Network Book New - 1

Contents at a Glance
Part 1
Introduction to Networking
Classifying Network by Geographical Area
Classifying Network by Network Topology
Classifying Network by Network Model
Network Terms
CSMA/CD
Types of Switching
Differences between Bandwidth and Speed
Network Standardization & Organizations
History of Computer Network & Internet Growths
About IP Address
Regional Internet Registries (RIRs)
IPv4 Addressing
OSI 7 Layers
Protocols & TCP/IP Utilities
Link Layer Protocols
Ethernet Frame Format
Network Layer Protocols
IPv4 Packet Format
IPv6 Packet Format
ICMP Message Format
Transport Layer Protocols
TCP & UDP Header Format
Application Layer Protocols
IPv6 Addressing
VPN (Virtual Private Network)
Network Security
Cloud Computing …
Network Devices
Network Interface Cards
Network Cables and Connectors …
Network Interface Management
Optical Spectrum and Fiber Optic Cable
WAN
Network Book New (1) Page 1

❖ About Network
○ Devices Devices
Network
❖ Networking
○ Device Information (Data) Devices Shared
Devices Communication Devices
Networking
❖ Networking Advantages
○ Sharing Data
○ Sharing Software
○ Sharing Hardware
❖ Networking Disadvantages
○ Data Unsecure
○ Unauthorized Access
○ Maintenance Problems

❖ Network Setup Requirements
○ Network Setup
 Networking Devices OR Network Equipments
(Routers , Switches , Hub , Firewall , etc..)
 Network Medium or Media

(Wired or Wireless / Coaxial , Twisted Pair , Fiber , Wi Fi)
 Network Nodes
(Server , Client (PCs) , Phones , etc..)
 Network Protocols
(IP , TCP , IP , HTTP , FTP , etc..)
❖ Network Categories
○ Network Environment Network
1. Classifying Network by Geographical Area

2. Classifying Network by Topology
3. Classifying Network by Network Model or Resource Location

❖ Classifying Network by Geographical Area
○ Network Geographical Area Network
Network Network
○ Network (4)
1. LAN
2. WAN
3. MAN
4. CAN
5. PAN
6. SAN
LAN
○ Local Area Network
○ (OR) Apartment Network OR
Networks Interconnect Internetwork LAN Routers
○ Networks LAN
○ LAN High Speed Network
○ Ethernet LAN Network
○ SOHO (Small Office / Home Office) LAN
LAN Standard Connections
1. 802.2 (LLC) (Logical Link Control)

2. 802.3 (Ethernet) (CSMA-CD , CSMA-CA)
3. 802.5 (Token Ring)
4. 802.11 (Wi-Fi)

WAN
○ Wide Area Network
○ Sites (Networks OR Internetworks)
○ Sites Service Provider (ISP) Connections
T1 ATM Sites
○ Sites (Networks) Network WAN
○ Internet WAN
○ Internet Sites Network WAN
○ WAN Sites
○ WAN Speed LAN Speed
WAN Technologies
 Baseband and Broadband
 Packet Switching and Circuit Switching
 POTS and ISDN Network
 Synchronous Channel and Asynchronous Channel
WAN Standard Connections

1. DSL (Digital Subscriber Line)
2. ADSL (Asymmetric Digital Subscriber Line)
3. X.25
4. Multiprotocol Label Switching (MPLS)
5. Frame Relay
6. ATM (Asynchronous Transfer Mode)
7. Point to Point WAN Connections (T Carriers , E Carriers)
8. High Speed Through Satellite
9. SONET (Synchronous Optical Network) [POS , Packet Over SONET]

MAN
○ Metropolitan Area Network (MAN)
○ WAN Area Network
○ WAN Sites Service Provider
○ MAN Sites Very High Speed Connection
Service Provider Speed
○ MAN Network Companies Offices
Network University
Network
○ Sites MAN WAN WAN Connection
Sites MAN Sites
Lines
○ Sites MAN Networks Fiber Optic Connection
MAN Technologies
 Metro Ethernet
 FDDI
 ATM
MAN Standard Connections

1. Point to Point Connections (Leased Lines) (T1 , T2 , etc..)
2. SONET (High Speed Fiber)
3. FDDI

CAN
○ Campus Area Network
○ Campus University Campus Company Campus , Organization Campus
○ Campus LAN MAN

○ Series of LANs Interconnect Network CAN
○ Several Square Miles Industrial Park, Business Park CAN Network
SAN
○ Storage Area Network
○ Storage Devices Very High Speed Data Network
○ SAN LAN or MAN or WAN Network Segment LAN / MAN / WAN Data
Stored Network Location

PAN
○ Personal Area Network
○ Small Area Devices Network
○ PAN Devices 2 Network
○ PAN Network Bluetooth Connect
○ PAN Limited Area , Limited Speed , Limited Devices Limitations
○ Bluetooth Network ..
Classifying Network by Network Topology

○ Network Topology
○ Network Networking Equipment End User Devices
Design Network Topology
○ Network Topology Types (7)
 Bus
 Mesh
 Ring
 Star
 Hybrid
 Hub and Spoke
 Tree
○ Network Topologies (7) (2)

1. Physical Topology
2. Logical Topology
(Example, Ring Topology is Physical Star, Logical Bus)
○ Network Topologies Network

◊ Speed
◊ Reliability
◊ Security
◊ Costing
◊ Maintaining

Bus Topology
○ Bus Topology All Network Nodes Single Shared Cable Connected
○ Single Cable Network Nodes Data Frames

Cable Bus
○ Bus Cable
 A trunk
 A backbone
 A Segment
Bus Components
○ Bus Network Coaxial Cable Create
○ Central Shared Cable (Bus Cable) Coaxial Cable
○ Bus Network Nodes Transceiver Transceiver Bus Network
Card
○ Transceiver Computer Digital Signals Bus Network Signals
○ Network Nodes Central (Bus Cable) BNC Barrel Connector OR T Connector

(Vampire Tap)
○ Bus Network (Coaxial Cable) Signal Bounce Terminator

○ Bus Network Components
 Coaxial Cable
 Transceiver (Bus Network Card)
 Terminator
 BNC Connector
 T Connector (or Vampire Tap)
 (T Connector in 10Base2)
 (Vampire Tap in 10Base5)
 Barrel Connector

❖ Bus Topology and Signal Bounce
○ Signal Bounce Bus Network Computer Signal Bus (Trunk)
Signal Bounce
○ Signal Bounce Data Network Loop
Data Package Computer Data Package Signals 2
Bounce Bus (Trunk) Signal 2 Data Lost
Computers Retransmit
○ Signals Bounce Problem Bus Network Loop Signal Bounce Terminators
( )
○ Bus Network Terminators Bus (Trunk)
Terminator Segment Computers
Communicate
○ Terminators Resistance Terminators
Bus Network Terminators 50 Ohms

Coaxial Cable
○ Coaxial Cable (OR) Coax
○ Solid-Core Copper Wire Copper Wire Data
○ Insulation Layer Dielectric
○ "foil shield" Electro Magnetic Interference (EMI)
○ "Braided Shield" Cable Strength Plastic Cover
BNC Connectors
○ Bayonet Neil Concelman
○ Coaxial Cable

Bus Cables and Standards
○ Bus Cable Coaxial Cable Environments TV Cable ,
Radio Station Cable , Telephone Exchange Cable Coaxial Cables
○ Network Coaxial Cable Distance
▪ Thinnet (10Base2)
▪ Thicknet (10Base5)
Thinnet (Thin Ethernet)

▪ RG-58 Cable
▪ 1/4 (0.25) inch
▪ 50 Ohm or 52 Ohm (Ohm = Resistance)
▪ Thinnet Short-Distance Communication
▪ Maximum Length 185 meters Nearly 200 meters 10Base2
▪ Speed 10 Mbps
▪ Thinnet Bus Network 10Base2 Network
Thicknet (Thick Ethernet)

▪ RG-8 Cable
▪ 1/2 (0.5) inch
▪ 75 Ohm
▪ Thicknet Long-Distance Communication
▪ Maximum Length 500 meters 500 meters 10Base5
▪ Speed 10 Mbps
▪ Thicknet Bus Network 10Base5
Other Coaxial Cable

▪ Coaxial Cable RG-59 Coaxial Cable RG-6 Coaxial Cable TV , VCR , Satellite ,
Fixed Wireless Internet / Wireless TV Services
▪ RG-59 Coaxial Cable Short Cable RG-6 Cable Long Distance Cable
▪ RG-59 or RG-6 Coaxial Cable BNC F-Connectors

Bus Topology Advantages and Disadvantages
○ Bus Topology Advantages
▪ Bus Additional Devices Hubs Switches Cost
▪ Install Maintaining (Upgrading) New Node
▪ Cables
▪ Lower Costs to Establish
○ Bus Topology Disadvantages

▪ Bus Cable The whole connection lost
▪ A period of time .. Maintenance Maintaining
Costs Expensive
▪ Data Communication Network Topologies
▪ Network Nodes Limited
▪ Network Nodes The whole connection speed

Ring Topology
○ Ring Topology IBM Create
○ Ring Topology All Nodes Bus Topology Bus
Ring Topology Ring All Nodes Connected
○ Ring Topology Logical Ring Shape Physical Ring Shape Ring

Topology Physical Network Star
○ Ring Topology Circuit Start Point End Point Nodes
Connected Direction
○ Data Token Datagram Node Ring Direction
Node Node Ring
○ Ring Topology Single Ring (One Direction) Dual Ring (Two Directions) Ring Types 2
Dual Ring Redundant Ring
○ Token Ring Network 4 Mbps (OR) 16 Mbps Speed 16 Mbps Token Ring
Network High Speed Token Ring Network
○ Token Ring Network Components 2

▪ Token Network Cable
▪ Multi-station Access Unit (MAU Device)

MAU and Token Ring Cables
○ Token Ring Network
1. (Single MAU) MAU Computers (Old Token Ring Network)
2. Multiple MAUs (New Token Ring Network)
○ Token Ring Network Ring-In (RI) Port Ring-Out (RO) Port RI RO
MAU
○ Single MAU MAU Computer Ring-In (RI) port
Computer Ring-Out (RO) Port MAU Ring Out Port
○ Single MAU Cable MAU Transmit Port Transmit Pair MAU
Transmit Circuit Connected Receive Port MAU Receive
Circuit Connected
○ Token Ring Network Limitation (Hosts) Multiple MAUs

○ Multiple MAUs MAU Port Types
○ MAU RO MAU RI

Ring Topology Process
○ Token Frame Type Ring Network Sequentially

○ Node Data Token
Token Addresses Information Ring
(Data )
○ Token Destination Workstation Workstation
○ Workstation Token Address Information Address

Token (Signal) Repeat Token Ring Network
○ Token Destination Workstation Address Token

Acknowledge "Flag" Token Network
○ Acknowledge Flag Token Node Node Data Token (Data Carried Frame)
Ring Network
Token Ring and Active Monitoring

○ Token Ring Network Node Active Monitor ( Randomly Node
Node )
○ Active Monitor Token Ring Active Monitor Node
Token Delete
○ Active Monitor Node Repeat Monitoring Ring Network Token Timing Clocking
Functions Control

Token Ring Topology and FDDI
 Fiber Distributed Data Interface (FDDI) (Token Ring Topology Network
Token Ring Network )
 FDDI Central Device MAU FDDI Network Nodes
Ring Network
 Single Ring Data Redundancy / Fault Tolerance "Counter Rotating Ring
Topology" Dual Ring Design

Star Topology
○ Most Popular used
○ Star Topology All Nodes Central Network Device Connected
○ Network Nodes Nodes Data Central Network
Device Nodes
○ Network Node Node Data Central Network Device

Data (Frame) Copy Nodes Broadcasts
○ Star Topology Nodes Node Down Nodes
○ Central Network Device Down

○ LAN or WAN Networks Star Topology
○ Star Topology Cables Central Network Device
Network Device
○ Wireless Networks Star Topology
Star Topology Advantages and Disadvantages

○ Star Topology Advantages
▪ Node Direct Communication
▪ Implement Maintenance
▪ Network Segments Problems
▪ Troubleshooting Recovery Quickly
○ Star Topology Disadvantages

▪ Central Node Down the whole network Down
▪ Network Traffics Central Node Network Traffics
Increases

❖ Mesh Topology
○ Mesh Topology Connect Network Nodes Nodes
Point-to-Point Mesh Topology
○ Mesh Topology Star Node Link
Mesh Topology
○ Mesh Topology Network Paths Redundancy Mesh Topology
Too Expensive
○ Mesh Topology Mesh Topologies Types 2
 Full Mesh Topology
 Partial Mesh Topology
 Full Mesh
○ Network Nodes Network Nodes One Connection
Connected
Full Mesh
 Full Mesh Formula

L = n * (n-1) / 2 (L = number of links) (n = number of nodes)
L = 10 * (10-1) / 2 = 45 (45 Links Require )
○ Full Mesh are also used in highly available and highly fault-tolerance WAN Sites.

 Partial Mesh
○ Partial Mesh Network Nodes Connected Nodes
Connected
Partial Mesh
○ Partial Mesh Topology Network Bandwidth Efficient WAN Sites

Fault-Tolerance WAN Sites

Hub and Spoke Topology
• Widely used in WAN Sites and Internetworking.
• Hub and Spoke Topology
1. Main Site Hub Site
2. Remote Sites Spoke Sites
○ Hub Site Spoke Sites 2 Spoke Sites
○ Spoke Sites Data Transfer

Hub Site Data Transfer
 Internetwork Hub Site Location Hub Site Down

Spoke Sites network

❖ Classifying Network by Network Model or Resource Location
○ Network Model Network Relationship
○ Network Models Types 2
1. Peer-to-Peer Network (Workgroup Model)
2. Server-Based Network or Client/Server Network (Domain Model)
1. Peer-to-Peer Network (Workgroup Model)

○ Peer Networks
○ Equal Situations Nodes , Computers Connected
○ Network Nodes Equal Level Peer Network Authentications
Authorizations
○ Nodes Accounts Nodes Shared Access
○ Computers Workgroup Name

2. Server-Based Network or Client/Server Network
○ Server Based Network Unequal Situations One Node Server

Data Storing Sharing
○ Other One Node Client Server Data Access
○ Server Nodes Management

○ Server All Nodes Master Authentications
Authorizations
○ Workgroup Model Domain (Active Directory) Server Setup
Network Nodes Domain Member
 Server Clients Data Shared Network File System

(NFS) Service
 Server Shared Data Server' Internal Storage Units

Shared NAS (Network Attached Storage)

Client
○ Computer
▪ Computer Management
▪ Computer Resources / Services
▪ Computers Authentications Authorizations
○ Client Computer
▪ Hardware Computers Desktop PCs (Cloned / Branded /
Workstation / All In One) Computers Laptop Computers
▪ Software PC Operating Systems Windows XP , Vista , 7 , 8 , 8.1 , 10
Server
○ Computer
▪ Computers Management
▪ Computers Resources / Services
▪ Computers Authentications Authorizations
○ Server Computer
▪ Hardware High Performance Computers Server Hardware
▪ Software NOS Operating Systems (Network Operating System)
 Windows 2000 Server
 Windows Server 2003
 Windows Server 2003 R2

Segment
Backbone
Node/Host
❖ Internet
○ A journey of a thousand sites.
○ Early….Sneaker net , 1960s … ARPANET is Created , 1980s …. Internet
○ Internet ARPANET (Advanced Research Projects Agency Network) Developed

❖ Intranet
○ LAN Intranet
○ Intranet Controlled Network
○ Authorization Users (Remotely or Physically) Intranet (Network)
Control
❖ Extranet
○ Extranet Intranet Network Extranet
○ LANs Extranet
○ MAN Extranet
○ Extranet Company Company Branch Sites
Interconnect Network
❖ Ethernet
○ Ethernet Ethernet Twisted Pair (UTP) Cables RJ45
Network
○ Ethernet Coaxial Cables Coaxial Cables
Networks Ethernet
○ Ethernet Mediums Cable Types
○ IEEE 802.3 Standards Networks Ethernet LAN Ethernet

❖ Internetworking
○ Networks (LANs) OR IP Address LANs Networks
Internetworking
❖ Wireless Local Area Network (WLAN)

○ Wireless Network
○ Radio Wave Technology Modulation Technologies Communication
○ WLAN Connected Wireless Nodes Limited Geographical Area
❖ Catenet (Catenated Network)

○ Gateway Connected Group of Networks Catenet
○ Internet Group Networks Catenet

Bandwidth / Throughput
• Also called throughput
• Data capacity of a link, how much data can be passed per unit time
Latency
• Delay between source and destination.
• Delay occurs because of
▪ Distance
▪ Routing
▪ Interference / Noise
Jitter
• Variation in latency during an transmission
• Jitter impacts real-time applications like voice calling and video streaming
Bottleneck
• Bandwidth become slower at some where in network. EG ISP Link

CSMA-CD
• Early Ethernet network is Bus Topology. (10BASE2 , 10BASE5)
• Ethernet network using a shared bus topology
• Ethernet permits only a single frame to be on a network segment at any one time.
• So, before a device in this network transmits, it listens to the wire to see if there is
currently any traffic being transmitted.
• If no traffic is detected, the networked device transmits its data. However, what if two
devices simultaneously had data to transmit?
• If they both listen to the wire at the same time, they could simultaneously, and
erroneously, conclude that it is safe to send their data.
• However, when both devices simultaneously send their data, a collision occurs.
• A collision cause data corruption.
• Ethernet was designed with a mechanism to detect collisions and allow the devices
whose transmissions collided to retransmit their data at different times.
• Specifically, after the devices notice that a collision occurred, they independently set
a random back off timer.
• Each device waits for this random amount of time to elapse before again attempting
to transmit.

• The procedure used by Ethernet to determine whether it is safe to transmit, detect
collisions, and retransmit if necessary is called "Carrier Sense Multiple Access Collision
Detection" (CSMA/CD).
• CSMA/CD down into its constituent components:
Carrier sense: A device attached to an Ethernet network can listen to the wire, prior to
transmitting, to make sure that a frame is not currently being
transmitted on the network segment.
Multiple access: Unlike a deterministic method of network access (for example, the
method used by Token Ring), all Ethernet devices simultaneously
have access to an Ethernet segment.
Collision detect: If a collision occurs (perhaps because two devices were simultaneously
listening to the network and simultaneously concluded that it was safe
to transmit), Ethernet devices can detect that collision and set random
back off timers. After each device’s random timer expires, each device
again attempts to transmit its data.
 Even with Ethernet’s CSMA/CD feature, Ethernet segments still suffer from scalability
limitations.
 Specifically, the likelihood of collisions increases as the number of devices on a shared

Ethernet segment increases.
 CSMA/CA refers to using collision avoidance, which is common in wireless networks

Collision Domain
• Ethernet, devices on a shared Ethernet segment are said to belong to the same collision
domain.
• Switch port is connecting to a single device, there is no chance of having a collision.
• With no chance of collision, collision detection is no longer needed.
• With collision detection disabled, network devices can operate in full-duplex mode
rather than half-duplex mode.
• In full-duplex mode a device can simultaneously send and receive at the same time.
• When multiple devices are connected to the same shared Ethernet segment such as
a Layer 1 hub, CSMA/CD must be enabled.
Broadcast Domain

Types of Switching
• There are 4 types of switching,
1. Layer 2 Switching
4. Multi-layer Switching (MLS)
• A standard switch is known as a layer 2 switch and is commonly found in nearly any
LAN
• Layer 3 or layer 4 switches require advanced technology and are more expensive, and
thus are usually only found in larger LANs or in special network environments.

Layer 2 switching
• Layer 2 switching uses the MAC address from the host's network interface cards (NICs)
and mapping those addresses with port numbers to built "Forwarding Information Base
(FIB)".
• FIB can also called MAC Table or CAM Table.
• Modern CAM Table can store MAC Addresses up to 8000 entry.
• By using those (MAC or CAM) table, switches make decisions to forward frames.
• Switches use application-specific integrated circuit (ASICs) to build and maintain MAC
tables and also make forward decisions (with CPUs).
• Layer 2 Switch doing three stages
1. Address Learning
2. Forward / Filter Decisions
3. Loop Avoidance
Forwarding information base (FIB)

• A forwarding information base (FIB), also known as a forwarding table or MAC table, is
most commonly used in network bridging, routing (L3 Switching), and similar functions
to find the proper interface to which the input interface should forward a packet. It is a
dynamic table that maps MAC addresses to ports.
• Content-addressable memory (CAM) is typically used to efficiently implement the FIB,
thus it is sometimes called a CAM table.

