (225)
dynamic port number (229)
electronic mail (e-mail) (246)
e-mail client (248)
endpoint (230)
endpoints (230)
ephemeral port number (229)
File Transfer Protocol (FTP) (249)
Hypertext Transfer Protocol (HTTP) (238)
Hypertext Transfer Protocol over SSL (HTTPS) (241)
Internet Control Message Protocol (ICMP) (227)
Internet Group Management Protocol (IGMP) (227)
Internet Information Services (IIS) (239)
Internet Message Access Protocol version 4
(IMAP4) (246)
listening port (232)
mailbox (248)
netstat (230)
open port (232)
Post Office Protocol version 3 (POP3) (246)
private port number (229)
registered port (230)
Remote Copy Protocol (RCP) (245)
Remote Login (rlogin) (245)
Remote Shell (RSH) (245)
Secure Shell (SSH) (243)
Secure Sockets Layer (SSL) (241)
sendmail (247)
session (225)
Simple Mail Transfer Protocol (SMTP) (246)
socket (230)
socket pairs (230)
TCP three-way handshake (226)
Telnet (242)
Transmission Control Protocol (TCP) (225)
Trivial File Transfer Protocol (TFTP) (227)
User Datagram Protocol (UDP) (226)
well-known port number (228)
BaseTech
255
Chapter 9: TCP/IP Applications
Key Term Quiz ■
Use the Key Terms list to complete the sentences that
follow. Not all terms will be used.
The TCP port numbers ranging from 0–1023 are 1.
called _______________.
The TCP port numbers ranging from 1024–49151 2.
are called _______________.
The protocol used to transmit large files over 3.
the Web using both ports 20 and 21 is called
_______________.
The protocol that is not as popular as POP3 for 4.
receiving e-mail is _______________.
Port 23 is used by _______________ to emulate 5.
terminals on TCP/IP networks.
When you send out an e-mail message it uses 6.
_______________.
The quickest way to send information about an 7.
upcoming meeting to a few co-workers would be
to send a(n) _______________.
The _______________ utility can be used to view 8.
the endpoints of your computer’s sessions.
Telnet has largely been replaced by 9.
_______________, which provides better security
through data encryption.
TCP is _______________ in that it requires 10.
computers to acknowledge each other, whereas
UDP is _______________ in that it provides no
guarantee packets were successfully received.
Multiple-Choice Quiz ■
What port number is the well-known port used 1.
by Web servers to distribute Web pages to Web
browsers?
Port 20A.
Port 21B.
Port 25C.
Port 80D.
What protocol handles large file transfers 2.
between Internet users?
FTPA.
IMAPB.
POP3C.
SMTPD.
How can you tell that a secure Web page 3.
transaction is taking place?
The URL in the address bar starts with https.A.
The URL in the address bar starts with B.
http/ssl.
The URL in the address bar starts with ssl.C.
The URL in the address bar starts with tls.D.
Jane has been tasked to find and implement 4.
an application that will enable her boss to log
into and control a server remotely and securely.
Which of the following applications would
work best?
E-mailA.
FTPB.
TelnetC.
SSHD.
How do Web pages get created on the Internet?5.
By ICANNA.
By InterNICB.
By publishing themC.
By the FCCD.
Which of the following Microsoft operating 6.
systems limit Web site access from other systems
when using Internet Information Services
software? (Select three.)
Windows XPA.
Windows VistaB.
Windows 7C.
Windows 2003 ServerD.
256
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9
Which of the following are names of Web server 7.
software? (Select two.)
ApacheA.
ExchangeB.
IISC.
Proxy serverD.
Which of the following are names of Internet 8.
browser software? (Select two.)
Internet SurfwareA.
Internet ExplorerB.
FirefoxC.
WS_FTPD.
Which of the following items does the9. S in
HTTPS represent?
Proxy serverA.
Secure Sockets LayerB.
Subnet maskC.
SwitchD.
When using Windows, which command will 10.
show all used ports and the IP addresses using
them?
telnet localhost 25A.
telnet –anoB.
netstat –anC.
netstat –aoD.
What is the main difference between TCP 11.
and UDP?
TCP is connection-oriented, whereas UDP A.
is connectionless.
TCP supports HTTPS, whereas UDP B.
supports SSL.
TCP sessions can be encrypted, whereas UDP C.
sessions cannot.
TCP is used on Windows, whereas UDP is D.
used on Linux/UNIX/Mac OS X.
Which connectionless protocol handles mundane 12.
chores like disconnect messages?
TCPA.
UDPB.
ICMPC.
IGMPD.
Which of the following provide Web services? 13.
(Select three.)
ApacheA.
IISB.
GWSC.
ExchangeD.
Which Linux/UNIX utility enables you to 14.
connect to a server automatically and run
commands without entering a user name and
password every time?
TelnetA.
rloginB.
RSHC.
RCPD.
What should you do if you are having difficulty 15.
transferring files with your FTP client when your
router supports NAT?
Configure your FTP client to use active FTP.A.
Configure your FTP client to use passive FTP.B.
Use SSH to transfer your files instead.C.
Use Telnet to connect to the server and then D.
use netstat to transfer the files.
BaseTech
257
Chapter 9: TCP/IP Applications
Essay Quiz ■
Your company is interested in setting up secure 1.
Web pages for credit card transactions. The
company currently does have a Web presence.
Write two short paragraphs describing the two
different port numbers that would be used on
the company’s improved Web site.
After checking various e-mail settings, a 2.
colleague of yours mentions port numbers. Write
down some quick notes about which TCP ports
would handle e-mail.
Write down a few notes explaining why some 3.
Web pages have an extra s after the http in their
Web addresses. Be prepared to discuss your
findings in class.
Write a paragraph that describes what a Web 4.
server does. Write a second paragraph that
describes what an e-mail server does.
Lab Project 9.1 •
Start some Internet programs, like a Web
browser, an e-mail or FTP client, or an instant
messenger. Open a command prompt and type
netstat –ano or netstat -b. Make a list of
the well-known ports in use and the process ID
using the port. Then write the actual name of the
application identified by the process ID. Linux
users can type ps to learn the application name
of a process ID, but Windows users have to use a
third-party tool like Process Explorer.
Lab Project 9.2 •
Using a word processing program or a
spreadsheet program, create a chart that lists
all the port numbers mentioned in this chapter,
similar to the following list. Use the Internet to
look up other commonly used port numbers as
well. Fill in the Abbreviation column, the Full
Name column, and the Brief Description column.
Repeat this lab exercise several times until you
have memorized it fully. This activity will help
you pass the CompTIA Network+ exam!
Port # Abbreviation Full Name Brief Description of What This Port Does…
20
21
22
23
25
80
110
143
443
Lab ProjectsLab Projects
chapter
258
10
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10
Network Naming
What’s in a name? That which
we call a rose
By any other name would smell
as sweet.
—William ShakeSpeare
In this chapter, you will learn
how to
Describe the function and ■■
capabilities of DNS
Configure and troubleshoot WINS■■
Use common TCP/IP utilities to ■■
diagnose problems with DNS
and WINS
Did the last chapter seem a bit IP address-heavy to you? When you open a Web page, for example, do you normally type something like
http://192.168.4.1, or do you usually type something like www.totalsem.com?
Odds are good you normally do the latter and only rarely the former. Why?
People are terrible at memorizing numbers, but are pretty good at memorizing
words. This creates an interesting dilemma.
Although computers use IP addresses to communicate with each other over
a TCP/IP network, people prefer easy-to-remember names over IP addresses. To
solve this problem, TCP/IP developers created a process called name resolution
to convert names to IP addresses (and vice versa) to make it easier for people to
communicate with computers (Figure 10.1).
Like any process that’s been around for a long time, name resolution has
gone through a number of evolutions over the years: some dramatic and some
subtle. Entire TCP/IP applications have been written, only to be supplanted (but
never totally abandoned) by newer name resolution protocols.
www.totalsem.com?
BaseTech
Chapter 10: Network Naming
259
Today, we use a single major name resolution proto-
col called Domain Name System (DNS), but your brand-
new system running the latest version of whatever oper-
ating system you prefer still fully supports a number of
much older name resolution protocols! Name resolution
in today’s networking world is like a well-run home
that’s also full of ghosts that can do very strange things
if you don’t understand how those ghosts think.
In this chapter, you’ll take an in-depth tour of name
resolution, starting with a discussion of DNS. After
DNS, the chapter looks at one of the scariest ghosts
running around inside your computer: an ancient
and theoretically abandoned name resolution pro-
tocol invented by Microsoft called Windows Internet
Name Service (WINS). Despite what Microsoft claims,
the ghost of WINS still lingers, not only on Windows
computers but also on Linux and Mac OS X systems;
as these folks discovered, if you don’t respect these
ghosts, you won’t be able to do name resolution when you connect to a
Windows computer.
Odds are good you have a system that is connected—or at least can
connect—to the Internet. If I were you, I’d fire up that system because the
vast majority of the programs you’re going to learn about here come free
with every operating system. Finding them may be a challenge on some
systems, but don’t worry—I’ll show you where they all hang out.
Historical/Conceptual
DNS■■
When the Internet was very young and populated with only a few hun-
dred computers, name resolution was pretty simple. The original TCP/IP
specification implemented name resolution using a special text file called
HOSTS. A copy of this file was stored on every computer system on the
Internet. The HOSTS file contained a list of IP addresses for every computer
on the Internet, matched to the corresponding system names. Remember,
not only was the Internet a lot smaller then, but also there weren’t yet rules
about how to compose Internet names, such as that they must end in .com
or .org, or start with www or ftp. Anyone could name their computer pretty
much anything they wanted (there were a few restrictions on length and
allowable characters) as long as nobody else had snagged the name first.
Part of an old HOSTS file might look something like this:
192.168.2.1 fred
201.32.16.4 school2
123.21.44.16 server
Figure 10.1 • Turning names into numbers
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
260
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10
If your system wanted to access the system called fred, it looked up the
name fred in its HOSTS file and then used the corresponding IP address to
contact fred. Every HOSTS file on every system on the Internet was updated
every morning at 2 a.m. This worked fine when the Internet was still the
province of a few university geeks and some military guys, but when the
Internet grew to about 5000 systems, it became impractical to make every
system use and update a HOSTS file. This created the motivation for a more
scalable name resolution process, but the HOSTS file did not go away.
Believe it or not, the HOSTS file is still alive and well in every computer.
You can find the HOSTS file in the \WinNT\System32\Drivers\Etc folder
in Windows 2000, and in \Windows\System32\Drivers\Etc in Windows
XP/2003/Vista/7. On OS X and Linux systems, you usually find it in the /etc/
folder. The HOSTS file is just a text file that you can open with any text editor.
Here are a few lines from the default HOSTS file that comes with Windows.
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a ‘#’ symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
See the # signs? Those are remark symbols that designate lines as comments
(for humans to read) rather than code. Windows ignores any line that begins
with #. Remove the # and Windows will read the line and try to act on it.
Although all operating systems continue to support the HOSTS file, it is
rarely used in the day-to-day workings of most TCP/IP systems.
Even though the HOSTS file is rarely used, every operating system
always looks first in the HOSTS file before anything else when attempting
to resolve a name. To see the power of the HOSTS file, do the first Try This!
sidebar in this chapter.
The Try This! sidebar example uses a Web browser, but keep in mind
that a name in a HOSTS file resolves names for every TCP/IP application
on that system. Go to a command prompt and type ping timmy. It works
for ping too.
HOSTS files still have their place in today’s world. Many people place
shortcut names in a HOSTS file to avoid typing long names in some TCP/IP
applications. Yet even though HOSTS still has some use, for the most part,
you use the vastly more powerful DNS.
Test Specific
How DNS Works
The Internet folks, faced with the task of replacing HOSTS, first came up with
the idea of creating one supercomputer that did nothing but resolve names
for all the other computers on the Internet. There was one problem with that
idea: even now, no computer is big enough or powerful enough to handle the
job alone. So they fell back on that time-tested bureaucratic solution: delega-
tion! The top-dog DNS system would delegate parts of the job to subsidiary
BaseTech
Chapter 10: Network Naming
261
DNS systems that, in turn, would delegate part of their work to other sys-
tems, and so on, potentially without end. These systems run a special DNS
server program and are called, amazingly enough, DNS servers.
This is all peachy, but it raises another issue: they needed some way to
decide how to divvy up the work. Toward this end, the Internet folks cre-
ated a naming system designed to facilitate delegation. The top-dog DNS
server is actually a bunch of powerful computers dispersed around the
world. They work as a team and are known collectively as the DNS root
servers (or simply as the DNS root). The Internet name of this computer
team is “.”—that’s right, just “dot.” Sure, it’s weird, but it’s quick to type,
and they had to start somewhere.
DNS root has the complete definitive name resolution table, but most
name resolution work is delegated to other DNS servers. Just below the DNS
root in the hierarchy is a set of DNS servers—called the top-level domain
servers—that handle what are known as the top-level domain (TLD) names.
These are the famous com, org, net, edu, gov, mil, and int names (although
many TLDs have been added since 2001). The top-level DNS servers del-
egate to thousands of second-level DNS servers; these servers handle the
millions of names like totalsem.com and whitehouse.gov that have been
created within each of the top-level domains. Second-level DNS servers
support individual computers. For example, stored on the DNS server con-
trolling the totalsem.com domain is a listing that looks like this:
www 209.29.33.25
Try This!
Editing the HOSTS File
Every Windows computer has a HOSTS file that you can edit, so try this!
Go to a command prompt and type 1. ping www.totalsem.com.
You may or may not be successful with the ping utility, but you
will get the IP address for my Web site. (You may get a different
IP address from the one shown in this example.)
C:\>ping www.totalsem.com
Pinging www.totalsem.com [209.29.33.25] with 32 bytes of data:
Reply from 209.29.33.25: bytes=32 time=60ms TTL=51
Reply from 209.29.33.25: bytes=32 time=60ms TTL=51
Reply from 209.29.33.25: bytes=32 time=60ms TTL=51
Reply from 209.29.33.25: bytes=32 time=60ms TTL=51
Ping statistics for 209.29.33.25:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 60ms, Maximum = 60ms, Average = 60ms
Open your HOSTS file using any text editor and add this line 2.
(keep in mind you may have a different IP address from the one
shown in this example). Just press the Spacebar a few times to
separate the IP address from the word “timmy.”
209.29.33.25 timmy
Save the HOSTS file and close the text editor.3.
Open your Web browser and type4. timmy. You can also type
http://timmy if you’d like. What happens?
DNS servers primarily use
UDP port 53 and sometimes TCP
port 53.
The DNS root for the entire
Internet consists of 13 powerful
DNS server clusters scattered
all over the world. Go to
http://www.root-servers.org to
see exactly where all the root
servers are located.
www.totalsem.com
http://www.root-servers.org
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
262
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10
This means the totalsem.com domain has a computer called www
with the IP address of 209.29.33.25. Only the DNS server controlling the
totalsem.com domain stores the actual IP address for www.totalsem.com.
The DNS servers above this one have a hierarchical system that enables
any other computer to find the DNS server that controls the totalsem.com
domain.
Name Spaces
What does hierarchical mean in terms of DNS? Well, the DNS hierarchical
name space is an imaginary tree structure of all possible names that could
be used within a single system. By contrast, a HOSTS file uses a flat name
space—basically just one big undivided list containing all names, with no
grouping whatsoever. In a flat name space, all names must be absolutely
unique—no two machines can ever share the same name under any cir-
cumstances. A flat name space works fine on a small, isolated network, but
not so well for a large organization with many interconnected networks. To
avoid naming conflicts, all its administrators would need to keep track of
all the names used throughout the entire corporate network.
A hierarchical name space offers a better solution, permitting a great
deal more flexibility by enabling administrators to give networked sys-
tems longer, more fully descriptive names. The personal names people
use every day are an example of a hierarchical name space. Most people
address our town postman, Ron Samuels, simply as Ron. When his name
comes up in conversation, people usually refer to him as Ron. The town
troublemaker, Ron Falwell, and Mayor Jones’s son, Ron, who went off to
Toledo, obviously share first names with the postman. In some conversa-
tions, people need to distinguish between the good Ron, the bad Ron, and
the Ron in Toledo (who may or may not be the ugly Ron). They could use
a medieval style of address and refer to the Rons as Ron the Postman, Ron
the Blackguard, and Ron of Toledo, or they could use the modern West-
ern style of address and add their surnames: “That Ron Samuels—he is
such a card!” “That Ron Falwell is one bad apple.” “That Ron Jones was
the homeliest child I ever saw.”
You might visualize this as the
People name space, illustrated in
Figure 10.2. Adding the surname
creates what you might fancifully
call a Fully Qualified Person Name—
enough information to prevent
confusion among the various peo-
ple named Ron.
A name space most of you are
already familiar with is the hier-
archical file name space used by
hard drive volumes. Hard drives
formatted using one of the popular
file formats, like Window’s NTFS
or Linux’s ext3, use a hierarchical
name space; you can create as many
The Internet Corporation for
Assigned Names and Numbers
(ICANN) has the authority to
create new TLDs. Since 2001,
they’ve added many TLDs, such
as .biz for businesses, .info for
informational sites, and .pro for
accountants, engineers, lawyers,
and physicians in several
Western countries.
Tech Tip
Going Beyond Three-
Tier Names
The Internet DNS names are
usually consistent with this three-
tier system, but if you want to
add your own DNS server(s),
you can add more levels, allowing
you to name a computer www.
houston.totalsem.com if you wish.
The only limit is that a DNS
name can have a maximum of
only 255 characters.
People of
the World
Samuels
Ron Jim
Bob
Falwell
Ron Jim
Bob
Jones
Ron Jim
Bob
Figure 10.2 • Our People name space
The original top-level
domain names were com, org,
net, edu, gov, mil, and int.
www.houston.totalsem.com
www.houston.totalsem.com
www.totalsem.com
BaseTech
Chapter 10: Network Naming
263
files named Data.txt as you want, as long as you
store them in different parts of the file tree. In
the example shown in Figure 10.3, two different
files named Data.txt can exist simultaneously
on the same system, but only if they are placed
in different directories, such as C:\Program1\
Current\Data.txt and C:\Program1\Backup\
Data.txt. Although both files have the same
basic filename—Data.txt—their fully qualified
names are different: C:\Program1\ Current\
Data.txt and C:\Program1\Backup\Data.txt.
Additionally, multiple subfolders can use the
same name. Having two subfolders that use the
name Data is no problem, as long as they reside
in different folders. Any Windows file system
will happily let you create both C:\Program1\
Data and C:\Program2\Data folders. Folks like
this because they often want to give the same
name to multiple folders doing the same job for
different applications.
In contrast, imagine what would happen if your computer’s file sys-
tem didn’t support folders/directories. Windows would have to store all
the files on your hard drive in the root directory! This is a classic example
of a flat name space. Because all your files would be living together in
one directory, each one would have to have a unique name. Naming files
would be a nightmare! Software vendors would have to avoid sensible
descriptive names like Readme.txt because they would almost certainly
have been used already. You’d probably have to do what the Internet does
for IP addresses: An organization of some sort would assign names out of
the limited pool of possible filenames. With a hierarchical name space, on
the other hand, which is what all file systems use (thank goodness!), nam-
ing is much simpler. Lots of programs can have files called Readme.txt
because each program can have its own folder and subfolders.
The DNS name space works in a manner extremely similar to how your
computer’s file system works. The DNS name space is a hierarchy of DNS
domains and individual computer names organized into a tree-like structure
that is called, rather appropriately, a tree. Each domain is like a folder—a
domain is not a single computer, but rather a holding space into which
you can add computer names. At the top of a DNS tree is the root. The root
is the holding area to which all domains connect, just as the root direc-
tory in your file system is the holding area for all your folders. Individual
computer names—more commonly called host names in the DNS naming
convention—fit into domains. On a PC, you can place files directly into the
root directory. The DNS world also enables us to add computer names to
the root, but with the exception of a few special computers (described in
a moment), this is rarely done. Each domain can have subdomains, just as
the folders on your PC’s file system can have subfolders. You separate each
domain from its subdomains with a period. Characters for DNS domain
names and host names are limited to uppercase and lowercase letters
As hard as this may be to
believe, some early file systems
used a flat name space. Back in
the late 1970s and early 1980s,
operating systems such as
CP/M and the early versions of
DOS did not have the capability
to use directories, creating a
flat name space where all files
resided on a single drive.
C:
Windows Program1
Current
Data.txt Data.xls Data.txt Data.xls
Backup
x x
Figure 10.3 • Two Data.txt files in different directories on the same system
Even though you may
use uppercase or lowercase,
DNS does not differentiate
between them.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
264
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10
(A–Z, a–z), numbers (0–9), and the hyphen (-). No other
characters may be used.
Don’t think DNS is only for computers on the Inter-
net. If you want to make your own little TCP/IP net-
work using DNS, that’s fine, although you will have to
set up at least one DNS server as the root server for your
little private intranet. Every DNS server program can be
configured as a root server; just don’t connect that DNS
server to the Internet because it won’t work outside your
little network. Figure 10.4 shows a sample DNS tree for
a small TCP/IP network that is not attached to the Inter-
net. In this case, there is only one domain: ABCDEF. Each
computer on the network has a host name, as shown in
the figure.
When you write out the complete path to a file stored
on your PC, the naming convention starts with the root
directory on the left, followed by the first folder, then any subfolders (in
order), and finally the name of the file—for example, C:\Sounds\Thun-
der\mynewcobra.wav.
The DNS naming convention is exactly the opposite. A complete DNS
name, including the host name and all of its domains (in order), is called a
fully qualified domain name (FQDN), and it’s written with the root on the far
right, followed by the names of the domains (in order) added to the left of
the root, and the host name on the far left. Figure 10.4 shows the FQDNs for
two systems in the ABCDEF domain. Note the period for the root is on the
far right of each FQDN!
Mikes-PC.ABCDEF.
Janelle.ABCDEF.
Given that every FQDN will always have a period on the end to sig-
nify the root, it is commonplace to drop the final period when writing out
FQDNs. To make the two example FQDNs fit into common parlance, there-
fore, you’d skip the last period:
Mikes-PC.ABCDEF
Janelle.ABCDEF
If you’re used to seeing DNS names on the Internet, you’re probably
wondering about the lack of “.com,” “.net,” or other common DNS domain
names. Those conventions are needed for computers that are visible on the
Internet, such as Web servers, but they’re not required on
a private TCP/IP network. As long as you make a point
never to make these computers visible on the Internet,
you can use any naming convention you want!
Let’s look at another DNS name space example, but
make it a bit more complex. This network is not on the
Internet, so I can use any domain I want. The network
has two domains, Houston and Dallas, as shown in Fig-
ure 10.5. Note that each domain has a computer called
Server1.
The “root”
domain
PrinterServer1
Host names
JanelleMikes-PC
ABCDEF
“.”
Figure 10.4 • Private DNS network
Tech Tip
It’s Not Always .com
Don’t get locked into thinking
FQDNs always end with names
like “.com” or “.net.” True, DNS
names on the Internet must
always end with them, but private
TCP/IP networks can (and often
do) ignore this and use whatever
naming scheme they want with
their DNS names.
“ .”
Houston Dallas
DNS1Server1DNS1Server1 SalesSupport
Figure 10.5 • Two DNS domains
BaseTech
Chapter 10: Network Naming
265
Because the network has two different domains,
it can have two systems (one on each domain) with
the same host name, just as you can have two files
with the same name in different folders on your
PC. Now, let’s add some subdomains to the DNS
tree, so that it looks like Figure 10.6.
You write out the FQDN from left to right,
starting with the host name and moving up to the
top of the DNS tree, adding all domains until you
get to the top of the DNS tree:
Mikes-PC.Support.Houston
Tom.Server1.Houston
Janelle.Sales.Dallas
Server1.Dallas
Name Servers
So where does this naming convention reside and how does it work? The
power of DNS comes from its incredible flexibility. DNS works as well on
a small, private network as it does on the biggest network of all time—the
Internet. Let’s start with three key players:
DNS server ■ A DNS server is a computer running DNS server
software.
Zone ■ A zone is a container for a single domain that gets filled with
records.
Record ■ A record is a line in the zone data that maps an FQDN to an
IP address.
Systems running DNS server software store the DNS information. When
a system needs to know the IP address for a specific FQDN, it queries the
DNS server listed in its TCP/IP configuration. Assuming the DNS server
stores the zone for that particular FQDN, it replies with the computer’s IP
address.
A simple network usually has one DNS server for the entire net-
work. This DNS server has a single zone that lists all the host names
on the domain and their corresponding IP addresses. It’s known as the
authoritative DNS server for the domain (also called Start of Authority,
or SOA).
If you’ve got a powerful computer, you can put lots of zones on a
single DNS server and let that server support them all without a prob-
lem. A single DNS server, therefore, can act as the authoritative DNS
server for one domain or many domains (Figure 10.7).
Equally, a single DNS domain may have a sin-
gle authoritative DNS server but a number of other
DNS servers, known simply as name servers (folks
use the abbreviation “NS”), that are subordinate
to the authoritative DNS server but all support the
same domain, as shown in Figure 10.8. The SOA is a
name server as well.
The DNS naming convention
allows for DNS names up to
255 characters, including the
separating periods.
Figure 10.7 • A single SOA can support one or more domains.
“ .”
Houston Dallas
DNS1Server1DNS1Server1 SalesSupport
Mikes-PC
Tom Rita Janelle Dana
Figure 10.6 • Subdomains added
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
266
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10
Note that every DNS server, whether it’s the SOA or just an NS, knows
the name and address of the SOA as well as every other NS server in the
domain. The SOA’s job is to make sure that all the other name servers are
updated for changes. Let’s say you add to the totalsem.com domain a new
computer called ftp.totalsem.com with the IP address 192.168.4.22. As an
administrator, you typically add this data to the SOA DNS server. The SOA
then automatically distributes this information to the other name servers in
the domain (Figure 10.9). This DNS feature is critical—you’ll see more of
this in detail later on in the “DNS Servers” section in this chapter. For now,
appreciate that you can have multiple DNS servers for a single domain.
Now let’s see how root servers work in DNS. What if Mikes-PC.Support.
Houston needs the IP address of Server1.Dallas? Refer to Figure 10.10 for
the answer. The network has two DNS servers: DNS1.Houston and DNS1.
Dallas. DNS1.Dallas is the authoritative DNS server for all of the Dallas
domains and DNS1.Houston is in charge of all the Houston domains. DNS1.
Houston is also the root server for the entire network. (DNS servers may act
as both a root server and an SOA at the same time—a very common practice
in private networks.) As a root server, the Houston server has a listing for
the SOA in the Dallas domain. This does not mean it knows the IP address
for every system in the Dallas network. As a root server, it only knows that
if any system asks for an IP address from the Dallas side, it will tell that
Figure 10.8 • DNS flexibility
Figure 10.9 • New information passed out
In the early days of DNS,
you had to enter manually into
your DNS server the host name
and IP address of every system
on the network. See “Dynamic
DNS,” later in this chapter, for
the way it’s done today.