Content-addressable memory
• Content-addressable memory is often used in computer networking devices.
• Content-addressable memory (CAM) is purpose-built for extremely fast but very specific
type of memory lookups.
• MAC address table is usually implemented with a binary CAM so the destination port can
be found very quickly, reducing the switch's latency.
• Because a CAM is designed to search its entire memory in a single operation, it is much
faster than RAM in virtually all search applications.
• Unlike a RAM chip, which has simple storage cells, each individual memory bit in a fully
parallel CAM must have its own associated comparison circuit to detect a match between
the stored bit and the input bit.
• CAM chip cost higher than RAM chip.
• CAM chip are SRAMs.
Difference between RAM and CAM

• Random Access Memory (RAM) performs lookups using a memory address and which
then returns the data from the address.
• CAM lookups do the opposite. A function calls the CAM by passing a key that consists of
data word structure and the CAM lookup returns memory addresses.
Types of CAM
• There are two types of CAM (Hardware Architecture)
1. Binary CAM
(Used in L2 Switches, Two States 0 or 1)
2. Ternary CAM
(Used in L3 Switches and Routers, Three States 0 or 1 or care/don't care bit)

Application-specific integrated circuit (ASIC)
• The ASIC is basically a CPU that is not a general purpose CPU.
• ASIC is an integrated circuit (IC) making switching decisions very quickly.
• Not only making switching decisions but also build and maintain MAC tables.
• Commonly, in earlier networks, as they grew, enterprises began to experience slower
network performance. Ethernet bridges (an early version of a switch) were added to
networks to limit the size of the collision domains.
• In the 1990s, advancements in integrated circuit technologies allowed for LAN switches
to replace Ethernet bridges. These LAN switches were able to move the Layer 2
forwarding decisions from software to application-specific-integrated circuits (ASICs).
ASICs reduce the packet-handling time within the device, and allow the device to handle
an increased number of ports without degrading performance.
• This method of forwarding data frames at Layer 2 was referred to as store-and-forward
switching.
▪ The store-and-forward method makes a forwarding decision on a frame after
it has received the entire frame and then checked the frame for errors.
▪ The cut-through switching method begins the forwarding process after the
destination MAC address of an incoming frame and the egress port has been
determined.
• Modern ASICs often include entire microprocessors, memory blocks including ROM,
RAM, EEPROM, flash memory and other large building blocks.

Layer 3 Switching
• Layer 3 switching based on (destination) IP address stored in the header of IP
datagram.
• Layer 3 switching using microprocessors to make forwarding decisions in software.
• Comes to Layer 3 switching, there are two kinds of switching,
1. Hardware based Layer 3 Switching
2. Software based Layer 3 Switching
• With a hardware-based solution, the device is using an ASIC (a dedicated chip) to

perform the function.
• With the software implementation, the device is using a computer processor and
software to perform the function.
• Primarily used for "Inter-VLAN routing".
Layer 4 Switching
• Layer 4 switching means hardware-based layer 3 switching technology that can also
consider the type of network traffic (for example, distinguish between HTTP, FTP or
VoIP).
• Layer 4 switching provides additional datagram inspection by reading the port numbers
found in the Transport layer header to make routing decisions (i.e. ports used by UDP
or TCP).
• The largest benefit of layer 4 switching is that the network administrator can configure
a layer 4 switch to prioritize data traffic by application, which means a QoS can be
defined for each user.
Multi-layer switching (MLS)

• Multi-layer switching combines layer 2, 3 and 4 switching technologies and provides
high-speed scalability with low latency.
• Multi-layer switching can make routing/switching decisions based on the following
 MAC source/destination address in a Data Link frame
 IP source/destination address in the Network layer header
 Protocol field in the Network layer header
 Port source/destination numbers in the Transport layer header

Switch Frame Forwarding Types
○ Switch Frame Frame Forwarding Switching Methods
( ) Forward
1. Cut-Through Switching
2. Store and Forward Switching
3. Fragment Free Switching
Cut Through Switching

○ Cut Through Switching Frame Minimal Information
Forward Switching
○ Cut Through Switching Switch Layer 2 Frame Destination MAC
Address MAC Address Port Forward
○ Cut Through Switching Frame Destination Address Forward
Switching Cut Through Switching
Latency Decrease
○ Frames Destination MAC Address Forward
Cut Through Switching Switching Methods Switching
○ Frames Frame Valid

Error
○ Cut Through Switching Cisco Data Center Series Switches Nexus Switches
○ Nexus Series Switches Cut Through Switching Layer 2 Frame

Destination MAC Address Frame Ether Type
Ether Type IPv4 Frame Access Control List
Information QOS (Quality Of Service) Information
Switch Port Blocking Maintenance

Store and Forward Switching
○ Store and Forward Switching Switch Frame Forward
Frames Frame Frame
FCS (Frame Check Sequence) Frame Corrupted
Corrupted Frame Forward
○ Frame Corrupted
Network Corrupted Frames Bandwidth Loading
Frames Corrupted Redundancy
○ Frame FCS Forward
Store and Forward Switching Cut Through Switching
○ Store and Forward Switching Frame FCS Ethernet

Frame FCS Frame FCS Switch
FCS Frame Corrupted Port
Forward Frame Forward

Fragment Free Switching
○ Layer 2 Frames (Ethernet Frames) Frames Collision
Network Entire Frame Collision
Frame 64 Bytes Collision
○ Frames Network 64 Bytes Data Collision

Ethernet Collision Detect System CSMA/CD Collision
○ Fragment Free Switching Cut Through Switching Store and Forward Switching
Methods Switching Method
○ Fragment Free Switching Frame Collision
Frame Forward
○ Fragment Free Switching Frame Receive Frame
64 Bytes Receive Frame Network Collision
Forward
○ Fragment Free Switching Entire Frame Frame
Forward FCS Frame Error
Collision
○ Entire Frame Delay
Collision Frames Destination

The Differences between Bandwidth and Speed
• A link in a network is determined by two factors, bandwidth and speed. These are
usually the same but not always.
• Definition: Speed is bit rate of the circuit while bandwidth is the amount of “speed”
available for use.
• As an example, a 500 Megabit Ethernet MPLS service which uses a 1 Gigabit Ethernet
connection to site would have a bandwidth of 500Mbps and a speed of 1 Gbps.
• Speed is commonly determined by the physical signaling of the underlying network.
• The most common example is a Link Aggregation where a number of Ethernet

connection are bonded into a single interface. The bandwidth is the sum of the total
connections but the speed is determined by the physical network connection.

❖ Network Standardization & Organizations
○ Network Setup Items Standard ( ) Network Standard
○ There are three main types of networking-related standards.
1. De facto Standards
▪ De facto standards Based Standard All vendors
De facto standards Vendors Network
▪ EG. (Network Connectors , Cables , Speed , etc..)
2. Proprietary Standards
▪ Proprietary standards Vendor Create
Standard Vendor
▪ Vendor
▪ EG. (Cisco , Unix , IBM , etc..)
3. Open Standards
▪ Open standards Vendor Create
Creation Vendors Upgrade
▪ Vendors Create
▪ EG. (USB , Wireless , Linux , etc..)

❖ American National Standards Institute (ANSI)
○ ANSI United State Organizations , Companies Invention

Products (Quality Control) Based-Line Standards
Organization (Electronic Industry , Chemical , Health , Constructions , etc )
○ ANSI Industries Governments
○ ANSI Global Products Standardization ( )

Global Standardization 2
International Organization of Standardization (ISO) Standard

○ Switzerland , Geneva
○ 157
○ Company Products Quality Standard
(All Products Including Electric ,
Chemical , Health , etc..)
International Electrotechnical Commission (IEC) Standard

○ Electronic Products Technologies Quality Standard
○ Headquarters Geneva Switzerland 60

Institute of Electrical and Electronics Engineers (IEEE)
○ I-triple-E (I E E E )
○ Electrical Engineering Field Computer Science Field
Development Developers Engineers
○ Membership Scientists , engineers , Computer Scientists , etc..
○ Network Equipment IEEE

Working Group IEEE 802.x
○ IEEE 802.x Working Group Networking Equipment

Products Standard ( ) Product Standardization
Paper
○ IEEE Working Group Product Standardization Paper
Companies Networking Equipment
○ IEEE 802.x Working Group Working Groups 22

❖ IEEE 802. Working Groups
○ IEEE 802. Working Groups Networking Technologies LAN , MAN , WAN
Technologies Standards
○ IEE 802. Working Groups Active Groups
 Active Groups
▪ 802.1 Higher Layer LAN Protocols Working Group
▪ 802.3 Ethernet Working Group
▪ 802.11 Wireless LAN Working Group
▪ 802.15 Wireless Personal Area Network (WPAN) Working Group
▪ 802.16 Broadband Wireless Access Working Group
▪ 802.17 Resilient Packet Ring Working Group
▪ 802.18 Radio Regulatory Technical Advisory Group
▪ 802.19 Coexistence Technical Advisory Group
▪ 802.20 Mobile Broadband Wireless Access (MBWA) Working Group
▪ 802.21 Media Independent Handoff Working Group
▪ 802.22 Wireless Regional Area Networks
 Inactive Groups
▪ 802.2 Logical Link Control Working Group
▪ 802.5 Token Ring Working Group
 Disbanded Groups
▪ 802.4 Token Bus Working Group
▪ 802.6 Metropolitan Area Network Working Group
▪ 802.7 Broadband TAG
▪ 802.8 Fiber Optic TAG
▪ 802.9 Integrated Services LAN Working Group
▪ 802.10 Security Working Group
▪ 802.12 Demand Priority Working Group
▪ 802.14 Cable Modem Working Group
▪ QOS/FC Executive Committee Study Group

❖ US Standard Organizations
○ US Electrical Products Telecommunication Products
Standardization Organizations
○ EIA TIA
○ EIA / TIA American Standardization ANSI
Globally Standardization
Telecommunications Industry Association (TIA)

○ Telecommunications technologies Standard Corporations
○ Radio Signal Equipment , Cellular Towers , Satellites

Standard
○ EG. TIA-942 for Data Center Standard , TIA-222-G for Antennas
Electronic Industries Alliance (EIA)

○ EIA United States Electric Device Manufactures Companies
Corporations
○ Standard Companies
Corporations

❖ ITU
○ International Telecommunication Union International
Telegraph Union
○ Geneva , Switzerland
○ United Nations (UN) Information
Communication Technologies Specialized UN
○ Global telecommunication facilities development , Data network development

Organization
○ Telecommunication Companies Development

Internet Society (ISOC)
○ Internet Technical Standards 1992
Non Profit Organization
○ Internet Technologies Research and Development
180 Professional Members 80,000
Internet Engineering Task Force (IETF)

○ IETF Internet Society (ISOC) Organization
○ IETF Internet Technologies Development Maintenance
Discussion Groups Organization
○ IETF Create Committee Groups
 Internet Architecture Board (IAB)
 Internet Assigned Numbers Authority (IANA)
 Internet Engineering Steering Group (IESG)
 Internet-Drafts
 Request for Comments (RFCs)
○ IETF Birds of a Feather (BOF) discussion group BOF discussion group

IETF Create Groups Groups
Group
Internet Architecture Board (IAB)

○ Internet Architecture Rules Defined , Managing Group

Internet Assigned Numbers Authority (IANA)
○ 1988 US Government
○ Playa Vista , California , US
○ Non-profit Organization
○ IANA Internet
▪ Global IP Address (IPv4 and IPv6 Addresses) Allocation
▪ Autonomous System (AS) Number Allocation
▪ Domain Name System Management (DNS) Root Zone Management
▪ MIME Type / Content Type (Media Types) Management
(Multipurpose Internet Mail Extensions)
▪ Internet Protocol Symbols and (Port) Numbers Management
▪ Time Zone Management
○ IANA Internet Functions 3
I. (Function 1) Internet Protocols Protocols Names Numbers

Register
II. (Function 2) Internet Top-Level Domain Names (DNS Root) Maintaining

Internationalized Domain Name (IDN) Registry
Maintaining
III. (Function 3) Internet IP Addresses Autonomous System (AS)

Numbers Provide

Internet Engineering Steering Group (IESG)
○ IETF Activities Deployment States
Internet-Drafts
○ Internet-Drafts IFTF Deploy Information Data
Documents
Requests For Comments (RFC)

• Request For Comments (RFC) is a paper describing a protocol or technology.
• RFC's are used as a platform to encourage and facilitate correspondence among the
engineers who are involved in developing a new technology or a protocol.
• RFCs help in providing feedback and collaboration among engineers.
• An RFC is a paper that has been written by an engineer, a team of engineers, or just
someone who has an innovative idea, to define a new technology or enhance an
existing technology.
• After an RFC is written and posted, it can be evaluated, and used by other engineers
and developers.
• If another engineer or developer can improve on the theory or standard, the RFC
provides an open forum to do so.
• An RFC can be submitted for review to the IETF (Internet Engineering Task Force).
• Engineers from the IETF review the papers that are submitted and assign a number to
each.
• From that point on, the RFC number becomes the effective "name" of the paper.
There are currently more than 5,000 RFCs. RFC's can be searched in RFC search
Engine, http://www.rfc-editor.org/rfcsearch.html, by using the RFC number or by the
technology name.

About IP Address
○ Internet Protocol (IP) Addresses
○ TCP/IP Networks Node Identifier
○ IP Address types 2
▪ IPv4 (Internet Protocol Version 4)
▪ IPv6 (Internet Protocol Version 6)
 (IPv4 32-bits Decimal Notation )

 192.168.1.1
 (IPv6 128-bits Hexadecimal Notation )

 2001:db8:0:1234:0:567:8:1
Address Space
○ IPv4 32 bits IPv4 Addresses Limits 232 IP Addresses
9
4,294,967,296 (Nearly 4.3 Billions) (10 )
(4.3 Billions Addresses Block Private Network Addresses (18 Millions)
Multicast Addresses (270 Millions) Reserved )
○ IPv6 128 bits 2128 IP Addresses

340,282,366,920,938,463,463,374,607,431,768,211,456 (340 undecillion addresses) (1036)
Standardization
○ 1981 IPv4 IETF publication RFC 791 Standardized
○ 1995 128-bits IPv6 IETF publication RFC 2460 Standardized
Transmission Guarantee
○ IPv4 (Internet Protocol Version 4) Protocol IPv6 (Internet Protocol Version 6) Protocol
Connection Less Protocol Data Guarantee IP Addresses Data
Guarantee Upper Layer Protocol TCP Protocol
Address Managing Organization

○ IPv4 IPv6 Address Spaces Internet Assigned Numbers Authority (IANA) Management
Regional Internet Registries (RIRs)
RIRs Internet Service Provider (ISP) (also called "Local Internet
Registries") Addresses Blocks

RIR and IANA
○ IANA IP Addresses Managing Regional Internet Registries (RIRs)
Create
○ RIR Internet Number IP Address Autonomous System (AS)
Numbers Management Organization IANA World
Regions RIRs 5
 AFRINIC (African Network Information Centre)

[Africa]
 ARIN (American Registry for Internet Numbers)

[US , Canada , Antarctica , Some Caribbean Region]
 APNIC (Asia Pacific Network Information Centre)

[Asia , Australia , New Zealand]
 LACNIC (Latin America and Caribbean Network Information Centre)

[Latin America , Parts of Caribbean Region]
 RIPE NCC (Reseaux IP Europeans Network Coordination Centre)

[Europe , Russia , Middle East , Central Asia]

AFRINIC
IPv4 Block IPv6 Block
41.0.0.0/8 2C00::/12
102.0.0.0/8 2001:4200::/23
105.0.0.0/8
154.0.0.0/8
165.255.0.0/16
196.0.0.0/8
197.0.0.0/8
ARIN
IPv4 Block IPv4 Block IPv6 Block
23.0.0.0/8 173.0.0.0/8 2001:0400::/23
24.0.0.0/8 174.0.0.0/8 2001:1800::/23
45.16.0.0/12 184.0.0.0/8 2001:4800::/23
45.32.0.0/11 192.0.0.0/8 2600:0000::/12
45.72.0.0/13 198.0.0.0/8 2602:0000::/16
50.0.0.0/8 199.0.0.0/8 2601:0000::/23
63 to 76 .0.0.0/8 204.0.0.0/8 2620:0000::/23
96 to 100.0.0.0/8 205.0.0.0/8
104.0.0.0/8 206.0.0.0/8
107.0.0.0/8 207.0.0.0/8
108.0.0.0/8 208.0.0.0/8
135.0.0.0/8 209.0.0.0/8
136.0.0.0/8 216.0.0.0/8
142.0.0.0/8
147.0.0.0/8
162.0.0.0/8
166.0.0.0./8
172.0.0.0/8

APNIC
IPv4 Block IPv4 Block IPv4 Block IPv4 Block IPv6 Block
1.0.0.0/8 126.0.0.0/8 137.59.0.0/16 192.140.120.0/17 2001:0200::/23
14.0.0.0.0/8 169.0.0.0/12 139.5.0.0/16 192.144.80.0/20 2001:0C00::/23
27.0.0.0/8 175.0.0.0/8 144.48.0.0/16 216.250.96.0/20 2001:0E00::/23
36.0.0.0/8 180.0.0.0/8 146.196.32.0/19 2001:4400::/23
39.0.0.0/8 182.0.0.0/8 146.196.64.0/18 2001:8000::/19
42.0.0.0/8 183.0.0.0/8 150.107.0.0/16 2001:A000::/20
49.0.0.0/8 202.0.0.0/8 150.129.0.0/16 2001:B000::/10
58.0.0.0/8 203.0.0.0/8 157.119.0.0/16 2400:0000::/12
59.0.0.0/8 210.0.0.0/8 160.19.48.0/21 2001:0DC0::27
60.0.0.0/8 211.0.0.0/8 160.19.208.0/20 2001:0DE8::/29
61.0.0.0/8 218.0.0.0/8 160.20.0.0/20 2001:0DF0::/29
101.0.0.0/8 219.0.0.0/8 160.20.40.0/21 2001:07FA::/32
103.0.0.0/8 220.0.0.0/8 160.20.48.0/20 2001:0DE0::/29
106.0.0.0/8 221.0.0.0/8 160.202.8.0/21 2001:0DB8::/32
110.0.0.0/8 222.0.0.0/8 160.202.32.0/19
111.0.0.0/8 223.0.0.0/8 160.238.64.0/19
112.0.0.0/8 43.224.0.0/13 162.12.240.0/21
113.0.0.0/8 43.236.0.0/14 163.47.4.0/22
114.0.0.0/8 43.240.0.0/14 163.47.8.0/21
115.0.0.0/8 43.245.0.0/16 163.47.16.0/23
116.0.0.0/8 43.246.0.0/15 163.47.18.0/24
117.0.0.0/8 43.248.0.0/14 163.47.20.0/23
118.0.0.0/8 43.252.0.0/16 163.47.32.0/21
119.0.0.0/8 43.254.0.0/15 163.47.40.0/22
120.0.0.0/8 45.64.0.0/16 163.47.44.0/23
121.0.0.0/8 45.65.0.0/20 163.47.47.0/23
122.0.0.0/8 45.65.16.0/20 163.47.48.0/20
123.0.0.0/8 45.65.32.0/19 163.47.64.0/18
124.0.0.0/8 45.112.0.0/12 163.47.128.0/17
125.0.0.0/8 45.248.0.0/13 163.53.0.0/16

LACNIC
IPv4 Block IPv6 Block
177.0.0.0/8 2001:1200::/23
179.0.0.0/8 2800:0000::/12
181.0.0.0/8
186.0.0.0/8
187.0.0.0/8
189.0.0.0/8
190.0.0.0/8
191.0.0.0/8
200.0.0.0/8
201.0.0.0/8
RIPE NCC IPv4 Lists

https://www-public.tem-tsp.eu/
~maigron/RIR_Stats/RIPE_Allocations/IPv4/ByNb/index.html
RIPE NCC IPv6 Lists

https://www-public.tem-tsp.eu/
~maigron/RIR_Stats/RIPE_Allocations/IPv6/ByNb/index.html
Check RIR Information by country here !

https://www-public.tem-tsp.eu/~maigron/RIR_Stats/index.html

IPv4 Addressing
○ IPv4 Address Decimal Notation
○ ( 172.16.30.56 ) IP Address
○ IP Address Decimal Numbers (4) Decimal Number

"." Dot IP Address Dotted Decimal Notation
○ Decimal Number Octet IP Address 4 Decimal Numbers

IP Address Octets 4
172 . 16 . 30 . 56
(Octet) . (Octet) . (Octet) . (Octet)
○ Decimal Number 1 Computer Binary Numbers ( / ) 8

bits
○ Decimal Numbers 4 IP Address Binary Numbers

Binary Numbers 32 (32 bits)
○ Decimal Number IP Address Computer (Machine)

( / ) Binary IP Address Binary
172 . 16 . 30 . 56
( 11001010 . 110101010 . 11101011 . 11010011 )
IPv4 Traffic Types

○ IPv4 Traffics
1. Unicast
2. Multicast
3. Broadcast

❖ Types of IP Address
○ IP Address (2)
1. Public IP Address
2. Private IP Address (Non-Routable)
○ IANA Registered IP Addresses Public IP Addresses IANA

Registered IP Addresses Private IP Addresses
○ Private IP Addresses Internet Core Routers Routing (Forward)
○ Service Provider Network Handle Network Internet
Gateway Router Private IP Addresses Range Filter Configuration
LAN Private IP Addresses Internet (
LAN Side Networks (Sites) Communication
Private IP Address Range LAN Site Data LAN Site
(Private IP Address) Internet Leak Filter
)
( Black hole )
○ VPN, IP Tunnel, Encapsulated Packets IP Address Private IP Addresses
❖ IP Address and Class

○ IP Address Octet Decimal Number 0 255 (0
to 255)
○ IP Address (0.0.0.0) ( 255 . 255 . 255 . 255 )
○ Internet Protocol (IP) IP Address Design IANA (Internet Assigned

Numbers Authority) IP Address Range Class
○ Class IP Addresses Management

IP Address Network Nodes Addressing Signal
(Multicast , Broadcast )
○ IP Address Class (5)

 Class A
 Class B
 Class C
 Class D (Multicast)
 Class E (Research)

Class A
○ Class A IP Addresses Ranges
(1 to 126) . (0 to 255) . (0 to 255) . (0 to 255)
1.0.0.0 to 126 . 255 . 255 . 255
▪ Class A Private IP Address
(10 to 10) . (0 to 255) . (0 to 255) . (0 to 255)
10 . 0 . 0 . 0 to 10 . 255 . 255 . 255
Class A Leading bit

○ IANA Standard Class A Leading bit (First bit) (0) Leading bit (0) bits
1 0
0xxx xxxx . xxxx xxxx . xxxx xxxx . xxxx xxxx
0000 0001 . 0000 0000 . 0000 0000 . 0000 0000

(1) . (0) . (0) . (0)
to
0111 1111. 1111 1111 . 1111 1111 . 1111 1111
(126) . (255) . (255) . (255)

Class B
○ Class B IP Addresses Ranges
(128 to 191) . (0 to 255) . (0 to 255) . (0 to 255)
128 . 0 . 0 . 0 to 191 . 255 . 255 . 255
▪ Class B Private IP Address
(172 to 172) . (16 to 31) . (0 to 255) . (0 to 255)
172 . 16 . 0 . 0 to 172 . 31 . 255 . 255
Class B Leading bit

○ IANA Standard Class B Leading bit (First bit) (1) Second bit (0)
bits 1 0
10xx xxxx . xxxx xxxx . xxxx xxxx . xxxx xxxx
1000 0000 . 0000 0000 . 0000 0000 . 0000 0000

(128) . (0) . (0) . (0)
to
1011 1111. 1111 1111 . 1111 1111 . 1111 1111
(191) . (255) . (255) . (255)

Class C
○ Class C IP Addresses Ranges
(192 to 223) . (0 to 255) . (0 to 255) . (0 to 255)
192 . 0 . 0 . 0 to 223 . 255 . 255 . 255
▪ Class C Private IP Address
(192 to 192) . (168 to 168) . (0 to 255) . (0 to 255)
192 . 168 . 0 . 0 to 192 . 168 . 255 . 255
Class C Leading bit

○ IANA Standard Class C First bit (1) , Second bit (1) , Third bit (0)
bits 1 0
110x xxxx . xxxx xxxx . xxxx xxxx . xxxx xxxx
1100 0000 . 0000 0000 . 0000 0000 . 0000 0000

(192) . (0) . (0) . (0)
to
1101 1111. 1111 1111 . 1111 1111 . 1111 1111
(223) . (255) . (255) . (255)

Class D
○ Class D Network 224 to 239 Range
○ Multicast Addresses Multicasting
(224 to 239) . (0 to 255) . (0 to 255) . (0 to 255)
224 . 0 . 0 . 0 to 239 . 255 . 255 . 255
1110 xxxx . . xxxx xxxx . xxxx xxxx . xxxx xxxx
Class E
○ Class E Network 240 to 255 Range
○ Research and Futures
(240 to 255) . (0 to 255) . (0 to 255) . (0 to 255)
240 . 0 . 0 . 0 to 255 . 255 . 255 . 255
1111 xxxx . . xxxx xxxx . xxxx xxxx . xxxx xxxx

About Subnet Mask
○ IP Address Class 5 Class A , B , C , D , E.
○ Class Network IP Addresses IANA
Subnet Mask
○ Subnet Mask IP Address Network
○ IANA 0 to 126 Class Range Class A 0 to 126 Range
IP Address Subnet Mask Value 255.0.0.0 Subnet Mask
255.0.0.0 IP Address Class A IP Addresses
10.0.0.1
255.0.0.0 ( IP Address Class A Subnet Mask )
192.168.1.1
255.255.255.0 ( IP Address Class C Subnet Mask )
○ IP Address IP Address (4 Decimal Numbers) IP

Address Network Subnet Mask
○ IP Addresses Class IANA Class Default Subnet Mask Values
Class A IP Address 8 bits Subnet Mask (N.H.H.H) (255.0.0.0)
(1 to 126) . (0 to 255) . (0 to 255) . (0 to 255)

255 . 0 . 0 . 0
Class B IP Address 16 bits Subnet Mask (N.N.H.H) (255.255.0.0)
(128 to 191) . (0 to 255) . (0 to 255) . (0 to 255)

255 . 255 . 0 . 0
Class C IP Address 24 bits Subnet Mask (N.N.N.H) (255.255.255.0)
(192 to 223) . (0 to 255) . (0 to 255) . (0 to 255)

255 . 255 . 255 . 0
 All Class Broadcast Address 255.255.255.255 All Binary Value 1 32 bits

Subnet Mask (Can't use in IPv4)

Subnet Mask and Binary Relationship
○ Subnet Mask Value IP Address 4 Decimal Numbers
○ Decimal Number Octet Binary Value 8 bits
Subnet Mask IP Address 32 bits
192 . 168 . 16 . 1 (IP Address)

8bits . 8bits . 8bits . 8bits (Subnet Mask)
1111 1111 . 1111 1111 . 1111 1111 . 0000 0000
○ Subnet Mask IP Address IP Address Decimal Values 1 or 0 Binary bits

2 Power Value Binary Value 1 Binary Value 0
○ Subnet Mask Value Binary Value 1 Subnet Mask Decimal Value
0
○ Subnet Mask Decimal Values Octets (1 to 255) 0
192 . 168 . 16 . 1 (IP Address)

(1 to 255) . (1 to 255) . (1 to 255) . (1 to 255) (Subnet Mask)
 Decimal Numbers Subnet Mask Binary Value 1

0
 Subnet Mask Binary Number "1" Network bits
 0 Host bit Host Host bits
1111 0111 . 1100 1000 . 1011 1100 . 0000 1111 (IP Address Binary)
1111 1111 . 1100 0000 . 0000 0000 . 0000 0000 (Subnet Mask Binary)
1 1 1 1 1 1 1 1
27 26 25 24 23 22 21 20
128x1 64x0 32x1 16x1 8x1 4x0 2x1 1x1
128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = 255
○ Binary Number Value 1 1 0

○ Subnet Mask 1 bits 0 Binary (32 bits
0 Binary Value )

Subnet Mask Slat Notation (Prefix Length Notation)
○ Subnet Mask IP Address Subnet Mask 2 bits 2 bits
1 Binary Values 0
1100 0000 . 0000 0000 . 0000 0000 . 0000 0000
○ Subnet Mask Slat Notation 2 bits 1 Subnet Mask Slat

Notation /2
○ Slat Notation 1 Subnet Mask Binary Values
○ Subnet Mask 1 Binary Value 24 Subnet Mask /24
0 0 0 0 0 0 0 0 . 0 0 0 0 0 0 0 0 . 0 0 0 0 …. 0
/1 /2 /3 /4 /5 /6 /7 /8 . /9 /10 /11 /12 /13 /14 /15 /16 /17 /18 /19 /20 . /32
○ Subnet Mask /1 /32
Class A (255.0.0.0) (/8)

N. H.H.H
Class B (255.255.0.0) (/16)

N .N . H.H
Class C (255.255.255.0) (/24)

N.N.N.H
Broadcast (255.255.255.255) (/32) Default Subnet Mask

N. N . N. N
○ Subnet Mask Binary Notation
/8 = 1111 1111 . 0000 0000 . 0000 0000 . 0000 0000
/16 = 1111 1111 . 1111 1111 . 0000 0000 . 0000 0000
/24 = 1111 1111 . 1111 1111 . 1111 1111 . 0000 0000

Reserve IP Address for IP Signals
○ Host ID Position First IP Address Last IP Address Broadcast Address Network Address
○ Network First IP Address 0 Numbers (EG. 64, 127, ..)

Subnet Class Full Network First IP Address
(0) Last IP Address (255)
Network Address 0 64
Broadcast Address 255 127
Example
192.168.100.0 (Network Address)
192.168.100.255 (Broadcast Address)
OR
192.168.100.64 (Network Address)
192.168.100.127 (Broadcast Address)

Types of Broadcast Address
○ Broadcast Address types 2
1. Limited Broadcast Address
2. Directed Broadcast Address
Limited Broadcast Address

○ 32 bits of IP Address to "1" (255.255.255.255)
○ Network Hosts Broadcast Address
○ Host IP Address Limited Broadcast Address
○ DHCP Client Network DHCP Server BOOTP

Processes
○ Limited Broadcast Address Network IP Address Assigned (Classful or

Classless) Hosts
○ Routers Limited Broadcast Address (255.255.255.255) Forward

Directed Broadcast Address
○ Limited Broadcast Address Directed Broadcast Address
Forwarding (Routing)
○ Limited Broadcast Broadcasting Source Host

Broadcasting Destination Hosts Network (Subnet)
○ Directed Broadcast Broadcasting Source Host Broadcasting

Destination Hosts Networks (Subnets)
○ Limited Broadcast Address Routers Forward Directed

Broadcast Addresses Routers Forward
○ Routers Default Security Directed Broadcasting Disabled

Enabled
○ Directed Broadcast Addresses Subnet Subnet

Broadcasting (WOL)
(Wake On LAN) Service Net Machines Starting
○ Subnet Subnet Broadcast Traffics Hosts

Directed Broadcast Addresses (3)
1. Net-Directed Broadcast Address

2. Subnet-Directed Broadcast Address
3. All-Subnets-Directed Broadcast Address
Net-Directed Broadcast Address

○ Network Broadcast
○ Classful IP Address Subnetting Classful IP Network
Broadcast Address
○ 192.168.1.0/24 Class Full Network 192.168.1.255 Network Broadcast Address

Subnet-Directed Broadcast Address
○ Subnet Broadcast Address
○ Subnetting IP Network Broadcast Address
○ Broadcast IP Address Last Octet Value 255 Value
○ 192.168.1.0/26 Subnetted Network 192.168.1.63 IP Address Subnet-Directed

Broadcast Address
All-Subnets-Directed Broadcast Address

○ All-Subnets Broadcasting Networks (Subnets)
○ (Sub Networks of 157.54.0.0/24, 157.54.1.0/24 . . . 157.54.254.0/24,

157.54.255.0/24) (Broadcast is 157.54.255.255)
Directed Broadcast Address and Router Working Flows

Default Gateway and Default Gateway IP Address
Default Gateway of Nodes that are inside LAN

○ Default Gateway LAN Nodes Network
Forward Device
○ LAN Connect Interface Interface IP
Address LAN' Nodes Same Subnet IP Address
Interface LAN Nodes Default Gateway
Default Gateway of Routers
DHCP Service and DHCP Server IP Address
DNS Service and DNS Server IP Address

Unspecified Address
All 0 (0.0.0.0)
In DHCP Environment
○ Client Dynamic IP Address DHCP Server IP Address
DHCP Server Client IP Address
(Client DHCP Server DHCP Discovery Message )
○ DHCP Server IP Address

Client APIPA Address IP Address
In Routing Environment (Default Route Address)

○ Routing (0.0.0.0) Unspecified Address Any Network
○ 0.0.0.0 IP Every Networks (Every Hosts)

IP Address
○ Unknown Destination IP Packets Routers
Internet OR Gateway Side Route (Forward) Default Route
○ Default Route Path Destination IP Address (0.0.0.0)

(Default Route Manual )
In Server Environment
○ Server Environment (0.0.0.0) IP Address Traffic
Server Every Interfaces Traffic
○ Server Multiple Interfaces Server Interfaces
Traffics (0.0.0.0) IP Address
Loopback Address
○ (127.0.0.1) (127.0.0.1/8)
○ Loopback Address Traffics
Address
○ Operating Systems Applications Testing
Networking Network Card Troubleshooting

APIPA Address
○ (169.254.0.0/16)
○ Automatic Private IP Address
○ Link Local Address (New Name)
○ Auto-IP
○ APIPA Address Network Card IP Address Assign
Network Card (OS Generate ) IP Address
○
1. Static IP Assign Network DHCP Server
Dynamic IP (OR)
2. DHCP Previous Address Node DHCP

Server DHCP Server Default
Gateway Previous Address Default
Gateway Connect (DG Down or No DG Address has)
DHCP Server IP Address
APIPA Address
(169.254.x.x) (169.254.0.0 to 169.254.255.255)

255.255.0.0
○ Nodes Operating System APIPA Address Randomly Auto

Generate
○ Auto Generate APIPA Address Network Computers
Conflict ARP Protocol Conflict
APIPA Address (169.254.1.1 ARP Request
(Broadcast) Respond 169.254.1.2
)
○ DHCP IP Static IP LAN Nodes
APIPA Addresses Connect
○ APIPA Address LAN DHCP Server Connect

APIPA Addresses Network DHCP Server
5 Minutes DHCP Service Request Frame DHCP Server
○ Routers Link Local Addresses (APIPA Addresses) Route (Forward)

APIPA and Limitation
○ Reserved by IANA and can't reach to Internet.
○ Can't make ping test. APIPA has no Gateway Address.
○ APIPA can't provide name server service such as WINs , DNS.
Disabling APIPA
○ APIPA Address Microsoft Windows Default Enabled
Disabled Windows Registry Value Key Value 0
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters > New

(dword) > Name ="IPAutoconfigurationEnabled" and Set to 0.
Shared Address Space

○ 100.64.0.0/10
○ Shared Address Space Internet Service Providers Carrier-Grade NAT (CGN)
Devices Customer Premises Equipment (CPE) Devices
Interfaces Assign IANA IP Address Range
○ Shared Address Space Internet Route Shared Address Space
Internet Service Provider' Network
IETF Protocol Assignments

○ 192.0.0.0/24
○ IETF Protocol Assignments Testing IANA Reserved IP
Address
○ Public Private (Internet Route )
○ Network Operators Public Interface Routers IP Address
Range 192.0.0.0/24 Address Range Route Filter
Documentation Address Block

○ The blocks
▪ 192.0.2.0/24 (TEST-NET-1)
▪ 198.51.100.0/24 (TEST-NET-2)
▪ 203.0.113.0/24 (TEST-NET-3)
○ IETF Documentation Projects Address Blocks

○ Network Operators Public Interface Routers IP Address
Range Route Filter

Network Benchmark Tests Address
○ 198.18.0.0/15
○ Network Devices Companies Network Devices Benchmark Processes
Testing Reserved IP Address Ranges
IPv6 to IPv4 relay

○ 192.88.99.0/24
○ Internet Public IP Ranges IPv6 Anycast Address
○ IPv4 IPv6 Organizations IPv6 Packets IPv4 Networks Flows

6to4 Relay Routers (IPv4 Packets IPv6 Packets Encapsulate
)
○ Relay Routers Interface IPv4 Network IPv6
Network
○ 6to4 Relay Routers IP Address Range (192.88.99.0/24) IPv4 Interface
Forward
○ IPv4 address (192.88.99.1) IPv6 address 2002:c058:6301:: 6to4 Router
Translate IPv6 Network IPv4 Network Anycast IPv6
2002:c058:6301:: 6to4 Router Interface 6to4 Router 2002:c058:6301:: IPv6
Address 6to4 Anycast IP Address 192.88.99.1 IPv4 Network Connected
Interface Forward

Wildcard Mask
• Wildcard mask IP Address
• IP Address Network bits
• IP Address Subnet Mask Value Value
Inverse Mask
• Wildcard Mask Situations

1. Routing Protocols OSPF, EIGRP, etc.. Network or
Subnet Size
2. Access Control List (ACLs) IP Addresses Block Allow
Wildcard mask
Wildcard Mask Rule

○ Wildcard Mask ( 0 bit = Match ) ( 1 bit = Ignore)
 Wildcard Binary Value 0 Binary Value 0 IP

Addresses Values
 Wildcard Binary Value 1 Binary Value 1 IP
Addresses Values
 EG.. (10.10.1.0 IP Addresses
10.10.1.0 = Class A, So 255.0.0.0 is Subnet Mask,
255.0.0.0 = 1111 1111 . 0000 0000 . 0000 0000 . 0000 0000

Wildcard = 0000 0000 . 1111 1111 . 1111 1111 . 1111 1111
So Wildcard mask value is 0.255.255.255
 EG.. (10.10.1.0 IP Address 256
IP Address 256 10.10.1.0 Subnet Mask

255.255.255.0
255.255.255.0 = 1111 1111 . 1111 1111 . 1111 1111 . 0000 0000

Wildcard = 0000 0000 . 0000 0000 . 0000 0000 . 1111 1111
So Wildcard mask value is 0.0.0.255
 255.255.255.255 Subnet Mask Subnet Wildcard Value

Special Wildcard mask Values
• Wildcard mask value 0.0.0.0 255.255.255.255 Special Wildcard mask
 0.0.0.0 Wildcard mask value Address

Wildcard mask
 255.255.255.255 Wildcard mask value Addresses

Wildcard mask
Wildcard mask usage environments

• Wildcard mask Value
1. Single Host or Single IP Address
2. Entire Classful Network
3. Entire Subnet
4. Range of IP Addresses
Wildcard mask on Single Address

• Wildcard mask IP Address
access-list 10 permit ip 192.168.1.1 0.0.0.0
Wildcard mask on Entire Classful Network
Wildcard mask on Entire Subnet

• 192.168.1.0/25 (Subnet Mask is 255.255.255.128)

Wildcard Mask on IP Address Range
• 192.168.1.0/25 Sub Network
192.168.1.1
192.168.1.2
192.168.1.3 IP Addresses Wildcard Mask
○ IP Address Range Address 3 Address 3

Subnet Mask
3 Addresses = 22 = 4
Subnet Mask = 1111 1111 . 1111 1111 . 1111 1111 . 1111 1100
Subnet Mask = 255.255.255.252
 Wildcard Mask 0.0.0.3
Wildcard Mask value for 2 Subnets

• 10.0.1.0/24 Subnet 10.0.0.0/24 Subnet Subnets Wildcard Mask
Value
○ Subnet Mask 255.255.255.0 0.0.0.255 Wildcard Mask

0.0.0.255 Wildcard Mask 10.0.1.0/24 10.0.0.0/24 Subnets
○ Subnets (Sub Networks) Wildcard Mask

Value Sub Networks Network IP Binary
○ IP Address Binary Numbers 0

1
10.0.1.0 = 00001010.00000000.00000001.00000000
10.0.0.0 = 00001010.00000000.00000000.00000000
Subnet Mask = 11111111.11111111.11111110.00000000
Wildcard =00000000.00000000.00000001.11111111
 Wildcard Mask 0.0.1.255

History of Computer Network & Internet Growths
• ARPA and ARPANet
• ARPANet Expanding
• IP and NCP
• TCP and becoming of TCP/IP Protocol Suite
• Network Model came out..
ARPA and ARPANet

○ The predecessor of today’s Internet was ARPANet, created by the Advanced
Research Projects Agency (ARPA) / (DARPA 'Defense' Today used name) (DoD
Agency) and launched in 1969 during "Cold War" (1945 to 1990).
○ ARPANet was created in response to the potential threat of nuclear attack from
the Soviet Union.
○ One of ARPA’s primary goals was to design a fault-tolerant network that would
enable U.S. military leaders to stay in contact in case of nuclear war.
ARPANet Expanding
○ (1969), Initial state of ARPANet consisted of four nodes.
 SDS Sigma 7 ---> University of California, Los Angeles (UCLA)
 SDS 940 --> Augmentation Research Center at Stanford Research
Institute
 IBM 360/75 --> University of California, Santa Barbara (UCSB)
 DEC PDP -10 -->University of Utah's Computer Science
Department
○ 1970, the ARPANet reached the East Coast of the United States, Cambridge,
Massachusetts was connected to the network.
○ Later many others computers and nets connected to ARPANet and In 1981, the
number was 213 host computers.
○ In 1973 a transatlantic satellite link connected the Norwegian Seismic Array
(NORSAR) to the ARPANet, making Norway the first country outside the US to be
connected to the network.
IP and NCP
○ ARPA used Internet Protocol (IP) as addressing service and packet transportation
services by using Network Control Protocol (NCP).
○ As the ARPANet grew, however, a new protocol was needed because NCP was not
able to fulfill all the needs of a larger network.

TCP and Becoming of TCP/IP Protocol Suite
○ In 1974, ARPA' members Vint Cerf and Bob Kahn, published a paper “A Protocol for
Packet Network Interconnection.” This paper describes the Transmission Control
Protocol (TCP), which eventually replaced NCP.
○ By 1978, testing and further development of this language led to a new suite of
protocols called Transmission Control Protocol/Internet Protocol (TCP/IP).
○ On 1983, ARPANet switched over to TCP/IP, and the network continued to grow very
fast.
Network Models came out..

○ In 1977, the International Organization for Standardization (ISO) developed a
subcommittee to focus on the interoperability of multivendor communications systems.
○ In 1983, this subcommittee was released the Open Systems Interconnection (OSI)
reference model (commonly referred to as the OSI model or the OSI stack).
○ In 1990s, DARPA, an agency of the United States Department of Defense provides
Internet Protocol Suite as "TCP/IP Protocol Suite" and also announced Department of
Defense (DoD) Model called "TCP/IP Model".
Parallel Time of Multi-Models (Vendor Specific Models)

○ In 1970s to 1980s, Vendors also created their own proprietary networking models.
○ An example of IBM published its Systems Network Architecture (SNA) networking
model in 1970.
○ Their networks can be connected only by themselves.
○ After coming of ARPANet and TCP/IP Model, TCP/IP became major 'Network Model'.