BaseTech
Chapter 10: Network Naming
267
system the IP address of the Dallas server. The requesting sys-
tem will then ask the Dallas DNS server (DNS1.Dallas) for the
IP address of the system it needs. That’s the beauty of DNS
root servers—they don’t know the IP addresses for all of the
computers, but they know where to send the requests!
The hierarchical aspect of DNS has a number of bene-
fits. For example, the vast majority of Web servers are called
www. If DNS used a flat name space, only the first orga-
nization that created a server with the name www could
use it. Because DNS naming appends domain names to the
server names, however, the servers www.totalsem.com and
www.microsoft.com can both exist simultaneously. DNS
names like www.microsoft.com must fit within a worldwide
hierarchical name space, meaning that no two machines
should ever have the same FQDN.
Figure 10.11 shows the host named accounting with an
FQDN of accounting.texas.totalsem.com.
“ .”
The “root”
Top-Level Domains (TLDs)
Subdomains
mil
totalsem
www
totalsem
www
www
texasaccounting
accounting
accounting.texas.totalsem.com
Computer
names
Computer
names
net com org edu gov
Figure 10.11 • DNS domain
These domain names must be registered for Internet use with ICANN
(www.icann.org). They are arranged in the familiar “second level.top
level” domain name format, where the top level is com, org, net, and so
on, and the second level is the name of the individual entity registering the
domain name.
Name Resolution
You don’t have to use DNS to access the Internet, but it sure makes life easier!
Browsers like Internet Explorer accept names such as www.google.com as a
convenience to the end user, but they use the IP address that corresponds to
Technically, the
texas.totalsem.com domain
shown in Figure 10.11 is a
subdomain of totalsem.com.
Don’t be surprised to
see the terms “domain”
and “subdomain” used
interchangeably, as it’s a
common practice.
Figure 10.10 • Root server in action
Just because most Web
servers are named www
doesn’t mean they must be
named www! Naming a Web
server www is etiquette, not a
requirement.
www.totalsem.com
www.microsoft.com
www.microsoft.com
www.icann.org
www.google.com
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
268
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10
that name to create a connection. If you know the IP address of the system
you want to talk to, you don’t need DNS at all. Figure 10.12 shows Internet
Explorer displaying the same Web page when given the straight IP address
as it does when given the DNS name www.microsoft.com. In theory, if you
knew the IP addresses of all the systems you wanted to access, you could
avoid DNS completely. I guess you could also start a fire using a bow and
drill too, but most people wouldn’t make a habit of it if there were a more
efficient alternative. In this case, DNS is much more efficient! I have no
trouble keeping hundreds of DNS names in my head, but IP addresses?
Forget it! Without DNS, I might as well not even try to use the Internet, and
I’d wager that’s true of most people.
When you type in a Web address, your browser must resolve that name
to the Web server’s IP address to make a connection to that Web server.
It can resolve the name in three ways: by broadcasting, by consulting the
locally stored HOSTS text file, or by contacting a DNS server.
To broadcast for name resolution, the host sends a message to all the
machines on the network, saying something like, “Hey! If your name is
JOESCOMPUTER, please respond with your IP address.” All the net-
worked hosts receive that packet, but only JOESCOMPUTER responds
with an IP address. Broadcasting works fine for small networks, but it is
limited because it cannot provide name resolution across routers. Routers
do not forward broadcast messages to other networks, as illustrated in Fig-
ure 10.13.
Figure 10.12 • Any TCP/IP-savvy program accepts either an IP address or an FQDN.
www.microsoft.com
BaseTech
Chapter 10: Network Naming
269
Figure 10.13 • Routers don’t forward broadcasts!
As discussed earlier, a HOSTS file functions like a little black book, list-
ing the names and addresses of machines on a network, just like a little
black book lists the names and phone numbers of people. A typical HOSTS
file would look like this:
109.54.94.197 stephen.totalsem.com
138.125.163.17 roger.totalsem.com
127.0.0.1 localhost
The final way to resolve a name to an IP address is to use
DNS. Let’s say you type www.microsoft.com in your Web
browser. To resolve the name www.microsoft.com, the host
contacts its DNS server and requests the IP address, as shown
in Figure 10.14.
To request the IP address of www.microsoft.com, your PC
needs the IP address of its DNS server. You must enter DNS
information into your system. DNS server data is part of the
critical basic IP information such as your IP address, subnet
mask, and default gateway, so you usually enter it at the same
time as the other IP information. You configure DNS in Win-
dows Vista/7 using the Internet Protocol Version 4 (TCP/IPv4) Properties
dialog box. Figure 10.15 shows the DNS settings for my system. Note that I
have more than one DNS server setting; the second one is a backup in case
the first one isn’t working. Two DNS settings is not a rule, however, so don’t
worry if your system shows only one DNS server setting, or perhaps more
than two.
Notice that the name
localhost appears in the HOSTS
file as an alias for the loopback
address, 127.0.0.1.
Figure 10.14 • A host contacts its local DNS server.
www.microsoft.com
www.microsoft.com
www.microsoft.com
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
270
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10
Every operating system has a way for you to enter
DNS server information. In Linux, you can directly edit
the /etc/resolv.conf file using a text editor. Just about
every version of Linux has some form of graphical editor
as well to make this an easy process. Figure 10.16 shows
Ubuntu’s Network Configuration utility.
Every operating system also comes with a utility you
can use to verify the DNS server settings. The tool in Win-
dows, for example, is called ipconfig. You can see your cur-
rent DNS server settings in Windows by typing ipconfig
/all at the command prompt (Figure 10.17). In UNIX/
Linux, type the following: cat /etc/ resolv.conf.
Now that you understand how your system knows the
DNS server’s IP address, let’s return to the DNS process.
The DNS server receives the request for the IP address
of www.microsoft.com from your client computer. At
this point, your DNS server checks a cache of previously
resolved FQDNs to see if www.microsoft.com is there
(Figure 10.18). In this case, www.microsoft.com is not in
the cache.
Figure 10.15 • DNS information in Windows
Figure 10.16 • Entering DNS information in
Ubuntu
Remember, the ipconfig
command gives you a ton of
useful IP information.
Figure 10.17 • The ipconfig /all command showing DNS information in Windows
Figure 10.18 • Checking the DNS cache
www.microsoft.com
www.microsoft.com
www.microsoft.com
BaseTech
Chapter 10: Network Naming
271
Now your DNS server needs to get to work. The local DNS server may
not know the address for www.microsoft.com, but it does know the
addresses of the DNS root servers. The root servers, maintained by 12 root
name server operators, know all the addresses of the top-level domain
DNS servers. The root servers don’t know the address of www.microsoft.
com, but they do know the address of the DNS servers in charge of all
.com addresses. The root servers send your DNS server an IP address for
a .com server (Figure 10.19).
The .com DNS server also doesn’t know the address
of www.microsoft.com, but it knows the IP address of
the microsoft.com DNS server. It sends that IP address
to your root server (Figure 10.20).
The microsoft.com server does know the IP address
of www.microsoft.com and can send that information
back to the local DNS server. Figure 10.21 shows the pro-
cess of resolving an FQDN into an IP address.
Now that your DNS server has the IP address for
www.microsoft.com, it stores a copy in its cache and
sends the IP information to your PC. Your Web browser
then begins the HTTP request to get the Web page.
Your computer also keeps a cache of recently resolved
FQDNs. In Windows, for example, open a command
prompt and type ipconfig /displaydns to see them.
Here’s a small part of the results of typing ipconfig
/displaydns:
gizmodo.com
————————————————————
Record Name . . . . . : gizmodo.com
Record Type . . . . . : 1
Time To Live . . . . : 70639
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 69.60.7.199
ftp.totalsem.com
————————————————————
Record Name . . . . . : ftp.totalsem.com
Record Type . . . . . : 1
Time To Live . . . . : 83733
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 209.29.33.25
C:\>
Yes, the 13 root name
servers are maintained by 12
root name server operators.
VeriSign, the company that
handles security for a lot of the
e-commerce on the Internet,
maintains two root name server
clusters.
Figure 10.19 • Talking to a root server
Figure 10.20 • Talking to the .com server
Figure 10.21 • Talking to the microsoft.com DNS server
Cross Check
HTTP Process
You learned the specifics of HTTP in Chapter 9, so check your memory
now. Is the HTTP process connectionless or connection-oriented? At
what OSI layers does the process happen?
www.microsoft.com
www.microsoft.com
www.microsoft.com
www.microsoft.com
www.microsoft.com
www.microsoft.com
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
272
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10
DNS Servers
I’ve been talking about DNS servers for so long, I feel I’d be untrue to
my vision of a complete book unless I gave you at least a quick peek
at a DNS server in action. Lots of operating systems come with built-
in DNS server software, including Windows Server 2008 and just about
every version of UNIX/Linux. A number of third-party DNS server pro-
grams are also available for virtually any operating system. I’m going to
use the DNS server program that comes with Microsoft Windows Server
2008, primarily because (1) it takes the prettiest screen snapshots and (2)
it’s the one I use here at the office. You access the Windows DNS server
by selecting Start | Administrative Tools | DNS. When you first open
the DNS server, you won’t see much other than the name of the server
itself. In this case, Figure 10.22 shows a server, imaginatively named
TOTALHOMEDC1.
The DNS server has (at least) three folder icons visible: Cached Look-
ups, Forward Lookup Zones, and Reverse Lookup Zones. Depending on
the version of Windows Server you’re running and the level of customiza-
tion, your server might have more than three folder icons. Let’s look at the
three that are important for this discussion.
When you open the tree on a Windows DNS server, the first folder
you see is called Cached Lookups. Every DNS server keeps a list of cached
lookups—that is, all the IP addresses it has already resolved—so it won’t
have to re-resolve an FQDN it has already checked. The cache has a size
limit, of course, and you can also set a limit on how long the DNS server
Figure 10.22 • DNS server main screen
The most popular DNS
server tool used in UNIX/Linux
systems is called BIND.
BaseTech
Chapter 10: Network Naming
273
holds cache entries. Windows does a nice job of separating these cached
addresses by placing all cached lookups in little folders that share the first
name of the top-level domain with subfolders that use the second-level
domain (Figure 10.23). This sure makes it easy to see where folks have
been Web browsing!
Figure 10.23 • Inspecting the DNS cache
Now let’s watch an actual DNS server
at work. Basically, you choose to configure
a DNS server to work in one of two ways: as
an authoritative DNS server or as a cache-
only DNS server. Authoritative DNS servers
store IP addresses and FQDNs of systems
for a particular domain or domains. Cache-
only DNS servers are never the authoritative
server for a domain. They are only used
to talk to other DNS servers to resolve IP
addresses for DNS clients. Then they cache
the FQDN to speed up future lookups (Fig-
ure 10.24).
The IP addresses and FQDNs for the computers in a domain are
stored in special storage areas called forward lookup zones. Forward
lookup zones are the most important part of any DNS server. Fig-
ure 10.25 shows the DNS server for my small corporate network. My
domain is called “totalhome.” I can get away with a domain name that’s
not Internet legal because none of these computers are visible on the
Internet. The totalhome domain only works on my local network for
local computers to find each other. I have created a forward lookup zone
called totalhome.
Microsoft DNS servers use
a folder analogy to show lookup
zones even though they are not
true folders.
Figure 10.24 • Authoritative vs. cache-only DNS server
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
274
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10
Let’s look at the contents of the totalhome domain. First, notice a num-
ber of folders: _msdcs, _sites, _tcp, and _udp. These folders are unique to
Microsoft DNS servers, and you’ll see what they do in a moment. For now,
ignore them and concentrate on the individual computer listings. Every
forward lookup zone requires a Start of Authority (SOA), the single DNS
server in charge. The record called SOA in the folder totalhome indicates
that my server is the authoritative DNS server for a domain called total-
home. You can even see a few of the systems in that domain (note to hack-
ers: these are fake, so don’t bother). A tech looking at this would know that
totalhomedc1.totalhome is the authoritative DNS server for the totalhome
domain. The NS records are all of the DNS servers for totalhome. Note that
totalhome has two DNS servers: totalhomedc1.totalhome and tera. The
DNS server named tera is not a member of the totalhome domain. In fact,
tera isn’t a member of any domain. A DNS server does not have to be a
member of a domain to be a name server for that domain.
Having two DNS servers ensures that if one fails, the totalhome domain
will continue to have a DNS server. The A records in the folder are the IP
addresses and names of all the systems on the totalhome domain.
Every DNS forward lookup zone will have one SOA and at least one NS
record. In the vast majority of cases, a forward lookup zone will have some
number of A records. But you may or may not see a number of other records
in your standard DNS server. Look at Figure 10.26 for these less common
types of DNS records: CNAME, MX, and AAAA.
A canonical name (CNAME) record acts like an alias. My computer’s
name is mikespc.totalhome, but you can also now use mike.totalhome to
reference that computer. A ping of mike.totalhome returns the following:
C:\>ping mike.totalhome
Pinging mikespc.totalhome [192.168.4.27] with 32 bytes of data:
Reply from 192.168.4.27: bytes=32 time=2ms TTL=128
Reply from 192.168.4.27: bytes=32 time<1ms TTL=128
(rest of ping results deleted)
Figure 10.25 • Forward lookup zone totalhome
BaseTech
Chapter 10: Network Naming
275
If your computer is a member of a domain and you are trying to access
another computer in that domain, you can even skip the domain name,
because your PC will simply add it back:
C:\>ping mike
Pinging mikespc.totalhome [192.168.4.27] with 32 bytes of data:
Reply from 192.168.4.27: bytes=32 time<1ms TTL=128
Reply from 192.168.4.27: bytes=32 time<1ms TTL=128
(rest of ping results deleted)
MX records are used exclusively by SMTP servers to determine where to
send mail. I have an in-house SMTP server on a computer I cleverly called
mail. If other SMTP servers wanted to send mail to mail.totalhome (although
they can’t because the SMTP server isn’t connected to the Internet and lacks
a legal FQDN), they would use DNS to locate the mail server.
AAAA records are for a newer type of IP addressing called IPv6. You’ll
learn a lot more about IPv6 in Chapter 13.
There are two common types of forward lookup zones: a primary zone
and a secondary zone. Primary zones are created on the DNS server that
will act as the SOA for that zone. Secondary zones are created on other
DNS servers to act as backups to the primary zone. It’s standard practice
to have at least two DNS servers for any forward lookup
zone: one primary and one secondary. Even in my small
network, I have two DNS servers: TOTALDNS1, which
runs the primary zone, and TOTALDNS2, which runs a
secondary zone (Figure 10.27). Any time a change is placed
on TOTALDNS1, TOTALDNS2 is quickly updated.
A reverse lookup zone (Figure 10.28) enables a system to
determine an FQDN by knowing the IP address; that is, it
does the exact reverse of what DNS normally does! Reverse
lookup zones take a network ID, reverse it, and add the term
MX stands for Mail
eXchanger.
If you’re looking at a
Windows server and adding a
new forward lookup zone, you’ll
see a third type called an Active
Directory–integrated forward
lookup zone. I’ll cover those in
just a moment.
Figure 10.26 • Less common DNS record types
Figure 10.27 • Two DNS servers with updating taking place
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
276
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10
“in-addr-arpa” to create the zone. The record created is called a
pointer record (PTR); PTRs point to canonical names.
A few low-level functions (like mail) and some security
programs use reverse lookup zones, so DNS servers provide
them. In most cases, the DNS server asks you if you want to
make a reverse lookup zone when you make a new forward
lookup zone. When in doubt, make one. If you don’t need it, it
won’t cause any trouble.
Microsoft added some wrinkles to DNS servers with the
introduction of Windows 2000 Server, and each subsequent
version of Windows Server retains the wrinkles. Windows
Server can do cached lookups, primary and secondary forward
lookup zones, and reverse lookup zones, just like UNIX/Linux DNS serv-
ers. But Windows Server also has a Windows-only type of forward lookup
zone called an Active Directory–integrated zone.
Enter Windows
DNS works beautifully for any TCP/IP application that needs an IP address
for another computer, but it has one glaring weakness: you need to add A
records to the DNS server manually. Adding these can be a problem, espe-
cially in a world where you have many DHCP clients whose IP addresses
may change from time to time. Interestingly, it was a throwback to an old
Microsoft Windows protocol that fixed this and a few other problems all at
the same time.
Even though TCP/IP was available back in the 1980s, Microsoft pop-
ularized another networking protocol called NetBIOS/NetBEUI. NetBIOS/
NetBEUI was pretty simplistic compared to TCP/IP. It had a very simple
naming convention (the NetBIOS part) that used broadcasts. When a
computer booted up, it just told the world its name (Figure 10.29).
NetBIOS/NetBEUI was suitable only for small networks. It provided no
logical addressing like IP addresses; you had to remember the NetBIOS
name and the MAC address. NetBIOS/NetBEUI was almost exclusively
used to share folders and printers. There was no such thing as Telnet or
the Web with NetBIOS/NetBEUI, but it worked well for what it did at
the time.
By the mid-1990s, Microsoft realized that the world was going to
TCP/IP, and it needed to switch too. Instead of dumping NetBIOS/
NetBEUI entirely, Microsoft designed a new TCP/IP protocol that enabled
it to keep using the NetBIOS names but dump the ancient NetBEUI proto-
col and instead run NetBIOS on top of TCP/IP with a protocol called NetBT
( NetBIOS over TCP/IP). In essence, Microsoft created its own name resolu-
tion protocol that had nothing to do with DNS!
Microsoft managed to crowbar the NetBIOS naming system into DNS
basically by making the NetBIOS name the DNS name. Technically, NetBIOS
no longer exists, but the overlying protocol that used it to share folders and
printers is still very much alive. This protocol was originally called Server
Message Block (SMB), but the current version is called Common Internet File
System (CIFS).
Microsoft has used DNS names with the SMB/CIFS protocol to pro-
vide folder and printer sharing in small TCP/IP networks. SMB/CIFS is so
popular that other operating systems have adopted support for SMB/CIFS.
Figure 10.29 • NetBIOS broadcast
Figure 10.28 • Reverse lookup zone
BaseTech
Chapter 10: Network Naming
277
UNIX/Linux systems (including Mac OS X)
come with the very popular Samba, the most
popular tool for making non-Windows systems
act like Windows computers (Figure 10.30).
Living with the Legacy of CIFS CIFS makes
most small networks live in a two-world name
resolution system. When your computer wants
to access another computer’s folders or files, it
uses a simple CIFS broadcast to get the name. If
that same computer wants to do anything “Inter-
nety,” it uses its DNS server. Both CIFS and DNS
live together perfectly well and, although many
alternatives are available for this dual name res-
olution world, the vast majority of us are happy
with this relationship.
Well, except for one little item, we’re almost
happy: CIFS organizes your computers into
groups. There are three types of groups: workgroup, Windows domain,
and Active Directory. A workgroup is just a name that organizes a group
of computers. A computer running Windows (or another operating sys-
tem running Samba) joins a workgroup, as shown in Figure 10.31. When
a computer joins a workgroup, all the computers in the Network/My
Network Places folder are organized, as shown in Figure 10.32.
A Windows domain is a group of computers controlled by a com-
puter running Windows Server. This Windows Server computer is con-
figured as a domain controller. You then have your computers join the
domain.
All the computers within a domain authenticate to the domain
controller when they log in. Windows gives you very powerful control
over who can access what on your network (Figure 10.33).
Figure 10.31 • Joining a workgroup
Figure 10.30 • Samba on Ubuntu (it’s so common that the OS doesn’t
even use the term in the dialog)
Figure 10.32 • Two workgroups in the Network folder
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
278
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10
Note that a Windows domain is not the same as a DNS
domain. In the early days, a Windows domain didn’t even
have a naming structure that resembled the DNS hierarchi-
cally organized structure. Microsoft eventually revamped
its domain controllers to work as part of DNS, however, and
Windows domains now use DNS for their names. A Windows
domain must have a true DNS name. DNS domains that
are not on the Internet should use the top-level name .local
(although you can cheat, as I do on my totalhome network,
and not use it).
On a bigger scale, a Windows network can get compli-
cated, with multiple domains connecting over long distances.
To help organize this, Windows uses a type of super domain
called Active Directory. An Active Directory is an organization of related
computers that shares one or more Windows domains. Windows domain
controllers are also DNS servers.
The beauty of Active Directory is that it has no single domain controller:
all of the domain controllers are equal partners, and any domain controller
can take over if one domain controller fails (Figure 10.34).
Active Directory–Integrated Zones Now that you have an
understanding of Windows domains and Active Directory,
let’s return to forward lookup zones and DNS. A standard pri-
mary zone stores the DNS information in text files on the DNS
server. You then use secondary zones on other DNS servers to
back up that server. If the primary DNS server goes down, the
secondary servers can resolve FQDNs, but you can’t add any
new records. Nothing can be updated until the primary DNS
server comes back up.
In an Active Directory–integrated zone, all of the domain
controllers (which are all also DNS servers) are equal and the
whole DNS system is not reliant on a single DNS server. The
DNS servers store their DNS information in a data structure
called the Active Directory. The Active Directory is stored across the serv-
ers in the domain. All Active Directory–enabled DNS servers automatically
send DNS information to each other, updating every machine’s DNS infor-
mation to match the others.
Dynamic DNS
In the early days of TCP/IP networks, DNS servers required manual
updates of their records. This was not a big deal until the numbers of com-
puters using TCP/IP exploded in the 1990s. Then every office had a net-
work and every network had a DNS server to update. DHCP helped to
some extent. You could add a special option to the DHCP server, which is
generally called the DNS suffix. This way the DHCP clients would know the
name of the DNS domain to which they belonged. It didn’t help the manual
updating of DNS records, but clients don’t need records. No one accesses
the clients! The DNS suffix helps the clients access network resources more
efficiently.
Today, manual updating of DNS records is still the norm for most Inter-
net serving systems like Web servers and e-mail servers. DNS has moved
Figure 10.34 • If one domain controller goes down,
another automatically takes over.
All DHCP servers provide an
option called DNS server that
tells clients the IP address of the
DNS server or servers.
Figure 10.33 • Logging into the domain
BaseTech
Chapter 10: Network Naming
279
beyond Internet servers; even the smallest Windows networks that run
Active Directory use it. Whereas a popular Web server might have a pha-
lanx of techs to adjust DNS settings, small networks in which most of the
computers run DHCP need an alternative to old-school DNS. Luckily, the
solution was worked out over a decade ago.
The TCP/IP folks came up with a new protocol called Dynamic DNS
(DDNS) in 1997 that enabled DNS servers to get automatic updates of IP
addresses of computers in their forward lookup zones, mainly by talking
to the local DHCP server. All modern DNS servers support DDNS, and all
but the most primitive DHCP servers support Dynamic DNS as well.
Windows leans heavily on DDNS. For years, Windows networks used
DDNS for the DHCP server to talk to the DNS server. Although all Windows
DHCP servers offer this function, all current (Vista, Windows 7, and later)
Windows client machines report to the DNS server as soon as they receive
a new or changed IP address. The server then updates its A records accord-
ingly. DDNS simplifies setting up and maintaining a LAN tremendously.
If you need to force a DNS server to update its records, use the ipconfig
/registerdns command from the command prompt.
DNS Security Extensions
If you think about what DNS does, you can appreciate that it can be a big
security issue. Simply querying a DNS server gives you a list of every com-
puter name and IP address that it serves. This isn’t the kind of information
we want bad guys to have. It’s easy to tell a DNS server not to respond to
queries such as nslookup or dig, but DNS by definition is a public protocol
that requires one DNS server to respond to another DNS server.
The big fix is called DNS Security Extensions (DNSSEC). DNSSEC is a
set of authentication and authorization specifications designed to prevent
bad guys from impersonating legitimate DNS servers. It’s implemented
through extension mechanisms for DNS (EDNS), a specification that expands
several parameter sizes, but maintains backward compatibility with DNS
servers that don’t use it.
Troubleshooting DNS
As I mentioned earlier, most DNS problems result from a problem with
the client systems. This is because DNS servers rarely go down, and if they
do, most clients have a secondary DNS server setting that enables them
to continue to resolve DNS names. DNS servers have been known to fail,
however, so knowing when the problem is the client system, and when
you can complain to the person in charge of your DNS server, is important.
All of the tools you’re about to see come with every operating system that
supports TCP/IP, with the exception of the ipconfig commands, which I’ll
mention when I get to them.
So how do you know when to suspect DNS is causing the problem on
your network? Well, just about everything you do on an IP network depends
on DNS to find the right system to talk to for whatever job the application
does. E-mail clients use DNS to find their e-mail servers; FTP clients use
DNS for their servers; Web browsers use DNS to find Web servers; and so
on. The first clue something is wrong is generally when a user calls, saying
Tech Tip
Dynamic DNS on
the Web
The proliferation of dedicated high-
speed Internet connections to homes
and business has led many people to
use those connections for more than
surfing the Web from inside the local
network. Why not have a Web server
in your network, for example, that
you can access from anywhere on
the Web? You could use Windows
Remote Desktop to take control of
your home machine. (See Chapter 14
for more details on Remote Desktop.)
The typical high-speed Internet
connection presents a problem in
making this work. Most folks have
a cable or DSL modem connected
to a router. The router has a DHCP
server inside and that’s what
dishes out private IP addresses to
computers on the LAN. The router
also has an external IP address that
it gets from the ISP, usually via
DHCP. That external address can
change unless you pay extra for a
static IP address. Most people don’t.
Several companies promote a
service called dynamic DNS that
maps a home or office router to a
domain name. Each time the router’s
external address changes, the router
contacts the dynamic DNS service
and reports the change. The service
updates its records. When you want
to access your desktop remotely,
you would type in the domain name
rather than an IP address that might
have changed. The domain name can
be one you’ve purchased through
GoDaddy or Joker.com, for example,
or one obtained from the dynamic
DNS service provider.
The most widely used provider
of this service is TZO, formerly
dynamicdns.org. Its current Web
site is www.tzo.com.
www.tzo.com
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
280
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10
he’s getting a “server not found” error. Server not found errors look differ-
ent depending on the application, but you can count on something being
there that says in effect “server not found.” Figure 10.35 shows how this
error appears in an FTP client.
Before you start testing, you need to
eliminate any DNS caches on the local sys-
tem. If you’re running Windows, run the
ipconfig /flushdns command now.
In addition, most Web browsers also have
caches, so you can’t use a Web browser for
any testing. In such cases, it’s time to turn
to the ping command.
Your best friend when testing DNS is
ping. Run ping from a command prompt,
followed by the name of a well-known Web
site, such as ping www.microsoft.com.
Watch the output carefully to see if you get
an IP address. You may get a “request timed
out” message, but that’s fine; you just want
to see if DNS is resolving FQDNs into IP
addresses (Figure 10.36).
If you get a “server not found” error, you
need to ping again using just an IP address.
Most network techs keep the IP address of
a known server in their heads. If you don’t
have one memorized, try 74.125.95.99
(Google). If ping works with the IP address
but not with the Web site name, you know
you have a DNS problem.
Once you’ve determined that DNS
is the problem, check to make sure your
system has the correct DNS server entry.
Again, this information is something you
should keep around. I can tell you the DNS
server IP address for every Internet link I
own—two in the office, one at the house,
plus two dial-ups I use on the road. You
don’t have to memorize the IP addresses,
but you should have all the critical IP information written down. If that isn’t
the problem, run ipconfig /all to see if those DNS settings are the same
as the ones in the server; if they aren’t, you may need to refresh your DHCP
settings. I’ll show you how to do that next.
If you have the correct DNS settings for your DNS server and the DNS
settings in ipconfig /all match those settings, you can assume the
problem is with the DNS server itself. The nslookup (name server lookup)
command enables DNS server queries. All operating systems have a ver-
sion of nslookup.
You run nslookup from a command prompt. With nslookup, you can
(assuming you have the permission) query all types of information from
a DNS server and change how your system uses DNS. Although most
of these commands are far outside the scope of the CompTIA Network+
Figure 10.35 • DNS error
Figure 10.36 • Using ping to check DNS
When troubleshooting, ping
is your friend. If you can ping
an IP address but not the name
associated with that address,
check DNS.
www.microsoft.com
BaseTech
Chapter 10: Network Naming
281
exam, you should definitely know nslookup. For instance, just running
nslookup alone from a command prompt shows you some output similar
to the following:
C:\>nslookup
Default Server: totalhomedc2.totalhome
Address: 192.168.4.155
>
Running nslookup gives me the IP address and the name of my default
DNS server. If I got an error at this point, perhaps a “server not found” error,
I would know that either my primary DNS server is down or I might not
have the correct DNS server information in my DNS settings. I can attach
to any DNS server by typing server, followed by the IP address or the
domain name of the DNS server:
> server totalhomedc1
Default Server: totalhomedc1.totalhome
Addresses: 192.168.4.157, 192.168.4.156
This new server has two IP addresses; it has two multihomed NICs to
ensure there’s a backup in case one NIC fails. If I get an error on one DNS
server, I use nslookup to check for another DNS server. I can then switch to
that server in my TCP/IP settings as a temporary fix until my DNS server
is working again.
Those using UNIX/Linux have an extra DNS tool called domain
information groper (dig). The dig tool is very similar to nslookup, but it runs
noninteractively. In nslookup, you’re in the command until you type exit;
nslookup even has its own prompt. The dig tool, on the other hand, is not
interactive—you ask it a question, it answers the question, and it puts you
back at a regular command prompt. When you run dig, you tend to get a
large amount of information. The following is a sample of a dig command
run from a Linux prompt:
[mike@localhost]$dig -x 13.65.14.4
; <<>> DiG 8.2 <<>> -x
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2,
ADDITIONAL: 2
;; QUERY SECTION:
;; 4.14.65.13.in-addr.arpa, type = ANY, class = IN
;; ANSWER SECTION:
4.14.65.13.in-addr.arpa. 4H IN PTR
server3.houston.totalsem.com.
;; AUTHORITY SECTION:
65.14.4.in-addr.arpa. 4H IN NS kernel.risc.uni-linz.ac.at.
65.14.4.in-addr.arpa. 4H IN NS kludge.risc.uni-linz.ac.at.
;; ADDITIONAL SECTION:
kernel.risc.uni-linz.ac.at. 4H IN A 193.170.37.225
kludge.risc.uni-linz.ac.at. 4H IN A 193.170.37.224
;; Total query time: 1 msec
;; FROM: kernel to SERVER: default — 127.0.0.1
;; WHEN: Thu Feb 10 18:03:41 2000
;; MSG SIZE sent: 44 rcvd: 180
[mike@localhost]$
Make sure you know how to
use nslookup to determine if a
DNS server is active!
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
282
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10
WINS■■
Even though current versions of Windows use either DNS or CIFS names,
NetBIOS names can still appear in older versions of Windows like Win-
dows 9x or some versions of Windows 2000. A Windows NetBIOS system
claims a NetBIOS name for itself simply by broadcasting out to the rest
of the network. As long as no other system is already using that name, it
works just fine. Of course, broadcasting can be a bit of a problem for routers
and such, but this example presumes a single network on the same wire, so
it’s okay in this context.
NetBIOS was invented way back in the early 1980s. Microsoft had a big
investment in NetBIOS and had to support a large installed base of systems,
so even after NetBEUI began to lose market share to TCP/IP, Microsoft had
to continue to support NetBIOS or incur the wrath of millions of customers.
What happened next seems, in retrospect, more a comedy than the machi-
nations of the most powerful software company in the world. Microsoft
did something that should not have been possible: it redesigned NetBIOS
to work with TCP/IP. Eventually, Microsoft came up with CIFS, as you
know from earlier in the chapter, and made NetBIOS DNS-compatible. But
Microsoft tried a couple of things first. Let’s look at some of the strategies
and techniques Microsoft used to make NetBIOS and TCP/IP coexist on the
same network.
One early strategy Microsoft came up with to reduce the overhead
from NetBIOS broadcasts was to use a special text file called LMHOSTS.
LMHOSTS contains a list of the NetBIOS names and corresponding IP
addresses of the host systems on the network. Sound familiar? Well, it
should—the LMHOSTS file works exactly the same way as the DNS HOSTS
file. Although Microsoft still supports LMHOSTS file usage, and every Win-
dows system has an LMHOSTS file for backward compatibility, networks
that still need NetBIOS support will usually run Windows Internet Name
Service (WINS) servers for name resolution. WINS servers let NetBIOS
hosts register their names with just the one server, eliminating the need for
broadcasting and thereby reducing NetBIOS overhead substantially. Figure
10.37 shows the copy of the WINS server that comes with Windows 2000
Server. Note that some of the PCs on this network have registered their
names with the WINS server.
You can find an
LMHOSTS.SAM file on your
Windows system. Use Notepad
to open the file and inspect its
contents.
Figure 10.37 • WINS server
BaseTech
Chapter 10: Network Naming
283
There are only two good reasons to use a WINS server: (1) to reduce
overhead from broadcasts and (2) to enable NetBIOS name resolution
across routers. What does a WINS server have to do with routers, you ask?
Just this: the WINS server enables NetBIOS to function in a routed network.
IP routers are programmed to kill all broadcasts, remember? While newer
Windows clients will simply register directly with the WINS server, older
(pre-Win95) Windows systems will still try to broadcast. To get around this
problem, you can configure a system to act as a WINS proxy agent, for-
warding WINS broadcasts to a WINS server on the other side of the router
(Figure 10.38).
Figure 10.38 • Proxy agent
The bottom line with WINS servers is this: larger or routed networks
that run NetBIOS still need them. As long as Windows NT and Windows
9x systems are out there running NetBIOS, don’t be surprised to find that
some system somewhere is running a WINS server.
Configuring WINS Clients
You don’t need to do much to get a Windows client to use WINS. In fact,
you only need to configure the IP address of a WINS server in its WINS set-
tings under Network Properties. From then on, the Windows system will
look for a WINS server to register its NetBIOS name. If it finds a WINS
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
284
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10
server, it will register its NetBIOS name to the WINS server; if it doesn’t,
it will automatically start broadcasting its NetBIOS name. You can add
WINS information to DHCP if necessary, so unless you’re running static
IP addresses, you may never have to enter anything into your Windows
clients to get WINS to work.
Troubleshooting WINS
Most WINS problems are not WINS problems at all. They are NetBIOS
problems. By far, the most common problem is having two systems share
the same name. In that case, you get a pretty clear error. It looks different
in the various versions of Windows, but it usually says about the same
thing: another system has this name. How do you fix it? Change the name
of the system!
You can use the nbtstat program to help deal with NetBIOS problems.
The nbtstat program will do a number of jobs, depending on the switches
you add to the end of the command. The –c switch, for example, tells
nbtstat to check the current NetBIOS name cache (yup, NetBIOS caches
names just like some systems cache DNS names). The NetBIOS name
cache contains the NetBIOS names and corresponding IP addresses that
have been resolved by a particular host. You can use nbtstat to see if the
WINS server has supplied inaccurate addresses to a WINS client. Here’s
an example of the nbtstat -c command and its results:
C:\ >nbtstat -c
Node IpAddress: [192.168.43.5] Scope Id: []
NetBIOS Remote Cache Name Table
Name Type Host Address Life [sec]
——————————————————————————————
WRITERS <1B> UNIQUE 192.168.43.13 420
SCOTT <20> UNIQUE 192.168.43.3 420
VENUSPDC <00> UNIQUE 192.168.43.13 120
MIKE <20> UNIQUE 192.168.43.2 420
NOTES01 <20> UNIQUE 192.168.43.4 420
Diagnosing TCP/IP Networks■■
I’ve dedicated all of Chapter 20 to network diagnostic procedures, but
TCP/IP has a few little extras that I want to talk about here. TCP/IP is a
pretty tough protocol, and in good networks, it runs like a top for years
without problems. Most of the TCP/IP problems you’ll see come from
improper configuration, so I’m going to assume you’ve run into problems
with a new TCP/IP install, and I’ll show you some classic screw-ups com-
mon in this situation. I want to concentrate on making sure you can ping
anyone you want to ping.
I’ve done thousands of IP installations over the years, and I’m proud to
say that, in most cases, they worked right the first time. My users jumped
on the newly configured systems, fired up their My Network Places/
Think WINS is dead?
Open Manage network
connections in your Network
and Sharing Center. Drill
down through the Local Area
Connection properties | IPv4
properties | Advanced button
to open the Advanced TCP/
IP Settings dialog box. You’ll
see a WINS tab for backward
compatibility with older
computers on the network.
BaseTech
Chapter 10: Network Naming
285
Network, e-mail software, and Web browsers, and were last seen typing
away, smiling from ear to ear. But I’d be a liar if I didn’t also admit that
plenty of setups didn’t work so well. Let’s start with the hypothetical case
of a user who can’t see something on the network. You get a call: “Help!”
he cries. The first troubleshooting point to remember here: it doesn’t mat-
ter what he can’t see. It doesn’t matter if he can’t see other systems in his
network or can’t see the home page on his browser—you go through the
same steps in any event.
Remember to use common sense wherever possible. If the problem
system can’t ping by DNS name, but all the other systems can, is the DNS
server down? Of course not! If something—anything—doesn’t work on
one system, always try it on another one to determine whether the prob-
lem is specific to one system or affects the entire network.
One thing I always do is check the network connections and protocols.
I’m going to cover those topics in greater detail later in the book, so, for
now, assume the problem systems are properly connected and have good
protocols installed. Here are some steps to take:
Diagnose the NIC. 1. First, use ping with the loopback address to
determine if the system can send and receive packets. Specifically,
type ping 127.0.0.1 or ping localhost (remember the
HOSTS file?). If you’re not getting a good response, your NIC has a
problem! Check your NIC’s driver and replace it if necessary.
Diagnose locally. 2. If the NIC’s okay, diagnose locally by pinging a
few neighboring systems, both by IP address and DNS name. If
you’re using NetBIOS, use the net view command to see if the
other local systems are visible (Figure 10.39). If you can’t ping by
DNS, check your DNS settings. If you can’t see the network using
net view, you may have a problem with your NetBIOS settings.
Figure 10.39 • The net view command in action
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
286
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10
Check IP address and subnet mask.3. If you’re having a problem pinging
locally, make sure you have the right IP address and subnet mask.
Oh, if I had a nickel for every time I entered those incorrectly! If
you’re on DHCP, try renewing the lease—sometimes that does the
trick. If DHCP fails, call the person in charge of the server.
Run netstat.4. At this point, another little handy program comes into
play called netstat. The netstat program offers a number of options.
The two handiest ways to run netstat are with no options at all and
with the –s option. Running netstat with no options shows you
all the current connections to your system. Look for a connection
here that isn’t working with an application—that’s often a clue to
an application problem, such as a broken application or a sneaky
application running in the background. Figure 10.40 shows a netstat
program running.
Run netstat –s.5. Running netstat with the –s option displays several
statistics that can help you diagnose problems. For example, if
the display shows you are sending but not receiving, you almost
certainly have a bad cable with a broken receive wire.
Diagnose to the gateway. 6. If you can’t get on the Internet, check to see
if you can ping the router. Remember, the router has two interfaces,
so try both: first the local interface (the one on your subnet) and
then the one to the Internet. You do have both of those IP addresses
memorized, don’t you? You should! If you can’t ping the router,
either it’s down or you’re not connected to it. If you can only ping
the near side, something in the router itself is messed up, like the
routing table.
A good testing trick is to
use the net send command to
try sending messages to other
systems. Not all versions of
Windows support net send.
Figure 10.40 • The netstat program in action
BaseTech
Chapter 10: Network Naming
287
Diagnose to the Internet. 7. If you can ping the router, try to ping
something on the Internet. If you can’t ping one address, try
another—it’s always possible that the first place you try to ping is
down. If you still can’t get through, you can try to locate the problem
using the tracert (trace route) command. Run tracert to mark out the
entire route the ping packet traveled between you and whatever you
were trying to ping. It may even tell you where the problem lies (see
Figure 10.41).
Figure 10.41 • Using tracert
288
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10
Chapter 10 Review■■
Chapter Summary ■
After reading this chapter and completing the exercises,
you should able to do the following.
Describe the function and capabilities of DNS
A HOSTS file maps a computer name to an IP ■
address. When the Internet was in its infancy,
every Internet-connected computer had a copy of
the same HOSTS file. Today, computers have their
own unique HOSTS file, which is always checked
before a computer tries to resolve a name using
another method.
DNS is vital to IP networking, whether on the ■
Internet or within the smallest of networks. DNS
stands for Domain Name System, which functions
as a hierarchical naming system for computers on
a network. A DNS server resolves FQDNs (fully
qualified domain names) to IP addresses.
The 13 DNS root servers for the Internet are logical ■
servers composed of many DNS servers acting as a
single monstrous server.
If one DNS domain name space cannot find out ■
(resolve) the IP address of a computer, the request
gets passed along to another DNS server. The
process continues until the request reaches the
destination computer.
Note that because not all computers are ■
connected to the Internet, computer networks
are not required to belong to a DNS domain.
Administrators can set up their own DNS domain
name spaces, however, without ever connecting to
the Internet. These isolated internal intranets can
be given elaborate naming structures of their own
as well.
DNS is a convenience, not a requirement. You ■
can connect to a Web site by typing the correct IP
address, bypassing the need to resolve an FQDN.
Name resolution can be accomplished through ■
broadcasting by consulting the local HOSTS file or
by contacting a DNS server.
Run ■ ipconfig /all to view your DNS server
settings. Run ipconfig /displaydns to display
a cache of recently resolved FQDNs.
DNS servers store a list of cached lookups—all IP ■
addresses the server has already resolved.
An authoritative DNS server stores IP addresses ■
and FQDNs of all systems for a particular domain
whereas a cache-only DNS server is used to
communicate with other DNS servers.
Forward lookup zones are the most important part ■
of any DNS server because they contain the IP
addresses and FQDNs.
Of the two types of forward lookup zones, primary ■
zones are created on authoritative DNS servers
while secondary zones are created on other DNS
servers to act as a backup to the primary zone.
A records, CNAME records, and MX records must ■
be properly configured on any DNS server.
Reverse lookup zones resolve an IP address to an ■
FQDN using PTRs.
Microsoft’s Common Internet File System (CIFS), ■
which began as a Server Message Block (SMB),
originated when NetBIOS/NetBEUI dropped
NetBEUI in favor of IP and used the NetBIOS
name as the DNS name. It was used primarily to
share files and printers in small TCP/IP networks.
CIFS organizes computers into one of three types ■
of groups: workgroup, Windows domain, or Active
Directory.
A Windows domain provides centralized ■
management and user authentication via a
computer acting as a domain controller.
An Active Directory is an organization of related ■
computers that shares one or more Windows
domains. There is no single domain controller in
Active Directory because all domain controllers
operate equally.
BaseTech
289
Chapter 10: Network Naming
Under Active Directory, all domain controllers ■
are also DNS servers. Because Active Directory
domain controllers operate equally, there is
no single point of failure throughout Active
Directory’s DNS system. All domain controllers
hold primary zones.
The Dynamic DNS (DDNS) protocol enables DNS ■
servers to update their records automatically when
they receive changed IP address information from
a DHCP server or clients on the network.
The command ipconfig is useful for ■
troubleshooting TCP/IP settings. Running
ipconfig /flushdns will clear the local cache
of DNS entries.
The ping command is essential in establishing ■
connectivity to a destination PC. If you can ping
a host computer by IP address (for example,
ping 192.168.4.55), but not by name (ping
acctngpc2), then you have a DNS resolution
issue. Check cables, check the DNS servers listed
under each network adapter card’s settings, and
finally, check to see that the DNS server is truly up
and operational.
The nslookup command enables you to research ■
what name servers are being used by a particular
computer. Advanced variations of the nslookup
command can query information from a DNS
server and even change how your system
uses DNS.
UNIX/Linux users have an additional DNS tool ■
called dig, which is different from nslookup in that
dig runs noninteractively.
Configure and troubleshoot WINS
An LMHOSTS file works almost the same as a ■
HOSTS file, except it correlates NetBIOS names to
IP addresses.
WINS stands for Windows Internet Name Service, ■
which is an older name resolution method.
WINS servers help Windows systems (in place
of the even older LMHOSTS files) with resolving
NetBIOS computer names (like SALESPC7) to
IP addresses (like 192.168.10.7) on a Windows
network.
WINS clients virtually configure themselves ■
by using broadcasts to find WINS servers. A
WINS proxy agent forwards WINS broadcasts
across routers that would normally block such
broadcasts.
WINS problems relate directly to NetBIOS ■
problems. The most common problem by far is
having two systems share the same name. The
resulting error message clearly indicates that
another system is trying to use the same name.
Simply change the computer’s system name to fix
this common problem.
Using the ■ nbtstat –c command will check the
current NetBIOS name cache. This NetBIOS name
cache contains the NetBIOS names (along with
their corresponding IP addresses) that have been
resolved already by a particular host.
Use the nbtstat command alone to see whether the ■
WINS server has supplied inaccurate addresses to
a particular WINS client.
Use common TCP/IP utilities to diagnose problems
with DNS and WINS
Always try to connect from another system to ■
determine the extent of the problem. You can then
begin the steps to diagnose TCP/IP errors on a
single system.
Remember to work “from the inside out”—that ■
is, check for connectivity problems on the local
system before moving on to check the larger
network structure. First, type ping 127.0.0.1
(or ping localhost) to ensure that the local NIC
is seated properly and TCP/IP is installed.
On Windows systems, the net view command is ■
worth trying. If you can’t see the network using net
view, you may have a problem with your NetBIOS
settings.
Running netstat shows all the current connections ■
on your system. Running netstat –s displays
useful statistical information.
The tracert command allows you to mark the entire ■
route a ping packet travels, telling you exactly
where a problem lies.
290
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10
Key Terms ■
A records (274)
Active Directory (278)
authoritative DNS server (265)
cached lookup (272)
cache-only DNS server (273)
canonical name (CNAME) (274)
Common Internet File System (CIFS) (276)
DNS root server (261)
DNS server (261)
DNS tree (263)
domain information groper (dig) (281)
Domain Name System (DNS) (259)
Dynamic DNS (DDNS) (279)
flat name space (262)
forward lookup zone (273)
fully qualified domain name (FQDN) (264)
hierarchical name space (262)
host name (263)
HOSTS file (259)
ipconfig (270)
lmhosts (282)
MX record (275)
name resolution (258)
name server (265)
nbtstat (284)
NetBIOS/NetBEUI (276)
netstat (286)
nslookup (280)
NS record (274)
ping (280)
pointer record (PTR) (276)
primary zone (275)
reverse lookup zone (275)
secondary zone (275)
top-level domain server (261)
tracert (287)
Windows domain (277)
Windows Internet Name Service (WINS) (259)
WINS proxy agent (283)
workgroup (277)
Key Term Quiz ■
Use the Key Terms list to complete the sentences that
follow. Not all the terms will be used.
The _______________ command is used to 1.
establish connectivity.
Using _______________ alone can help determine 2.
whether a WINS server has supplied inaccurate
addresses to a particular WINS client.
The term _______________ refers to networks 3.
that use DNS belonging to the same DNS system.
A helpful command that displays TCP/IP 4.
naming information is _______________.
_______________ is responsible for 5.
resolving NetBIOS names to IP addresses on
predominately Windows networks.
To connect to systems on the Internet using 6.
domain names, your network needs the name of
at least one _______________.
To forward WINS broadcasts to a WINS server 7.
on the other side of the router, you need to set up
a(n) _______________.
You can use the diagnostic utility called 8.
_______________ to trace the progress of an
ICMP packet between your system and a remote
computer.
To avoid having to re-resolve an FQDN that it 9.
has already checked, a Windows DNS server
keeps a list of IP addresses it has already
resolved, called _______________.
The single DNS server that has a list of 10.
all the host names on the domain and
their corresponding IP addresses is the
_______________.
BaseTech
291
Chapter 10: Network Naming
Multiple-Choice Quiz ■
Which of the following are needed for e-mail 1.
clients to find their e-mail servers, FTP clients to
find their file servers, and Web browsers to find
Web servers?
DHCP serversA.
DNS serversB.
E-mail serversC.
WINS serversD.
What do DNS servers use to help resolve IP 2.
addresses to DNS names?
AuthenticationA.
AuthorizationB.
Backward lookup zonesC.
Reverse lookup zonesD.
What do DNS servers use to help resolve DNS 3.
names to IP addresses?
AccountingA.
AdministrationB.
Backward lookup zonesC.
Forward lookup zonesD.
What type of DNS servers do not have any 4.
forward lookup zones and will resolve names
of systems on the Internet for a network but are
not responsible for telling other DNS servers the
names of any clients?
Cache-only serversA.
Primary serversB.
Secondary serversC.
WINS serversD.
What command gives you the IP address and the 5.
name of your system’s default DNS server?
nbtstatA.
nslookupB.
pingC.
winwordD.
What file can be replaced when a network has a 6.
WINS server?
HOSTSA.
LMHOSTSB.
SAMC.
WINSD.
What file can be replaced when a network has a 7.
DNS server?
HOSTSA.
LMHOSTSB.
SAMC.
WINSD.
What does adding a WINS proxy agent enable 8.
you to accomplish on your network?
Cross a hubA.
Cross a serverB.
Cross a switchC.
Cross a routerD.
Folders with subfolders on a system, like domain 9.
names with subdomains, are said to have a
structure resembling what?
BranchA.
ForestB.
RootC.
TreeD.
Which of the following commands clears the 10.
local cache of DNS entries?
ipconfig /clearA.
ipconfig /clsB.
ipconfig /flushdnsC.
ipconfig /renewD.
Which variation of the nbtstat command checks 11.
the current NetBIOS name cache?
nbtstatA.
nbtstat –cB.
nbtstat /checkupgradeonlyC.
nbtstat /statusD.
Which of these terms are frequently used 12.
interchangeably? (Select two.)
DomainA.
FolderB.
SubdomainC.
ZoneD.
292
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10
Which of the following are valid DNS record 13.
entry types? (Select three.)
AA.
MB.
NSC.
SOAD.
Which of the following is an example of a top-14.
level domain?
.comA.
totalsem.comB.
support.totalsem.comC.
houston.support.totalsem.comD.
How do authoritative DNS servers and cache-15.
only DNS servers differ?
Authoritative DNS servers contain forward A.
lookup zones whereas cache-only DNS
servers contain only reverse lookup zones.
Authoritative DNS servers store IP addresses B.
and FQDNs of systems for a particular
domain or domains whereas cache-only DNS
servers do not store any FQDNs because they
are only used to talk to other DNS servers to
resolve IP addresses.
Authoritative DNS servers service requests C.
for top-level domains whereas cache-only
DNS servers service requests for down-level
domains.
Authoritative DNS servers are found only D.
in Windows Active Directory networks
whereas cache-only DNS servers are found
universally throughout the Internet.
Essay Quiz ■
Some classmates at school have been playing 1.
with (and giggling over) the net send command
during class time. The instructor notices what’s
going on, and hoping to turn the experience into
something useful, asks each student to write
down a valid use of the net send command.
Write down your answer.
Your boss comes into your office in a panic. He 2.
can’t reach the company’s internal Web server
from his office. It worked yesterday. Write an
essay describing what you’d do to troubleshoot
the situation. Which tool or tools would you
use? Why?
After discussing flat versus hierarchical 3.
naming schemes in class, a feisty classmate
proclaims that flat names should be used on
individual systems as well as on the Internet for
simplification. Write a brief reason or two why
he is wrong in his oversimplification.
Jot down some brief notes about how you would 4.
troubleshoot and diagnose a TCP/IP issue on
one of the systems on your network. You can list
the actual commands if you like, too. Choose an
interesting Web site that you would ping on the
Internet as your final step.
BaseTech
293
Chapter 10: Network Naming
Lab Project 10.1 •
Lab ProjectsLab Projects
This chapter has presented many variations of common network troubleshooting commands. You
have decided it would be beneficial to create an alphabetized chart of these commands, including their
variations and what they do. Using either a word processing program or spreadsheet program, create a
chart like the following—you fill in the rightmost column:
Command
Switch or Second-level
Command What It Does . . .
ipconfig (blank)
ipconfig /all
ipconfig /release
ipconfig /renew
ipconfig /flushdns
nbtstat (blank)
nbtstat –c
net send
net view
ping 127.0.0.1
ping disney.com
ping localhost
Lab Project 10.2 •
A request must potentially make many trips
when trying to resolve a fully qualified domain
name to an IP address. Aside from the hosts
file, you have primary DNS servers, secondary
DNS servers, authoritative DNS servers, cache-
only DNS servers, DNS root servers, top-level
DNS servers, and second-level domain
servers.
On a piece of paper, sketch a diagram/flowchart
showing how a request for www.example.com
gets resolved to an IP address.
chapter
294
11
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks,Third Edition / Meyers / 911-1 / Chapter 11
Securing TCP/IP
“Better to be despised for too
anxious apprehensions than
ruined by too confident a
security.”
—Edmund BurkE
In this chapter, you will learn
how to
Discuss the standard methods for ■■
securing TCP/IP networks
Compare TCP/IP security ■■
standards
Implement secure TCP/IP ■■
applications
If you want to enter the minds of the folks who invented TCP/IP, Vint Cerf and Bob Kahn, look at TCP/IP from a security perspective. No part of TCP/IP
has any real security. Oh sure, you can put user names and passwords on FTP,
Telnet, and other TCP/IP applications, but everything else is wide open. Cerf and
Kahn must have thought that the intent of the Internet was openness.
Sadly, today’s world reveals a totally different perspective. Every device
with a public IP address on the Internet is constantly bombarded with malicious
code trying to gain some level of access to our precious data. Even data moving
between two hosts is relatively easily intercepted and read. Bad guys make
millions by stealing our data in any of a thousand different ways, and TCP/IP in
its original form is all but powerless to stop them.