Network Models
○ Fits vendors to standardization. (Interoperability)
○ Standardization for how applications can communicate over a network.
○ Reference guide for vendors and developers, who's created products and services.
▪ Network Admins used it for
1. Maintenance Network Connectivity
2. Troubleshooting Network Problems
Types of Network Models

1. OSI Model (Open Systems Interconnection)
2. TCP/IP Model (Also called DoD Model or TCP/IP stack)
▪ All People Seem To Need Data Processing
Updated TCP/IP Model

Encapsulation and De-encapsulation
• The term encapsulation refers to the process of putting headers (and sometimes
trailers) around some data.
Network Signal Form

• Network Signal Form is the collections of data that has both addresses and control
information.
• Network Signal can also described as
 Collections of bits OR
 Frame OR
 Packet OR
 Segment
PDUs and SDUs of OSI Model

• OSI terminology defined 'Network Signal' as
 PDUs OR
 SDUs

Layer 1: The Physical Layer
• The transmission of bits on the network along with the physical and electrical
characteristics of the network.
How bits are represented on the medium

○ Data on a computer network is represented as a binary expression.
○ Electrical voltage (on copper wiring) or light (carried via fiber-optic cabling) can
represent these 1s and 0s.
○ There are two basic types of modulation
1. Current State Modulation
2. Transition Modulation
1. Current State Modulation

(The presence or the absence of voltage or light pulse on copper wire or
fiber-optic cable can represent 1 or 0.)

2. Transition Modulation
(The transition between voltages or the presence of light indicates a binary
value.)
Wiring standards for connectors and jacks

○ RJ-45 Connectors (TIA/EIA 568B)
○ Fiber Connectors
○ 10Base-T
○ 10Base-TX
Physical topology
○ Only Physical Topology (Not include Logical Topology)
○ Bus, Star, Ring, Mesh, etc..

Synchronizing bits
○ At Physical layer, two devices must agree on when one bit stops and another bit
starts.
○ There are two types of synchronizing technologies
1. Asynchronous
2. Synchronous
Asynchronous
▪ A sender indicates that it is about to start transmitting by sending a start bit
to the receiver.
▪ When the receiver see this, it starts its own internal clock to measure the
subsequent bits.
▪ After the sender transmits its data, it sends a stop bit to indicate that it has
finished its transmission
Synchronous
▪ Both the sender and the receiver are synchronizes their internal clocks to
ensure that they agree on when bits begin and end.
▪ To make this synchronization happen is to use an external clock (for
example, a clock provided by a service provider).

Bandwidth usage
○ Also called 'Speed'
○ Physical layer also defined bandwidth of the current connection.
○ There are two types of bandwidth usage technologies
 Baseband
 Broadband
Multiplexing strategy
○ Physical Layer also defined multiplexing technologies used for current connectivity.
○ Common multiplexing technologies are
 Time-division multiplexing (TDM)
 Frequency-division multiplexing (FDM)
 Statistical time-division multiplexing (StatTDM)
Transmission Mode
○ The physical layer also defined transmission mode between two devices
 Simplex
 Duplex
 Half-Duplex
 Full-Duplex

Transmission
○ Data Network Medium Node Node
Transmission
○ Network Mediums
 Copper Wires
 Optical Fibers
 Wireless Carry Signals
 Electrical Voltage (Data are generated by voltages)
 Light (Laser / LED Light Pulse are represent as data)
 Radio Wave (Data are generated by radio wave form)
Transmission Types
○ Network Mediums Data Transmission Transmission types 2
1. Analog
2. Digital
Analog Transmission
Amplitude
Wavelength
Frequency
Phase

Analog Signals
○ Analog Signals represented data by the following..
 AM
 FM
 PM
◊ QAM (Quadrature Amplitude Modulation) [Amplitude and Phase Represent
together]
Amplitude Modulation (AM)

○ 1 or 0 is represented by Amplitude (Height of Wave)
Frequency Modulation (FM)

○ 1 or 0 is represented by a number of waves per second (Numbers of Frequencies in one
Second)
Phase Modulation (PM)

○ Phase refer to the direction of the wave begin. (Wave Degree in One Second is PM)

Digital Transmission
○ In digital transmission, digital signals are represented by pulse and time. (Voltage Pulses / Light
Pulses)
○ There are two types of digital signal forms.

 Line coding (Baseband)
 Digital Modulation (Passband)
Line coding (Baseband)

○ Signals are represented by measurement of electric voltage amount.
○ 0 to 2 volts represent logic 0 (Low Voltages)
○ 3 to 5 volts represent logic 1 (High Voltages)
○ 2 to 3 volts represent invalid (Invalid)
○ Line coding (Baseband)'s Digital Signal can only used in short distance.

Digital Modulation (Passband)
○ Digital Signals are modulated to analog signal by using AM , FM , PM , QAM Modulation.
○ In AM , FM , PM , QAM modulated Analog Signals are filter by "bandpass" (High Pass Filter and Low
Pass Filter) to become digital signal.

Channel (Broadband)
○ Communication Path is called as channel.
○ Multiple channels can allows multiple signals at a time.
○ A channel may be
1. Physical Connection (Baseband) or
2. Logical Connection (Broadband)
○ To become multiple pathways a single network pathway is divided by

1. Physical Separation (Multiple Cables) or
2. Logical Separation
 Electrical Separation (FDM or TDM)
 Radio Wave Separation (FDM or TDM)
 Optical Separation (WDM)

Differences between Baseband and Broadband
Baseband
• Baseband used Digital Signals.
• Baseband used signals have very narrow frequency range.
▪ Nearly 0 Frequency (0 Hertz)
• Single Channel (Single Communication Pathway) in one medium.
• Baseband used entire bandwidth only for Single Channel.
• Baseband support bi-directional transmission. (Single medium not only send but also receive)
• Baseband support short distance signal travelling.
• Baseband used mediums are
▪ IEEE 802.3x Standards are Baseband
▪ (Ethernet , Token Ring are baseband) [BASE Acronym Standards > 100BASET]
▪ Most LAN are baseband.
▪ Coaxial Cable (Network Only)
▪ Fiber Optic Cable (Single Mode)
▪ Serial Cable
▪ Twisted Pairs Cable
Broadband
• Broadband used Analog Signals.
• Broadband used signals have multiple different frequency ranges. (Multiple Frequencies , Hertz)
• Multiple Channels (Multiple Communication Pathways) in one medium.
• Broadband used shared bandwidths for all channels.
• Broadband support unidirectional transmission. (One medium is for send , Another medium is for
receive)
• Broadband support long distance signal travelling.
• Broadband used mediums are
▪ All other IEEE Standards except IEEE 802.3x
▪ MANs and WANs are Broadband
▪ Phone , Mobile Phone , Radio , TV Broadcasting [BROAD Acronym Standards > 10BROAD36]
▪ Wireless (Wi-Fi and Wi-MAX)
▪ Coaxial Cable (TV , Satellite)
▪ Fiber Optic Cable(Multi-Mode)
▪ DSL
▪ ADSL
▪ Cable Modems

Layer 2: The Data Link Layer
• Data Link Layer processes are called "Data Link Control (DLC)" and include the
following processes..
▪ Packaging data into frames
▪ Transmitting those frames on the network
▪ Performing error detection/correction
▪ Uniquely identifying network devices with an physical address
▪ Handling flow control
• Data Link Layer had two sub-layers called

1. Media Access Control (MAC) Sub-Layer and
2. Logical Link Control (LLC) Sub-Layer
Media Access Control (MAC) Sub-Layer

○ MAC Sub-Layer include following processes
 Physical Addressing
 Logical Topology
 Method of transmitting on the media

Physical Addressing
○ Every NIC (Network Interface Card) has built-in address called MAC Address.
○ MAC Address is stored in ROM (On NIC) or Firmware (On NIC) assigned by
Manufacturer.
○ MAC Address has many names such as,
 Burned-In-Address (BIA)
 Ethernet Hardware Address (EHA)
 Ethernet Address
(Because of MAC Address is only for IEEE 802 Ethernet Network
such as LAN Ethernet and Wi-Fi)
 Hardware Address or Physical Address
○ MAC Address is written in 'Hexadecimal Notation'. It also include "12" Hexadecimal

Numbers with two pairs. (1 Hexadecimal number = 4 Binary bits)
○ There were 6 Octets and written in

 2 Hex ":" colon separated or (36:DE:1A:65:C3:F4)
 2 Hex "-" hyphen separated (36-DE-1A-65-C3-F4)
 4 Hex "." dots separated (36DE.1A65.C3F4)
○ It has 48-bit address space contains 248 or 281,474,976,710,656 possible MAC

addresses.
○ MAC Address used three types of EUI Standard ('Extended Unique Identifier')
 MAC-48 Numbering System (Used Only for Network Hardware, Interface)

 EUI-48 Numbering System (Used for Other Devices and Network Software)
 EUI-64 Numbering System (Combined with IPv6 to become IPv6 Address)

The Unique of MAC
• MAC Address is unique, there has no two identical addresses in world.
• It is assigned and managed by Institute of Electrical and Electronic Engineers (IEEE).
• To be uniquely define, IEEE designed MAC Address as following schema.
 The First 3 Octets (8x3 = 24) 24 bits, called 'Individual Address Block (IAB)' is
managed by IEEE Registration Authority. It is also called Organizationally Unique
Identifier (OUI).
 Followed by 3 Octets 24 bits, called "Vendor Specific Address". It has 2 portions,
 The first 12 bits is assigned by organization and represent block
code
 The Second 12 bits is also assigned by organization and it is range
of addresses.
36:DE:1A : 65:C3:F4
36:DE:1A : 65:C3:F5
Getting MAC Address
cmd>getmac (or)
cmd>ipconfig /all

Universal vs. Local
• There are two types of MAC Addresses based on who administered.
1. Universally Administered Addresses (Assigned by Organization)(Burn in
Address)
2. Locally Administered Addresses (Admin Manual Assigned Address)
• Universally administered and locally administered addresses are distinguished by

setting the second-least-significant (LSB) bit of the first octet of the address.
• This bit is also referred to as the U/L bit, short for Universal/Local, which identifies
how the address is administered.
 If the bit is 0, the address is universally administered.
 If it is 1, the address is locally administered.
Example :
06-00-00-00-00-00 the first octet is 06 (hex),
the binary form of which is 00000110,
where the second-least-significant bit is 1.
Unicast, Multicast and Broadcast

• The IEEE has built in several special address types to allow more than one network
interface card to be addressed at one time.
• To distinguish Unicast vs. Multicast MAC Address, looking the first-least-significant
(LSB) bit of the first octet of the address.
 If the least significant bit is set to 0, it is 'Unicast Address'
 If the least significant bit is set to 1, it is 'Multicast Address'
• In hexadecimal the broadcast address would be FF:FF:FF:FF:FF:FF

Logical Topology
○ Layer 2 (MAC Sub Layer) define network logical topology. An example of 'Ring'
topology, Physical 'Star' / Logical 'Ring'
Method of transmitting on the media

○ Strategy for determining when a device is allowed to transmit or deny (another'
transmission)
Logical Link Control (LLC) Sub-Layer

• Logical Link Control (LLC) sub-layer include the following two services,
 Connection Services
 Synchronizing Transmissions
Connection Services
○ When a device on a network receives a message from another device on the
network, that recipient device can provide feedback to the sender in the form of
an acknowledgment message.
○ The two main functions provided by these acknowledgment messages are as
follows,
Flow Control
• Limits the amount of data a sender can send at one time; this prevents
the receiver from being overwhelmed with too much information.
Error Control
• Allows the recipient of data to let the sender know whether the
expected data frame was not received or whether it was received but
is corrupted.
• The recipient determines whether the data frame is corrupted by
mathematically calculating a checksum of the data received.
• If the calculated checksum does not match the checksum received with
the data frame, the recipient of the data draws the conclusion that the
data frame is corrupted and can then notify the sender via an
acknowledgment message.

Synchronizing Transmissions
○ Senders and receivers of data frames need to coordinate when a data frame is
being transmitted and should be received.
○ Three methods of performing this synchronization are as follows:
 Asynchronous Transmission
 Synchronous Transmission
 Isochronous Transmission
Asynchronous Transmission
▪ With asynchronous transmission, network devices reference their own
internal clocks, and network devices do not need to synchronize their clocks.
▪ Instead, the sender places a start bit at the beginning of each data frame
and a stop bit at the end of each data frame.
▪ These start and stop bits tell the receiver when to monitor the medium for
the presence of bits.
▪ ATM, Dial-up Connections
Asynchronous Transmission and Parity bit

• An additional bit, called the parity bit, might also be added to the end of each
byte in a frame to detect an error in the frame.
• For example, if even parity error detection is used the parity bit (with a value of
either 0 or 1) would be added to the end of a byte, causing the total number of
1s in the data frame to be an even number.
• If the receiver of a byte is configured for even parity error detection
and receives a byte where the total number of bits (including the parity bit) is
even, the receiver can conclude that the byte was not corrupted during
transmission.
• Using a parity bit to detect errors might not be effective if a byte has more than
one error (that is, more than one bit that has been changed from its original
value).

Synchronous Transmission
• With synchronous transmission, two network devices that want to communicate
between themselves must agree on a clocking method to indicate the beginning
and ending of data frames.
• One approach to providing this clocking is to use a separate communications
channel over which a clock signal is sent. Another approach relies on specific bit
combinations or control characters to indicate the beginning of a frame or a byte
of data.
• Transmission speed is higher than others. No Gap
• Ethernet, SONET, Token Ring, Frame Relay used.
Synchronous Transmission and CRC

• Like asynchronous transmissions, synchronous transmissions can perform error
detection.
• However, rather than using parity bits, synchronous communication runs a
mathematical algorithm on the data to create a cyclic
redundancy check (CRC).
• If both the sender and the receiver calculate the same CRC value for the same
chunk of data, the receiver can conclude that the data was not corrupted during
transmission.

Isochronous
▪ With isochronous transmission, network devices look to a common device in the
network as a clock source, which creates fixed-length time slots.
▪ Network devices can determine how much free space, if any, is available within a
time slot and insert data into an available time slot.
▪ A time slot can accommodate more than one data frame.
▪ Isochronous transmission does not need to provide clocking at the beginning of a
data string or for every data frame.
▪ An isochronous data transfer system sends blocks of data asynchronously, in
other words the data stream can be transferred at random intervals.
▪ Each transmission begins with a start packet. Once the start packet is
transmitted, the data must be delivered with a guaranteed bandwidth.
Isochronous data transfer is commonly used for where data must be delivered
within certain time constraints, like streaming video.
▪ Isochronous systems do not have an error detection mechanism
(acknowledgment of receipt of packet) because if an error were detected, time
constraints would make it impossible to resend the data.
▪ Fix Gap
▪ Streaming Services

❖ ARP
○ Address Resolution Protocol (RFC 826)
○ OSI 7 Layers Layer 2 (Data Link Layer) Protocol Layer 2 MAC

Address Layer 3 IP Address Mapping Protocol
○ ARP IP Address MAC Address IP

Address IP Address MAC Address
○ ARP Protocol IP Address IP Address MAC Address ARP

Broadcast Network (Destination MAC Address MAC
Broadcast Address FF.FF.FF.FF.FF.FF Frame ARP Broadcast Frame )
○ ARP Broadcast Frame Hosts (Host OS ARP Protocol

) MAC Address ARP IP Address
Layer 2 Computer MAC Address
❖ ARP on Data Link Layer Technologies

○ ARP Protocol Data Link Layer Technologies
 IEEE 802.3 (Ethernet)
 IEEE 802 (Wireless Technologies)
 X.25
 Frame Relay
 ATM
 FDDI

ARP Request and Reply Message

ARP Table and ARP Cache
○ ARP Protocol IP Address MAC Address IP Address
MAC Address Map
○ ARP Protocol Computer (Operating System) IP Address MAC

Current IP Address Adapter MAC Address
ARP Table
○ ARP Protocol LAN Computers Communication

Computer IP Address MAC Address Resolve
Cache ARP Table
○ Computer IP Address MAC Address Map State ( )

Computers IP Address MAC Address Computer ARP
Table (arp -a) Command
○ Windows ARP Cache ARP Entries 256 Linux

1024

ARP Address Type in Cache
○ ARP Address Types 3
▪ Dynamic (Protocol Learn)
▪ Static (OS Auto Assigned)
▪ Static (Manually Assigned)
ARP Entries Timeout

○ Windows ARP Entries Timeout Time 10 Minutes Linux 60
Seconds
○ Network Devices Timeout Time Device Default Vendor Specific
Manually Timeout Timer Assign
○ ARP Dynamic Entries Timeout Expired ARP Cache
Delete
○ Microsoft Windows ARP Entries Timeout
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
ARP Commands
Commands Descriptions
arp -a View Entire ARP Table
arp -a "IP Address" View Specific ARP Entry.
netsh interface ip delete arpcache Delete Entire ARP Cache
arp -d * Delete Entire ARP Cache
arp -d -a Delete Entire ARP Cache
arp -d "IPAddress" Delete Specific Entry
arp -s "IPAddress" "MacWith -" Added Static ARP Entry.

arp -s 10.1.4.77 00-AA-21-4A-2F-9A (Permanent > Admin Delete Only)

ARP Spoofing
○ Also called "ARP Cache Poisoning" or "ARP Poison Routing"
○ It is a technique by which an attacker sends (spoofed) Address Resolution Protocol
(ARP) messages onto a local area network.
○ The aim is to associate the attacker's MAC address with the IP address of another host,
such as the default gateway, causing any traffic meant for that IP address to be sent
to the attacker instead.
○ To defense 'ARP Spoofing', one of these methods can use…
 Static ARP Entries
 ARP Spoofing detection and prevention software
(Netcut Defender, AntiARP, ArpStar, etc..)
Proxy ARP
○ Allow a router to respond to an ARP request that is intended for a remote host.

Layer 3: The Network Layer
• Network Layer processes are
▪ Logical Addressing
▪ Layer 3 Switching
▪ Route Discovery and Selection
▪ Connection Services
▪ Bandwidth Usage
▪ Multiplexing Strategy
Logical Addressing
○ The network layer uses logical addressing to make forwarding decisions.
○ A variety of routed protocols such as Internet Protocol (IP), Apple Talk, IPX make
logical addressing.
Switching
○ The term switching is often associated with Layer 2 technologies.
○ However, the concept of switching also exists at Layer 3 so it can call Layer 3
Switching.
○ Layer 3 Switching making forwarding decisions by using the following
techniques..
 Packet Switching
 Circuit Switching
 Message Switching

Packet Switching
▪ Another term for packet switching is routing.
▪ With packet switching, a data stream is divided into packets.
▪ Each packet has a Layer 3 header, which includes a source and destination
Layer 3 address.
▪ The advantages of Packet Switching are,

• Bandwidth used to full potential
• Devices of different speeds can communicate
• Not affected by line failure
• No waiting time for a direct connection to become available
▪ The disadvantages of Packet Switching are,

• Network configuration are more difficult
• Under Heavy, there can be delay
• Not good for data stream

Circuit switching
▪ Circuit switching dynamically brings up a dedicated communication link between two
parties for those parties to communicate.
▪ The advantages of Circuit Switching are,

• Circuit is dedicated to the cell so, no interference, no sharing
• Reliable communication
• Guaranteed the full bandwidth for the duration of the cell
• Guaranteed the Quality of Service (QoS)
▪ The disadvantages of Circuit Switching are

• Possible long wait to establish a connection
• More expensive than others switching techniques
• Because of Communication Channel, Not used channel had been wasted.

Message switching
▪ Specifically, with message switching, a data stream is divided into messages.
▪ Each message is tagged with a destination address, and the messages travel
from one network device to another network device on the way to their
destination.
▪ Because these devices might briefly store the messages before forwarding them,
a network using message switching is sometimes called a "Store-and-Forward "
network.
▪ Unlike packet switching and circuit switching technologies, message switching is
usually not well suited for real-time applications because of the delay involved.
▪ The advantages to message switching are:

• Data channels are shared among communication devices,
improving the use of bandwidth.
• Messages can be stored temporarily at message switches, when
network congestion becomes a problem.
• Priorities may be used to manage network traffic.
• Broadcast addressing uses bandwidth more efficiently because
messages are delivered to multiple destinations.
▪ The disadvantages of message switching are:

• Store and forward devices are expensive
• Message switching is not compatible with interactive applications

Route discovery and selection
○ Because Layer 3 devices make forwarding decisions based on logical network
addresses, a Layer 3 device might need to know how to reach various network
addresses.
○ Route decision or selection is based routing table that populated via

 Entering Static Routes or
 Dynamic Routing Protocols (Such as RIP, OSPF, EIGRP, BGP)
Connection Services
○ Just as the data link layer provided connection services for flow control and error
control, connection services also exist at the network layer.
○ Connection services at the network layer can improve the communication

reliability, in the event that the data link’s LLC sub-layer is not performing
connection services.
○ The following functions are performed by connection services at the network

layer
 Flow Control (Also known as 'Congestion Control')
 Packet Reordering

Flow control
• Helps prevent a sender from sending data more rapidly than the receiver is
capable of receiving the data.
Packet Reordering
• Allows packets to be placed in the appropriate sequence as they are sent to the
receiver.
• This might be necessary because some networks support load balancing, where
multiple links are used to send packets between two devices.
• Because multiple links are used, packets might arrive out of order.

Layer 4: The Transport Layer
• Specifically, messages are taken from upper layers (Layers 5–7) and are
encapsulated into segments for transmission to the lower layers (Layers 1–3).
• Similarly, data streams coming from lower layers are De-capsulated and sent to
Layer 5 (the session layer), or some other upper layer, depending on the protocol.
• The Transport Layer processes are

 TCP/UDP
 Windowing
 Buffering
• There are two types of transport layer protocols

 Transmission Control Protocol (TCP)
 User Datagram Protocol (UDP)
 ICMP is another transport layer protocol for ping and
traceroute the connections.
Transmission Control Protocol (TCP)

▪ A connection-oriented transport protocol.
▪ Connection-oriented transport protocols provide reliable transport, if a
segment is dropped, the sender can detect that drop and retransmit that
dropped segment.
▪ Specifically, a receiver acknowledges segments that it receives.
▪ Based on those acknowledgments, a sender can determine which segments
were successfully received and which segments need to be transmitted again.
User Datagram Protocol (UDP)

▪ A connectionless transport protocol. Connectionless transport protocols
provide unreliable transport, in that if a segment is dropped, the sender is
unaware of the drop, and no retransmission occurs.

Layer 4 (Transport Layer and Flow Control)
○ Just as Layer 2 and Layer 3 each offer flow control services, flow control services
also exist at Layer 4.
○ Two common flow control approaches at Layer 4 are as follows:
 Windowing
 Buffering
Windowing
○ TCP communication uses windowing, in that one or more segments are sent at
one time, and a receiver can acknowledge the receipt of all the segments in a
window with a single acknowledgment.
▪ The window size begins with one segment.
▪ If there is a successful acknowledgment of that one segment the window
size doubles to two segments.
▪ Window size continues increases (double) until
1. the receiver does not acknowledge successful receipt of all segments
within a certain time period (known as the Round-Trip Time [RTT],
which is sometimes called Real Transfer Time [RTT] ) OR
2. the configured maximum window size is reached.

Buffering
▪ With buffering, a device (a router) allocates a chunk of memory
(sometimes called a buffer or a queue) to store segments if bandwidth is
not currently available to transmit those segments.
▪ A queue has a finite capacity, however, and can overflow (that is, drop
segments) in the event of sustained network congestion.

Layer 5: The Session Layer
• The session layer is responsible for setting up, maintaining, and tearing down
sessions.
• A session can be thought of as a conversation that needs to be treated separately

from other sessions to avoid intermingling of data from different conversations.
• The Session Layer processes are

 Setting up a session
 Maintaining a session
 Tearing down a session
Setting up a session
 Checking user credentials (for example, username and password)
 Assigning numbers to a session’s communications flows to uniquely identify
each flow
 Negotiating services required during the session
 Negotiating which device begins sending data
Maintaining a session
 Transferring data
 Reestablishing a disconnected session
 Acknowledging receipt of data

Tearing down a session
 A session can be disconnected based on mutual agreement of the devices
in the session.
 Alternatively, a session might be torn down because one party
disconnects (either intentionally or because of an error condition).
 In the event that one party disconnects, the other party can detect a loss
of communication with that party and tear down its side of the session.
Session Layer Lack Protocols

○ H.323 is an example of a session layer protocol, which can help set up,
maintain,
and tear down a voice or video connection.
○ Network Basic Input / Output System (NetBIOS) is another example of a
session layer protocol.
○ But there are too many protocols that can't fix in Session Layer.

Layer 6: The Presentation Layer
• The presentation layer is responsible for the formatting of data being exchanged and
securing that data with encryption.
• The Presentation Layer processes are
 Data formatting
 Encryption
◊ Another Keep in minds that
 Conversion (Encoding / Decoding)
 Compressing
Data Formatting
○ Some applications might format text using American Standard Code for
Information Interchange (ASCII), while other applications might format text
using Extended Binary Coded Decimal Interchange Code (EBCDIC).
○ The presentation layer is responsible for formatting the text (or other types of
data, such as multimedia or graphics files) in a format that allows compatibility
between the communicating devices.
○ Example of Data Formatting such as ASCII, EBCDIC, JPEG, BMP, MPEG, MP3,
etc..

Encryption
○ To add a layer of security for such transmissions, encryption can be used to
scramble up (encrypt) the data in such a way that if the data were intercepted, a
third party would not be able to unscramble it (decrypt).

Layer 7: The Application Layer
• The application layer provides application services to a network.
• An important, and often-misunderstood, concept is that end-user applications (for
example, Microsoft Word) do not reside at the application layer.
• Instead, the application layer supports services used by end-user applications.
• The Application Layer Processes are
 Application Services
 Service Advertisement
Application Services
○ Examples of the application services residing at the application layer include file
sharing and e-mail.
Service advertisement
○ Some applications’ services (for example, some networked printers) periodically
send out advertisements, making the availability of their service known to other
devices on the network.
○ Other services, however, register themselves and their services with a centralized
directory (for example, Microsoft Active Directory), which can be queried by other
network devices seeking such services.

❖ About Protocols
○ Protocols Connect
○ Protocols ( ) Standards
Protocol Technologies (Software or Hardware)
Companies Protocols
○ Internet TCP/IP Protocol Suites United States

Department of Deference (DOD) Agency Defense Advanced Research
Projects Agency (DARPA) 1960 Maintenance Internet
Engineering Task Force (IETF)
○ Protocol Hardware , Software ,
Hardware Software
 Networking Environment Protocols OSI Layer
 Application Layer Protocols
 Transport Layer Protocols
 Network Layer Protocols
 Link Layer Protocols (4)
Protocol Working Layer Protocol Names
Application Layer Protocols DNS , HTTP , SSL , Telnet , SSH , FTP , TFTP , NFS ,
SMB , SNMP
Transport Layer Protocols SPX , ATP , TCP , UDP
Network Layer Protocols NetBIOS , IPX , Apple Talk , IP , ICMP , IGMP , RIP ,
IGRP , EIGRP , ISIS , OSPF , BGP
Link Layer Protocols ARP , RARP , NDP , PPP , L2TP , PPTP
❖ Internet Protocols Suites

○ Network Layer Transport Layer Protocols Network
Protocols Protocols
○ Network Layer Transport Layer Protocols Layer' Protocols
Internet Protocols
Internet Protocols
○ Network Layer Protocol Transport Layer Protocol Internet Protocol Suite
○ Internet Protocol Suites

 IPX/SPX (NetWare)
 Apple Talk
 TCP/IP

❖ TCP/IP Protocols Suite
▪ TCP/IP Protocol Suite Protocols

 Telnet
 FTP
 DNS
 SMTP
 SNMP
 TFTP
 NFS
 DNS
 DHCP
 TCP
 UDP
 IP
 RIP
 IGMP
 ICMP
 OSPF
 ATM
 Ethernet
 HDLC
 PPP
 Frame Relay
 Token Ring
 FDDI

Link Layer Protocols
○ Link Layer OSI 7 Layers Layer 1 (Physical Layer) Layer 2 (Data Link
Layer) Protocols
○ Link Layer Protocols LAN WAN Protocols
 ARP
 RARP
 NDP
 SEND
 PPP
 Tunneling Protocols (L2TP , PPTP)
ARP
○ Address Resolution Protocol (RFC 826)
○ OSI 7 Layers Layer 2 (Data Link Layer) Protocol Layer 2
MAC Address Layer 3 IP Address Mapping Protocol
○ ARP IP Address MAC Address
IP Address IP Address MAC Address
○ ARP Protocol IP Address IP Address MAC Address

ARP Broadcast Network (Destination MAC Address
MAC Broadcast Address FF.FF.FF.FF.FF.FF Frame ARP Broadcast
Frame )
○ ARP Broadcast Frame Hosts (Host OS ARP
Protocol ) MAC Address ARP IP
Address Layer 2 Computer MAC Address
ARP on Data Link Layer Technologies

○ ARP Protocol Data Link Layer Technologies
 IEEE 802.3 (Ethernet)

 IEEE 802 (Wireless Technologies)
 X.25
 Frame Relay
 ATM
 FDDI

RARP
○ Reverse Address Resolution Protocol
○ RARP MAC Address IP Address Protocol
○ MAC Address IP Address Network IP Address Protocol
○ RARP Diskless Workstation Network Boot IP Address

Process
Inverse ARP (InARP)

○ Inverse Address Resolution Protocol is used to obtain Network Layer addresses of other
nodes from Data Link Layer addresses.
○ It is primarily used in Frame Relay (DLCI) and ATM networks, in which Layer 2
addresses of virtual circuits are sometimes obtained from Layer 2 signaling, and the
corresponding Layer 3 addresses must be available before those virtual circuits can be
used.
○ Inverse ARP map DLCI Number and IP Address.

Neighbor Discovery Protocol
• NDP or ND
• Internet Protocol Version 6 (IPv6) Protocol
• OSI Layers Data Link Layer (Layer 2) Physical Layer (Layer 1)
Protocol TCP/IP Model Link Layer Protocol
• IPv6 Network Environment NDP Protocol
▪ Address Autoconfiguration of Nodes

▪ Discovery of other nodes on link
▪ Determining addresses of other nodes
▪ Duplicate Address Detection (also called Address Resolution)
▪ Discovery of available routers
▪ Discovery of Address Prefix
▪ Discovery of DNS Servers
▪ Maintaining reachability of neighbor nodes
Neighbor Discovery Protocol Processes

• NDP Protocol Well-Known Processes
 Duplicate Address Detection (DAD) Process
 Address Resolution Process (ARP IPv6) Process
 Neighbor Unreachability Detection (NUD) Process
 Router Discovery Process
 Redirect Process

Secure Neighbor Discovery Protocol (SEND)
• Secure Neighbor Discovery Protocol (SEND Protocol) is a security extension of

Neighbor Discovery Protocol (NDP) used in IPv6 for the discovery of neighboring
nodes on the local link.
• SEND uses CGAs, a cryptographic method for binding a public signature key to an
IPv6.
• CGAs are used to make sure that the sender of a neighbor discovery message is the
"owner" of the claimed address.
• CGA is formed by replacing the least-significant 64 bits of the 128-bit IPv6 address
with the cryptographic hash of the address owner's public key.
Inverse Neighbor Discovery Protocol (IND)

• The Inverse Neighbor Discovery (IND) protocol extension allows nodes to determine
and advertise an IPv6 address corresponding to a given link-layer address, similar to
Reverse ARP for IPv4.

PPP
• Point-to-Point Protocol
• Point-to-Point Protocol (PPP) is a data link (layer 2) protocol used to establish a direct
connection between two nodes.
• It connects two routers directly without any host or any other networking device in
between.
• It can provide connection authentication, encryption, compression.
• PPP is also used over Internet access connections.
• Internet service providers (ISPs) have used PPP for customer dial-up access to the
Internet, since IP packets cannot be transmitted over a modem line on their own,
without some data link protocol.
• PPP is used over many types of physical networks including serial cable, phone line,
trunk line, cellular telephone, specialized radio links, and fiber optic links such as
SONET.

Ethernet Frame Format
• OSI Layer 2 Ethernet Frames Ethernet Versions
4
▪ IEEE 802.3 Ethernet (Ethernet Version 1) (1970) (Novell Used)

▪ IEEE 802.3x Ethernet Version 2 (DIX Frame) (1997) (Today Used)
▪ IEEE 802.2 Logical Link Control (LLC Frame) (1998) (Local and MAN)
▪ IEEE 802.2 Subnetwork Access Protocol (SNAP Frame)
(Used by IS-IS Protocol to reach neighbor) (1998)
Preamble Field
• Preamble Field Original Ethernet Version 56 bits (7 bytes) Field
Ethernet Version 2 64 bits (8 bytes)
• Communication Nodes Clock Synchronize Field
• Series of bits Frame Sender Receiver Preamble Value

Detect
• Preamble Field 56 bits OR 64 bits bit patterns 10101010 10101010
10101010 10101010 10101010 10101010 10101010
Receiver Frame Point
• Frame Capture Software Hexadecimal 0x55 0x55 0x55 0x55 0x55 0x55
0x55

SFD Field
• Start Frame Delimiter
• Original Ethernet Version 1 Frame Ethernet Version 2 SFD Field
• SFD Field Frame (Destination MAC Address) Value Point
• Preamble 54 bits 8 bits SFD Field Value

10101011 Software 0xD5
Frame Header
• Ethernet Version 2 Frame Preamble Value
Fix Value Frame Header
• Layer 2 Frame Header Destination MAC Address Field
Layer 2 Frame Header Fields
 Destination MAC Address Field
 Source MAC Address Field
 VLAN Tagging Field <Optional>
 Type/Length Field
Frame Trailer and FCS

• Ethernet Frame Trailer Frame Check Sequence (FCS) Field
• FCS Field 16 bits (4 bytes) Field Ethernet Field CRC (Cyclic
Redundancy Check) Value
• Layer 2 FCS Field (FCS Value Field) Entire Frame

VLAN Tagging
• VLAN Tagging Field Frame VLAN
Information Field
• VLAN Field Optional Native VLAN or VLAN VLAN
VLAN ID Information
• VLAN Tagging Filed 4 bytes TPID TCI Sub-Field
• TPID (Tag Protocol Identifier) Field 2 bytes 0x8100 Value
Receiver Interface Frame VLAN Tag
Information Indicate Field
• TCI (Tag Control Information) Field 2 bytes VLAN ID Information
TCP Field Format VLAN Priority
Information 802.1p standard First 3 bits
Priority Information
Destination Address Filed

• Destination MAC Address Field 48 bits (6 bytes)
Source Address Field

• Source MAC Address Field 48 bits (6 bytes)
Type/Length Field
• Ethernet Version 1 (802.3) Length Field Ethernet Version 2 (802.3x)
Type Field
• Type/Length Field 16 bits (2 bytes) Payload (Layer 2) Data Link
Layer Protocol 'EtherType' Field

Inter Frame Gap
• 'Inter Frame Gap' or 'Interframe spacing'
• 'Inter Frame Gap' or 'Gap' Ethernet Data Amount Node
Node
'Gap' Unit 'seconds (s)'
• Frame Frame
'Inter Frame Gap'
• Inter Frame Gap Value Interface Transfer Rate Connection Speed (Network
Medium Speed)
• 12 bytes Data Transfer Fast Ethernet Gap
9.6 microseconds Gigabit Ethernet Gap 0.096 microseconds
9.6 µs for 10 Mbit/s Ethernet,

0.96 µs for 100 Mbit/s (Fast) Ethernet,
96 ns for Gigabit Ethernet,
38.4 ns for 2.5 Gigabit Ethernet,
19.2 ns for 5 Gigabit Ethernet,
9.6 ns for 10 Gigabit Ethernet,
2.4 ns for 40 Gigabit Ethernet, and
0.96 ns for 100 Gigabit Ethernet.

❖ Network Layer Protocols
○ OSI 7 Layers Layer 3 , Network Layer Protocols
○ Network Layer Protocols
 Logical Addressing (Layer 3 Addressing) Function
 Routing Functions (Packet Forwarding) Function
○ Network Layer Protocols

• NetBIOS
• IPX
• Apple Talk
• IP
• ICMP
• IGMP
• Routing Protocols (RIP , IGRP , EIGRP , ISIS , OSPF , BGP , etc..)
 NetBIOS , IPX , Apple Talk , IP , ICMP IGMP Addressing Addressing
Protocols RIP , IGRP , EIGRP , ISIS , OSPF , BGP
Packets Forwarding Routing Protocols
❖ Routable Protocols vs. Non-Routable Protocol

○ Network Layer Protocols LAN Router
( LAN LAN
)2
1. Routable Protocol
2. Non-routable Protocol Types 2
 Router Protocols Routable Protocols
 Router Protocols Non-routable Protocols
➢ Network Layer Protocols Layer Protocols
Router Non-Routable Protocols Network Layer
Protocols IP , IPX , Apple Talk Routable Protocols
NetBIOS NetBIOS Non-routable Protocol
➢ Non-Routable Protocols Routing Protocols (RIP , EIGRP , OSPF , etc..)

Route Router Routable Protocols
❖ Routing Protocol vs. Routed Protocol

○ Packet Forwarding Function RIP , EIGRP , OSPF , etc.. Routing
Protocols Routing Protocols Routing
Protocols Routed Protocols

❖ NetBIOS
○ Network Basic Input/Output System
○ NetBIOS Application Network Nodes NetBIOS
Name Communication
○ NetBIOS OSI 7 Layer TCP/IP Protocol Suite
Communication Protocol Network Protocol (Network Layer
Protocol) OSI 7 Layer Layer
NetBIOS Transport Layer Session Layer
Protocol
○ NetBIOS IBM PCs Sytek Inc. 1983
Microsoft Develop
○ NetBIOS Protocol Communication LAN Communication

NetBIOS Protocol non-routable protocol
○ IBM PC Network LAN Technology 1983 NetBIOS

Protocol non-routable protocol
○ 1985 IBM Token Ring Network NetBIOS Emulator
NetBIOS Extended User Interface (NetBEUI) Named
○ NetBEUI Microsoft IEEE 802.2 LLC Layer New

NetBIOS Protocol NetBIOS Frames Protocol (NBF protocol)
NetBIOS Network Mediums OSI 7 Layers
Compatible Protocol
○ 1985 NBF Microsoft Operating Systems Windows 95 Windows
2000 OS Built-In LAN NetBIOS Name
Communication
○ 1986 , Novel NetWare 2.0 NetWare IPX/SPX Protocol
Suite NetBIOS over IPX/SPX (NBX) Protocol
NetBIOS Routable Protocols IPX/SPX
Routable Protocol
○ 1987 NetBIOS TCP UDP Packets Encapsulate IP Protocol
Carry NetBIOS over TCP/IP (NBT)
NetBIOS TCP/IP Protocol Suite Routable Protocol
○ NetBIOS Easy Install Configure

NetBIOS Services
○ NetBIOS Services
1. NetBIOS-NS (NetBIOS Name Service Name Registration Name
Resolution )
2. NetBIOS-DGM (Datagram Distribution Service Connectionless
Communication )
3. NetBIOS-SSN (Session Service Connection-oriented Communication
)
NetBIOS-NS
○ Name service operates on UDP port 137 (TCP port 137 can also be used, but rarely is).
○ The name service primitives offered by NetBIOS are:
▪ Add name – registers a NetBIOS name.
▪ Add group name – registers a NetBIOS "group" name.
▪ Delete name – un-registers a NetBIOS name or group name.
▪ Find name – looks up a NetBIOS name on the network.
 NetBIOS name resolution is not supported by Microsoft for Internet Protocol Version 6
(IPv6)
NetBIOS-DGM
○ Datagram mode is connectionless; the application is responsible for error detection and
recovery. In NBT, the datagram service runs on UDP port 138.
○ The datagram service primitives offered by NetBIOS are:
▪ Send Datagram – send a datagram to a remote NetBIOS name.
▪ Send Broadcast Datagram – send a datagram to all NetBIOS names on the
network.
▪ Receive Datagram – wait for a packet to arrive from a Send Datagram operation.
▪ Receive Broadcast Datagram – wait for a packet to arrive from a Send Broadcast
Datagram operation.
NetBIOS-SSN
○ Session service runs on TCP port 139.
○ The session service primitives offered by NetBIOS are:
▪ Call – opens a session to a remote NetBIOS name.
▪ Listen – listen for attempts to open a session to a NetBIOS name.
▪ Hang Up – close a session.
▪ Send – sends a packet to the computer on the other end of a session.
▪ Send No Ack – like Send, but doesn't require an acknowledgment.
▪ Receive – wait for a packet to arrive from a Send on the other end of a session.

NetBIOS Advantages
○ Computer Name NetBIOS Network
Communication
○ Name Computer
NetBIOS Name
○ NetBIOS Name 16 ASCII Characters Computer Name
NetBIOS Name 15 NetBIOS Name 1 ASCII
Character NetBIOS Suffix
 NetBIOS ASCII Characters 15 Device
Unique Name
 ACSII Character 1 NetBIOS Suffix Name
NetBIOS Running Computer
Service Offer Suffix Name Suffix
Name Run OS Service
NetBIOS Protocol Auto
Unique names
00 Workstation Service (workstation name)
03 Windows Messenger service
06 Remote Access Service
20 File Service (also called Host Record)
21 Remote Access Service client
1B Domain Master Browser – Primary Domain Controller for a domain
1D Master Browser
Group names:
00 Workstation Service (workgroup/domain name)
1C Domain Controllers for a domain (group record with up to 25 IP

addresses)
1E Browser Service Elections

NetBIOS Name Configuration
○ NetBIOS Name Run > sysdm.cpl > Computer Name Tab > Change >
"Computer Name"
▪ Computer Name NetBIOS Name Auto Computer

Name NetBIOS Name
Computer NetBIOS Name More Button
○ Computer NetBIOS Services NetBIOS Suffix Name
▪ cmd > nbtstat -a " IP"

▪ Network Computer cmd> nbtstat -a
"IP Address"
NetBIOS and WINS

○ Microsoft Network NetBIOS Name TCP/IP Protocol
NetBIOS WINS Microsoft NetBIOS Name Server
(NBNS)
○ WINS Function Network Nodes Statically OR
Dynamically NetBIOS Names Node' IP Addresses Mapping
TCP/IP Protocol NetBIOS Protocol
○ WINS Server Network Computers NetBIOS Name IP Address

Node NetBIOS Name IP Address
○ Computer WINS Server NetBIOS Name IP Address Registered

Network Card WINS Server Address

Enable NetBIOS over TCP/IP
1. Click Start, and then click Network. (Or you type ncpa.cpl into the search box, and
press ENTER).
2. Click on the Network and Sharing Center, and then click Manage Network
Connections.
3. Right click on the Local Area Connection or the connection you are using, and then
select Properties.
4. Select the Internet Protocol version 4 (TCP/IPv4)
5. Click the Advanced button under the General tab.
6. Click the WINS tab.
7. Click the Enable NetBIOS Over TCP/IP button.