This chapter takes you on a tour of the many ways smart people have
improved TCP/IP to protect our data from those who wish to do evil things to it.
It’s an interesting story of good intentions, knee-jerk reactions, dead ends, and
failed attempts that luckily ends with a promise of easy-to-use protocols that
protect our data.
BaseTech
Chapter 11: Securing TCP/IP
295
This chapter examines the ways to make TCP/IP data and networks
secure. I’ll first give you a look at security concepts and then turn to specific
standards and protocols used to implement security. The chapter wraps
with a discussion on secure TCP/IP applications and their methods.
Test Specific
Making TCP/IP Secure■■
I break down TCP/IP security into four areas: encryption, nonrepudia-
tion, authentication, and authorization. Encryption means to scramble,
mix up, or change the data in such a way that bad guys can’t read it. Of
course, this scrambled-up data must also be descrambled by the person
receiving the data.
Nonrepudiation is the process that guarantees that the data is the same
as originally sent and that it came from the source you think it should have
come from. Nonrepudiation is designed to cover situations in which some-
one intercepts your data on-the-fly and makes changes, or someone pre-
tends to be someone they are not.
Authentication means to verify that whoever accesses the data is the
person you want accessing that data. The most classic form of authentica-
tion is the user name and password combination, but there are plenty more
ways to authenticate.
Authorization defines what a person accessing the data can do with that
data. Different operating systems provide different schemes for authori-
zation, but the classic scheme for Windows is to assign permissions to a
user account. An administrator, for example, can do a lot more after being
authenticated than a limited user can do.
Encryption, nonrepudiation, authentication, and authorization may be
separate issues, but in the real world of TCP/IP security, they overlap a lot.
If you send a user name and password over the Internet, wouldn’t it be a
good idea to encrypt the user name and password so others can’t read it?
Equally, if you send someone a “secret decoder ring” over the Internet so
he or she can unscramble the encryption, wouldn’t it be a good idea for the
recipient to know that the decoder ring actually came from you? In TCP/
IP security, you have protocols that combine encryption, nonrepudiation
(sometimes), authentication, and authorization to create complete security
solutions for one TCP/IP application or another.
Encryption
All data on your network is nothing more than ones and zeroes. Identify-
ing what type of data the strings of ones and zeroes in a packet represent
usually is easy. A packet of data on the Internet always comes with a port
number, for example, so a bad guy quickly knows what type of data he’s
reading.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
296
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11
All data starts as plaintext, a somewhat misleading term that simply
means the data is in an easily read or viewed industry-wide standard for-
mat. Plaintext, often also referred to as cleartext, implies that all data starts
off as text—untrue! Data often is text, but it also might be a binary file such
as a photograph or an executable program. Regardless of the type of data,
it all starts as plaintext. I’ll use the image in Figure 11.1 as a universal figure
for a piece of plaintext.
If you want to take some data and make figuring out what it means
difficult for other people, you need a cipher. A cipher is a series of com-
plex and hard-to-reverse mathematics—called an algorithm—you run on
a string of ones and zeroes to make a new set of seemingly meaningless
ones and zeroes. A cipher and the method used to implement that cipher is
commonly called the complete algorithm. (I know that’s a mouthful of new
terms— check the sidebar for details.)
Let’s say you have a string of ones and zeroes that looks like this:
01001101010010010100101101000101
This string may not mean much to you, but if it was part of an HTTP
segment, your Web browser would instantly know that this is Unicode—
that is, numbers representing letters and other characters—and convert
it into text:
01001101 01001001 01001011 01000101
M I K E
So let’s create a cipher to encrypt this cleartext. All binary encryption
requires some interesting binary math. You could do something really sim-
ple such as add 1 to every value (and ignore carrying the 1):
0 + 1 = 1 and 1 + 1 = 0 10110010101101101011010010111010
No big deal; that just reversed the values. Any decent hacker would
see the pattern and break this code in about three seconds. Let’s try some-
thing harder to break by bringing in a second value (a key) of any eight
binary numbers (let’s use 10101010 for this example) and doing some math
to every eight binary values using this algorithm:
If cleartext is… And key value is… Then the result is…
0 0 0
0 1 1
1 0 1
1 1 0
This is known as a binary XOR (eXclusive OR). Line up the key against
the first eight values in the cleartext:
10101010
01001101010010010100101101000101
11100111
Then do the next eight binary values:
1010101010101010
01001101010010010100101101000101
1110011111100011
Figure 11.1 • Plaintext
Tech Tip
Sorting Out the
Security Terms
The terms cipher, algorithm,
and complete algorithm lend
themselves to a lot of confusion,
especially because most people
in the IT industry use them
interchangeably. Here’s the
scoop: A cipher is a general term
for a way to encrypt data. The
algorithm is the mathematical
formula that underlies the cipher.
The complete algorithm is both
the cipher and the implementation
of that cipher. The problem with
the terms is compounded by the
lack of a third, distinct term. Most
people drop the word “complete”
from “complete algorithm,” for
example, thus the meanings of the
three terms become muddied.
BaseTech
Chapter 11: Securing TCP/IP
297
Then the next eight:
101010101010101010101010
01001101010010010100101101000101
111001111110001111100001
Then the final eight:
10101010101010101010101010101010
01001101010010010100101101000101
11100111111000111110000111101111
If you want to decrypt the data, you need to know the algorithm and the
key. This is a very simple example of how to encrypt binary data. At first
glance, you might say this is good encryption, but the math is simple, and a
simple XOR is easy for someone to decrypt.
An XOR works with letters as well as numbers. See if you can crack the
following code:
WKH TXLFN EURZQ IRA MXPSV RYHU WKH ODCB GRJ
This is a classic example of the Caesar cipher. You just take the letters of the
alphabet and transpose them:
Real Letter: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Code letter: DEFGHIJKLMNOPQRSTUVWXYZABC
Caesar ciphers are very easy to crack by using word patterns, frequency
analysis, or brute force. The code “WKH” shows up twice, which means it’s
the same word (word patterns). The letters W and H show up fairly often too.
Certain letters of the alphabet are used more than others, so a code-breaker
can use that to help decrypt the code (frequency analysis). Assuming that
you know this is a Caesar cipher, a computer can quickly go through every
different code possibility and determine the answer (brute force). Incredibly,
even though it’s not as obvious, binary code also suffers from the same
problem.
In computing, you need to make a cipher hard for anyone to break
except the people you want to read the data. Luckily, computers do more
complex algorithms very quickly (it’s just math), and you can use longer
keys to make the code much harder to crack.
Okay, let’s take the information above and generate some more symbols
to show this process. When you run cleartext through a cipher algorithm
using a key, you get what’s called ciphertext (Figure 11.2).
Over the years, computing people have developed hundreds of different
complete algorithms for use in encrypting binary data.
Of these, only a few were or still are commonly used in
the TCP/IP world. The math behind all of these complete
algorithms is incredibly complex and way beyond the
scope of the CompTIA Network+ exam, but all of them
have two items in common: a complex algorithm under-
lying the cipher and a key or keys used to encrypt and
decrypt the text.
Any encryption that uses the same key for both
encryption and decryption is called symmetric-key
encryption or a symmetric-key algorithm. If you want
Cleartext Gobbledegook
Figure 11.2 • Encryption process
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
298
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11
someone to decrypt what you encrypt, you have to make sure they have
some tool that can handle the algorithm and you have to give them the key.
This is a potential problem I will address later in this chapter. Any encryp-
tion that uses different keys for encryption and decryption is called asym-
metric-key encryption or an asymmetric-key algorithm. Let’s look at sym-
metric-key encryption first, and then turn to asymmetric-key encryption.
Symmetric-Key Algorithm Standards
There is one difference among symmetric-key algorithms. Most algorithms
are called block ciphers because they encrypt data in single “chunks” of a
certain length at a time. Let’s say you have a 100,000-byte Microsoft Word
document you want to encrypt. One type of encryption will take 128-bit
chunks and encrypt each one separately (Figure 11.3). Block ciphers work
well when data comes in clearly discrete chunks. Most data crossing wired
networks comes in IP packets, for example, so block ciphers are very popu-
lar with these sorts of packets.
The alternative is a stream cipher, which takes a single bit at a time and
encrypts on-the-fly (Figure 11.4). Stream ciphers are very popular when-
ever your data comes in long streams (such as with older wireless networks
or cell phones).
The granddaddy of all TCP/IP symmetric-key algorithms is the Data
Encryption Standard (DES). DES was developed by the United States gov-
ernment in the late 1970s and was in widespread use in a variety of TCP/
IP applications. DES used a 64-bit block and a 56-bit key. Over time, the
56-bit key made DES susceptible to brute-force attacks. The computing
world came up with a number of derivatives of DES to try to address this
Figure 11.3 • Block cipher
Figure 11.4 • Stream cipher
BaseTech
Chapter 11: Securing TCP/IP
299
issue, with names such as 3DES, International Data Encryption Algorithm
(IDEA), and Blowfish.
On the streaming side, the only symmetric-key algorithm you’ll prob-
ably ever see is Rivest Cipher 4 (RC4) stream cipher. RC4 was invented
in the late 1980s by Ron Rivest, cryptographer and arguably the most
famous of all inventors of TCP/IP security algorithms. RC4 is used in a
number of TCP/IP applications. Over the years improvements in com-
puting power made both DES and RC4 vulnerable to attacks in certain
circumstances. As a result, almost all TCP/IP applications have moved to
Advanced Encryption Standard (AES). AES is a block cipher created in the
late 1990s. It uses a 128-bit block size and 128-, 192-, or 256-bit key size.
AES is incredibly secure, practically uncrackable (for now at least), and
is so fast that even applications that traditionally used stream ciphers are
switching to AES.
Not at all limited to TCP/IP, you’ll find AES used for many applications
from file encryption to wireless networking to some Web sites. Given that
AES is still somewhat new, many TCP/IP applications are still in the pro-
cess of moving toward adoption.
Asymmetric-Key Algorithm Standards
Symmetric-key encryption has one serious weakness: anyone who gets a
hold of the key can encrypt or decrypt data with it. The nature of symmetric-
key encryption forces us to send the key to the other person in one way or
another, making it a challenge to use symmetric-key encryption safely. As a
result, folks have been strongly motived to create a methodology that allows
the encrypter to send a key to the decrypter without fear of interception
(Figure 11.5).
The answer to the problem of key sharing came in the form of using two
different keys—one to encrypt and one to decrypt, thus, an asymmetric-key
algorithm. Three men in the late 1970s—Whitfield Diffie, Martin Hellman,
and Ralph Merkle—introduced what became known as public-key cryptog-
raphy, with which keys could be exchanged securely.
Ron Rivest (along with Adi Shamir and Leonard Adleman) came up
with some improvements to the Diffie-Hellman method of public-key cryp-
tography by introducing a fully functional algorithm called Rivest Shamir
Adleman (RSA) that enabled secure digital signatures. Here’s how public-
key cryptography works.
When in doubt on a question
about encryption algorithms,
always pick AES. You’ll be right
most of the time.
Figure 11.5 • How do we safely deliver the key?
The public-key cryptography
introduced by Diffie, Hellman,
and Merkle became known as
the Diffie-Hellman key exchange.
Hellman, on the other hand, has
insisted that if the scheme needs
a name, it should be called
the Diffie-Hellman-Merkle key
exchange.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
300
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11
Imagine two people, Mike and Melissa, who wish to send each other
encrypted e-mail messages (Figure 11.6). SMTP doesn’t have any (popular)
form of encryption, so Mike and Melissa must come up with some program
that encrypts their messages. They will then send the encrypted messages
as regular e-mail.
Figure 11.6 • Mike and Melissa, wanting to send encrypted e-mail messages
Before Melissa can send an encrypted e-mail to Mike, he first generates
two keys. One of these keys is kept on his computer (the private key), and
the other key is sent to anyone from whom he wants to receive encrypted
e-mail (the public key). These two keys—called a key pair—are generated at
the same time and are designed to work together. He sends a copy of the
public key to Melissa (Figure 11.7).
Figure 11.7 • Sending a public key
A public-key cryptography algorithm works by encrypting data with a
public key and then decrypting data with a private key. The public key of
the key pair encrypts the data, and only the associated private key of the
key pair can decrypt the data. Since Melissa has Mike’s public key, Melissa
Public-key cryptography is
the most popular form of e-mail
encryption.
BaseTech
Chapter 11: Securing TCP/IP
301
can encrypt and send a message to Mike that only Mike’s private key can
decrypt. Mike can then decrypt the message (Figure 11.8).
Figure 11.8 • Decrypting a message
If Melissa wants Mike to send encrypted e-mail to her, she must gen-
erate her own key pair and send Mike the public key. In a typical public-
key cryptography setup, everyone has their own private key plus a copy of
the public keys for anyone with whom they wish to communicate securely
(Figure 11.9).
Figure 11.9 • Lots of keys
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
302
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11
The only problem with all these keys is the chance that someone pre-
tending to be someone else might pass out a public key. Therefore, the
recipients have a strong desire to know who is passing out a key. This issue
falls under the banner of nonrepudiation.
Encryption and the OSI Model
The process of encryption varies dramatically depending on what you want
to encrypt. To make life a bit easier, let’s look at how you encrypt using the
OSI seven-layer model:
Layer 1 ■ No common encryption done at this layer.
Layer 2 ■ A common place for encryption using proprietary
encryption devices. These boxes scramble all of the data in an
Ethernet frame except the MAC address information. Devices or
programs encode and decode the information on-the-fly at each end.
Layer 3 ■ Only one common protocol encrypts at Layer 3: IPsec.
IPsec is typically done via software that takes the IP packet and
encrypts everything inside the packet, leaving only the IP addresses
and a few other fields unencrypted.
Layer 4 ■ Neither TCP nor UDP offers any encryption methods, so
little happens security-wise at Layer 4.
Layers 5 and 6 ■ Not common layers for encryption.
Layer 7 ■ Many applications use their own encryption, placing them
squarely in Layer 7. There are Layer 7 standards, with SSL/TLS
being very common.
Nonrepudiation
Within networking, nonrepudiation simply means that the receiver of infor-
mation has a very high degree of confidence that the sender of a piece of
information truly is who the receiver thinks he or she or it should be. Non-
repudiation takes place all over a network. Is this truly the person who sent
in the user name and password to log into my Windows domain? Is this
really the eBay.com Web site I’m entering my credit card number into? Did
this public key really come from Mike Meyers? As a result, nonrepudiation
comes in a number of forms, but most of them use a very clever little bit of
mathematical magic called a hash.
Hash
In computer security, a hash (or more accurately, a cryptographic hash func-
tion) is a mathematical function that you run on a string of binary digits of
any length that results in a value of some fixed length (often
called a checksum or a digest). A cryptographic hash function
is a one-way function. One-way means the hash is practically
irreversible. You should not be able to re-create the data, even if
you know the hashing algorithm and the checksum. A crypto-
graphic hash function should also have a unique checksum for
any two different input streams (Figure 11.10).
Cleartext
Hash
Gobbledegook
Checksum
Figure 11.10 • A hash at work
BaseTech
Chapter 11: Securing TCP/IP
303
Cryptographic hash functions have a
huge number of uses, but one of the most
common is for files. Let’s say I’m sharing
a file on my Web site. I’m worried an evil
hacker might alter that file, so I run a hash
on the file and supply you with both the file
and the checksum. Message-Digest Algorithm
version 5—everybody just calls it MD5—is
arguably the most popular hashing function
for this type of work. Figure 11.11 shows an
example of this, a program called Net.MD5.
MD5 is a very popular cryptographic
hash, but it’s not the only one. The other hash
you’ll see from time to time is called Secure
Hash Algorithm (SHA). There are two ver-
sions of SHA: SHA-1 and SHA-2.
Many encryption and authentication
schemes also use hashes. Granted, you won’t
actually see the hashes as they’re used, but
trust me: hashes are everywhere. For example, some SMTP servers use a
special form of MD5, called Challenge-Response Authentication Mechanism-
Message Digest 5 (CRAM-MD5), as a tool for server authentication. (See
the discussion of CHAP later in the “Authentication Standards” section
for details on how challenge-response works.) Now that you understand
hashes, let’s return to public-key cryptography and see how digital signa-
tures make public-key cryptography even more secure.
Look for CRAM-MD5 to
show up on the CompTIA
Network+ exam as a tool for
server authentication.
Try This!
Doing the MD5 Thang!
Net.MD5 is a Windows program. Every operating system has lots of
MD5 digest creators and checkers. If you use Linux, try the popular
MD5Sum utility. The following instructions are for Net.MD5:
Download the program from the Web site http://sourceforge 1.
.net/project/platformdownload.php?group_id= 190760 and
install it.
Download the setup_netmd5.exe.md5 file and open it in 2.
Notepad to see the MD5 digest. Copy it to the clipboard.
Start the Net.MD5 program.3.
Next to the 4. Source Data field, browse to the Download_setup_
netmd5.exe file and click OK.
Paste in the MD5 digest under the 5. Original Key field.
Click the 6. Make Key button.
Are the MD5 digests the same? Then you know you have a legit
copy of Net.MD5!
Figure 11.11 • File and MD5
http://sourceforge.net/project/platformdownload.php?group_id=190760
http://sourceforge.net/project/platformdownload.php?group_id=190760
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
304
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11
Digital Signatures
As mentioned earlier, public-key cryptography suffers from the risk that
you might be getting a message or a public key from someone who isn’t
who they say they are. To avoid this problem, you add a digital signature. A
digital signature is another string of ones and zeroes that can only be gener-
ated by the sender, usually by doing something mathematically complex
(part of the algorithms always includes some hashing) to the message and
the private key. The person with the matching public key does something to
the digital signature using the public key to verify it came from the intended
sender. Digital signatures are very popular with e-mail users. Figure 11.12
shows an e-mail message being both encrypted and digitally signed in
Mozilla Thunderbird using a special Thunderbird add-on called OpenPGP.
You’ll read more about the PGP family of authentication/encryption tools
later in this chapter.
Figure 11.12 • Digitally signed
PKI
Digital signatures are great, but what happens when you want to do busi-
ness with someone you do not know? Before you enter a credit card num-
ber to buy that new USB 3.0 Blu-ray Disc player, wouldn’t you like to know
that the Web site you are doing business with truly is eBay? To address
that need the industry came up with the idea of certificates. A certificate is
a standardized type of digital signature that includes the digital signature
of a third party, a person or a company that guarantees that who is passing
out this certificate truly is who they say they are. As you might imagine,
certificates are incredibly common with secure Web pages. When you go
to eBay to sign in, your browser redirects to a secure Web page. These
are easy to identify by the lock icon at the bottom of the screen or in the
address bar (Figure 11.13) or the
https:// used (instead of http://)
in the address bar.
In the background, several
actions take place (all before the
secure Web page loads). First, the
Web server automatically sends
a copy of its certificate. Built into
that certificate is the Web server’s
public key and a signature from
the third party that guarantees this
is really eBay. Go to your national
version of eBay (I’m in the United
States, so I’ll use eBay.com) and
click Sign In (you don’t even need
an eBay account to do this). Now
look at the certificate for the cur-
rent session. Depending on the Web
browser you use, you’ll see it in dif-
ferent ways. Try clicking the little
lock icon at the bottom of the page
or in the address bar as this usually
works. Figure 11.14 shows the certificate for this session.
If you see https:// or a small
lock icon, you are most likely on
a secure Web site.
BaseTech
Chapter 11: Securing TCP/IP
305
address bar (Figure 11.13) or the
https:// used (instead of http://)
in the address bar.
In the background, several
actions take place (all before the
secure Web page loads). First, the
Web server automatically sends
a copy of its certificate. Built into
that certificate is the Web server’s
public key and a signature from
the third party that guarantees this
is really eBay. Go to your national
version of eBay (I’m in the United
States, so I’ll use eBay.com) and
click Sign In (you don’t even need
an eBay account to do this). Now
look at the certificate for the cur-
rent session. Depending on the Web
browser you use, you’ll see it in dif-
ferent ways. Try clicking the little
lock icon at the bottom of the page
or in the address bar as this usually
works. Figure 11.14 shows the certificate for this session.
Figure 11.14 • eBay sign-in certificate
Figure 11.13 • Secure Web page
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
306
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11
So a company called VeriSign issued this certificate. That’s great, but
how does your computer check all this? VeriSign is a certificate authority.
Every Web browser keeps a list of certificate authority certificates that it
checks against when it receives a digital certificate. Figure 11.15 shows the
certificate authority certificates stored on my system.
Figure 11.15 • Certificate authority certificates on a system
When someone wants to create a secure Web site, he or she buys a cer-
tificate signed by a certificate authority, such as VeriSign (the biggest player
in the market and the one I’ll use for this example). VeriSign acts as the root,
and the new Web site’s certificate contains VeriSign’s signature. For more
advanced situations, VeriSign includes an intermediate certificate authority
between VeriSign’s root certificate authority and the user’s certificate. This
creates a tree of certificate authorization, with the root authorities at the
top and issued certificates at the bottom. You can also have intermediate
authorities although these are not as heavily used. Together, this organiza-
tion is called a public-key infrastructure (PKI) (Figure 11.16).
You don’t have to use PKI to use certificates. First, you can create your
own unsigned certificates. These are perfectly fine for lower-security situ-
ations (e-mail among friends, personal Web page, and so forth), but don’t
expect anyone to buy products on a Web site or send highly sensitive e-mail
without a signed certificate from a well-known certificate authority like
VeriSign, Thawte, or GoDaddy.
Finally, many certificate providers offer a Web-of-trust option, primarily
for e-mail. In this case, someone else who is already part of a trust group
signs your certificate. There is no certificate authority, simply a group of
peers who trust each other. The popular Pretty Good Privacy (PGP) encryp-
tion program, among many others, uses such a trust model.
Becoming a root certificate
authority with enough respect to
have Web browsers install your
certificate is very difficult!
BaseTech
Chapter 11: Securing TCP/IP
307
Digital certificates and asymmetric cryptography are closely linked
because digital certificates are almost always used to verify the exchange
of public keys. In many cases, this exchange takes place behind the scenes
of e-mail, Web pages, and even in some very secure wireless networks.
Though you may not see certificates in action very often, you now know
that they are there.
Authentication
You most likely have dealt with authentication at some level. Odds are
good you’ve at least had to type in a user name and password on a Web
site. Maybe your computer at work or school requires you to log on to the
network. Whatever the case, the first exposure to authentication for most
users is a request to enter a user name and password. A network technician
should understand not only how different authentication methods control
user names and passwords, but also some of the authentication standards
used in today’s TCP/IP networks.
Passwords offer significant security challenges. What happens after you
type in a user name and password? How is this data transferred? Who or
what reads this? What is the data compared to? A series of TCP/IP security
standards that use combinations of user names, passwords, and sometimes
certificates, all handled in a usually secure manner, address these issues, as
described in the upcoming section “TCP/IP Security Standards.”
Authorization
A large part of the entire networking process involves one computer request-
ing something from another computer. A Web client might ask for a Web
page, for example, or a Common Internet File System (CIFS) client might ask
a file server for access to a folder. A computer far away might ask another
computer for access to a private network. Whatever the case, you should
carefully assign levels of access to your resources. This is authorization. To
help define how to assign levels of access, you use an access control list.
Fans of software licensed
under the GNU public license
can try GNU Privacy Guard
(GPG), an alternative to the
PGP suite. Check it out here:
www.gnupg.org.
The “Network+ Acronym
List” includes a term called
Network Access Control (NAC).
NAC defines a newer series
of protection applications that
combine the features of what
traditionally was done by
separate applications. There is
no perfect single definition for
NAC. There are, however, certain
functions that a NAC often
does. A NAC usually prevents
computers lacking antimalware
and patches from accessing
the network. NACs also create
policies (their own policies, not
Windows policies) that define
what individual systems can
do on the network, including
network access, segregation of
portions of the network, etc.
Figure 11.16 • VeriSign’s PKI tree
Tech Tip
Get in the Game
Almost all e-mail clients support
encryption—you just need to get
a certificate. If you want to start
playing with e-mail encryption
and signing, grab a free personal
e-mail certificate from a number
of different providers. Check out
Secorio at www.secorio.com/
index.php?S_MIME_Email_
Certificates, or Comodo at www
.instantssl.com/ssl-certificate-
products/free-email-certificate
.html. Instructions for certificate
generation and installation are on
the respective Web sites.
www.secorio.com/index.php?S_MIME_Email_Certificates
www.secorio.com/index.php?S_MIME_Email_Certificates
www.instantssl.com/ssl-certificate-products/free-email-certificate.html
www.instantssl.com/ssl-certificate-products/free-email-certificate.html
www.instantssl.com/ssl-certificate-products/free-email-certificate.html
www.instantssl.com/ssl-certificate-products/free-email-certificate.html
www.gnupg.org
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
308
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11
An access control list (ACL) is nothing more than a clearly defined list
of permissions that specify what an authenticated user may perform on a
shared resource. Over the years the way to assign access to resources has
changed dramatically. To help you to understand these changes, the secu-
rity industry likes to use the idea of ACL access models. There are three types
of ACL access models: mandatory, discretionary, and role based.
In a mandatory access control (MAC) security model, every resource is
assigned a label that defines its security level. If the user lacks that security
level, he or she does not get access. MAC is used in many operating systems
to define what privileges programs have to other programs stored in RAM.
The MAC security model is the oldest and least common of the three.
Discretionary access control (DAC) is based on the idea that a resource
has an owner who may at his or her discretion assign access to that resource.
DAC is considered much more flexible than MAC.
Role-based access control (RBAC) is the most popular model used in file
sharing. RBAC defines a user’s access to a resource based on the roles the
user plays in the network environment. This leads to the idea of creating
groups. A group in most networks is nothing more than a name that has
clearly defined accesses to different resources. User accounts are placed
into various groups. A network might have a group called “Sales” on a
Web server that gives any user account that is a member of the Sales group
access to a special Web page that no other groups can see.
Keep in mind that these three types of access control are models.
Every TCP/IP application and operating system has its own set of rules
that sometimes follows one of these models, but in many cases does not.
But do make sure you understand these three models for the CompTIA
Network+ exam!
TCP/IP Security Standards■■
Now that you have a conceptual understanding of encryption, nonrepu-
diation, authentication, and authorization, it’s time to see how the TCP/IP
folks have put it all together to create standards so you can secure just about
anything in TCP/IP networks.
TCP/IP security standards are a rather strange mess. Some are authen-
tication standards, some are encryption standards, and some are so unique
to a single application that I’m not even going to talk about them in this sec-
tion and instead will wait until the “Secure TCP/IP Applications” discus-
sion at the end of this chapter. There’s a reason for all this confusion: TCP/
IP was never really designed for security. As you read through this section,
you’ll discover that almost all of these standards either predate the whole
Internet, are slapped-together standards that have some serious issues, or,
in the case of the most recent standards, are designed to combine a bunch of
old, confusing standards. So hang tight—it’s going to be a bumpy ride!
Authentication Standards
Authentication standards are some of the oldest standards used in TCP/IP.