❖ NBTSTAT
○ NBTSTAT Command NetBIOS Over TCP/IP Troubleshooting Tool
○ NetBIOS System Startup Computer Computer Name
IP Address NetBIOS Name Cache Table
○ NetBIOS NetBIOS Name 16 ASCII Characters Real 15
Characters 1 Characters NetBIOS Suffixes Names
○ NetBIOS Suffixes Computer NetBIOS Services 1
Offer Different NetBIOS Services NetBIOS Suffixes Names
○ Most Services NetBIOS Suffixes
○ NBTSTAT -c NetBIOS Name Cache Table

○ NBTSTAT -n Local Computer Register NetBIOS Services
○ NetBIOS Name Cache Table Computers Computer Name IP

Address
○ NetBIOS Name Cache Table Broadcast Name Resolve (OR) WINs Server
Entries Update

○ NBTSTAT -a (Remote System IP Address) Remote Computer NetBIOS Name
Cache Table
○ NBTSTAT -s (-s lower Character Local Computer -S upper Character

Remote Computer ) Computer NetBIOS
Services
○ NBTSTAT -R Local Computer NetBIOS Cache Table Delete

❖ IPX
○ Internetwork Packet Exchange
○ Novell Develop Novell NetWare NOS
○ IPX Address Computers Auto Assign
○ IPX Address Hexadecimal Numbering System 20 Hexadecimal
Characters (80 bits)
○ 8 Network ID 12 Computer
Network Card MAC Address Network ID MAC Address . (.
Period , dot)
○ 0BADBEEF Computer's Network Card MAC address = 00-90-4B-4C-C1-59
MAC Address - 0BADBEEF.00904B4CC159
○ Networks Network ID
○ IPX Address Network ID . MAC Address
❖ Apple Talk
○ Apple Talk Macintosh Environments Communication
Protocol
○ Apple Talk Protocol Suite Apple Hardware / OS Compatible
○ Apple Talk Protocol Address 32 bits Numeric Numbers

Statically Assign
(16 bits Network Numbers / 8 bits Node Numbers / 8 bits Socket Number)
○ PCs Start Network Admin Configure Zone ID Address
Information Apple Talk Run Computer LocalTalk Link Access
Protocol (LLAP) Admin Zone ID
Address LLAP Randomly Generate
○ AFP Apple Protocol Apple Talk Filing Protocol
○ Apple Talk Phase ( )
1. Phase 1
○ Phase 1 Small Workgroup Environment
○ Nodes Support
○ Phase 1 non-extended networks Phase 1
Network Sub-networks
2. Phase 2
○ Phase 2 Large Network
○ 200 Nodes Support
○ Phase 2 Extended Networks Multiple Networks
Subnet

Internet Protocol
○ Internet Protocol (IP)
○ DARPA DOD Create
○ Network Layer IP Transport Layer TCP
Protocol TCP/IP Protocol Suite
○ IP de-facto Standard Open Open Standard Protocol
(Vendors )
○ Protocols Internet Protocol (IP) Open
○ IP Services
 Routing
 Addressing
 Name Resolution
 Application Support
○ Internet Protocol (IP) Only IP Protocol Connectionless (Unreliable)
Protocol
○ Reliable Internet Protocol (IP) TCP

About Routing Process
○ Network Packet Network Forward
Process Routing
○ Routing Process Forward Packet Destination Address

Source Address
○ Destination Address Destination Address Routing Table

Route Path Packet Forward
○ Routers Host Routers Networks

Route
 Host Route Host Route
○ Packets Route Routers
 Destination Address
 Neighbor routers from which it can learn about remote networks
 Possible routes to all remote networks
 The best route to each remote network
 How to maintain and verify routing information

Routing Table
○ Routers Packets Destination IP Address
Routing Table Forward
○ Routing Table Route Entries Route Entries Packets

Forward Route Path (Route )
○ Route Path (Route Entry)

 Destination IP Address Router Outgoing Interface OR
 Destination IP Address Next Hop Address Match
Entries
Route Path with Outgoing Interface
Destination IP Address Outgoing Interface
192.168.1.0 /24 Gig 0/0
Route Path with Next Hop Address
Destination IP Address Next Hop Address
172.16.1.0 /30 10.1.1.1 /24
 Network IP Address Packets Destination Network IP Address

Range
 Outgoing Interface Packets Forward Router Interface
 (Outgoing Interface Exit Interface )

 (Microsoft Gateway Address )
 Next Hop (Address) Router Router
Interface Network Router Interface
Neighbor Router Interface
○ Routing Protocols Next Hop Address

Router IP Address

Routing Path Types and Routing Sources
○ Routing Sources Router Routing Table Routes
(Route Paths)
○ Router Routes (Route Paths)
▪ Directly Connected Routes

▪ Static Routes
▪ Default Routes
▪ Dynamic Routes
Directly Connected Route

○ Cisco Router Interfaces Static Route
Dynamic Routing Protocol Enabled Interfaces
Network
○ Interface Packet Interface Static Route
OR Dynamic Route Forward
○ Cisco Router Directly Connected Networks
Static Route Path Dynamic Routing Protocol Run Network
○ Cisco Router Interfaces Routes Network

Packet Switching
○ Packet Switching Cisco Router Interface Assign IP
Address Network IP Address Route Path Routing Table
Route Paths Directly Connected Routes
○ Directly Connected Routes Auto Manually
○ Auto Directly Connected Routes Default AD Value 0
Routers Routing Table Route Paths Routing
Decision AD Value 0 Directly Connected Routes

Static Routing or Static Route
○ Static Routing Router Routing Table Manually Routes
○ Route Path Router Routing Table Routing

Processes Route Paths Static Route Paths
○ Static Route Paths Default Administrative Distance (AD) Value 0 or 1

Static Route Path
 Static Route Path Add Command Next-Hop Address Route

Administrative Distance 1
 Static Route Path Add Command Exit Interface Route

Administrative Distance 0 Exit Interface Directly
Connected Interface 0
○ Static Routes Routing Table Static Route

Next-Hop Address Alive Outgoing Interface
Network Network Static Route Routing Table
○ Static Routing
○
▪ Dynamic Routing Router CPU Overhead
▪ Dynamic Routing Protocols Dynamic Routing Protocols
Routing Updates Bandwidth Loading
Internet Loading Costs
▪ Security Network Path Route
Secure
○
▪ Network Administrator Routes Manually
▪ Network Routes
▪ Routes Network Fail
▪ Manually Routes Maintain t
Host Route
 Host Route Path Static
Route Host Route Static Route

Default Routing or Default Route
○ Default Route Dynamic Routing Protocol Entry Automatic
Route Entry Administrator Manually Route
○ Default Route Static Route

○ Default Routing Router Packet Destination IP
Routing Table Routes Packet
Route
○ Destination Network Packet Default Route
Next Hop
○ Router Default Route Router Destination

Packet Default Route Route
○ LAN Packets Default Route Route Path

Routers Static Routes
○ Default Route Multiple Static Routes Single

Static Default Route Networks Routes
○ Static Default Route Network Loop
○ Router Default Route (Static Default Route Path) Route

Multiple Routers Multiple Routers
Default Route Network Loop

Dynamic Route Static Route
Facts Dynamic Routing Static Routing
Configuration • Network Size • Network Size

Complexity Configuration Configuration
Required Administrator • Network Administrator • Network Administrator

Advanced Knowledge Extra Knowledge
Topology Changes • Network Design (Topology) • Network Design (Topology)

Change Dynamic Routes Change Routes
Administrator
No Auto Change
Scaling • Simple Network Design • Simple Network Design

(Topology) (Topology)
Network Design
(Topology)
Security • Less Secure ( • More Secure (Administrator

Networks Networks
Auto Route ) Route )
Resource Usage • CPU , Memory , Network • No Extra Resources Needed

bandwidth Resources
Predictability • Network • Network

Route Route
Topology
Routes

Dynamic Routing Process
○ Dynamic Routing Dynamic Routing Protocols Networks
Networks Route Paths Router Routing Table Update
○ Routing Table Automatically Routes (Route Paths)
○ Dynamic Routing Static Routes or Default Route

○ Dynamic Routing Protocols Run
▪ Performance Routers
▪ (Errors Security ) Internetwork Special

Configuration
▪ Internetwork Internet Link Internet usage
○ Dynamic Routing Routes (Route Paths) Auto Routing Protocols
○ Routing Protocol Router Rules Routers

Routing Information Communicate Programs
○ Routing Table Static Routes Dynamic Routing Protocols RIP

EIGRP Routes Advertise Dynamic Routing Protocols
Routing Table Route Paths Shared
Routing Table Static Routes Shared

Routing Protocols and Timeline
○ Dynamic Routing Protocols

▪ EGP (1982)
▪ IGRP (1985)
▪ RIPv1 (1988)
▪ IS-IS (1990)
▪ OSPFv2 (1991)
▪ EIGRP (1992)
▪ RIPv2 (1994)
▪ BGP (1995)
▪ RIPng (1997)
▪ BGPv6 & OSPFv3 (1999)
▪ IS-ISv6 (2000)
○ Routing Protocols ( ) AS
1. Interior Gateway Protocols

2. Exterior Gateway Protocols
○ Routing Protocol Routing Protocols (4)

1. Distance Vector Routing Protocols
2. Link State Routing Protocols
3. Hybrid Routing Protocols
4. Path Vector Routing Protocols

Interior Gateway Protocols (IGPs)
▪ IGP (Interior Gateway Protocol) Routers AS
▪ Autonomous System (AS) Routers
Routing Information Routing Protocols
▪ AS Number Routers Routing Information Exchange
▪ AS Number Routers Routing Information Exchange
▪ AS Number Routing Protocols IGPs
▪ Interior Gateway Protocols Distance Vector Routing Protocols

Link State Routing Protocols
▪ Interior Gateway Protocols

▪ RIP
▪ RIPv2
▪ RIPng
▪ IGRP
▪ EIGRP
▪ EIGRP for IPv6
▪ OSPFv2
▪ OSPFv3
▪ IS-IS
▪ IS-IS for IPv6

Exterior Gateway Protocols (EGPs)
▪ EGP (Exterior Gateway Protocol) AS Routing
Information Routing Protocols
▪ AS Network EGPs Protocol
IGPs Protocol AS IGPs Protocol AS
EGPs Protocol
▪ Border Gateway Protocol (BGP) EGP Protocol
▪ EGP AS Routing Protocol

▪ AS Number Routing Protocols
EGP Routing Protocols
▪ Exterior Gateway Protocols

▪ BGPv4
▪ BGPv4 for IPv6
Cisco Support Routing Protocols

○ Cisco IOS IOS Version 12.3 IGRP Protocol Support
○ Cisco IOS Version 12.3 IOS Standard Support Routing Protocols
▪ RIPv1
▪ RIPv2
▪ RIPng
▪ EIGRP
▪ OSPF
▪ BGP

Types of Dynamic Routing Protocols
○ Dynamic Routing Protocols 4
1. Distance Vector Routing Protocols

2. Link State Routing Protocols
3. Hybrid Routing Protocols
4. Path Vector Routing Protocols
1.Distance Vector Routing Protocols

○ Vector Magnitude and Direction Arrow
○ Magnitude Links
○ Direction Next Hop Address
○ Distance Vector Routing Protocols Routes (Route Paths)

Route Path Distance ( ) Routing Protocols
○ Distance Vector Protocol Directly Connected Routers

Remote Paths The Whole Internetwork Route Paths
○ Route Paths Destination Route Path

Route Paths Distance Metric Value Best Route
○ Distance Vector Routing Protocol Destination Network Entire

Internetwork Route Paths Route Path
Router Route Paths Best Route Path
Metric Routing Protocol
○ Routing Table Route Paths Route Path
Destination Address ( Direction) Metrics ( )
○ Routing Table Destination Address Metrics Routes

(Route Paths) Adjacency Routers Shared
Process The Whole Internetwork Route Paths
Shared
○ Distance Vector Routing Protocols RIP , RIPv2 , RIPng , IGRP , EIGRP , EIGRP
for IPv6

2.Link State Routing Protocols
○ Link State Routing Protocols Shortest-Path-First Protocols
○ Internetwork Entire Route Paths

Routes Algorithm
○ Link State Routing Protocols Internetwork Link State
Protocol Routers Routing Information Link State
Database
○ Link State Database Internetwork Entire Route

Paths Network Map
○ Network Map Internetwork Link State Routing Protocol Routers

Link State Protocol
Link State Database Network Map Shared
○ AS or Routing Protocol Area Link State Routing Protocols

Routers Identical Network Map
○ Networks Network Map (Routes) Link State Routing

Algorithms Best Routes
○ Link State Database (Network Map) Link State Algorithm

Best Routes Link State Routing Protocols Table 3
1. Directly Connected Routers Routes Table

(Neighbor Table)
2. Internetwork Topology (Network Design)

Table
(Topology Table)
3. Routing Table
○ Link State Routing Protocols Distance Vector Routing Protocols

Internetwork Routes
○ Link State Routing Protocols OSPFv2 , OSPFv3 , IS-IS , IS-IS for IPv6

3.Hybrid Protocol
○ Hybrid Protocol Distance Vector Protocol Link State Protocol
( ) Routing Protocols
○ EIGRP Distance Vector Routing Protocols Link State Routing
Protocols EIGRP Hybrid Routing Protocol
○ Cisco EIGRP Advanced Distance-Vector Routing Protocol
4.Path Vector Routing Protocols

○ Exterior Gateway Protocols BGP Path Vector Routing Protocols
○ Path Vector Routing Protocols
○ BGPv4
○ BGPv4 for IPv6
Differences Between Distance Vector Routing Protocols and Link State Routing Protocols
○ Distance Vector Routing Protocols Link State Routing Protocols
 Distance Vector Routing Protocols Destination Network Route

Paths Entire Internetwork Network Map (Route Paths)
Destination Network Routes Routes
Algorithm
 Link State Routing Protocols Entire Internetwork Networks

Routes (Network Paths) Router
Entire Internetwork Network Paths (Routes)
Destination Network Routes Algorithm (Route)
Network Path

About NAT
○ Network Address Translation
○ NAT Private IP Address (RFC 1918) Public IP Address
○ IPv4 Address Space NAT
(IPv6 for future)
○ NAT Internet Route Private IP Address Route
Public IP Address
 NAT is supported for IPv4 Unicast only.
 NAT works at layer 3 because it is modifying the IP header.
 PAT also working at layer 4 as well because it MIGHT change the source port of the packet.
 Nat is a cross-layer process. It involves at least layers 3 (IP) and 4 (TCP, UDP, etc).
Types of NAT
○ NAT Features NAT 3
1. Static NAT (One to One)
2. Dynamic NAT (Many to Many)
3. NAT Overloading (PAT) (Many to One)

NAT Working Flows
○ Private IP Address 10.1.1.0 /8 Internet

Router Private IP Address 10.1.1.0 IP Range Internet
Route
○ Packets Router Internet Router NAT Service

Run
○ NAT LAN Send Source IP Address (Private IP Address) 10.1.1.0

IP Ranges Packets WAN Interface IP (Public IP Address) 4.4.4.4
Internet
 LAN Packet NAT Router LAN Interface

Packet Source IP Address Client Private IP Address
10.1.1.100
 LAN Interface Router NAT Service Packet Source IP

Address 10.1.1.100 Private IP Address Public IP Address WAN
Interface IP Address 4.4.4.4 WAN Interface Forward
 LAN Packet Router WAN Interface Source IP Address

Private IP Address Public IP Address
○ 4.4.4.4 4.4.4.4 Public Routable IP Address Network

Route Packets Destination Address 3.3.3.3 Web Server
○ Web Server Packets Request Reply Packets Source Address

4.4.4.4 (Router WAN Interface IP Address) Reply Packets
○ Web Server Packets Source IP Address Reply Destination IP

Address Internet Reply

○ Reply Packets Internet Routers Packets Destination IP Address
NAT Router WAN Interface (4.4.4.4) Forward
 NAT Server WAN Interface Packets Source IP Address Web

Server IP Address 3.3.3.3 Destination IP Address NAT Server WAN Interface
IP Address 4.4.4.4
○ NAT Server WAN Interface Packets Destination IP Address

WAN Interface IP Address NAT Service
NAT Router Configure NAT Convert Information Table (NAT Translation
Table)
○ NAT Convert Information (NAT Translation Table)

 Interface (LAN Port ) Private IP Address (10.1.1.0) Packets
Public IP Address (4.4.4.4)
 Interface (WAN Port ) Public IP Address Address (4.4.4.4)

(Router WAN Interface IP Address) Private IP Address (10.1.1.0)
Information
○ NAT Translation Table NAT Router Packet Destination IP Address

(4.4.4.4) Public IP LAN Interface IP Private IP Address (10.1.1.0)
○ NAT Router Packets Source IP Address 3.3.3.3

(Web Server Address) Destination IP Address Public IP Address (4.4.4.4)
Private IP Address (10.1.1.0) (Client PC IP Address Range) Address
○ NAT Router NAT Packet Destination IP Address

LAN Interface IP Address Range NAT Service
Packets Router LAN Interface Forward
○ NAT Router LAN Interface Reply Packet Destination IP Address

Network IP Range Packet Frame Create Packets De-
Encapsulate
○ De-Encapsulate Destination MAC Address NAT Router

LAN Interface Client

NAT Advantages and Disadvantages
Advantages Disadvantages
• Conserves legally registered address • Translation introduces path delays
• Hide Internal Network • Certain Applications will not function with

NAT
• Increase flexibility in IP Address Design • Can't trace from outside
• Eliminates address renumbering as ISP

Changes
Advantages of NAT(NAT )
○ Legally Registered Addresses
○ IP Addresses
○ Internal Network WAN
○ Network IP Address Convert The Whole
Network IP
Disadvantages of NAT (NAT )

○ NAT Translating ( ) Delay
○ NAT IP Trace
○ Applications NAT

NAT and One Way Forwarding
 NAT Types Static NAT , Dynamic NAT PAT One Way Forwarding
▪ LAN WAN (LAN Client WAN

Computer Access
▪ WAN LAN Access (WAN Computers

Private LAN Computer
NAT Device LAN WAN Translation Mapping
WAN LAN Translation Mapping
 One Way Forwarding NAT Configuration WAN LAN

Swap LAN WAN WAN
(Public IP Address) Private IP Address Configured WAN LAN
Access
 NAT IP Addresses Routable IP Address (Public IP Address)
Non-routable IP Address (Private IP Address)
NAT and Translation Address
 NAT Translation LAN WAN Packet

NAT Packets Source IP Address Translation
Destination IP Addresses
 WAN LAN Reply Packet NAT Packets

Destination IP Address Translation Source IP Addresses
NAT & Routing Procedure
 Does NAT occur before or after routing?
 The order in which the transactions are processed using NAT is based on whether a
packet is going from the inside network to the outside network or from the outside
network to the inside network.
 Inside to outside translation occurs after routing..
 Outside to inside translation occurs before routing

NAT and Default Routing
○ NAT Internet Router OR Routing Server Public IP Address
Private IP Address
○ NAT DATA Transfer NAT

Packet Translation Data Packet Router Interface
Forward
○ NAT Device Routing Public IP Address Private IP Address

Traffics Flow
○ Default Routers NAT Service Enabled Auto Routing On
○ Router Directly Connected Networks Auto Routing

Dynamic Routing Static Routes Configure Router Interfaces
Network
○ Internet NAT Router Public IP Address Interface

Private IP Address Interface Directly Connected Routes Auto Routing

NAT & NVI
• The NAT Virtual Interface (NVI) feature removes the requirement to configure an interface as
either Network Address Translation (NAT) inside or NAT outside.
• The NAT Virtual Interface feature allows all NAT traffic flows on the virtual interface,
eliminating the need to specify inside and outside domains.
• NVI allows traffic between overlapped VPN routing/forwarding (VRFs) in the same Provider
Edge (PE) router, and traffic from inside to inside between overlapping networks.
• When a NAT pool is shared for translating packets from multiple networks connected to a
NAT router, an NVI is created and a static route is configured that forwards all packets
addressed to the NAT pool to the NVI.
• When NAT configuration made, NVI will automatically created..
 NVI Interface ID starting from 0...
Router(config)#int e0/0
Router(config-if)#ip nat inside
• Look NVI Interface via,

Router#sh ip int br or
Router#sh interfaces
○ Only one NVI Interface is required for single instance of NAT.
NAT support Interfaces

• The Cisco device supports NAT on the following interface types:
 Routed ports (Physical / Virtual)
 Switch Virtual Interfaces (SVIs)
 Layer 3 port channels

Packet and Datagram
• OSI 7 Layer Network Layer Layer 3 Data (Information + Real

Data) Packet
• Packet Datagram Layer 3 Data
Datagram Layers Data Datagram
Network Layer (Layer 3) Connection Less Communication
Data Redundancy Guarantee Layer Datagram
• Data Link Layer (Layer 2) frame Datagram

• Internet (Packet Switching Network) Data
Packet or Datagram
IPv4 Packet Layout
• IPv4 Packet
 Layer 3 Information Header
20 bytes 60 bytes
 Upper Layer (7 to 4) Information Data SDU
Data Portion
• Network IP Packet Size Header Only Data
20 bytes 65,536 bytes

IP Fragmentation
▪ Layer 3 Packet Maximum Size Header Total Length Field 16 bits
65,536 bytes Lower Layers Layer 2 (Data Link
Layer) Layer 1 (Physical Layer) Limitation Network IP Packet
Size Maximum Size 65,536 bytes
▪ Ethernet Physical Layer Limitation MTU Size (Maximum
Transmission Unit) 1500 bytes IP Packet Network
65,536 bytes
▪ IP Packet 1500 bytes Sub-Packets (Sub-Datagrams)
Fragmentation
▪ IP Fragmentation Process Network Layer (Layer 3) Process
▪ Packet Generate Host' Network Interface Card or Packet