Many are so old they predate the Internet itself. Once upon a time, nobody
BaseTech
Chapter 11: Securing TCP/IP
309
had fiber-optic, cable, or DSL connections to their ISPs. For the most part, if
you wanted to connect to the Internet you had a choice: go to the computer
center or use dial-up.
Dial-up, using telephone lines for the most part, predates the Inter-
net, but the nerds of their day didn’t want just anybody dialing into their
computers. To prevent unauthorized access, they developed some excel-
lent authentication methods that TCP/IP adopted for itself. A number of
authentication methods were used back in these early days, but, for the
most part, TCP/IP authentication started with something called the Point-
to-Point Protocol.
PPP
The Point-to-Point Protocol (PPP) enables two point-to-point devices to
connect, authenticate with a user name and password, and negotiate the
network protocol the two devices will use. Today that network protocol is
almost always TCP/IP.
Note that point-to-point and dial-up are not Ethernet, but still can sup-
port TCP/IP. Many network technologies don’t need Ethernet, such as
telephone, cable modem, microwave, and wireless (plus a bunch more you
won’t even see until Chapter 14). In fact, once you leave a LAN, most of the
Internet is just a series of point-to-point connections.
If you’re nerdy enough to pull up RFC (Request for Comment) 1661, the
RFC that defines how PPP works, you’ll see there are five distinct phases to
a PPP connection.
Link dead1. This is a nice way to say there isn’t a link yet. The
modem is turned off; no one is talking. This phase is when all PPP
conversations begin. The main player at this (and later phases) is
the Link Control Protocol (LCP). The LCP’s job is to get the connection
going. As he starts up, we move into the…
Link establishment2. The LCP communicates with the LCP on the
other side of the PPP link, determining a good link, which, in turn,
opens the…
Authentication3. Here is where the authentication takes place. In
most cases, authentication is performed by entering a simple user
name/password. I’ll go into more detail in the next section. For
now, once the authentication is complete and successful, the PPP
connection goes into…
Network layer protocol4. PPP works with a number of OSI Layer
3 network protocols. Today everyone uses TCP/IP, but PPP still
supports long-dead protocols such as NetWare IPX/SPX and
Microsoft NetBEUI. The LCP uses yet another protocol called
Network Control Protocol (NCP) to make the proper connections for
that protocol. You now have a good connection. To shut down, the
LCP initiates a…
Termination5. When done nicely, the two ends of the PPP
connection send each other a few termination packets and the link
is closed. If one person is cut off, the LCP will wait for a certain
timeout and then terminate on its own side.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
310
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11
PPP provided the first common method
to get a server to request a user name and
password. In such a point-to-point con-
nection, the side asking for the connec-
tion is called the initiator, whereas the
other side, which has a list of user names
and passwords, is called the authenticator
(Figure 11.17).
PPP came with two methods to authen-
ticate a user name and password. The orig-
inal way—called Password Authentication
Protocol (PAP)—simply transmits the user
name and password over the connection in
plaintext. Unfortunately, that means anyone
who can tap the connection can learn the
user name and password (Figure 11.18).
Fortunately, PPP also includes the
safer Challenge Handshake Authentication
Protocol (CHAP) to provide a more secure
authentication routine. CHAP relies on
hashes based on a shared secret, usually a
password that both ends of the connection
know. When the initiator of the connection
makes the initial connection request, the
authenticator creates some form of chal-
lenge message. The initiator then makes a
hash using the password and sends that
to the authenticator. The authenticator,
in turn, compares that value to its own
hash calculation based on the password.
If they match, the initiator is authenticated
(Figure 11.19).
Once the connection is up and run-
ning, CHAP keeps working by periodically
repeating the entire authentication process.
This prevents man-in-the-middle attacks,
where a third party inserts an independent
connection, intercepts traffic, reads or alters
it, and then forwards it on without either
the sender or recipient being aware of the
intrusion.
CHAP works nicely because it never sends the actual password
over the link. The CHAP standard leaves a number of issues undefined,
however, like “If the hash doesn’t match, what do I do?” The boom in
dial-up connections to the Internet in the 1990s led Microsoft to invent
a more detailed version of CHAP called MS-CHAP. The current version
of MS-CHAP is called MS-CHAPv2. MS-CHAPv2 is still the most com-
mon authentication method for the few of us using dial-up connections.
Believe it or not, dial-up is still being used, and even the latest operating
systems support it. Figure 11.20 shows the dial-up connection options
for Vista.
Yes, I still have a dial-up
connection account that I use
when nothing else is available.
If you get a question on
PAP, CHAP, and MS-CHAP on
the CompTIA Network+ exam,
remember that MS-CHAP offers
the most security.
Figure 11.17 • A point-to-point connection
Figure 11.18 • PAP in action
Figure 11.19 • CHAP in action
BaseTech
Chapter 11: Securing TCP/IP
311
AAA
PPP does a great job of handling authentication for point-to-
point connections, but it has some limitations. The biggest
problem is that, in many cases, a network might have more
than one point for an initiator to enter. PPP assumes that the
authenticator at the endpoint has all the user name and pass-
word information, but that’s not necessarily true. In traditional
modem communication, for example, an Internet service pro-
vider (ISP) has a large bank of modems to support any num-
ber of users. When a user dials in, the modem bank provides
the first available connection, but that means that any modem
in the bank has to support any of the users. You can’t put the
database containing all user names and passwords on every
modem (Figure 11.21).
In this case, you need a central database of user names
and passwords. That’s simple enough, but it creates another
problem—anyone accessing the network can see the pass-
words unless the data is somehow protected and encrypted.
(Figure 11.22). PPP is good at the endpoints, but once the data
gets on the network, it’s unencrypted.
Thus, the folks overseeing central databases full
of user names and passwords needed to come up
with standards to follow to protect that data. They
first agreed upon a philosophy called Authentica-
tion, Authorization, and Accounting (AAA). AAA is
designed for the idea of port authentication—the
concept of allowing remote users authentication
to a particular point-of-entry (a port) to another
network.
Figure 11.20 • MS-CHAP is alive and well.
Figure 11.21 • Where do you put the user names and passwords?
Figure 11.22 • Central servers are prone to attack.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
312
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11
Authentication ■ A computer that is trying to connect to the network
must present some form of credential for access to the network.
This credential is most commonly a user name and password, but
it might also be a security token such as a smart card, retinal scan,
or digital certificate. It might even be a combination of some of
these. The authentication gives the computer the right to access the
network.
Authorization ■ Once authenticated, the computer determines what
it can or cannot do on the network. It might only be allowed to use
a certain amount of bandwidth. It might be limited to working only
certain times of day or might be limited to using only a certain set of
applications.
Accounting ■ The authenticating server should do some form of
accounting such as recording the number of times a user logs on and
logs off. It might track unsuccessful logon attempts. It may track
what services or resources the client system accessed. The number of
items to be accounted is massive.
Once the idea of AAA took shape, those smart
Internet folks developed two standards: RADIUS
and TACACS+. Both standards offer authentica-
tion, authorization, and accounting.
RADIUS Remote Authentication Dial-In User Ser-
vice (RADIUS) is the better known of the two AAA
standards and, as its name implies, was created
to support ISPs with hundreds if not thousands
of modems in hundreds of computers to connect
to a single central database. RADIUS consists of
three devices: the RADIUS server that has access
to a database of user names and passwords, a
number of Network Access Servers (NASs) that
control the modems, and a group of systems that
dial into the network (Figure 11.23).
To use RADIUS, you need a RADIUS server.
The most popular choice for Microsoft environ-
ments is Internet Authentication Service (IAS).
IAS comes built in with most versions of Microsoft Windows Server operat-
ing systems. For the UNIX/Linux crowd, the popular (yet, in my opinion,
hard to set up) FreeRADIUS is the best choice. If you prefer a more prepack-
aged server, you might look at Juniper Network’s Steel-Belted RADIUS—a
very powerful and somewhat easy-to-set-up option that many people feel
is well worth the roughly $3,000 price tag.
A single RADIUS server can support multiple NASs and provide a com-
plete PPP connection from the requesting system, through the NAS, all the
way to the RADIUS server. Like any PPP connection, the RADIUS server
supports PAP, CHAP, and MS-CHAP. Even if you use PAP, RADIUS hashes
the password so at no time is the user name/password exposed. Newer
versions of RADIUS support even more authentication methods, as you
will soon see. RADIUS performs this authentication on either UDP ports
1812 and 1813 or UDP ports 1645 and 1646.
NAS stands for either
Network Access Server or
Network Attached Storage. The
latter is a type of dedicated file
server used in many networks.
Make sure you read the question
to see which NAS it’s looking for!
Figure 11.23 • RADIUS setup
BaseTech
Chapter 11: Securing TCP/IP
313
TACACS+ Routers and switches need administration. In a simple net-
work, you can access the administration screen for each router and switch
by entering a user name and password for each device. When a network
becomes complex, with many routers and switches, logging into each
device separately starts to become administratively messy. The answer is
to make a single server store the ACL for all the devices in the network. To
make this secure, you need to follow the AAA principles.
Terminal Access Controller Access Control System Plus (TACACS+) is a
proprietary protocol developed by Cisco to support AAA in a network with
many routers and switches. TACACS+ is very similar to RADIUS in func-
tion, but uses TCP port 49 by default and separates authorization, authen-
tication, and accounting into different parts. TACACS+ uses PAP, CHAP,
and MD5 hashes, but can also use something called Kerberos as part of the
authentication scheme.
Kerberos
Up to this point almost all the authentication schemes I’ve discussed either
are based on PPP or at least take the idea of PPP and expand upon it. Of
course, every rule needs an exception and Kerberos is the exception here.
Kerberos is an authentication protocol that has no connection to PPP.
Twenty years ago, some Internet folks began to appreciate that TCP/IP
was not secure and thus designed Kerberos. Kerberos is an authentication
protocol for TCP/IP networks with many clients all connected to a single
authenticating server—no point-to-point here! Kerberos works nicely in
a network, so nicely that Microsoft adopted it as the
authentication protocol for all Windows networks
using a domain controller.
The cornerstone of Kerberos is the Key Distribution
Center (KDC), which has two processes: the Authen-
tication Server (AS) and the Ticket-Granting Service
(TGS). In Windows server environments, the KDC is
installed on the domain controller (Figure 11.24).
When your client logs onto the domain, it sends a
request that includes a hash of the user name and
password to the AS. The AS compares the results of that hash to its own
hash (as it also stores the user name and password) and, if they match,
sends a Ticket-Granting Ticket (TGT) and a timestamp (Figure 11.25). The
ticket has a default lifespan in Windows of ten hours. The client is now
authenticated but not yet authorized.
The client then sends the timestamped TGT to the TGS for authoriza-
tion. The TGS sends a timestamped service ticket (also called a token or
access token) back to the client (Figure 11.26).
Kerberos uses UDP or TCP
port 88 by default
The TGT is sometimes
referred to as Ticket to Get
Ticket.
Figure 11.25 • AS sending a TGT back to client Figure 11.26 • TGS sending token to client
Figure 11.24 • Windows Kerberos setup
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
314
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11
This token is the key that the client uses to access any single resource
on the entire domain. This is where authorization takes place. The token
authorizes the user to access resources without reauthenticating. Any time
the client attempts to access a folder, printer, or service anywhere in the
domain, the server sharing that resource uses the token to see exactly what
access the client may have to that resource. If you try to access some other
feature under Windows, for example, retrieving your e-mail via Microsoft
Exchange Server, you won’t need to log in again.
Timestamping is important for Kerberos because it forces the client to
request a new token every eight hours. This prevents third parties from
intercepting the tokens and attempting to crack them. Kerberos tokens can
be cracked, but it’s doubtful this can be done in under eight hours.
Kerberos is very popular, but has some serious weaknesses. First, if the
KDC goes down, no one has access. That’s why Microsoft and other operat-
ing systems that use Kerberos always stress the importance of maintaining
a backup KDC. In Windows, it is standard practice to have at least two
domain controllers. Second, timestamping requires that all the clients and
servers synchronize their clocks. This is fairly easy to do in a wired network
(such as a Windows domain or even a bunch of connected routers using
TACACS+), but it adds an extra level of challenge in dispersed networks
(such as those connected across the country).
EAP
One of the great challenges to authentication is getting the two ends of the
authentication process to handle the many different types of authentication
options. Even though PPP pretty much owned the user name/
password authentication business, proprietary forms of authen-
tication using smart cards/tokens, certificates, and so on, began
to show up on the market, threatening to drop the entire world
of authentication into a huge mess of competing standards.
The Extensible Authentication Protocol (EAP) was developed
to create a single standard to allow two devices to authenticate.
Despite the name, EAP is not a protocol in the classic sense, but
rather it is a PPP wrapper that EAP-compliant applications can
use to accept one of many types of authentication. Although EAP
is a general-purpose authentication wrapper, its only substantial
use is in wireless networks. (See Chapter 15 to see where EAP is
used.) EAP comes in various types, but currently only six types are in com-
mon use:
EAP-PSK ■ Easily the most popular form of authentication used in
wireless networks today, EAP-PSK (Personal Shared Key) is nothing
more than a shared secret code that’s stored on both the wireless
access point and the wireless client, encrypted using the powerful
AES encryption (Figure 11.27). See Chapter 15 for the scoop on
wireless access points and EAP.
EAP-TLS ■ EAP with Transport Layer Security (TLS) defines the
use of a RADIUS server as well as mutual authentication, requiring
certificates on both the server and every client. On the client side,
a smart card may be used in lieu of a certificate. EAP-TLS is very
robust, but the client-side certificate requirement is an administrative
In Windows, the security
token is called a Security
Identifier (SID).
Figure 11.27 • EAP-PSK in action
BaseTech
Chapter 11: Securing TCP/IP
315
challenge. Even though it’s a challenge,
the most secure wireless networks all use
EAP-TLS. EAP-TLS is only used on wireless
networks, but TLS is used heavily on secure
Web sites (see the section “SSL/TLS” later
in this chapter). Figure 11.28 shows a typical
EAP-TLS setup for a wireless network.
EAP-TTLS ■ EAP-TTLS (Tunneled TLS) is
similar to EAP-TLS but only uses a single
server-side certificate. EAP-TTLS is very
common for more secure wireless networks
(Figure 11.29).
EAP-MS-CHAPv2 ■ More commonly known
as Protected Extensible Authentication
Protocol (PEAP), EAP-MS-CHAPv2 uses a
password function based on MS-CHAPv2
with the addition of an encrypted TLS tunnel
similar to EAP-TLS.
EAP-MD5 ■ This is a very simple version of
EAP that uses only MD5 hashes for transfer
of authentication credentials. EAP-MD5 is
weak and the least used of all the versions of
EAP described.
LEAP ■ Lightweight Extensible
Authentication Protocol (LEAP) is a
proprietary EAP authentication used almost
exclusively by Cisco wireless products.
LEAP is an interesting combination of
MS-CHAP authentication between a wireless
client and a RADIUS server.
802.1X
EAP was a huge success and almost overnight gave those who needed
point-to-point authentication a one-stop-shop methodology to do so. EAP
was so successful that there was a cry to develop an EAP solution for Eth-
ernet networks. This solution is called 802.1X. Whereas traditional EAP is
nothing more than an authentication method wrapped in PPP, 802.1X gets
rid of the PPP (Ethernet is not a point-to-point protocol!) and instead puts
the EAP information inside an Ethernet frame.
802.1X is a port-authentication network access control mechanism for
networks. In other words, it’s a complete authentication standard designed
to force devices to go through a full AAA process to get anywhere past the
interface on a gateway system. Before 802.1X, a system on a wired network
could always access another system’s port. Granted, an attacker wouldn’t
be able to do much until he gave a user name/password or certificate, but
he could still send packets to any computer on the network. This wasn’t
good because it enabled attackers to get to the systems to try to do evil
things. 802.1X prevented them from even getting in the door until they
were authenticated and authorized.
Figure 11.29 • EAP-TTLS
Figure 11.28 • EAP-TLS
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
316
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11
The interesting part is that you already know about most of the parts of
802.1X because the standard worked hard to use existing technologies. From
a distance, 802.1X looks a lot like a RADIUS AAA setup. 802.1X changes the
names of some of the components, as shown in Figure 11.30. Compare this
to Figure 11.23 to get the new names (the jobs don’t change).
Figure 11.30 • 802.1X components
802.1X combines the RADIUS-style AAA with EAP versions to make
a complete authentication solution. The folks who developed 802.1X saw
it as a total replacement for every other form of authentication (even
Kerberos), but the reality is that most people don’t like changing some-
thing that already works. To that end, only wireless networking broadly
adopted 802.1X.
I’m not done with authentication and authorization, but at least you
now understand the basics of the popular authentication and authoriza-
tion protocols and standards. You have more protocols to learn, but all of
them are rather specialized for specific uses and thus are covered at various
places throughout the book.
Encryption Standards
The Internet had authentication long before it had encryption. As a result,
almost all encryption came out as a knee-jerk reaction to somebody realiz-
ing that his or her TCP/IP application wasn’t secure. For years, there were
new secure versions of just about every protocol in existence. New ver-
sions of all the classics started to appear, almost all starting with the word
“Secure”: Secure FTP, Secure SMTP, and even Secure POP were developed.
They worked, but there were still hundreds of not-yet-secured protocols
and the specter of redoing all of them was daunting. Fortunately, some new,
all-purpose encryption protocols were developed that enabled a client to
connect to a server in a secure way while still using their older, unsecure
protocols—and it all started because of Telnet.
Technically, wireless
networks don’t use EAP. They
use 802.1X, which, in turn,
uses EAP.
BaseTech
Chapter 11: Securing TCP/IP
317
SSH
The broad adoption of the Internet by the early 1990s motivated program-
mers to start securing their applications. Telnet had a big problem. It was
incredibly useful and popular, but it was completely insecure. It clearly
needed to be fixed. As the story goes, Tatu Ylonen of the Helsinki Univer-
sity of Technology, reacting to an attack that intercepted Telnet user names
and passwords on his network, invented a new secure replacement for Tel-
net called Secure Shell (SSH). You’ve already seen SSH in action (in Chapter
9) as a secure version of Telnet, but now that you know more about security,
let’s look at SSH in detail.
SSH servers use PKI in the form of an RSA key. The first time a client
tries to log into an SSH server, the server sends its public key to the client
(Figure 11.31).
Figure 11.31 • PuTTY getting an RSA key
After the client receives this key, it creates a session ID, encrypts it using
the public key, and sends it back to the server. The server decrypts this ses-
sion ID and uses it in all data transfers going forward. Only the client and the
server know this session ID. Next, the client and server negotiate the type of
encryption to use for the session. These days, AES
is popular, but older symmetric-key ciphers such
as 3DES may still be used. The negotiation for the
cipher is automatic and invisible to the user.
Using RSA and a cipher makes a very safe con-
nection, but the combination doesn’t tell the server
who is using the client. All SSH servers, therefore,
add user names and passwords to authenticate the
client (Figure 11.32). Once a user logs in with a user
name and password, he or she has access to the
system.
SSH servers listen on TCP
port 22.
Figure 11.32 • Users on an SSH server
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
318
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11
In addition to using a password for
authentication, SSH also can use public keys
to identify clients. This opens up some inter-
esting possibilities such as noninteractive log-
ins. You can also turn off password login alto-
gether, hardening your server even further.
To use public/private keys for authentica-
tion, you must first generate a pair of RSA or
Digital Signature Algorithm (DSA) keys with
a tool such as PuTTYgen (Figure 11.33). The
public key is then copied to the server, and
the private key is kept safe on the client.
When you connect to the server, your cli-
ent generates a signature using its private
key and sends it to the server. The server then
checks the signature with its copy of the public
key, and if everything checks out, you will be
authenticated with the server.
If SSH stopped here as a secure replacement
for Telnet, that would be fantastic, but SSH has
another trick up its sleeve: the capability to act
as a tunnel for any TCP/IP application. Let’s
see what tunnels are and how they work.
Tunneling
Simply, a tunnel is an encrypted link between two programs on two sepa-
rate computers. Let’s take a look at an SSH link between a server and a cli-
ent. Once established, anything you enter
into the client application is encrypted, sent
to the server, decrypted, and then acted
upon (Figure 11.34).
The nature of SSH is such that it took
very little to extend the idea of SSH to accept
input from any source, even another pro-
gram (Figure 11.35). As long as the program
can redirect to the SSH client and then the
SSH server redirect to the server application,
anything can go through an SSH connection
encrypted. This is an SSH tunnel.
SSH tunnels are wildly popular and fairly
easy to set up. Equally, all of the popular SSH
clients and servers are designed to go into
tunnel mode, usually with no more than a
simple click of a check box (Figure 11.36).
Many tunneling protocols and stan-
dards are used in TCP/IP. SSH is one of
the simplest types of tunnels so it’s a great
first exposure to tunneling. As the book
progresses, you’ll see more tunneling proto-
cols, and you’ll get the basics of tunneling.
For now, make sure you understand that a
Figure 11.33 • Generated keys in PuTTYgen
Figure 11.34 • SSH in action
Figure 11.35 • Encrypting a Web client
BaseTech
Chapter 11: Securing TCP/IP
319
tunnel is an encrypted connection between
two endpoints. Any packet that enters the
encrypted tunnel, including a packet with
unencrypted data, is automatically encrypted,
goes through the tunnel, and is decrypted on
the other endpoint.
SSH may be popular, but it’s not the only
option for encryption. All of the other encryp-
tion standards are built into combined authen-
tication/encryption standards, as covered in
the next section.
Combining Authentication
and Encryption
The rest of the popular authentication and
encryption standards are combined to include
both authentication and encryption in a single
standard. Lumping together authentication
and encryption into the same standard does
not make it weaker than the standards already
discussed. These are some of the most popular
standards on the Internet today, because they
offer excellent security.
SSL/TLS
The introduction and rapid growth of e-commerce on the World Wide Web
in the mid-1990s made it painfully obvious that some form of authentica-
tion and encryption was needed. Netscape Corporation took the first shot
at a new standard. At the time, the dominant Web browser was Netscape
Navigator. Netscape created a standard called Secure Sockets Layer (SSL).
SSL requires a server with a certificate. When a client requests access to an
SSL-secured server, the server sends to the client a copy of the certificate.
The SSL client checks this certificate (all Web browsers come with an exhaus-
tive list of CA root certificates preloaded), and if the certificate checks out,
the server is authenticated and the client negotiates a symmetric-key cipher
for use in the session (Figure 11.37). The session is now in a very secure
encrypted tunnel between the SSL server and the SSL client.
The Transport Layer Security (TLS) protocol was designed as an upgrade
to SSL. TLS is very similar to SSL, working in almost the same way. TLS is
more robust and flexible and works with just about any TCP application.
Figure 11.36 • Turning on tunneling in freeSSHd server
SSL/TLS also supports
mutual authentication, but this
is relatively rare.
Developers have continued
to refine TLS since the release of
TLS 1.0 (SSL 3.1) in 1999. Each
of the TLS versions is considered
an upgrade from SSL 3.0, so
you’ll see both numbers listed.
TLS 1.1 (SSL 3.2) was released
in 2006. The most recent version
is TLS 1.2 (SSL 3.3), released in
2008 and modified in 2011.
Figure 11.37 • SSL at work
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
320
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11
SSL is limited to HTML, FTP, SMTP, and a few older TCP applications. TLS
has no such restrictions and is used in securing Voice over IP (VoIP) and
virtual private networks (VPNs), but it is still most heavily used in securing
Web pages. Every Web browser today uses TLS for HTTPS-secured Web
sites, and EAP-TLS is common for more-secure wireless networks.
IPsec
Every authentication and encryption protocol and standard you’ve learned
about so far works above the Network layer of the OSI seven-layer model.
Internet Protocol Security (IPsec) is an authentication and encryption pro-
tocol suite that works at the Internet/Network layer and should become
the dominant authentication and encryption protocol suite as IPv6 contin-
ues to roll out and replace IPv4. (See Chapter 13 for details on IPv6.)
IPsec works in two different modes: Transport mode and Tunnel mode.
In Transport mode, only the actual payload of the IP packet is encrypted:
the destination and source IP addresses and other IP header information are
still readable. In Tunnel mode, the entire IP packet is encrypted and then
placed into an IPsec endpoint where it is encapsulated inside another IP
packet. The mode you use depends on the application (Figure 11.38). IPv6
will use the IPsec Transport mode by default.
The IPsec protocol suite uses many open source protocols to provide both
tight authentication and robust encryption. You do not need to know how each
of the protocols works for the CompTIA Network+ exam, but you should rec-
ognize which protocols function within IPsec. Here are the main protocols:
Authentication Header (AH) ■ for authentication
Encapsulating Security Payload (ESP) ■ for
implementing authentication and encryption
Internet Security Association and Key Management ■
Protocol (ISAKMP) for establishing security
associations (SAs) that define things like the protocol
used for exchanging keys
Internet Key Exchange (IKE and IKEv2) ■ and Kerberized
Internet Negotiation of Keys (KINK), two widely used
key exchanging protocols
Plus, IPsec can encrypt data using any number of
encryption algorithms, such as MD5 and SHA that you
read about earlier in this chapter.
IPsec is an incredibly powerful authentication/
encryption protocol suite, but until IPv6 is widely imple-
mented, its only common current use is creating secure
tunnels between two computers: a job it performs very well. Keep an eye
out for IPsec!
Secure TCP/IP Applications■■
I’ve covered quite a few TCP/IP security standards and protocols thus far
in the chapter, but I really haven’t put anything to work yet. Now is the
time to talk about actual applications that use these tools to make secure
The Internet Engineering
Task Force (IETF) specifies the
IPsec protocol suite, managing
updates and revisions. One of
those specifications regards the
acronym for the protocol suite,
calling it IPsec with a lowercase
“s” rather than IPS or IPSec,
which you might imagine to be
the initials or acronym. Go figure.
Figure 11.38 • IPsec’s two modes
BaseTech
Chapter 11: Securing TCP/IP
321
connections. As mentioned earlier, this is in no way a complete list, as there
are thousands of secure TCP applications; I’ll stick to ones you will see on
the CompTIA Network+ exam. Even within that group, I’ve saved discus-
sion of some of the applications for other chapters that deal more directly
with certain security aspects (such as remote connections).
HTTPS
You’ve already seen HTTPS back in Chapter 9, so let’s do a quick review and
then take the coverage a bit deeper. You know that HTTPS documents are
unique pages that traditionally start with https:// and that most browsers
also show a small lock icon in the lower-right corner or in the address bar.
You also know that HTTPS uses SSL/TLS for the actual authentication and
encryption process. In most cases, all of this works very well, but what do
you do when HTTPS has trouble?
Since you won’t get an HTTPS
connection without a good certificate
exchange, the most common problems
are caused by bad certificates. When
a certificate comes in from an HTTPS
Web site, your computer checks the
expiration date to verify the certificate
is still valid and checks the Web site’s
URL to make sure it’s the same as the
site you are on. If either of these is not
correct, you get an error such as the
one shown in Figure 11.39.
If you get one of these errors, you
need to decide what to do. Good cer-
tificates do go bad (this even hap-
pened on my own Web site once) and
sometimes the URLs on the certificates
are not exactly the same as the site
using them. When in doubt, stop. On
the other hand, if the risk is low (for
example, you’re not entering a credit
card number or other sensitive information) and you know and trust the
site, proceeding is safe in most cases. A courtesy e-mail or phone call to the
Web site administrator notifying him or her about the invalid certificate is
usually greatly appreciated.
Invalid certificates aren’t the only potential problems. After this basic
check, the browser checks to see if the certificate has been revoked. Root
authorities, like VeriSign, generate Certificate Revocation Lists (CRLs) that
a Web browser can check against. Certificates are revoked for a number
of reasons, but most of the time the reasons are serious, such as a hacked
certificate. If you get a revoked certificate error, it’s better to stay away from
the site until they fix the problem.
SCP
One of the first SSH-enabled programs to appear after the introduction of
SSH was Secure Copy Protocol (SCP). SCP was one of the first protocols used
Figure 11.39 • Certificate problem
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
322
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11
to transfer data securely between two hosts and thus might have replaced
FTP. SCP works well but lacks features such as a directory listing. SCP still
exists, especially with the well-known UNIX scp command-line utility, but
it has, for the most part, been replaced by the more powerful SFTP.
SFTP
Secure FTP (SFTP), also called SSH FTP, was designed as a replacement for
FTP after many of the inadequacies of SCP (such as the inability to see the
files on the other computer) were discovered. Although SFTP and FTP have
similar names and perform the same job of transferring files, the way in
which they do that job differs greatly.
The introduction of SSH made it easy to secure most TCP applications
just by running them in an SSH tunnel. But FTP was a different case. FTP,
at least active FTP, uses two ports, 20 and 21, creating a two-session com-
munication. This makes FTP a challenge to run in its original form over SSH
because SSH can only handle one session per tunnel. To fix this, a group of
programmers from the OpenBSD organization developed a series of secure
programs known collectively as OpenSSH. SFTP was one of those programs.
SFTP looks like FTP, with servers and clients, but relies on an SSH tunnel. If
you are on Windows and would like to connect with an SFTP server, Win-
SCP and FileZilla are two great client options.
SNMP
Simple Network Management Protocol (SNMP) is a very popular method for
querying the state of SNMP-capable devices. SNMP can tell you a number
of settings like CPU usage, network utilization, and detailed firewall hits.
SNMP uses agents (special client programs) to collect network information
from a Management Information Base (MIB), SNMP’s version of a server. To
use SNMP, you need SNMP-capable devices and some tool to query them.
One tool is Cacti (www.cacti.net), shown in Figure 11.40. Cacti, like most
good SNMP tools, enables you to query an SNMP-capable device for hun-
dreds of different types of information.
SNMP is a useful tool for network administrators, but the first ver-
sion, SNMPv1, sent all data, including the passwords, unencrypted over
the network. SNMPv2 had good encryption but was rather challenging to
use. SNMPv3 is the standard version used today and combines solid, fairly
easy-to-use authentication and encryption.
SNMP runs on UDP port 161.
Cross Check
FTP and TFTP
You saw FTP and TFTP back in Chapter 9, so check your memory now.
How do they differ from SFTP? Do they use the same ports? Would you
use FTP and TFTP in the same circumstances? Finally, what’s the differ-
ence between active and passive FTP?
www.cacti.net
BaseTech
Chapter 11: Securing TCP/IP
323
LDAP
The Lightweight Directory Access
Protocol (LDAP) is the tool that
programs use to query and change
a database used by the network.
The network world is full of many
different databases that are used
in many different ways. I’m not
talking about databases used by
normal people to enter sales calls
or to inventory trucks! These are
databases used to track who is
logged into the network, how
many DHCP clients are currently
DHCP active, or the location of all
the printers in the local network.
One of the most complex and
also most used databases is Win-
dows Active Directory. Active
Directory is the power behind sin-
gle sign-on and network informa-
tion (where’s the closest printer
to me?) and is the cornerstone of
Windows’ DNS implementation.
Every Windows domain controller stores a copy of the Active Directory.
If a domain controller fails, another domain controller can and must
instantly take over. To do this, every domain controller must have an iden-
tical copy of the Active Directory. That means if a single domain controller
makes a change to the Active Directory, it must quickly send that change to
other domain controllers.
Enter LDAP. LDAP is the tool used in virtually every situation where
one computer needs to access another computer’s database for information
or to make an update. You will probably never use LDAP manually. Your
domain controllers will use it automatically and transparently in the back-
ground to keep your databases in good order. LDAP uses TCP port 389 by
default.
NTP
The Network Time Protocol (NTP) does one thing: it gives you the current
time. NTP is an old protocol and isn’t in and of itself much of a security risk
unless you’re using some timestamping protocol like Kerberos. Windows is
by far the most common Kerberos user, so just make sure all of your com-
puters have access to an NTP server so users don’t run into problems when
logging in. NTP uses UDP port 123.
Figure 11.40 • Cacti at work
324
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11
Chapter 11 Review■■
Chapter Summary ■
After reading this chapter and completing the exercises,
you should understand the following about securing
TCP/IP.
Discuss the standard methods for securing
TCP/IP networks
TCP/IP security can be broken down into four ■
areas: encryption, nonrepudiation, authentication,
and authorization.
Encryption means to scramble, mix up, or ■
change the data in such a way that bad guys can’t
read the data.
Nonrepudiation is the process that guarantees that ■
the data is as originally sent and that it came from
the source you think it should have come from.
Authentication means to verify that whoever ■
accesses the data is the person you want accessing
that data.
Authorization defines what a person accessing the ■
data can do with that data.
All data starts as plaintext (also called cleartext), ■
meaning the data is in an easily read or viewed
industry-wide standard format.
A cipher is a series of complex and hard-to-reverse ■
mathematics—called an algorithm—you run on
a string of ones and zeroes to make a new set of
seemingly meaningless ones and zeroes. More
specifically, a cipher is a general way to encrypt
data, and an algorithm is the cipher’s underlying
mathematical formula.
A symmetric-key algorithm is any encryption ■
algorithm that uses the same key for both
encryption and decryption. There are two types
of symmetric-key algorithms: block ciphers and
stream ciphers.
Block ciphers encrypt data in single chunks of a ■
certain length. Stream ciphers encrypt a single bit
at a time.
Data Encryption Standard (DES) is the oldest TCP/ ■
IP symmetric-key algorithm and uses a 64-bit block
with a 56-bit key. DES is susceptible to brute-force
attacks.
Advanced Encryption Standard (AES) is the most ■
secure TCP/IP symmetric-key algorithm and uses
a 128-bit block with a 128-, 192-, or 256-bit key. AES
is practically uncrackable.
Symmetric-key encryption has one serious ■
weakness: anyone who gets a hold of the key can
encrypt or decrypt.
Public-key cryptography is an implementation of ■
asymmetric-key encryption, which uses one key to
encrypt and a different key to decrypt.
A key pair consists of a public key, which is shared ■
and distributed to senders to use to encrypt
data, and a private key, which is kept only by the
recipient and used to decrypt data.
A hash is a mathematical function that you run on ■
a string of binary digits of any length that results
in a value of some fixed length, often called a
checksum or a digest.
A cryptographic hash function is a one-way ■
function that produces a unique checksum that can
be used to verify nonrepudiation. MD5 and SHA-2
are popular hashes for this type of work.
A digital signature is a string of ones and zeroes ■
that can only be generated by the sender and is
another form of nonrepudiation.
A certificate is a standardized type of digital ■
signature used to verify the identity of someone
(or something) you do not know, like a Web site.
A certificate usually includes the digital signature
of a third party, a person, or a company that
guarantees that who is passing out this certificate
truly is who they say they are. VeriSign and
Thawte are popular certificate authorities.
An access control list (ACL) is used to control ■
authorization, or what a user is allowed to do once
they have been authenticated. There are three types
of ACL access modes: MAC, DAC, and RBAC.
In a mandatory access control (MAC) security ■
model, every resource is assigned a label that
defines its security level. If the user lacks that
security level, he or she does not get access.
BaseTech
325
Chapter 11: Securing TCP/IP
Discretionary access control (DAC) is based on the ■
idea that a resource has an owner who may, at his
or her discretion, assign access to that resource.
Role-based access control (RBAC) is the most ■
popular model used in file sharing and defines
a user’s access to a resource based on the user’s
group membership.
Compare TCP/IP security standards
The Point-to-Point Protocol (PPP) enables two ■
point-to-point devices to connect, authenticate
with a user name and password, and negotiate the
network protocol the two devices will use.
PPP includes two methods to authenticate a user ■
name and password: PAP and CHAP.
Password Authentication Protocol (PAP) transmits ■
the user name and password over the connection
in plaintext, which is not secure.
Challenge Handshake Authentication Protocol ■
(CHAP) provides a more secure authentication
routine because it relies on hashes based on a
shared secret, usually a password that both ends
of the connection know. Microsoft created its own
version called MS-CHAP.
Authentication, Authorization, and Accounting ■
(AAA) is a philosophy applied to computer
security. RADIUS and TACACS+ are standard
implementations of AAA.
Remote Authentication Dial-In User Service ■
(RADIUS) is the better known of the two AAA
standards and was created to support ISPs with
hundreds if not thousands of modems in hundreds
of computers to connect to a single central
database.
Microsoft’s RADIUS server is called Internet ■
Authentication Service (IAS) and comes built in
with most versions of Microsoft Windows Server.
FreeRADIUS is a popular RADIUS server for
UNIX/Linux.
Terminal Access Controller Access Control ■
System Plus (TACACS+) is a proprietary protocol
developed by Cisco to support AAA in a network
with many routers and switches.
Kerberos, unlike PPP, is an authentication protocol ■
for TCP/IP networks with many clients all
connected to a single authenticating server.
Kerberos, which is the authentication protocol for ■
all Windows networks using a domain controller,
uses a Key Distribution Center (KDC) that has two
processes: the Authentication Server (AS) and the
Ticket-Granting Service (TGS).
The Authentication Server authenticates users at ■
login and, if successful, sends a Ticket-Granting
Ticket (TGT) (good for ten hours by default)
allowing the user to access network resources
without having to reauthenticate.
The timestamped TGT is sent to the TGS, which ■
returns an access token used by the client for
authorization to a network resource.
The Extensible Authentication Protocol (EAP) ■
was developed to help two devices negotiate the
authentication process. It is used primarily in
wireless networks. There are six commonly used
types of EAP: EAP-PSK, EAP-TLS, EAP-TTLS,
EAP-MS-CHAPv2 (PEAP), EAP-MD5, and LEAP.
EAP Personal Shared Key (EAP-PSK) is the most ■
popular form of authentication used in wireless
networks today.
Early wireless networks lacked any form of ■
authentication, so the wireless community grabbed
a preexisting authentication standard called 802.1X
to use in their wireless networks. 802.1X combines
the RADIUS-style AAA with EAP versions to make
a complete authentication solution.
Secure Shell (SSH) is a secure replacement for ■
Telnet. SSH uses PKI in the form of an RSA key.
At login, the SSH server sends its public key to
the client. The client then encrypts data using
the public key and transmits the data, which is
subsequently decrypted on the server with the
private key.
Netscape created the Secure Sockets Layer (SSL) ■
standard, which requires a server with a certificate.
SSL has been updated to the Transport Layer
Security (TLS) standard and is used for secure Web
transactions, such as online credit card purchases.
SSL is limited to HTML, FTP, SMTP, and a few ■
older TCP applications whereas TLS is less
restrictive and is used for everything SSL does in
addition to VoIP and VPNs.
IPsec is an encryption protocol and is destined ■
to become the dominant encryption protocol
under IPv6. IPsec works in two different modes:
Transport mode and Tunnel mode. IPv6 uses the
IPsec Transport mode by default.
In Transport mode, only the actual payload of the ■
IP packet is encrypted; the destination and source
IP addresses and other IP header information is
still readable.
326
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11
In Tunnel mode, the entire IP packet is encrypted ■
and then placed into an IPsec endpoint where it is
encapsulated inside another IP packet.
Implement secure TCP/IP applications
HTTPS uses SSL/TLS for the actual authentication ■
and encryption process. Most browsers show a
small lock icon in the lower-right corner or in
the address bar when an HTTPS connection is
established.
The most common problems with HTTPS ■
connections are caused by bad or outdated
certificates.
Secure Copy Protocol (SCP) is an SSH-enabled ■
program or protocol used to copy files securely
between a client and a server. It has been replaced
by Secure FTP (SFTP).
Simple Network Management Protocol (SNMP) is ■
a method for querying the state of SNMP-capable
devices. SNMP can tell you a number of settings
like CPU usage, network utilization, and detailed
firewall hits. SNMP uses agents and MIBs to
capture and monitor network usage.
SNMPv1 sent all data, including the passwords, ■
unencrypted over the network. SNMPv2 had good
encryption but was rather challenging to use.
SNMPv3 is the standard version used today and
combines solid, fairly easy-to-use authentication
and encryption.
Active Directory servers and other servers use the ■
Lightweight Directory Access Protocol (LDAP) to
keep important databases updated.
Network Time Protocol (NTP) gives you the ■
current time. It isn’t much of a security risk unless
you’re using some timestamping protocol like
Kerberos.
Key Terms ■
802.1X (315)
access control list (ACL) (308)
Advanced Encryption Standard (AES) (299)
algorithm (296)
asymmetric-key algorithm (298)
authentication (295)
Authentication, Authorization, and Accounting
(AAA) (311)
Authentication Server (AS) (313)
authorization (295)
block cipher (298)
certificate (304)
Challenge Handshake Authentication Protocol
(CHAP) (310)
cipher (296)
ciphertext (297)
cleartext (296)
complete algorithm (296)
Data Encryption Standard (DES) (298)
digital signature (304)
discretionary access control (DAC) (308)
encryption (295)
Extensible Authentication Protocol (EAP) (314)
FreeRADIUS (312)
hash (302)
Internet Authentication Service (IAS) (312)
Internet Protocol Security (IPsec) (320)
Kerberos (313)
Key Distribution Center (KDC) (313)
key pair (300)
Lightweight Directory Access Protocol (LDAP) (323)
Lightweight Extensible Authentication Protocol
(LEAP) (315)
Management Information Base (MIB) (322)
mandatory access control (MAC) (308)
MD5 (303)
MS-CHAP (310)
Network Access Server (NAS) (312)
Network Control Protocol (NCP) (309)
Network Time Protocol (NTP) (323)
nonrepudiation (295)
OpenSSH (322)
Password Authentication Protocol (PAP) (310)
plaintext (296)
Point-to-Point Protocol (PPP) (309)
Protected Extensible Authentication Protocol
(PEAP) (315)
public-key cryptography (299)
BaseTech
327
Chapter 11: Securing TCP/IP
public-key infrastructure (PKI) (306)
Remote Authentication Dial-In User Service
(RADIUS) (312)
Rivest Cipher 4 (RC4) (299)
Rivest Shamir Adleman (RSA) (299)
role-based access control (RBAC) (308)
Secure Copy Protocol (SCP) (321)
Secure FTP (SFTP) (322)
Secure Hash Algorithm (SHA) (303)
Secure Shell (SSH) (317)
Secure Sockets Layer (SSL) (319)
Simple Network Management Protocol (SNMP) (322)
stream cipher (298)
symmetric-key algorithm (297)
Terminal Access Controller Access Control System
Plus (TACACS+) (313)
Ticket-Granting Ticket (TGT) (313)
Transport Layer Security (TLS) (319)
tunnel (318)
Key Term Quiz ■
Use the Key Terms list to complete the sentences that
follow. Not all the terms will be used.
_______________ defines what a person 1.
accessing data can do with that data.
_______________ is the act of verifying you are 2.
who you say you are.
_______________ is the process of guaranteeing 3.
that data is as originally sent and that it came
from the source from which you think it should
have come.
A(n) _______________ encrypts data in fixed-4.
length chunks at a time.
_______________ is a secure replacement for 5.
Telnet.
A(n) _______________ uses one key to encrypt 6.
data and a different key to decrypt the
same data.
SSL has been replaced by the more robust 7.
_______________.
SCP has been replaced by _______________, a 8.
secure protocol for copying files to a server.
_______________ is the default authentication 9.
protocol for Windows domains and is extremely
time sensitive.
_______________ uses a 128-bit block, up to 10.
a 256-bit key, and is a virtually uncrackable
encryption algorithm.
Multiple-Choice Quiz ■
Justin wants his team to be able to send him 1.
encrypted e-mails. What should he do?
Send each team member his private key.A.
Send each team member his public key.B.
Ask each team member for his or her C.
private key.
Ask each team member for his or her D.
public key.
Which of the following are popular 2.
cryptographic hashing functions? (Select two.)
MD5A.
SHA-2B.
RADIUSC.
TACACS+D.
A public and private key pair is an example 3.
of what?
Symmetric-key algorithmA.
Asymmetric-key algorithmB.
CertificateC.
RADIUSD.
Which authentication protocol is time sensitive 4.
and is the default authentication protocol on
Windows domains?
PPPA.
MS-CHAPB.
IPsecC.
KerberosD.
328
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11
What helps to protect credit card numbers 5.
during online purchases? (Select two.)
CertificatesA.
TLSB.
SCPC.
NTPD.
Emily wants to remotely and securely enter 6.
commands to be run at a remote server. What
application should she use?
TelnetA.
SSHB.
SFTPC.
RSAD.
A hash function is by definition7.
A complex functionA.
A PKI functionB.
A one-way functionC.
A systematic functionD.
In order to have a PKI infrastructure you must 8.
have a(n)
Web serverA.
Web of trustB.
Root authorityC.
Unsigned certificateD.
Which term describes the process of 9.
guaranteeing that data that is received is, in fact,
the data that was sent—and that it came from the
presumed source?
AuthenticationA.
AuthorizationB.
EncryptionC.
NonrepudiationD.
If you saw some traffic running on TCP port 49, 10.
what AAA standard would you know was
running?
PPPA.
RADIUSB.
MS-CHAPC.
TACACS+D.
What is the difference between RADIUS and 11.
TACACS+?
RADIUS is the authentication control for A.
Windows networks whereas TACACS+ is
the authentication control for UNIX/Linux
networks.
RADIUS is an implementation of an B.
authentication control whereas TACACS+ is
an implementation of authorization control.
RADIUS is a generic name for authentication C.
control, and there are implementations
for Windows, UNIX, and Linux servers.
TACACS+ is authentication control for Cisco
routers and switches.
RADIUS supports encryption; TACACS+ D.
does not and is, therefore, less desirable in a
network.
AES is a(n) __________ cipher.12.
BlockA.
ForwardingB.
StreamC.
AsymmetricD.
Which authentication protocol is broadly used 13.
on wireless networks?
802.1XA.
PPPB.
PAPC.
MS-CHAPD.
Digital signatures and certificates help which 14.
aspect of computer security?
AccountingA.
AuthenticationB.
AuthorizationC.
NonrepudiationD.
Which authorization model grants privileges 15.
based on the group membership of network
users?
MACA.
DACB.
RBACC.
GACD.
BaseTech
329
Chapter 11: Securing TCP/IP
Essay Quiz ■
Explain the difference between symmetric-1.
key and asymmetric-key algorithms and give
examples of each. Which is more secure? Why?
Access control lists help to control the 2.
authorization of network resources. Explain the
differences among the three ACL access models.
You receive a call from a distressed user telling 3.
you she was in the middle of an online purchase
(just entering her credit card number) when she
noticed a certificate warning on the screen saying
the Web site’s certificate has expired. What
advice would you give the user?
Lab Project 11.1 •
Download a copy of GnuPG from
www.gnupg.org and one of the frontends from
www.gnupg.org/related_software/frontends
.en.html. Generate a key pair and share your
public key with a classmate. Have your
classmate encrypt a file using your public key
and e-mail it to you. Decrypt your file with your
private key.
Lab ProjectsLab Projects
Lab Project 11.2 •
You have learned many acronyms in this
chapter! Make a list of the following acronyms,
state what they stand for, and briefly describe
them. Use this as a study sheet for the CompTIA
Network+ certification exam: DES, AES, RSA,
MD5, SHA, PKI, CRAM-MD5, ACL, MAC,
DAC, RBAC, PPP, PAP, CHAP, MS-CHAP,
AAA, RADIUS, TACACS+, KDC, AS, TGT, SID,
EAP, EAP-TLS, EAP-PSK, EAP-TTLS, EAP-MS-
CHAPv2, PEAP, EAP-MD5, LEAP, SSH, SSL,
TLS, HTTPS, SCP, SFTP, SNMP, and NTP.
www.gnupg.org
www.gnupg.org/related_software/frontends.en.html
www.gnupg.org/related_software/frontends.en.html
chapter
330
12
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks,Third Edition / Meyers / 911-1 / Chapter 12
Advanced Networking
Devices
“It followed from the special
theory of relativity that mass
and energy are both but
different manifestations of
the same thing. A somewhat
unfamiliar conception for the
average mind.”
—Albert einstein
In this chapter, you will learn
how to
Discuss client/server and peer-to-■■
peer topologies
Describe the features and ■■
functions of VPNs
Configure and deploy VLANs■■
Implement advanced switch ■■
features
So far in this book we’ve looked at simple network topologies and single-function devices. Ethernet networks employ a hybrid star-bus topology, for
example, with a physical star and a logical bus. You have hubs humming along
at Layer 1, switches at Layer 2, and routers at Layer 3, each performing heroic
service. You have protocols functioning at the upper layers, enabling things like
the Web and FTP.
When you zoom out from the network to the 30,000-foot view, network
components take on one of several aspects. You have servers that dish out data
and clients that access those servers. You have computers on networks that
both serve and access data; these are called peer-to-peer networks. You have
connections between networks and connections from outside to inside a network.
This chapter starts with connection concepts, looking at classic and current
uses of terms like client, server, and peer. The chapter then turns to virtual
private networks, how businesses handle telecommuting, traveling employees,
and multiple locations. The third part examines switches that can segment a
network into multiple virtual networks. The chapter finishes with a discussion
about multilayer switches—the boxes that do it all.
BaseTech
Chapter 12: Advanced Networking Devices
331
Client/Server and Peer-to-Peer ■■
Topologies
To share data and services, networks place computers or services into the
category of server, the provider of such things. Other computers act as cli-
ents, the users of services. Many networks today blend the two roles, mean-
ing each computer can both serve and request. Let’s look at classic usage of
client/server and peer-to-peer topologies, and then examine how the terms
have changed in modern networking.
Historical/Conceptual
Client/Server
The earliest networks used a client/server model. In that model, certain
systems acted as dedicated servers. Dedicated servers were called “ded-
icated” because that’s all they did. You couldn’t go up to a dedicated
server and run Word or Solitaire. Dedicated servers ran powerful server
network operating systems that offered up files, folders, Web pages, and
so on to the network’s client systems. Client systems on a client/server
network never functioned as servers. One client system couldn’t access
shared resources on another client system. Servers served and clients
accessed, and never the twain . . . crossed over . . . in the old days of
client/server!
Figure 12.1 shows a typical client/
server network. As far as the clients are
concerned, the only system on the net-
work is the server system. The clients can
neither see each other, nor share data with
each other directly. They must save the
data on the server, so that other systems
can access it.
Back in the old days there was an
operating system called Novell NetWare.
Novell NetWare servers were true dedi-
cated servers. You couldn’t go up to a
Novell NetWare server and write yourself
a resume. There were no Windows or even
user applications. The only thing Novell NetWare servers knew how to do
was share their own resources, but they shared those resources extremely
well! The Novell NetWare operating system was unique. It wasn’t any-
thing like Windows, Macintosh, or Linux. It required you to learn an
entirely different set of installation, configuration, and administration
commands. Figure 12.2 shows a screen from Novell NetWare. Don’t let
the passing resemblance to Windows fool you—it was a completely dif-
ferent operating system!
Figure 12.1 • A simple client/server network
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
332
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 12
Dedicated servers enabled
Novell to create an entire fea-
ture set not seen before on per-
sonal computers. Each dedicated
server had its own database of
user names and passwords. You
couldn’t access any of the resources
on the server without logging in.
The server’s administrator would
assign “permissions” to a specific
user account, such as Write (add
files to a directory), File Scan (see
the contents of a directory), and
Erase (delete files).
By keeping the server func-
tionality separate from the client
systems, the Novell folks made
very powerful, dedicated servers
without overwhelming the client
computers with tons of software.
This was, after all, in the early days
of personal computers and they
didn’t have anything near the power of a modern PC.
NetWare servers had tremendous power and great security because
the only thing they did was run server software. In the early days of net-
working, client/server was king!
Peer-to-Peer
Novell NetWare was the first popular way to network PCs, but it wasn’t too
many years later that Microsoft introduced the first versions of network-
capable Windows. The way in which these versions of Windows
looked at networking, called peer-to-peer, was completely different
from the client/server view of networking. In a peer-to-peer net-
work, any system can act as a server, a client, or both, depending
on how you configure that system. PCs on peer-to-peer networks
frequently act as both clients and servers. One of the most common
examples of a peer-to-peer network is the venerable Windows 9x
series of operating systems. Figure 12.3 shows the sharing options
for the ancient Windows 98 operating system, providing options to
share a folder and thus turn that computer into a server.
At first glance, it would seem that peer-to-peer is the way to
go—why create a network that doesn’t allow the clients to see each
other? Wouldn’t it make more sense to give users the freedom to
allow their systems both to share and access any resource? The
problem was a lack of security.
The early Windows systems did not have user accounts and the
only permissions were Read Only and Full Control. So they made
it easy to share but hard to control access to the shared resources.
People wanted the freedom of peer-to-peer with the security of cli-
ent/server.
Novell NetWare as marketed
today is a form of SUSE Linux. It
is no longer a unique server-only
operating system.
Figure 12.2 • Novell NetWare in action
Figure 12.3 • Sharing options in Windows 98
BaseTech
Chapter 12: Advanced Networking Devices
333
Dedicated servers enabled
Novell to create an entire fea-
ture set not seen before on per-
sonal computers. Each dedicated
server had its own database of
user names and passwords. You
couldn’t access any of the resources
on the server without logging in.
The server’s administrator would
assign “permissions” to a specific
user account, such as Write (add
files to a directory), File Scan (see
the contents of a directory), and
Erase (delete files).
By keeping the server func-
tionality separate from the client
systems, the Novell folks made
very powerful, dedicated servers
without overwhelming the client
computers with tons of software.
This was, after all, in the early days
of personal computers and they
didn’t have anything near the power of a modern PC.
NetWare servers had tremendous power and great security because
the only thing they did was run server software. In the early days of net-
working, client/server was king!