Router Fragmentation Process
▪ Operating Systems Default MTU Size 1500 bytes
Packets Max 1500 bytes Packets
▪ IPv4 Routers Packet Connect
Connection Configuration Fragmentation
▪ IPv6 Hosts Default Gateway Router
Communicate MTU Size Negotiate IPv6 Routers
Fragmentation (Routers IPv6 Packets
Fragmentation )
▪ Destination Host Packets (Fragments) Reassembled

MTU
• Maximum Transmission Unit
• MTU Layer 3 (Network Layer) Protocol Data Unit (PDU)

Maximum Size Limit MTU Size Header Size Payload Size
• Layer 2 Frame Size Layer 3 Packet Payload Size

MTU Size Defined
• Layer 2 Frames Network Router

Operating Systems Frame Max Size Layer
3 MTU Size Layer 2 Frame Maximum Size
Layer 3 MTU Size Nearly
• Maximum Ethernet Frame Size 1518 bytes 18 bytes

Layer 2 Header Trailer (FCS) Field Layer 2 Payload
Maximum Size 1500 bytes
• MTU Size Communication Interface Outgoing

Interface MTU Size Packet Next
Hop Interface (Gateway) MTU Size Next Hop Interface (Gateway) MTU
Size
• MTU Size Payload Size "Bytes" Payload Octets
• Ethernet Frame 1518 bytes Gateway Interface MTU Size 1500

bytes 18 bytes Layer 2 Layer 3
Information Router Layer 2 Header Trailer Drop
• VLAN Information (IEEE 802.1Q) OR QoS Information Ethernet Frame

Gateway Interface MTU Size 1500 bytes 22 bytes 1522 bytes

MTU Sizes
Media or Interface MTU Size (bytes)
Internet Path IPv4 Min 68 bytes to Max 64KB (64,000 bytes)
Internet Path IPv6 Min 1280 bytes to Max 64KB (With Jumbogram up to 4GB)
Ethernet v2 Min 64 bytes to Max 1500 bytes (Current Used Ethernet)
Ethernet v1 (Original) Min 64 bytes to Max 1492 bytes (Ethernet LLC and SNAP)
Ethernet Jumbo Frames Min 1501 bytes to Max 9198 bytes
PPoE over Ethernet v2 Min 64 bytes to Max 1492 bytes
DS-Lite over PPoE Min 64 bytes to Max 1452 bytes
WLAN (802.11) Min 64 bytes to Max 2304 bytes (Encryption Added More)
(WEP 8 bytes, WPA-TKIP 20 bytes, WPA2 16 bytes)
Token Ring (802.3) Min 64 bytes to Max 4464 bytes
FDDI Min 64 bytes to Max 4352 bytes
Rant Frames (Runts)

• Standard Minimum Size Frames Runts
• Received Interface or Router Interface Drop

Viewing Current Interface MTU Size
CMD>netsh interface ipv4 show interfaces
Testing MTU Size
CMD>ping "SiteName" -f -l "Size"

IPv4 Packet Format
• IPv4 Packet Header Min Size 20 bytes to Max 60 bytes Size Fields
 Version Field (4 bits)

 HLEN or IHL Field (Internet Header Length) (4 bits)
 Service Field (8 bits)
 Total Length Field (16 bits)
 Identification Field (16 bits)
 Flags Field (3 bits)
 Fragmentation Offset (13 bits)
 TTL Field (Time To Live) (8 bits)
 Protocol Field (8 bits)
 Header checksum Filed (16 bits)
 Source IP Address Field (32 bits)
 Destination IP Address Filed (32 bits)
 Options Filed (32 bits)

Version Field
• Version Field Internet Protocol Version Field
• 4 bit Field Internet Protocol Packet Version 4 Version 6
• Version 4 Hexadecimal Value 4
HLEN Field or IHL Field

• Header Length Field (HLEN) Internet Header Length (IHL)
• IP Packet Header Length Field
• IP Packet Header Length Minimal 20 bytes Maximum 60 bytes
Field Value Min 20 to Max 60
• Field Width 4 bits Field Value
0 to 15
• Internet Protocol Header Size Multiple of 4 bytes (Multiple of 32 bits)
• Header Length Field Value 5 (5 x 4 = 20) Packet Header Length 20

bytes Value 15 (15 x 4 = 60
bytes)

Service Field
• Service Field Types of Service (TOS) Field
• IP Packet (Datagram) Priority, Route Delay, Reliability,.. Packet Priority
Information Quality of Service (QoS) Field
Service Type Field
• 8 bits Field Service Filed 3 bits Precedence Value 5 bits
Types of Service Value Field DSCP & ECN
Filed
• 6 bits Differentiated Services Code Point (DSCP) Value 2 bits

Explicit Congestion Notification (ECN) Value
• ECN marking in routers is dependent on some form of active queue management.

Total Length Field
• IP Packet (Datagram) Total Capacity (bytes) Field
(Header + Data)
• 16 bits Width IPv4 Packet (Datagram) Maximum Size
65,535 bytes
Identification Field
• Interface Packet Source Identification Field
Information Fragmented Pieces Reassembly
• 16 bits Field Fragmented Piece (Sub-Packet) Unique Identifiers Value
• Packet Multiple Packets Fragmentation

Multiple Packets Identification Field Value Original Packet
Identification Field
Flags Field
• 3 bits Field Packet Network Routers
Packet Fragmentation Value Field
• bit Position Value 'Reserved Fragment' RF bit
• bit Position Value 'Don't Fragment' DF bit bit 1
Packet Fragmentation
• bit Position Value 'More Fragment' MF bit Fragment
Packet 1 Interface Fragment
Fragment Field
 Reassembly Flag Field Fragmentation bits
Fragment

Fragmentation Offset Field
• Fragmentation Offset Field 13 bits Field IP Packet Fragmentation
Size
• Packet Fragmentation Size 8 bytes Value

Fragmentation Offset Value
• Fragmentation Offset Field Fragmentation Sub-Packet 0

Sub-Packet Sub-Packet Sub-Packet
Size 185 Sub-Packet Sub-Packet
Sub-Packet Size 370 Sub-Packet
Offset Value Fragment Sub-Packets Sizes
Value
▪ 1480/8 = 185
▪ 2960/8 = 370
▪ 4440/8 = 555

Time to Live (TTL) Field
• TTL Field 8 bits Field Network Packet Lifetime
Value
• TTL Field Hop Limit Field
• TTL Field Value 0 to 255
• TTL Value Count Hop Count
• Packet Normal Initial State TTL Value 32 or 64
Interface Packet Hop Counts 64
• TTL Value Hop (Router or Routing Server)
-1
• Packet TTL Value 0 Packet Router
Receiving Interface Drop Drop
Router Packet Drop Source ICMP Type 11 "Time Exceed"
Reply Report

Protocol Field
• Protocol Field IP Packet Transport Layer Protocol
• 8 bits Filed Protocol Number 0 to 255

• Protocol Numbers IANA Assign IPv4 IPv6 Same
Protocol Number
• IPv6 Next Header Field Values

Hex Protocol Keyword Protocol References/RF
Number C
0x00 0 HOPOPT IPv6 Hop-by-Hop Option RFC 8200
0x01 1 ICMP Internet Control Message Protocol RFC 792
0x02 2 IGMP Internet Group Management Protocol RFC 1112
0x03 3 GGP Gateway-to-Gateway Protocol RFC 823
0x04 4 IP-in-IP IP in IP (encapsulation) RFC 2003
0x05 5 ST Internet Stream Protocol RFC 1190,
0x06 6 TCP Transmission Control Protocol RFC 793
0x07 7 CBT Core-based trees RFC 2189
0x08 8 EGP Exterior Gateway Protocol RFC 888
0x09 9 IGP Interior Gateway Protocol (any private interior gateway

(used by Cisco for their IGRP))
0x0A 10 BBN-RCC- BBN RCC Monitoring

MON
0x0B 11 NVP-II Network Voice Protocol RFC 741
0x0C 12 PUP Xerox PUP
0x0D 13 ARGUS ARGUS
0x0E 14 EMCON EMCON
0x0F 15 XNET Cross Net Debugger IEN 158
0x10 16 CHAOS Chaos
0x11 17 UDP User Datagram Protocol RFC 768
0x12 18 MUX Multiplexing IEN 90
0x13 19 DCN-MEAS DCN Measurement Subsystems
0x14 20 HMP Host Monitoring Protocol RFC 869
0x15 21 PRM Packet Radio Measurement
0x16 22 XNS-IDP XEROX NS IDP
0x17 23 TRUNK-1 Trunk-1
0x18 24 TRUNK-2 Trunk-2
0x19 25 LEAF-1 Leaf-1
0x1A 26 LEAF-2 Leaf-2
0x1B 27 RDP Reliable Data Protocol RFC 908
0x1C 28 IRTP Internet Reliable Transaction Protocol RFC 938
0x1D 29 ISO-TP4 ISO Transport Protocol Class 4 RFC 905

0x1E 30 NETBLT Bulk Data Transfer Protocol RFC 998
0x1F 31 MFE-NSP MFE Network Services Protocol
0x20 32 MERIT-INP MERIT Internodal Protocol
0x21 33 DCCP Datagram Congestion Control Protocol RFC 4340
0x22 34 3PC Third Party Connect Protocol
0x23 35 IDPR Inter-Domain Policy Routing Protocol RFC 1479
0x24 36 XTP Xpress Transport Protocol
0x25 37 DDP Datagram Delivery Protocol
0x26 38 IDPR- IDPR Control Message Transport Protocol

CMTP
0x27 39 TP++ TP++ Transport Protocol
0x28 40 IL IL Transport Protocol
0x29 41 IPv6 IPv6 Encapsulation RFC 2473
0x2A 42 SDRP Source Demand Routing Protocol RFC 1940
0x2B 43 IPv6-Route Routing Header for IPv6 RFC 8200
0x2C 44 IPv6-Frag Fragment Header for IPv6 RFC 8200
0x2D 45 IDRP Inter-Domain Routing Protocol
0x2E 46 RSVP Resource Reservation Protocol RFC 2205
0x2F 47 GREs Generic Routing Encapsulation RFC 2784, RFC

2890
0x30 48 DSR Dynamic Source Routing Protocol RFC 4728
0x31 49 BNA Burroughs Network Architecture
0x32 50 ESP Encapsulating Security Payload RFC 4303
0x33 51 AH Authentication Header RFC 4302
0x34 52 I-NLSP Integrated Net Layer Security Protocol TUBA
0x35 53 SWIPE SwIPe IP with Encryption
0x36 54 NARP NBMA Address Resolution Protocol RFC 1735
0x37 55 MOBILE IP Mobility (Min Encap) RFC 2004
0x38 56 TLSP Transport Layer Security Protocol (using Kryptonet key

management)
0x39 57 SKIP Simple Key-Management for Internet Protocol RFC 2356
0x3A 58 IPv6-ICMP ICMP for IPv6 RFC 4443, RFC

4884
0x3B 59 IPv6- No Next Header for IPv6 RFC 8200

NoNxt
0x3C 60 IPv6-Opts Destination Options for IPv6 RFC 8200

0x3D 61 Any host internal protocol
0x3E 62 CFTP CFTP
0x3F 63 Any local network
0x40 64 SAT-EXPAK SATNET and Backroom EXPAK
0x41 65 KRYPTOLAN Kryptolan
0x42 66 RVD MIT Remote Virtual Disk Protocol
0x43 67 IPPC Internet Pluribus Packet Core
0x44 68 Any distributed file system
0x45 69 SAT-MON SATNET Monitoring
0x46 70 VISA VISA Protocol
0x47 71 IPCU Internet Packet Core Utility
0x48 72 CPNX Computer Protocol Network Executive
0x49 73 CPHB Computer Protocol Heart Beat
0x4A 74 WSN Wang Span Network
0x4B 75 PVP Packet Video Protocol
0x4C 76 BR-SAT-MON Backroom SATNET Monitoring
0x4D 77 SUN-ND SUN ND PROTOCOL-Temporary
0x4E 78 WB-MON WIDEBAND Monitoring
0x4F 79 WB-EXPAK WIDEBAND EXPAK
0x50 80 ISO-IP International Organization for Standardization Internet

Protocol
0x51 81 VMTP Versatile Message Transaction Protocol RFC

1045
0x52 82 SECURE-VMTP Secure Versatile Message Transaction Protocol RFC

1045
0x53 83 VINES VINES
0x54 84 TTP TTP
0x54 84 IPTM Internet Protocol Traffic Manager
0x55 85 NSFNET-IGP NSFNET-IGP
0x56 86 DGP Dissimilar Gateway Protocol
0x57 87 TCF TCF
0x58 88 EIGRP EIGRP
0x59 89 OSPF Open Shortest Path First RFC

1583
0x5A 90 Sprite-RPC Sprite RPC Protocol

0x5B 91 LARP Locus Address Resolution Protocol
0x5C 92 MTP Multicast Transport Protocol
0x5D 93 AX.25 AX.25
0x5E 94 OS KA9Q NOS compatible IP over IP tunneling
0x5F 95 MICP Mobile Internetworking Control Protocol
0x60 96 SCC-SP Semaphore Communications Sec. Pro
0x61 97 ETHERIP Ethernet-within-IP Encapsulation RFC 3378
0x62 98 ENCAP Encapsulation Header RFC 1241
0x63 99 Any private encryption scheme
0x64 100 GMTP GMTP
0x65 101 IFMP Ipsilon Flow Management Protocol
0x66 102 PNNI PNNI over IP
0x67 103 PIM Protocol Independent Multicast
0x68 104 ARIS IBM's ARIS (Aggregate Route IP Switching) Protocol
0x69 105 SCPS SCPS (Space Communications Protocol Standards) SCPS-TP[2]
0x6A 106 QNX QNX
0x6B 107 A/N Active Networks
0x6C 108 IPComp IP Payload Compression Protocol RFC 3173
0x6D 109 SNP Sitara Networks Protocol
0x6E 110 Compaq- Compaq Peer Protocol

Peer
0x6F 111 IPX-in-IP IPX in IP
0x70 112 VRRP Virtual Router Redundancy Protocol, Common Address VRRP:RFC
Redundancy Protocol (not IANA assigned) 3768
0x71 113 PGM PGM Reliable Transport Protocol RFC 3208
0x72 114 Any 0-hop protocol
0x73 115 L2TP Layer Two Tunneling Protocol Version 3 RFC 3931
0x74 116 DDX D-II Data Exchange (DDX)
0x75 117 IATP Interactive Agent Transfer Protocol
0x76 118 STP Schedule Transfer Protocol
0x77 119 SRP SpectraLink Radio Protocol
0x78 120 UTI Universal Transport Interface Protocol

0x79 121 SMP Simple Message Protocol
0x7A 122 SM Simple Multicast Protocol draft-perlman-simple-

multicast-03
0x7B 123 PTP Performance Transparency Protocol
0x7C 124 IS-IS over IPv4 Intermediate System to Intermediate RFC 1142 and RFC
System (IS-IS) Protocol over IPv4 1195
0x7D 125 FIRE Flexible Intra-AS Routing Environment
0x7E 126 CRTP Combat Radio Transport Protocol
0x7F 127 CRUDP Combat Radio User Datagram
0x80 128 SSCOPMCE Service-Specific Connection-Oriented ITU-T Q.2111 (1999)

Protocol in a Multilink and Connectionless
Environment
0x81 129 IPLT
0x82 130 SPS Secure Packet Shield
0x83 131 PIPE Private IP Encapsulation within IP Expired I-D draft-

petri-mobileip-
pipe-00.txt
0x84 132 SCTP Stream Control Transmission Protocol RFC 4960
0x85 133 FC Fibre Channel
0x86 134 RSVP-E2E-IGNORE Reservation Protocol (RSVP) End-to-End RFC 3175

Ignore
0x87 135 Mobility Header Mobility Extension Header for IPv6 RFC 6275
0x88 136 UDPLite Lightweight User Datagram Protocol RFC 3828
0x89 137 MPLS-in-IP Multiprotocol Label RFC 4023, RFC 5332

Switching Encapsulated in IP
0x8A 138 manet MANET Protocols RFC 5498
0x8B 139 HIP Host Identity Protocol RFC 5201
0x8C 140 Shim6 Site Multihoming by IPv6 Intermediation RFC 5533
0x8D 141 WESP Wrapped Encapsulating Security Payload RFC 5840
0x8E 142 ROHC Robust Header Compression RFC 5856
0x8F-0xF 143-252 UNASSIGNED

C
0xFD-0x 253-254 Use for RFC 3692

FE experimentation
and testing
0xFF 255 Reserved for extra.

Header Checksum Field
• IP Header Checksum Value Field 16 bits Field
Option Field
• IPv4 Packet Testing Debugging Option Field

Example of IP Header
• In Network Packet Capture Software, IP Header Information are in Hexadecimal
Value.
[4500 003c 1c46 4000 4006 b1e6 ac10 0a63 ac10 0a0c]
 ’45’ corresponds to the first two fields in the header

 ‘4’ corresponds to the IP version and
 ‘5’ corresponds to the header length. Since header length is described in 4 byte
words so actual header length comes out to be 5×4=20 bytes.
 ’00’ corresponds to TOS or the type of service.

 ‘003c’ corresponds to total length field of IP header. So length of IP packet is 60.
 ‘1c46’ corresponds to the identification field.
 ‘4000’ can be divided into two bytes.

 These two bytes (divided into 3 bits and 13 bits respectively) correspond to the
flags and fragment offset of IP header fields.
 ‘4006’ can be divided into ’40’ and ’06’.

 The first byte ’40’ corresponds to the TTL field and
 ’06’ corresponds to the protocol field of the IP header.
 ‘be16’ corresponds to the checksum which is set at the source end (which sent the
packet).
 ‘ac10’ and ‘0a0c’ correspond to the source IP address and the destination IP address
in the IP header.

NDP and Messages
• NDP Protocol Processes Internet Control
Message Protocol (ICMP) Messages
• NDP Messages
 Neighbor Solicitation Message
 Neighbor Advertisement Message
 Router Solicitation Message
 Router Advertisement Message
 Redirect Message

Redirect Process
• Redirect Message Router Create & Send Host
Route Path
• Source Address Field Create Router Interface Unicast Address

Destination Address Field Route Request Host Unicast Address

IPv6 Packet Format
• IPv6 Header Fix Size 40 bytes

• IPv6 Header Packet Next Header
Information Packet Payload IPv6 Additional Features
Extension Header
• Extension Header Extension Header
Size IPv6 Base Header Fix
• IPv6 Header Header Checksum Function
IPv6 Extension Headers in Payload

Version Field
• 4 bits Field Current Packet Internet Protocol Version
• IPv6 Header 6 Value
Traffic Class Field

• Priority Field 8 bits
• Traffic Control, Congestion Control IPv4 Service Field (TOS Field)
Flow Label Field

• 20 bits Field Special Services Real-Time Applications
Field
• Router Flow Label Field Traffic (Packets)
(IPv6 Advantages)
• Flow Label Field Value 0 Packet Packet 0
Flows Router Packet
Information Forward
Payload Field
• 16 bits Field IPv6 Packet Data Size (Payload Only, Not Include Header)
Field
• 16 bits 65,535 bytes Normal IPv6 Packet
Payload Size Maximum 65,635 bytes
• IPv6 Extension Header Jumbo Payload "Jumbogram"
Feature
• Jumbo Payload Up to 4GB
• Payload Field IPv6 Packet Payload Size Jumbo Payload
65,535 bytes 16 bits
IPv6 Jumbo Payload Payload Field '0' Value

Next Header Field
• 8 bits Field Payload Upper Layer (Layer 4) Header IPv6
Extension Header Information
Next Header Field Value Represent Types

Hop Limit Field
• 8 bits Field IPv4 TTL Field
Destination Field
• Destination Field Packet Final Destination IPv6
Address 128 bits
• IPv6 Packet Extension Header 'Routing Extension Header'
Destination Address Field Final Destination Address Next Hop
Destination Address
IPv6 Extension Header Types
Hop-by-Hop Options Extension Header

• The Hop-by-Hop Options extension header needs to be examined by all nodes on the
packet's path, including sending and receiving nodes.
• The jumbo payload option in a Hop-By-Hop Options extension header.

Routing Extension Header
• The Routing extension header is used to direct a packet to one or more intermediate
nodes before being sent to its destination.
Fragment Extension Header

• In order to send a packet that is larger than the path MTU, the sending node splits the
packet into fragments.
• The Fragment extension header carries the information necessary to reassemble the
original (unfragmented) packet.
Destination Options Extension Header

• The Destination Options extension header need to be examined by the destination
node only.
Authentication Header Extension Header

• The Authentication Header is a part of IPsec.