Peer-to-Peer
Novell NetWare was the first popular way to network PCs, but it wasn’t too
many years later that Microsoft introduced the first versions of network-
capable Windows. The way in which these versions of Windows
looked at networking, called peer-to-peer, was completely different
from the client/server view of networking. In a peer-to-peer net-
work, any system can act as a server, a client, or both, depending
on how you configure that system. PCs on peer-to-peer networks
frequently act as both clients and servers. One of the most common
examples of a peer-to-peer network is the venerable Windows 9x
series of operating systems. Figure 12.3 shows the sharing options
for the ancient Windows 98 operating system, providing options to
share a folder and thus turn that computer into a server.
At first glance, it would seem that peer-to-peer is the way to
go—why create a network that doesn’t allow the clients to see each
other? Wouldn’t it make more sense to give users the freedom to
allow their systems both to share and access any resource? The
problem was a lack of security.
The early Windows systems did not have user accounts and the
only permissions were Read Only and Full Control. So they made
it easy to share but hard to control access to the shared resources.
People wanted the freedom of peer-to-peer with the security of cli-
ent/server.
The “old school” client/
server model means dedicated
servers with strong security.
Clients see only the server. In the
peer-to-peer model, any system
is a client, server, or both, but
at the cost of lower security
and additional demands on the
system resources of each peer.
Test Specific
Client/Server and Peer-to-Peer Today
In response to demand, every modern operating system has dumped the
classic client/server or peer-to-peer label. Windows, Linux, and OS X all
have the capability to act as a server or a client while also providing robust
security through user accounts, permissions, and the like.
Since the widespread adoption of TCP/IP and the Internet, client/
server and peer-to-peer have taken on new or updated definitions and refer
more to applications than to network operating systems. Consider e-mail
for a moment. For traditional e-mail to work, you need an e-mail client
like Microsoft Outlook. But you also need an e-mail server program like
Microsoft Exchange to handle the e-mail requests from your e-mail client.
Outlook is a dedicated client—you cannot use the Outlook client as a mail-
serving program. Likewise, you cannot use Microsoft Exchange as an e-mail
client. Exchange is a dedicated server program.
Peer-to-peer applications, often referred to simply as P2P, act as both client
and server. The best examples of these applications are the now infamous
file-sharing applications based on special TCP/IP protocols. The applica-
tions, with names like BitTorrent, LimeWire, and DC++, act as both clients
and servers, enabling a user to share files and access shared files. BitTor-
rent is actually an entire protocol, not just a particular application. Many
different applications use the BitTorrent standard. Figure 12.4 shows one
such program, μTorrent, in the process of simultaneously uploading and
downloading files.
The terms server, client, and peer manifest in another way when discuss-
ing connecting to a local network from a remote site or connecting two
Figure 12.4 • μTorrent downloading
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
334
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 12
networks together so they function as if they’re one network. Let’s turn
now to a technology that makes these connection types possible: virtual pri-
vate networks.
Virtual Private Networks■■
Remote connections have been around for a long time, even before the
Internet existed. The biggest drawback to remote connections was the cost
to connect. If you were on one side of the continent and had to connect to
your LAN on the other side of the continent, the only connection option
was a telephone. Or if you needed to connect two LANs across the conti-
nent, you ended up paying outrageous monthly charges for a private con-
nection. The introduction of the Internet gave people wishing to connect to
their home networks a very inexpensive connection option, but there was
one problem—the whole Internet was (and is) open to the public. People
wanted to stop using dial-up and expensive private connections and use
the Internet instead, but they wanted to be able to do it securely.
If you read the previous chapter, you
might think you could use some of the tools
for securing TCP/IP to help and you would
be correct. Several standards use encrypted
tunnels between a computer or a remote
network and a private network through the
Internet (Figure 12.5), resulting in what is
called a virtual private network (VPN).
As you saw in the previous chapter, an
encrypted tunnel requires endpoints—the
ends of the tunnel where the data is encrypted
and decrypted. In the tunnels you’ve seen
thus far, the client for the application sits on
one end and the server sits on the other.
VPNs do exactly the same thing. Either some
software running on a computer or, in some
cases, a dedicated box must act as an end-
point for a VPN (Figure 12.6).
The key with the VPN is that all of the
computers should be on the same network—
and that means they must all have the same
network ID. For example, you would want
the laptop that you are using in an airport lounge
to have the same network ID as all of the comput-
ers in your LAN back at the office. But there’s no
simple way to do this. If it’s a single client trying
to access a network, that client is going to take on
the IP address from its local DHCP server. In the
case of your laptop in the airport, your network
ID and IP address come from the DHCP server
in the airport, not the DHCP server back at the
office.Figure 12.6 • Typical tunnel
Figure 12.5 • VPN connecting computers across the United States
BaseTech
Chapter 12: Advanced Networking Devices
335
To make the VPN work, you need a
VPN client program protocol that uses
one of the many tunneling protocols
available. This remote client connects
to the local LAN via its Internet connec-
tion, querying for an IP address from
the local DHCP server. In this way, the
VPN client will be on the same network
ID as the local LAN. The remote com-
puter now has two IP addresses. First, it
has its Internet connection’s IP address,
obtained from the remote computer’s ISP. Second, the VPN client creates a
tunnel endpoint that acts like a NIC (Figure 12.7). This virtual NIC has an
IP address that connects it to the local LAN.
Clever network engineers have come up with many ways to make this
work, and those implementations function at different layers of the TCP/
IP model. PPTP and L2TP, for example, work at the Link layer. Many VPNs
use IPsec at the Internet layer to handle encryption needs. SSL VPNs work
at the Application layer.
PPTP VPNs
So how do you make IP
addresses appear out of thin
air? What tunneling protocol
have you learned about that
has the smarts to query for
an IP address? That’s right!
Good old PPP! Microsoft got
the ball rolling with the Point-
to-Point Tunneling Protocol
(PPTP), an advanced version
of PPP that handles this right
out of the box. The only trick
is the endpoints. In Micro-
soft’s view, a VPN is intended
for individual clients to con-
nect to a private network, so
Microsoft places the PPTP
endpoints on the client and
the server. The server end-
point is a special remote
access server program, origi-
nally only available on Windows Server, called Routing and Remote Access
Service (RRAS) on the server—see Figure 12.8.
On the Windows client side, you run Create a New Connection. This
creates a virtual NIC that, like any other NIC, does a DHCP query and
gets an IP address from the DHCP server on the private network (Fig-
ure 12.9).
When your computer connects to the RRAS server on the private net-
work, PPTP creates a secure tunnel through the Internet back to the private
A system connected to a VPN
looks as though it’s on the local
network, but performs much
slower than if the system was
connected directly back at the
office because it’s not local at all.
Figure 12.7 • Endpoints must have their own IP addresses.
Figure 12.8 • RRAS in action
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
336
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 12
LAN. Your client takes on an IP address of that network, as if
your computer is directly connected to the LAN back at the
office, even down to the default gateway. If you open your
Web browser, your client will go across the Internet to the
local LAN and then use the LAN’s default gateway to get
to the Internet! Using a Web browser will be much slower
when you are on a VPN. Every operating system comes with
some type of built-in VPN client that supports PPTP (among
others). Figure 12.10 shows Network, the Mac OS X VPN
connection tool.
This type of VPN connection, where a single computer
logs into a remote network and becomes, for all intents and
purposes, a member of that network, is commonly called a
client-to-site connection.
L2TP VPNs
Microsoft pushed the idea of a single client tunneling into a private LAN
using software. Cisco, being the router king that it is, came up with its own
VPN protocol called Layer 2 Tunneling Protocol (L2TP). L2TP took all the
good features of PPTP and L2F and added support to run on almost any
type of connection possible, from telephones to Ethernet to ultra-high-
speed optical connections. Cisco also moved the endpoint on the local LAN
from a server program to a VPN-capable router, called a VPN concentrator,
such as the Cisco 2811 Integrated Services Router shown in Figure 12.11.
Figure 12.10 • VPN on a Macintosh OS X system
Cisco made hardware that
supported PPP traffic using
a proprietary protocol called
Layer 2 Forwarding (L2F). L2F
did not come with encryption
capabilities, so it was replaced
by L2TP a long time ago. You’ll
sometimes see the term on the
CompTIA Network+ exam as an
incorrect answer.
Figure 12.9 • VPN connection in Windows
BaseTech
Chapter 12: Advanced Networking Devices
337
Cisco provides free client software to connect a
single faraway PC to a Cisco VPN. This creates a typ-
ical client-to-site connection. Network people often
directly connect two Cisco VPN concentrators to con-
nect two separate LANs permanently. It’s slow, but
inexpensive, compared to a dedicated high-speed
connection between two faraway LANs. This kind
of connection enables two separate LANs to function as a single network,
sharing files and services as if in the same building. This is called a site-to-
site VPN connection.
L2TP differs from PPTP in that it has no authentication or encryption.
L2TP generally uses IPsec for all security needs. Technically, you should
call an L2TP VPN an “L2TP/IPsec” VPN. L2TP works perfectly well in the
single-client-connecting-to-a-LAN world, too. Every operating system’s
VPN client fully supports L2TP/IPsec VPNs.
SSL VPNs
Cisco has made a big push for companies to adopt VPN hardware that
enables VPNs using Secure Sockets Layer (SSL). These types of VPN work
at the Application layer and offer an advantage over Link- or Internet-
based VPNs because they don’t require any special client software. Clients
connect to the VPN server using a standard Web browser, with the traffic
secured using SSL. The two most common types of SSL VPNs are SSL portal
VPNs and SSL tunnel VPNs.
With SSL portal VPNs, a client accesses the VPN and is presented with
a secure Web page. The client gains access to anything linked on that page,
be it e-mail, data, links to other pages, and so on.
With tunnel VPNs, in contrast, the client Web browser runs some kind
of active control, such as Java or Flash, and gains much greater access to
the VPN-connected network. SSL tunnel VPNs create a more typical client-
to-site connection than SSL portal VPNs, but the user must have sufficient
permissions to run the active browser controls.
Virtual LANs ■■
Today’s LANs are complex places. It’s rare to see any serious network that
doesn’t have remote incoming connections, public Web or e-mail servers,
wireless networks, as well as the basic string of connected switches. Leav-
ing all of these different features on a single broadcast domain creates a
tremendous amount of broadcast traffic and creates a security nightmare.
You could separate the networks with multiple switches and put routers in
between, but that’s very inflexible and hard to manage. What if you could
segment the network using the switches you already own? You can, and
that’s what a virtual local area network (VLAN) enables you to do.
To create a VLAN, you take a single physical broadcast domain and
chop it up into multiple virtual broadcast domains. VLANs require special
switches loaded with extra programming to create the virtual networks.
Imagine a single switch with a number of computers connected to it. Up to
The years have seen plenty
of crossover between Microsoft
and Cisco. Microsoft RRAS
supports L2TP, and Cisco routers
support PPTP.
Many VPN connections
use the terms client and server
to denote the functions of
the devices that make the
connection. You’ll also see the
terms host and gateway to refer
to the connections, such as a
host-to-gateway tunnel.
Figure 12.11 • Cisco 2811 Integrated Services Router
Tech Tip
Alternatives to PPTP,
L2TP, and SSL
There are other VPN options to
PPTP, L2TP, and SSL, and some
of them are quite popular. First
is OpenVPN, which, like the
rest of what I call “OpenXXX”
applications, uses Secure Shell
(SSH) for the VPN tunnel.
Second is IPsec. The tech world is
now seeing some pure (no L2TP)
IPsec solutions that use IPsec
tunneling for VPNs, such as
Cisco Easy VPN.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
338
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 12
this point, a single switch is always a single broadcast domain, but that’s
about to change. You’ve decided to take this single switch and turn it into
two VLANs. VLANs typically get the name “VLAN” plus a number, like
VLAN1 or VLAN275. The devices usually start at 1 although there’s no law
or rules on the numbering. In this example, I’ll configure the ports on my
single switch to be in one of two VLANs—VLAN1 or VLAN2 (Figure 12.12).
I promise to show you how to configure ports for different VLANs shortly,
but I’ve got a couple of other concepts to hit first.
Figure 12.12 shows a switch configured to assign
individual ports to VLANs. But there’s another way to
use VLANs that’s supported by most VLAN-capable
switches. Instead of assigning ports to a VLAN, you
can assign MAC addresses to determine VLAN mem-
bership. A computer in this type of VLAN is always a
member of the same VLAN no matter which port you
plug the computer into on the switch.
A single switch configured into two VLANs is the
simplest form of VLAN possible. More serious net-
works usually have more than one switch. Let’s say you
added a switch to a simple network. You’d like to keep VLAN1 and VLAN2
but use both switches. You can configure the new switch to use VLAN1 and
VLAN2, but you’ve got to enable data to flow between the two switches,
regardless of VLAN. That’s where trunking comes into play.
Trunking
Trunking is the process of transferring VLAN traffic between two or more
switches. Imagine two switches, each configured with a VLAN1 and a
VLAN2, as shown in Figure 12.13.
You want all of the computers connected to VLAN1 on one switch to
talk to all of the computers connected to VLAN1 on the other switch. Of
course, you want to do this with VLAN2 also. To do this, you configure a
port on each switch as a trunk port. A trunk port is a port on a switch config-
ured to carry all traffic, regardless of VLAN number, between all switches
in a LAN (Figure 12.14).
There is a VLAN0. This is the
default VLAN. When you buy a
new VLAN-capable switch and
plug it in, every port on that
switch is preset to VLAN0.
Figure 12.12 • Switch with two VLANs
Figure 12.13 • Two switches, each with a VLAN1 and a VLAN2 Figure 12.14 • Trunk ports
BaseTech
Chapter 12: Advanced Networking Devices
339
In the early days of VLANs, every switch manufacturer had its own way
to make VLANs work. Cisco, for example, had a proprietary form of trunk-
ing called Inter-Switch Link (ISL), which most Cisco switches still support.
Today, every Ethernet switch prefers the IEEE 802.1Q trunk standard that
enables you to connect switches from different manufacturers.
Configuring a VLAN-capable Switch
If you want to configure a VLAN-capable switch, you need a method to
perform that configuration. One method uses a serial (console) port like the
one described in Chapter 3, but the most common method is to access the
switch with a Web browser interface, like the one shown in Figure 12.15.
Catalyst is a model name for a series of popular Cisco routers with advanced
switching features. Any switch that you can access and configure is called
a managed switch.
So if you’re giving the switch a Web interface, that means the switch
needs an IP address—but don’t switches use MAC addresses? They do, but
managed switches also come with an IP address for configuration. A brand-
new managed switch out of the box invariably has a preset IP address simi-
lar to the preset, private IP addresses you see on routers. This IP address
isn’t for any of the individual ports, but rather is for the whole switch. That
means no matter where you physically connect to the switch, the IP address
to get to the configuration screen is the same.
Every switch manufacturer has its own interface for configuring
VLANs, but the interface shown in Figure 12.16 is a classic example. This is
Cisco Network Assistant, a very popular tool that enables you to configure
The simple switches you’ve
seen prior to this haven’t had
any configuration capability
(aside from giving you a button
to enable or disable an uplink
port). These simple switches are
called unmanaged switches.
Figure 12.15 • Catalyst 2950 Series Device Manager
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
340
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 12
multiple devices through the same interface. Note that you first must define
your VLANs.
After you create the VLANs, you usually either assign computers’ MAC
addresses to VLANs or assign ports to VLANs. Assigning MAC addresses
means that no matter where you plug in a computer, it is always part of the
same VLAN—a very handy feature for mobile users! Assigning each port to
a VLAN means that whatever computer plugs into that port, it will always
be a member of that port’s VLAN. Figure 12.17 shows a port being assigned
to a particular VLAN.
Figure 12.16 • Defining VLANs in Cisco Network Assistant
VLANs based on ports are
the most common type of VLAN
and are commonly known as
static VLANs. VLANs based
on MAC addresses are called
dynamic VLANs.
Figure 12.17 • Assigning a port to a VLAN
BaseTech
Chapter 12: Advanced Networking Devices
341
Virtual Trunk Protocol
A busy network with many VLAN switches can require periods of intensive
work to update. Imagine the work required to redo all the VLAN switches
if you changed the VLAN configuration by adding or removing a VLAN.
You’d have to access every switch individually, changing the port configu-
ration to alter the VLAN assignment, and so on. The potential for errors is
staggering. What if you missed updating one switch? Joe in Sales might
wrongly have access to a sensitive accounting server or Phyllis in account-
ing might not be able to get her job done on time.
Cisco uses a proprietary protocol called Virtual Trunk Protocol (VTP)
to automate the updating of multiple VLAN switches. With VTP, you put
each switch into one of three states: server, client, or transparent. When you
make changes to the VLAN configuration of the server switch, all the con-
nected client switches update their configurations within minutes. The big
job of changing every switch manually just went away.
When you set a VLAN switch to transparent, you tell it not to update
but to hold onto its manual settings. You would use a transparent mode
VLAN switch in circumstances where the overall VLAN configuration
assignments did not apply.
InterVLAN Routing
Once you’ve configured a switch to support multiple
VLANs, each VLAN is its own broadcast domain, just
as if the two VLANs were on two completely separate
switches and networks. There is no way for data to get
from one VLAN to another unless you use a router.
The process of making a router work between two
VLANs is called interVLAN routing. In the early days
of inter VLAN routing, you commonly used a router
with multiple ports as a backbone for the network.
Figure 12.18 shows one possible way to connect two
VLANs with a single router. Note that the router has
one port connected to VLAN 100 and another con-
nected to VLAN 200. Devices on VLAN 100 may now
communicate with devices on VLAN 200.
Adding a physical router like this isn’t a very ele-
gant way to connect VLANs. This forces almost all traf-
fic to go through the router, and it’s not a very flexible
solution if you want to add more VLANs in the future.
As a result, all but the simplest VLANs have at least one
very special switch that has the ability to make virtual
routers. Figure 12.19 shows an older but very popular
interVLAN routing–capable switch, the Cisco 3550.
Figure 12.19 • Cisco 3550
Figure 12.18 • One router connecting multiple VLANs
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
342
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 12
From the outside, the Cisco 3550 looks like any other switch. On the
inside, it’s an incredibly powerful and flexible device that not only sup-
ports VLANs, but also enables you to create virtual routers to interconnect
these VLANs. Figure 12.20 shows the configuration screen for the 3550’s
inter VLAN routing between two VLANs.
If the Cisco 3550 is a switch but also has built-in routers, on what layer
of the OSI seven-layer model does it operate? If it’s a switch, then it works
at Layer 2. But it also has the capability to create virtual routers, and routers
work at Layer 3. This isn’t an ordinary switch. The Cisco 3550 works at both
Layers 2 and 3 at the same time.
Multilayer Switches■■
The Cisco 3550 is an amazing box in that it seems to defy the entire con-
cept of a switch because of its support of interVLAN routing. Up to this
point, I’ve said a switch works at Layer 2 of the OSI model, but now you’ve
just seen a very powerful (and expensive) switch that clearly also works at
Layer 3. The Cisco 3550 is one example of what we call a multilayer switch.
At this point you must stop thinking that a switch always works at Layer
2. Instead, think of the idea that any device that forwards traffic based on
anything inside a given packet is a switch. A Layer 2 switch forwards traffic
based on MAC addresses, whereas a Layer 3 switch (also called a router)
forwards traffic based on IP addresses. From here on out, I will carefully
address at what layer of the OSI seven-layer model a switch operates.
Figure 12.20 • Setting up interVLAN routing
BaseTech
Chapter 12: Advanced Networking Devices
343
The challenge to multilayer switches comes with the ports. On a clas-
sic Layer 2–only switch, individual ports don’t have IP addresses. They
don’t need them. On a router, however, every port must have an IP address
because the routing table uses the IP address to determine where to send
packets.
A multilayer switch needs some option or feature for configuring ports
to work at Layer 2 or Layer 3. Cisco uses the terms switchport and router
port to differentiate between the two types of port. You can configure any
port on a multilayer switch to act as a switchport or a router port, depend-
ing on your needs. Multilayer switches are incredibly common and sup-
port a number of interesting features, clearly making them part of what
I call “advanced networking devices” and what CompTIA calls “special-
ized network devices.” I’m going to show you three areas where multilayer
switches are very helpful: load balancing, quality of service, and network
protection (each term is defined in its respective section). These three areas
aren’t the only places where multilayer switches solve problems, but they
are the most popular and the ones that the CompTIA Network+ exam cov-
ers. Let’s look at these areas that are common to more advanced networks
and see how more advanced network devices help in these situations.
Load Balancing
Popular Internet servers are exactly that—popular. So popular that a single
system cannot possibly support the thousands, if not millions, of requests
per day that bombard them. But from what you’ve learned thus far about
servers, you know that a single server has a single IP address. Put this to the
test. Go to a command prompt and type ping www.google.com.
C:\>ping www.google.com
Pinging www.l.google.com [74.125.95.147] with 32 bytes of data:
Reply from 74.125.95.147: bytes=32 time=71ms TTL=242
Reply from 74.125.95.147: bytes=32 time=71ms TTL=242
Reply from 74.125.95.147: bytes=32 time=70ms TTL=242
Reply from 74.125.95.147: bytes=32 time=70ms TTL=242
Getting a definite number is somewhat difficult, but by poking around
on a few online analysis Web sites like Alexa (www.alexa.com), it seems
that www.google.com receives around 130 to 140 million requests per day;
that’s about 1600 requests per second. Each request might require the Web
server to deliver thousands of HTTP segments. A single, powerful, dedi-
cated Web server (arguably) handles at best 2000 requests/second. A busy
Web site often needs more than one Web server to handle all the requests.
Let’s say a Web site needs three servers to handle the traffic. How does that
one Web site, using three different servers, use a single IP address? The
answer is found in something called load balancing.
Load balancing means making a bunch of servers look like a single
server, creating a server cluster. Not only do you need to make them look
like one server, you need to make sure that requests to these servers are
distributed evenly so no one server is bogged down while another is idle.
There are a few ways to do this, as you are about to see. Be warned, not all
of these methods require an advanced network device called a load balancer,
but it’s common to use one. Employing a device designed to do one thing
Any device that works at
multiple layers of the OSI seven-
layer model, providing more
than a single service, is called a
multifunction network device.
Coming to a consensus
on statistics like the number
of requests/day or how many
requests a single server
can handle is difficult. Just
concentrate on the concept.
If some nerdy type says your
numbers are way off, nicely
agree and walk away. Just don’t
invite them to any parties.
www.google.com
www.google.com
www.alexa.com
www.google.com
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
344
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 12
really well is always much faster than using a general-purpose computer
and slapping on software.
DNS Load Balancing
Using DNS for load balancing is one of the oldest and still very common
ways to support multiple Web servers. In this case, each Web server gets
its own (usually) public IP address. Each DNS server for the domain has
multiple “A” DNS records, each with the same fully qualified domain name
(FQDN). The DNS server then cycles around these records so
the same domain name resolves to different IP addresses. Fig-
ure 12.21 shows a Windows DNS server with multiple A records
for the same FQDN.
Now that the A records have been added, you need to tell
the DNS server to cycle around these names. With Windows
DNS Server, you’ll select a check box to do this, as shown in
Figure 12.22.
When a computer comes to the DNS server for resolution, the
server cycles through the DNS A records, giving out first one and
then the next in a cyclic (round robin) fashion.
The popular BIND DNS server has a very similar process but
adds even more power and features such as weighting one or more
servers more than others or randomizing the DNS response.
Using a Multilayer or Content Switch
DNS is an easy way to load balance, but it still relies on multiple
DNS servers, each with its own IP address. As Web clients access
one DNS server or another, they cache that DNS server’s IP address.
The next time they access the server, they go directly to the cached
DNS server and skip the round robin, reducing its effectiveness.
Figure 12.21 • Multiple IP addresses, same name
Figure 12.22 • Enabling round robin
BaseTech
Chapter 12: Advanced Networking Devices
345
To hide all of your Web servers behind a single IP, you have two popular
choices. First is to use a special multilayer switch that works at Layers 3 and 4.
This switch is really just a router that performs NAT and port forwarding, but
also has the capability to query the hidden Web servers continually and send
HTTP requests to a server that has a lighter workload than the other servers.
The second option is to use a content switch. Content switches always
work at Layer 7 (Application layer). Content switches designed to work
with Web servers, therefore, are able to read the incom-
ing HTTP and HTTPS requests. With this, you can per-
form very advanced actions, such as handling SSL cer-
tificates and cookies, on the content switch, removing
the workload from the Web servers. Not only can these
devices load balance in the ways previously described,
but their HTTP savvy can actually pass a cookie to HTTP
requesters—Web browsers—so the next time that client
returns, it is sent to the same server (Figure 12.23).
QoS and Traffic Shaping
Just about any router you buy today has the capability to block packets
based on port number or IP address, but these are simple mechanisms
mainly designed to protect an internal network. What if you need to control
how much of your bandwidth is used for certain devices or applications?
In that case, you need quality of service (QoS) policies to prioritize traffic
based on certain rules. These rules control how much bandwidth a proto-
col, PC, user, VLAN, or IP address may use (Figure 12.24).
Figure 12.23 • Layer 7 content switch
The CompTIA Network+
exam refers to a content switch
as a content filter network
appliance.
Figure 12.24 • QoS configuration on a router
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
346
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 12
On many advanced routers and switches, you can implement QoS
through bandwidth management, such as traffic shaping where you con-
trol the flow of packets into or out of the network according to the type of
packet or other rules.
Traffic shaping is very important when you must guarantee a device
or application a certain amount of bandwidth and/or latency, such as
with VoIP or video. Traffic shaping is also very popular in places such as
schools, where IT professionals need to control user activities, such as lim-
iting HTTP usage or blocking certain risky applications such as peer-to-
peer file sharing.
Network Protection
The last area where you’re likely to encounter advanced networking devices
is network protection. Network protection is my term to describe four differ-
ent areas that CompTIA feels fit under the term specialized network devices:
Intrusion protection/intrusion detection ■
Port mirroring ■
Proxy serving ■
Port authentication ■
Intrusion Detection/Intrusion Prevention
Intrusion detection and intrusion prevention are very similar to the pro-
cesses used to protect networks from intrusion and to detect that something
has intruded into a network. Odds are good you’ve heard the term firewall.
Firewalls are hardware or software tools that block traffic based on port
number or IP address. A traditional firewall is a static tool: it cannot actually
detect an attack. An intrusion detection system (IDS) is an application (often
running on a dedicated IDS box) that inspects incoming packets, looking for
active intrusions. A good IDS knows how to find attacks that no firewall can
find, such as viruses, illegal logon attempts, and other well-known attacks.
An IDS always has some way to let the network administrators know
if an attack is taking place: at the very least the attack is logged, but
some IDSs offer a pop-up message, an e-mail, or even a text message
to your phone.
Third-party IDS tools, on the other hand, tend to act in a much
more complex and powerful way. You have two choices with a real
IDS: network based or host based. A network-based IDS (NIDS) con-
sists of multiple sensors placed around the network, often on one or
both sides of the gateway router. These sensors report to a central
application that, in turn, reads a signature file to detect anything out
of the ordinary (Figure 12.25).
A host-based IDS (HIDS) is software running on individual sys-
tems that monitors for events such as system file modification or reg-
istry changes (Figure 12.26). More expensive third-party system IDSs
do all this and add the ability to provide a single reporting source—
very handy when one person is in charge of anything that goes on
throughout a network.
The CompTIA Network+
exam uses the generic term
traffic filtering, which means
traffic shaping—the filtering of
traffic based on type of packet or
other rules.
The term bandwidth
shaping is synonymous with
traffic shaping. The routers and
switches that can implement
traffic shaping are commonly
referred to as shapers. The
CompTIA Network+ exam refers
to such devices as bandwidth
shapers.
Figure 12.25 • Diagram of network-based IDS
BaseTech
Chapter 12: Advanced Networking Devices
347
Figure 12.26 • OSSEC HIDS
A well-protected network uses both a NIDS and a HIDS. A NIDS moni-
tors the incoming and outgoing traffic from the Internet whereas the HIDS
monitors the individual computers.
An intrusion prevention system (IPS) is very similar to an IDS, but an
IPS adds the capability to react to an attack. Depending on what IPS prod-
uct you choose, an IPS can block incoming packets on-the-fly based on IP
address, port number, or application type. An IPS might go even further,
literally fixing certain packets on-the-fly. As you might suspect, you can roll
out an IPS on a network and it gets a new name: a network intrusion preven-
tion system (NIPS).
Port Mirroring
Hubs may be obsolete, but they had one aspect that made them awfully
handy: you could plug into a hub and see everybody’s traffic. With switches
now the way to connect, you no longer have a way to see any traffic other
than traffic directed at the NIC and broadcasts. But if you have the right
switch, you can get this capability back.
IDS/IPS often takes advantage of something called port mirroring. Many
advanced switches have the capability to mirror data from any or all physi-
cal ports on a switch to a single physical port. It’s as though you make a
customized, fully configurable promiscuous port. Port mirroring is incred-
ibly useful for any type of situation where an administrator needs to inspect
packets coming to or from certain computers.
The CompTIA Network+
exam can refer to an IDS system
by either its location on the
network—thus NIDS or HIDS—
or by what the IDS system does
in each location. The network-
based IDS scans using signature
files, thus it is a signature-based
IDS. A host-based IDS watches
for suspicious behavior on
systems, thus it is a behavior-
based IDS.
The CompTIA Network+
exam refers to intrusion
detection and prevention
systems collectively by their
initials, IDS/IPS.
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
348
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 12
Proxy Serving
A proxy server sits in between clients and external servers, essentially
pocketing the requests from the clients for server resources and mak-
ing those requests itself. The client comput-
ers never touch the outside servers and thus
stay protected from any unwanted activity. A
proxy server usually does something to those
requests as well. Let’s see how proxy servers
work using HTTP, one of the oldest uses of
proxy servers.
Since proxy serving works by redirecting
client requests to a proxy server, you first must
tell the Web client not to use the usual DNS
resolution to determine the Web server and
instead to use a proxy. Every Web client comes
with a program that enables you to set the IP
address of the proxy server, as shown in the
example in Figure 12.27.
Once the proxy server is configured, HTTP
requests move from the client directly to the
proxy server. Built into every HTTP request is
the URL of the target Web server, so the Web
proxy knows where to get the requested data
once it gets the request. In the simplest format,
the proxy server simply forwards the requests
using its own IP address and then forwards the
returning packets to the client (Figure 12.28).
This simple version of using a proxy server prevents the Web server
from knowing where the client is located—a handy trick for those who
wish to keep people from knowing where they are coming from, assum-
ing you can find a public proxy server that accepts your HTTP requests
(there are plenty!). There are many other good reasons to use a proxy
server. One big benefit is caching. A proxy server keeps a copy of the
served resource, giving clients a much faster response.
Tech Tip
Proxy Caching
If a proxy server caches a Web
page, how does it know if the
cache accurately reflects the real
page? What if the real Web page
was updated? In this case, a good
proxy server uses querying tools
to check the real Web page to
update the cache.
Figure 12.27 • Setting a proxy server in Mozilla Firefox
Figure 12.28 • Web proxy at work
BaseTech
Chapter 12: Advanced Networking Devices
349
A proxy server might inspect the contents of the resource, looking for
inappropriate content, viruses/malware, or just about anything else the
creators of the proxy might desire it to identify.
HTTP proxy servers are the most common type of proxy server, but
any TCP application can take advantage of proxy servers. Numerous proxy
serving programs are available, such as Squid, shown in Figure 12.29. Proxy
serving takes some substantial processing, so many vendors sell proxy serv-
ers in a box, such as the Blue Coat ProxySG 510.
Figure 12.29 • Squid Proxy Server software
Port Authentication
The last place where you see advanced networking devices is in port
authentication. We’ve already covered the concept in the previous chap-
ter: port authentication is a critical component for any AAA authentication
method, in particular RADIUS, TACACS+, and 802.1X. When you make a
connection, you must have something at the point of connection to make
the authentication, and that’s where advanced networking devices come
into play. Many switches, and almost every wireless access point, come
with feature sets to support port authentication. A superb example is my
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
350
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 12
own Cisco 2811 router. It supports RADIUS and 802.1X port authentication,
as shown in Figure 12.30.
Figure 12.30 • 802.1X configuration on a Cisco 2811
Try This!
Exploring Switch Capabilities
If you have access to a managed switch of any kind, now would be a great
time to explore its capabilities. Use a Web browser of choice and navigate
to the switch. What can you configure? Do you see any options for proxy
serving, load balancing, or other fancy capability? How could you opti-
mize your network by using some of these more advanced capabilities?
BaseTech
351
Chapter 12: Advanced Networking Devices
Chapter 12 Review■■
Chapter Summary ■
After reading this chapter and completing the exercises,
you should understand the following about network-
ing devices.
Discuss client/server and peer-to-peer logical
topologies
In a client/server model, certain systems act as ■
dedicated servers. A client never acts as a server,
so one client can never access shared resources on
another client.
In a peer-to-peer network, any system can act as ■
a client, server, or both. This model first became
popular in the 1990s with Microsoft Windows.
Today, the terms client/server and peer-to- ■
peer refer more to applications than to network
operating systems.
Describe the features and functions of VPNs
A VPN creates a tunnel that enables users to ■
connect to remote LANs across the Internet.
RRAS, a program available only on Windows ■
servers, allows VPN connections using PPTP. PPTP
creates the secure tunnel through the Internet to
your private LAN.
L2TP is a Cisco VPN protocol that was built on ■
the best features of Microsoft’s PPTP and Cisco’s
L2F. Rather than requiring special server software
(such as Microsoft’s RRAS), L2TP places a tunnel
endpoint directly on a VPN-capable router.
L2TP provides no authentication or encryption. It ■
usually relies on IPsec for this.
SSL VPNs come in two flavors: portal and tunnel. ■
Both provide connectivity to the internal network
through a standard Web browser and do not need
special client software. SSL enables security.
Configure and deploy VLANs
A VLAN takes a single physical broadcast domain ■
and splits it into multiple virtual broadcast
domains, thereby reducing broadcast traffic.
Trunking enables VLANs to work across multiple ■
switches, so that multiple computers on the same
LAN, but connected to different physical switches,
can be members of the same VLAN.
A trunk port carries all traffic, regardless of VLAN ■
number, between all switches on a LAN. Today,
every Ethernet switch prefers the IEEE 802.1Q
trunk standard, enabling you to connect switches
from different manufacturers.
Many switches can be configured for VLANs via ■
a serial port connection, but the most common
method is via a Web server built into the switch.
Once the VLANs have been created on the ■
switches, the next steps include assigning
computers’ MAC addresses to VLANs (dynamic
VLANs) or assigning switch ports to VLANs
(static VLANs).
Switches running Cisco VTP can be set in client ■
mode to update automatically when a switch set to
server mode is updated.
A multilayer switch that has the ability to do ■
interVLAN routing can act as a virtual router,
connecting different VLANs.
Implement advanced switch features
A multilayer switch is one that operates at multiple ■
levels of the OSI model, such as the Cisco 3550
switch that functions at both Layer 2 and Layer 3.
Layer 2 switches forward frames based on MAC ■
addresses whereas Layer 3 switches (also called
routers) forward packets based on IP addresses.
Load balancing involves configuring multiple ■
servers to look like a single server, allowing
multiple servers to handle requests sent to a single
IP address. Additionally, load balancing spreads
the requests evenly across all the servers so no one
system is bogged down.
With DNS load balancing, each Web server receives ■
a unique IP address because the DNS servers hold
multiple A records, each with the same domain
name, for each Web server. The DNS server then
cycles around these records so the same domain
name resolves to different IP addresses.
352
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 12
DNS load balancing loses effectiveness when ■
client computers cache the resolved IP address,
bypassing the DNS server when connecting to a
Web server.
A content switch provides load balancing by ■
reading the HTTP and HTTPS requests and acting
upon them, taking the workload off the Web
servers.
Quality of service (QoS) sets priorities for how ■
much bandwidth is used for certain protocols, PCs,
users, VLANs, IP addresses, or other devices or
applications. This is often implemented through
traffic shaping.
An intrusion detection system (IDS) inspects ■
incoming packets and actively monitors for attacks.
A network-based IDS (NIDS) typically consists
of sensors on one or both sides of the gateway
router whereas a host-based IDS (HIDS) consists
of monitoring software installed on individual
computers.
An intrusion prevention systems (IPS) can react ■
to attacks. An IPS proactively monitors for attacks
and then reacts if an attack is identified.
Port mirroring mirrors data from any or all ■
physical ports on a switch to a single physical
port, making it easy for administrators to inspect
packets to or from certain computers.
A proxy server intercepts client requests and acts ■
upon them, usually by blocking the request or
forwarding the request to other servers.
Many switches support port authentication, ■
a feature that requires network devices to
authenticate themselves, protecting your network
from rogue devices.
Key Terms ■
client/server (331)
client-to-site (336)
content switch (345)
interVLAN routing (341)
intrusion detection system (IDS) (346)
intrusion prevention system (IPS) (347)
Layer 2 Tunneling Protocol (L2TP) (336)
Load balancing (343)
managed switch (339)
multilayer switch (342)
peer-to-peer (332)
Point-to-Point Tunneling Protocol (PPTP) (335)
port authentication (349)
port mirroring (347)
proxy server (348)
quality of service (QoS) (345)
Routing and Remote Access Service (RRAS) (335)
site-to-site (337)
SSL VPN (337)
traffic shaping (346)
trunk port (338)
trunking (338)
virtual local area network (VLAN) (337)
virtual private network (VPN) (334)
Virtual Trunk Protocol (VTP) (341)
VPN concentrator (336)
Key Term Quiz ■
Use the Key Terms list to complete the sentences that
follow. Not all terms will be used.
_______________ is Cisco’s VPN protocol that 1.
relies on IPsec for all its security needs.
In a(n) _______________ network, all computers 2.
can act in dual roles as clients or servers.
A(n) _______________ services client requests 3.
and forwards them to the appropriate server.
In a(n) _______________ network, client 4.
computers cannot share resources with each
other or see each other. They can only connect to
a server.
BaseTech
353
Chapter 12: Advanced Networking Devices
_______________ allows multiple VLANs to 5.
work across multiple switches.
Routers that enable you to set QoS often 6.
use _______________ to limit the amount
of bandwidth used by certain devices or
applications.
Creating a(n) _______________ helps to reduce 7.
broadcast traffic on any one network by
separating the one large network into smaller
ones, but it requires the use of a special switch.
A(n) _______________ is a network created by 8.
a secure tunnel from one network to another
remote network.
_______________ is a special program running 9.
on Microsoft servers that enables remote users to
connect to a local Microsoft network.
Microsoft’s _______________ enables computers 10.
on one end of a VPN to receive an IP address on
the subnet of the remote network.
Multiple-Choice Quiz ■
Which network model uses only truly dedicated 1.
servers?
Client/serverA.
Peer-to-peerB.
Virtual private networkC.
Virtual local area networkD.
Marcy is home sick, but she uses a VPN to connect 2.
to her network at work and is able to access files
stored on the remote network just as if she were
physically in the office. Which protocols make it
possible for Marcy to receive an IP address from
the DHCP server at work? (Select two.)
PPTPA.
IDSB.
L2TPC.
IPSD.
What is one benefit of a VLAN?3.
It allows remote users to connect to a local A.
network via the Internet.
It reduces broadcast traffic on a LAN.B.
It can create a WAN from multiple disjointed C.
LANs.
It provides encryption services on networks D.
that have no default encryption protocol.
Rashan’s company has multiple FTP servers, 4.
allowing remote users to download files. What
should Rashan implement on his FTP servers so
they appear as a single server with a guarantee
that no single FTP server is receiving more
requests than any other?
Load balancingA.
Port authenticationB.
Port mirroringC.
TrunkingD.
Raul sits down at his computer, checks his 5.
e-mail, edits a document on the server, and
shares a folder with other users on the network.
What kind of network is Raul on?
Client/serverA.
Peer-to-peerB.
PPTPC.
TrunkedD.
Which of the following describes a VPN?6.
A remote connection using a secure tunnel A.
across the Internet
Segmenting a local network into smaller B.
networks without subnetting
A network that is protected from virusesC.
A protocol used to encrypt L2TP trafficD.
To enable computers connected to different 7.
switches to be members of the same VLAN, what
do the switches have to support?
Content switchingA.
Port authenticationB.
Port mirroringC.
TrunkingD.
354
Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks
/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 12
What is true of a multilayer switch?8.
It can work at multiple OSI layers at the A.
same time.
It can work with one of several OSI layers at B.
a time, depending on its configuration mode.
Working at a different layer requires making a
configuration change and resetting the switch.
It can communicate with other switches that C.
work at different OSI layers.
It has twice the ports of a standard switch D.
because it contains two regular switches, one
stacked on top of the other.
Which statement about L2TP is true?9.
It is more secure than PPTP.A.
It was developed by Microsoft and is B.
available by default on all Microsoft servers.
It lacks security features and, therefore, relies C.
on other protocols or services to handle
authentication and encryption.
It ensures router tables are kept synchronized D.
across VLANs.
What are the benefits of caching on a Web proxy? 10.
(Select two.)
Response timeA.
Virus detectionB.
TrackingC.
AuthenticationD.
Which are effective methods of implementing 11.
load balancing? (Select two.)
Content switchingA.
DNS round robinB.
Traffic shapingC.
Proxy servingD.
Employees in the sales department complain 12.
that the network runs slowly when employees
in the art department copy large graphics files
across the network. What solution might increase
network speed for the sales department?
DNS load balancingA.
Content switchingB.
Traffic shapingC.
802.1zD.
How does an IPS compare to an IDS?13.
An IPS is more secure because it uses IPsec.A.
An IDS is more secure because it uses L2TP.B.
An IPS is more robust because it can react to C.
attacks.
An IDS is more robust because it can react to D.
attacks.
A dynamic VLAN assigns VLANs to14.
IP addressesA.
MAC addressesB.
PortsC.
TrunksD.
Novell NetWare was an example of what?15.
A dedicated clientA.
A dedicated serverB.
A multilayer VLAN switchC.
Intrusion detection system softwareD.
Essay Quiz ■
Your boss is becoming increasingly worried 1.
about hacking attempts on the company Web
server. Write a letter explaining the various
options for protecting against, and reacting to,
attacks.
A coworker is constantly talking about VLANs 2.
and VPNs but rarely uses the terms correctly.
Educate your coworker as to what VPNs and
VLANs are, what they are for, and how they
differ.
BaseTech
355
Chapter 12: Advanced Networking Devices
Lab Project 12.1 •
Lab ProjectsLab Projects
You have read quite a bit in this chapter about
securing networks against attacks. Research
at least three intrusion prevention systems
and create a matrix comparing them. Include
comparisons of features, cost, reliability,
network/operating system support, and general
user reviews.
Lab Project 12.2 •
Your boss wants to reduce broadcast traffic and
asks you to segment the network into multiple
VLANs. Use your favorite e-commerce Web site
for purchasing computer and networking devices
and find at least three switches that support
VLANs. Create a matrix comparing features
and cost. Based on your research, which VLAN
switch would you recommend to your employer
and why?
Cover
Title Page
Copyright Page
Contents
About the Author
Acknowledgments
Preface
CompTIA Approved Quality Curriculum
Instructor and Student Website
Chapter 1 CompTIA Network+ in a Nutshell
Who Needs CompTIA Network+? I Just Want to Learn about Networks!
What Is CompTIA Network+ Certification?
What Is CompTIA?
The Current CompTIA Network+ Certification Exam Release
How Do I Become CompTIA Network+ Certified?
What Is the Exam Like?
How Do I Take the Test?
How Much Does the Test Cost?
How to Pass the CompTIA Network+ Exam
Obligate Yourself
Set Aside the Right Amount of Study Time
Study for the Test
Chapter 2 Network Models
Historical/Conceptual
Working with Models
The OSI Seven-Layer Model in Action
Test Specific
Let’s Get Physical—Network Hardware and Layers 1–2
Beyond the Single Wire—Network Software and Layers 3–7
The TCP/IP Model
Chapter 2 Review
Chepter 3 Cabling and Topology
Test Specific
Topology
Cabling
Networking Industry Standards—IEEE
Chapter 3 Review
Chepter 4 Ethernet Basics
Historical/Conceptual
Ethernet
Test Specific
Organizing the Data: Ethernet Frames
Early Ethernet Networks
Extending and Enhancing Ethernet Networks
Chapter 4 Review
Chepter 5 Modern Ethernet
Test Specific
100-Megabit Ethernet
Gigabit Ethernet
10 Gigabit Ethernet
Chapter 5 Review
Chapter 6 Installing a Physical Network
Historical/Conceptual
Understanding Structured Cabling
Test Specific
Installing Structured Cabling
NICs
Diagnostics and Repair of Physical Cabling
Chapter 6 Review
Chepter 7 TCP/IP Basics
Historical/Conceptual
Standardizing Networking Technology
Test Specific
The TCP/IP Protocol Suite
IP in Depth
CIDR and Subnetting
Using IP Addresses
Chapter 7 Review
Chapter 8 The Wonderful World of Routing
Historical/Conceptual
How Routers Work
Test Specific
Dynamic Routing
Working with Routers
Chapter 8 Review
Chepter 9 TCP/IP Application
Historical/Conceptual
Transport Layer and Network Layer Protocols
Test Specific
The Power of Port Numbers
Common TCP/IP Applications
Chapter 9 Review
Chepter 10 Network Naming
Historical/Conceptual
DNS
Test Specific
WINS
Diagnosing TCP/IP Networks
Chapter 10 Review
Chapter 11 Securing TCP/IP
Test Specific
Making TCP/IP Secure
TCP/IP Security Standards
Secure TCP/IP Applications
Chapter 11 Review
Chapter 12 Advanced Networking Devices
Client/Server and Peer-to-Peer Topologies
Historical/Conceptual
Test Specific
Virtual Private Networks
Virtual LANs
Multilayer Switches
Chapter 12 Review
Lab1:
Installing and Using Wireshark
Packet Capture Software
by
Date Report Due: Nov 3, 2013
Date Report Submitted: Nov 3, 2013
Table of Contents
3
Descriptive Abstract
4
Introduction
Screen Shot 1
5
6
Screen Shot 2
Purpose of WinPcap
6
Conclusion
7
8
References
Running Glossary
8
Descriptive Abstract
The purpose of this lab assignment is to learn working on Wireshark packet capture software. Wireshark is an open-source network packet analyzer software, which capture network packets and display the packet data with details of that packet. This software is available for UNIX and Windows operating system.
The main use of Wireshark packet capture software is in troubleshooting problems related to network or for testing of protocol implementations. Time, source IP address, destination IP address, protocol, length, and some other information are the main information which this software provides regarding a packet travel on network.
In this lab assignment, we first installed the Wireshark on local machine. In the first run after stopping the capturing of packets I analyze some of the packets and check what protocol they follow, length of that and other basic information. After the first few random searches, I traced some packets related to
http://www2.gibson.com
. In the report, I have included some screen captures of wireshark software with the analysis of different sections on the screen shot.
Introduction
The lab is related to installation and understanding of the Wireshark packet analyzer software. Wireshark is important because it provides many details regarding network packets like length, what protocol the packet follow, what is the source and destination IP address for that packet etc. The MIS 272 is a networking class and the data communication in a network happen in the form of packets so it is mandatory to have an understanding about packets.
This software is mainly used by network administrator to troubleshoot network problems, by network security engineers to examine security problems and developers use this to test a new protocol implementation, or use it to learn about network packets and related details. The main study material for this course is “Managing and Troubleshooting Networks”, so by name itself it is clear that it is about how to manage and troubleshoot networks. By analyzing the packet related information provided by Wireshark we can easily identify that where is the problem.
Software used for this lab assignment:
1) Windows 7
2) Wireshark packet analyzer software
3) Web browser
4) Video player
5) Some other system and application software mainly related and controlled by OS.
Hardware used for this lab assignment:
1) A laptop
2) Internet connection
3) A network router
To complete the lab activity, first install the wireshark network packet analyzer software. After installation we need to choose the connection type for example, Bluetooth Network Connection, Wi-Fi, Ethernet, wireless connection 1, local area network, other connections and then click on the start icon just above that. As soon as we click on this start icon, the software starts analyzing network packet and starts showing the details regarding the packet with the protocol information. First it will provide the information regarding the connection between laptop and the Wi-Fi router, and then between the Wi-Fi router and servers of different connected sites. It is interesting that for one website we can get different IPs because big sites are handled more than one server.
After some random analysis, I closed all the browsers and stopped the process of the packet analyzer. Then I started www2.gibson.com to analyze, in the meantime I started wireshark again. The system was showing some new IPs and some of the packets are black color marked. Depending on the packet’s protocol and packets are delivered successful or lost is the way the colors vary from packet to packet.
After completion of entire process, I got mainly these IP addresses:
1) 71.83.242.128
(My IP address, when I use LAN)
2) 192.168.1.19
(My IP address, when I use Wi-Fi)
2) 207.171.185.201
(Amazon web services IP)
3) 117.195.114.185
(This is for Wi-Fi router settings)
4) 173.194.33.195
(One of the Google’s server IP address)
5) 174.129.4.54
(www2.gibson.com IP address)
With these IP addresses there were some invalid IP addresses too which I think are IP addresses of intermediate servers and routers which come between the destination and source.
Screen shot 1
Menu bar: Provides different options like save, start, stop, analyze, statistics for captured packets etc.
Option bar: Provides direct access to frequently using options.
Filter bar: Gives the ability to search within results by using different criteria.
Packet Trace Window: All the information about catured packets are displayed in this window.
Source IP address & Destination IP address: Gives information about the source and destination of the packet.
OSI Layer Info: This window provides details regarding different layers communication, how and what versions layers are following, what is the exact communication, type of packet, protocol working, fields details of packet header etc.
Besides these there is other information also like packet number, total number of packets captured, length of packet, data details of communication between layers etc.
When we right click on the OSI layer info window we get other options like protocol help, disable protocol, some filter related options, which port is using for communication, port number for outgoing and port number for incoming etc.
Screen shot – 2
This screen shot is showing packet details when the router is communicating with www2.gibson.com.
This is the part of the packet trace window while browsing different pages of gibson.com. When I examined later I found that 192.168.1.19 is my IP address, basically 192.168.1.1 is the default gateway because I was using a Wi-Fi connection at that time, and .19 is assigned to my laptop via the router. One more interesting thing I found is that if I switch off the router, and disconnect all the devices, restart the router again then it will reassign the IP address sometimes the same IP and sometimes a different IP address depending on the number of devices connected to the router at that time.
The packet number 399 is showing a HTTP request packet which is requesting a connection to gibson.com’s server and the size of this request packet is 1386 bytes. There are many other packets which consist of some information regarding connections with gibson but having different IP addresses. Showing that those are intermediate routers which are used to route the request in the correct direction. For example, 103.245.222.134, when my IP address is in source IP address that is indicating that my system is sending a request to the destination where as if my IP address is a destination IP address that is indicating that my system is getting a response from the source.
While analyzing I got that there are many protocols used in this conversation for example HTTP, TCP, DNS etc. For every request of a new page first DNS protocol is used for communication between my laptop and the Wi-Fi router, then the Wi-Fi router communicates with gibson.com and uses TCP with HTTP protocols, HTTP protocol for the request and response from servers and TCP protocol to get assurance of the delivery of packets with the help of SYN, ACK and FIN flags.
The IP address for gibson.com is 174.129.4.54, and when I typed that in web browser and press enter it navigated me to http://www2.gibson.com/Gibson.aspx page.
While working on this I saw there is www2 used in this by which I was not much familiar, so I did some research on this and found that this is the same as www, and used for server load balancing.
Purpose of WinPcap (Windows Packet Capture)
WinPcap is basically a library which includes a driver to support capturing packets, since wireshark is a packet capturing software it needs a libpcap library which support in packet capturing. In windows operating system the role of libpcap library is done by WinPcap.
Conclusion
There were many topics from book covered in this, some are IP addresses, networking layers, packets, HTTP, TCP, FTP, DNS etc. protocols, network communication etc. With this it was a good experience to learn how packets travel on network, how one router communicate with other router, different TCP packet’s flag like ACK, FIN, SYN etc.
The most important concept which I learn in this assignment is, how different protocols work on different packets and between different layers of network. I always had confusion regarding why we need these many layers in networking but it is clear now that this is a step-by-step process and at each step layers add some stuff on data to encrypt that and make that compatible for next layer input.
Installation of wireshark was quite easy but in starting I found it a bit problematic because there were too many IP addresses and whenever I type them in browser it used to show invalid page or error. But after sometime I realized that those were addresses of intermediate routers or servers which do not have any web page just use to redirect towards destination IP address.
References
3rd edition, Mike Meyers. Managing and Troubleshooting Networks. Published by:
McGraw Hill Publications.
Wireshark Download. Retrieved from:
http://www.wireshark.org/download.html
Wireshark user guide. Retrieved from:
http://www.wireshark.org/docs/wsug_html_chunked/
Wireshark wiki pages. Retrieved from:
http://wiki.wireshark.org/
Wireshark WinPcap. Retrieved from:
http://wiki.wireshark.org/WinPcap
Running Glossary
ACK: Acknowledgment regarding receipt of the packet, used in TCP
DNS: Domain Name System, naming systems for computer or devices use Internet
FIN: Finish, indicating that the transmission is done
HTTP: Hyper Text Transfer Protocol used for web related data communication for the WWW.
Open Source: A software for which license is not needed.
Server load balancing: Use to distribute load on more than one servers.
SYN: Sync packet used to establish a connection
TCP: Transmission Control Protocol used for reliable data communication
WinPcap: A library having packet capturing driver
Winshark: A network packet analyzer software
www2: Used for load balancing on server
Menu bar
Source IP address of the packet
Option bar
Filter bar
Data details of selected packet
OSI Layer Info
Packet’s protocol
Packet Trace Window
Destination IP address of the packet
Information related to packet.