❖ ICMP Message Format
• Internet Control Message Protocol
• Layer 3 (Network Layer Protocol)
• ICMP is used by network devices, like routers, to send error messages indicating, for the
requested service is not available or that a host or router could not be reached.
• ICMP messages are typically used for diagnostic or control purposes or generated in
response to errors.
• ICMPv4 for IPv4 and ICMPv6 for IPv6.
ICMP Message Rule

• ICMP Message IPv4 Send Destination IP Address Broadcast
Address or Multicast Address Send
• ICMP Message Source IP Address None (All Zero),
Broadcast Address or Multicast Address Reply / Respond
ICMP Message Format

• ICMP Messages IP Packet
• ICMP Message Header Fix (8 bytes) Data
Variable Size
• Header Size 4 bytes 4 bytes ICMP Types Codes
 4 bytes Type Field Code Filed 1 bytes Header

Checksum Checksum Value Checksum Field 2 bytes
Fix Length
 4 bytes Field
▪ Message Types 4 bytes Address Information
Message Types
▪ All 0 Values

ICMPv6
○ ICMPv6 Protocol ICMPv4 Protocol Network Diagnostics, Error Reporting
Functions Functions
 Error Reporting
 Network Diagnostics
 Neighbor Discovery
 Multicast Membership Reporting
 Router Solicitation and Router Advertisement
Type Field
○ 8 bits Field ICMPv6 Message
Code Field
○ 8 bits Field ICMPv6 Message Type Sub-type
○ Type Field ICMP Message Type
Specific Sub-type Field
Checksum Field
○ 16 bits Field ICMPv6 Message (Header + Data) Checksum Value
Message Body Field

○ Message Body Field Variable Field ICMPv6 Message Types

Error Messages in ICMPv6
Message Type Code & Description
Destination Unreachable Message 1 0 (No route to destination)

1 (Filtering cause of 'Firewall')
2 (Address Not Assigned)
3 (Address Unreachable)
4 (Port Unreachable)
Packet Too Big Message 2 0
Time Exceeded Message 3 0 (Hop Limit Exceeded)

1 (Fragment Reassembly Time Exceeded)
Parameter Problem Message 4 0 (IP Header Field Error)

1 (Unrecognized Next Header Error)
2 (Unrecognized IPv6 Options Field Error)
Query (Information) Messages in ICMPv6
Echo Request Message 128 0
Echo Reply Message 129 0
Neighbor Discovery ICMPv6 Messages
Router Solicitation Message 133 0
Router Advertisement Message 134 0
Neighbor Solicitation Message 135 0
Neighbor Advertisement Message 136 0
Redirect Message 137 0

Ping
○ Computer Network
○ Ping "Internet Control Message Protocol (ICMP)" Protocol Computer
ICMP Echo Messages
○ ICMP Protocol Internet Protocol (IP) Protocol Suite Protocol
Every Computer
○ ICMP Protocol IP Protocol OSI Layer 3 Layer 3 Protocol
○ (Layer 3 Protocol Layer 4 Protocols TCP UDP Port

Number )
○ Computer Computer ICMP Echo Message
ICMP Echo Message Message
Network
○ (ping "IP") or (ping "DomainName")

(ping 192.168.100.1)
(ping www.google.com)
Ping Options
Options Description Usage
-t Continuou Continuous Ping and can be stop by Ctrl+C

s
-n Count Determines the number of echo requests to send. Default is 4.

(ping -n 2 10.0.0.1)
-l DataSize Ping Packet Data Size, Express as bytes. Default is 32 bytes.

(ping -l 1850 10.0.0.1)
-w Timeout Adjust Packet Alive Time , Express as milliseconds. Default is

1000 (1 Second).
-i TTL TTL Value set. 0 to 255. Hops limit.
-f Not Tell do not fragment the echo packet to router. Troubleshoot

Fragment for Path Maximum Transmission Unit (PMTU).

Ping Errors (1)
○ Ping Errors
1. "Destination Host Unreachable"
2. "Request Time Out"
3. "Unknown Host" or "Ping Request Could Not Find Host.."
4. "TTL Expired in Transit"
Destination Host Unreachable

○ Ping Computer Destination Computer "Forward Connection (
) Errors
▪ Cable Down (OR)
▪ Network Computer Alive (Remote Computer Down) (OR)
▪ Network
▪ Computer Default Gateway IP (OR)
▪ Gateway Router Down (OR)
▪ Router Routing Table Remote Computer Route Route
Path
Request Time Out

○ Ping Computer Reply Connection ( ) Error
○ Network Ping Remote Computer

Computer ICMP Echo Reply Message
○
▪ Remote Computer Firewall (OR)
▪ Network Traffics Loading (OR)
▪ Network ARP Errors (OR)
○ Network
▪ Computer Default Gateway IP (OR)
▪ Computer Network Reply Network
Route
○ "Request Time Out" Error Destination Computer Down (Power
Network )
Computer Ping Network
Network Devices Computer MAC Address or Route Paths
Ping ICMP Message Destination
Computer Computer
ICMP Reply Message

Ping Errors (2)
Unknown Host or Ping Request Could Not Find Host..

○ DNS Name Ping Error
○ Name IP Name Resolution Error
○ Error
▪ Network DNS System (DNS Server) (OR)
▪ Network DNS System Name Resolution (OR)
▪ Computer DNS Server IP Configure
TTL Expired in Transmit

○ Network Ping ICMP Echo Message Packet TTL
Hop Counts Router Packet Drop Packet
Destination Error
○ Ping TTL (ping -i) Command Value
❖ Troubleshooting Connectivity Steps
1. Check TCP/IP Configuration (Ipconfig , Ifconfig)

2. Ping to the loopback Address (127.0.0.1)
3. Ping to the local IP Address
4. Clear the ARP Cache Table
5. Verify the Default Gateway
6. Trace Route to the Remote Host (Tracert)
7. Check TCP/IP Port on Remote Host (Telnet)

❖ Route
○ Route Command Computer Local Routing Table
TCP/IP Utility
○ Unix-like OS Microsoft OS Platforms Linux OS Platforms
○ Local Computer Currently Routing Table CMD>route print

❖ Tracert
○ Data Packet Destination Path
○ Tracert Routers (Gateways) Addresses
○ Tracert Hops Networks

○ Router (Gateway) 1 Hop Gateway
Network Network
 Tracert ICMP Packets Trace ISPs ICMP

Packets Allow Tracert *
○ Gateway 1 Hop Gateways

○ Tracert
➢ Cmd>Tracert <hostname><enter> (OR)
➢ Cmd>Tracert <IPAddress><enter>
 Cmd>Tracert -d <hostname/ IPAddress><enter> Tracert

Output Routers (Networks) DNS Names
DNS Resolve
○ Default Tracert Maximum 30 Hops Tracert

Output 30 Hops
 Cmd>Tracert -h < Hops Numbers >
<hostname/ IPAddress><enter>
➢ Cmd>Tracert -h 50 www.google.com <enter>

 Cmd>Tracert <hostname><enter>
 Cmd>Tracert -d -h < Hops Numbers ><hostname/

IPAddress><enter>

❖ Adjusting Tracert Timeout Value
○ Tracert Timeout Value Tracert Gateway
Gateway Gateway Information Hostname IP Address
Gateway
○ Timeout Value Tracert Gateway Information
○ Tracert Output Display Timeout

"Request timed out."
○ Timeout Value Tracert
▪ Cmd>tracert -w <miliseconds> <IPAddress><enter>
❖ Loose Source Routing Options

○ Loose Source Routing Tracert Paths (
Gateways , Route Paths ) Gateways Addresses
○ Loose Source Routing Tracert

▪ Cmd>tracert -j <hop list><enter>
➢ Cmd>tracert -j 1.0.0.0 1.0.0.2 200.0.0.1<enter>

Traceroute
○ (traceroute) , (trace) Command Management Network Device Remote
Device Packet
○ Traceroute ICMP IP Protocols Packet

Internetwork Router Route Path
○ Next Hop Addresses
○ Internetwork Failure (traceroute) Command
○ (taceroute) or (trace) Command Privileged Mode
○ Traceroute Multiple Protocols
○ Traceroute Cisco IOS Protocols

(traceroute ?) Command
○ IPv6 traceroute (traceroute "IPv6Address)

❖ IGMP
○ Layer 3 (Network Layer Protocol)
○ Internet Group Management Protocol (IGMP) is a communications protocol used
by hosts and adjacent routers on IPv4 networks to establish multicast group
memberships. IGMP is an integral part of IP multicast.
○ Multicast management on IPv6 networks is handled by Multicast Listener Discovery
(MLD) which uses ICMPv6 messaging in contrast to IGMP's bare IP encapsulation.
○ IGMP used to establish multicast group memberships.
○ Creating multicast group is for one-to-many networking applications such as online
streaming video and gaming and Multicast Group Routers , etc..

❖ Transport Layer Protocols
○ OSI Layer Transport Layer Protocols
○ Transport Layer Protocols Transport Connection
Controlling (Connection Establish , Data Transmissions , Connection
Terminate )
○ Transport Layer Protocols Transport Layer Protocols
Carry
 Protocols Transport Layer Carry

Port Numbers Transport Layer
Protocols Port Number Assigned
 Transport Layer Protocols

 NetBEUI
 SPX
 ATP
 TCP
 UDP
 Transport Layer Protocols Types (2)

1. Connection-Oriented Protocol
2. Connection-Less Protocol
1. Connection-Oriented Protocol
○ Connection-Oriented Protocol
▪ Data Send End-to-End Connection (Session) Create
End-to-End Connection Establish Data
▪ Data .. Data
Accept Re-Arrange Received
▪ Data Transfer Complete Check (Error-Checking)
▪ Connection-Oriented Protocol Handshaking
Session Create Communication
▪ Handshaking Rules Transmission Speed
Port Transmission
▪ Session Session Create Communication

2. Connection-Less Protocol
○ Connection-Less Protocol
 Data Send End-to-End Connection Create Destination
Available

 Data Accept Received
Data Duplicated , Missing
 Data Transfer Complete Check
 Data Unreliable
 Faster Communication
❖ NetBEUI
○ NetBIOS Enhanced User Interface
○ NetBIOS Protocol Transport Layer Protocol
○ 1985 , IBM Create NetBIOS Protocol Token Ring Network
Transport Layer Protocol
○ NetBEUI Microsoft
 Novell NetWare IPX/SPX NetBIOS over IPX/SPX (NBX)
Protocol
 OSI 7 Layer Compatible TCP/IP Protocol Suites
NetBIOS over TCP/IP (NBT) .
❖ SPX
○ Novell IPX Protocol Transport Protocol
○ SPX Connection-Oriented Protocol Reliable , Error-Detect , Retransmission
❖ ATP
○ Apple Talk Transaction Protocol
○ Apple Platform Addressing Protocol Apple Talk Transport Protocol
○ Connection-Oriented Protocol

❖ Transmission Control Protocol (TCP)
○ Internet Protocol (IP) Transport Layer Protocol
○ Connection-Oriented Communication Protocol
○ TCP
 End users (Computer Login User Computer
Login User ) Data Communication
 Data Exchanged Integrity Checked
○ TCP
▪ Destination Address
▪ Data TCP Sizes Adjustment
▪ Data Data Node
TCP Data Accept
Complete Data User
▪ Complete Data Data TCP Data
▪ Data Complete Data TCP

Data Integrity Check
TCP
○ TCP IANA Assigned Port Numbers (0 to 65535) Port Numbers

Different Network Protocols Different Port Numbers Carry

❖ User Datagram Protocol (UDP)
○ Transport Layer Data Transport Layer Protocol

○ Connection Less Communication Protocol
 UDP
 Error Detection Function
 Error Recovery Function
 UDP TCP
 UDP Network Large Amount of Data Transfer

(Video Streaming , Broadcasting , Multicasting , etc..)
○ TCP UDP UDP Port Numbers TCP UDP Port

Numbers (0 to 65535)
 DNS TCP Port 53 DNS
UDP Port 53 Protocols
Connection Reliable TCP Telnet
(Telnet Protocol) Port Number 23 TCP
Port Number 23 Telnet UDP Port Number 23
Telnet Telnet Connection Reliable
TCP Telnet TCP
Port 23

TCP/IP Ports
○ Internet TCP/IP Protocols Suite Network
Protocols Transport Layer IANA
Protocol Port Numbers
○ TCP/IP Ports Transport Layer Port Numbers
○ TCP/IP Port Numbers Assign Packet 16 bits Field
Port Number Range 0 to 65535
○ TCP Protocol Port Number 0 to 65535 UDP
Protocol Port Number 0 to 65535
○ Port Number Ranges TCP UDP
Port Ranges Descriptions
0 to 1023 • Well-Known Ports

• System Ports
• Fix
• Network Services Well-Known Ports
1024 to 49151 • Registered Ports

• Company , Organization or Users IANA Registered
Port Numbers
• Temporary Fix
49152 to 65535 • Dynamic Ports

• Private Ports
• IANA Registered
• Fix
• Programs Program Dynamic Port
Range 49152 to 65535 Port Numbers
 1023 Ports "Ephemeral Ports"

❖ Netstat
○ Netstat Local System Remote System TCP Session
○ Netstat TCP Session Create Hosts 2 (Local System Remote

System) Currently
1. Interfaces States
○ (Establish, Listen, .)
2. Interfaces IP Addresses DNS Names (Local or Remote)

○ (www.google.com , 200.0.0.1)
3. Interfaces Protocols Names

○ (TCP, UDP, ..)
4. Interfaces Ports Numbers

○ (1192, 3389, )
5. Route Path Destination Addresses
. Utilities
➢ Cmd>netstat<enter> Current Session

❖ Netstat States
○ Computer TCP or UDP Session States
States ..
State Description
LISTEN • waiting for a connection request from any remote TCP and port.
SYN-SENT • waiting for a matching connection request after having sent a

connection request.
SYN-RECEIVED • waiting for a confirming connection request acknowledgment after

having both received and sent a connection request.
ESTABLISHED • an open connection, data received can be delivered to the user.

The normal state for the data transfer phase of the connection.
FIN-WAIT-1 • waiting for a connection termination request from the remote TCP,
or an acknowledgment of the connection termination request
previously sent.
FIN-WAIT-2 • represents waiting for a connection termination request from the

remote TCP.
CLOSE-WAIT • waiting for a connection termination request from the local user.
CLOSING • waiting for a connection termination request acknowledgment from

the remote TCP.
LAST-ACK • waiting for an acknowledgment of the connection termination

request previously sent to the remote TCP.
• (which includes an acknowledgment of its connection termination
request).

➢ Cmd>netstat -n<enter> Addresses Port Numbers DNS Name Resolve
IP Addresses Option cmd>netstat
Command
➢ Cmd>netstat -a<enter> Local Computer Remote Computer Listening

Opening , Establishing
➢ Cmd>netstat -a (seconds)<enter> Every Seconds Session States Capture

Ctrl+c Stop

➢ Cmd>netstat -e<enter> Computer Sent , Received Statists
➢ Cmd>netstat -p (UDP or TCP or ICMP or IP)<enter> Predefined

Protocol Statists
➢ Cmd>netstat -o<enter> {-Character O (not number)} Current Session PID

Number

➢ Cmd>netstat -s<enter> All Preconfigured Protocols Statists

➢ Cmd>netstat -r<enter> Current System Routing Tables
(route print) Command
➢ CMD>netstat -q Computer Ports States

TCP Header
Source Port Number Field

• 16 bits (2 bytes) Field (0 to 65535) Source Port Numbers Values
Field
Destination Port Number Field

• 16 bits (2 bytes) Field (0 to 65535) Destination Port Numbers Values
Field

Sequence Number Field
• 32 bits (4 bytes) Field TCP Sequence Numbers
Acknowledge Number Field

• 32 bits (4 bytes) Field TCP Acknowledge Numbers
 Started Packet Sender always generate 'Sequence Number' and at this time,
'Acknowledge Number' must be '0'.
 Receiver respond 'Acknowledge Message' with Acknowledge Number.
 Receiver respond 'Acknowledge Number' = Given Sequence Number + 1.
 Sender send 'Next Packet' with the 'Original Acknowledge Number Increment by
1'.
Data Offset Field

• Data Offset Field 4 bits Field TCP Header Size Field
• TCP Header Size Minimal 20 bytes Maximum 60 bytes
• Minimal 20 bytes Standard Header Values Options Field
60 bytes
• Field 4 bits Header Size 32-bit word Multiply
(32 bits = 4 bytes)
• TCP Header Size 20 bytes (20 / 4 = 5), TCP Header Size 20
bytes Data Offset Field Value 5

Reserved Field
• 3 bits Field Future Reserved
Control Flags Field

• TCP Header Control Flags Field '1 bit Boolean Fields'

• Well-Known Flags Value are,..
Flag Description
Value
URG Urgent Pointer.
ACK Acknowledgement.
PSH This flag means Push function. Using this flag, TCP allows a sending application
to specify that the data must be pushed immediately. When an application
requests the TCP to push data, the TCP should send the data that has
accumulated without waiting to fill the segment.
RST Reset the connection. The RST bit is used to RESET the TCP connection due to
unrecoverable errors. When an RST is received in a TCP segment, the receiver
must respond by immediately terminating the connection. A RESET causes both
sides immediately to release the connection and all its resources. As a result,
transfer of data ceases in both directions, which can result in loss of data that is
in transit. A TCP RST indicates an abnormal termination of the connection.
SYN This flag means synchronize sequence numbers. Source is beginning a new
counting sequence. In other words, the TCP segment contains the sequence
number of the first sent byte (ISN).
FIN No more data from the sender. Receiving a TCP segment with the FIN flag does
not mean that transferring data in the opposite direction is not possible. Because
TCP is a fully duplex connection, the FIN flag will cause the closing of connection
only in one direction. To close a TCP connection gracefully, applications use the
FIN flag.
• Additional Flags..
Flag Description
Value
NS ECN-nonce concealment protection.
CWR Congestion Window Reduced (CWR) flag is set by the sending host to indicate
that it received a TCP segment with the ECE flag set and had responded in
congestion control mechanism.
ECE ECN-Echo.

Window Size Field
• TCP Header Information Field Sender Receiver Data
Field
• TCP Feature Sender Receiver

Window Size Field Window Size Field
• Window Size TCP Windowing Process Flow Control Process
• TCP Header Window Size Field 16 bits (2 bytes) Field

Connections Windows Size Minimal 0 to Maximum 65535
Field Value bytes
Window Size bit
• Window Size Minimal Window Size bit 0 bit Maximum

524280 bits
• Window Size Operating Systems or Specialized Devices

Formula Calculate
Window Size (bits) = Bandwidth (bits) x Delay (seconds)
• TCP Window Size Field Value Connection Window Size

TCP Window Size Field Value 64,240 Window Size
64,240 bytes = 513,920 bits

• 10 Mbps Link Average Round Trip Time (RTT) 10 milliseconds
(0.01 seconds)
Window Size = 10 mbps x 10 ms

= 10,000,000 x 0.01
= 100,000 bits
= 100,000 / 8 = 12,500 bytes (12kb)
○ MTU Size 1500 bytes 12,500 bytes / 1500 byte = 8.3, Nearly
9 Segments.
Window Scaling Option

• Window Scaling Window Size Field 16 bits 30 bits Field TCP Options
Field Window Scale Field
• Window Scale Value
Urgent Pointer Field

• 16 bits (2 bytes) Field Control Flag Field PSH Flag
• Urgent Pointer Field Urgent PSH Flag '1' bit Segment

Segment Urgent Data
• Urgent Pointer Field 50 Urgent Data Size 50 bytes
• Receiver PSH Flag '1' Segment Urgent Pointer

Field Segment Data
Amount 50 bytes Upper Layer

Checksum Field
• 16 bits (2 bytes) Field TCP Header TCP Payload TCP Segment
Checksum Value
Optional Data Field (Options Field)

• TCP Options Field Size 0 bit 320 bits(40 Bytes)
Fields
 Option-Kind (8 bits) (Option Type)
 Option-Length (8 bits) (Length of Entire Options in bytes)
 Option-Data (Variable)
• TCP Options Types

 Maximum Segment Size (MSS) Option
• MSS Field TCP Payload (TCP Data) Maximum Size
Defined Field Data Only Header
• TCP Sender Connection Initial State (SYN Flag) Segment

MSS Size Receiver
TCP Connection MSS Size Negotiate
• Sender MSS Value (bytes) Options Field

Receiver MSS Size
Default Define MSS Size 536 bytes
 Window Scaling Option

• Added additional 14 bits to Window Size Field
• Now Window size can up to (origin 16 + option added 14) = 30
bits
• 30 bits = 1 Gigabytes (1 GB) (More than 64KB)
 NOP (No Option) , Timestamp and SACK
Padding Field
• Options Field Padding bits Options Field
• Minimal TCP Header Size 20 bytes TCP Segment Data

TCP Header Size 20 bytes Layer 3 Header Minimal 20
bytes Layer 4 Header Layer 3 Header 40 bytes
Minimal Ethernet Frame Size 46 bytes 46 bytes
Padding bits (0 bits )

UDP Header
Source Port Number Field

• 16 bits (2 bytes) Field (0 to 65535) Source Port Numbers Values
Field
Destination Port Number Field

• 16 bits (2 bytes) Field (0 to 65535) Destination Port Numbers Values
Field
Length Field
• 16 bits (2 bytes) Field UDP Datagram (Header + Data) Size
Field
• UDP Header Length Fix 8 bytes Data (PDU) Size 16 bits
65,505 bytes
Checksum Field
• 16 bits (2 bytes) Field UDP Header UDP Payload UDP Segment
Checksum Value

❖ Application Layer Protocols
○ Application Layer Protocol OSI Application Layer Protocols
TCP/IP Model Application Layer (Application Layer +
Presentation Layer + Session Layer) Protocols
○ Application Layer Protocols Application Layer , Presentation Layer
Session Layer Layer (Only on Application
Layer) Layer 2 (Application Layer + Presentation Layer) Layer 2
○ Application Layer Protocols

 DNS
 HTTP
 HTTPS or SSL
 Telnet
 SSH
 FTP
 TFTP
 NFS
 SMB
 SNMP
❖ DNS (Port 53)

○ Domain Name System
○ IP to Name , Name to IP
❖ Hypertext Transfer Protocol (HTTP) (Port 80)

○ HTTP Web Servers Web Browsers Communication
Protocol
❖ Hypertext Transfer Protocol over Secure Socket Layer (HTTPS) (SSL) (Port 443)
○ HTTPS HTTP Protocol Secure Sessions SSL Tunnel
○ SSL version 2.0 3.0 128-bit Encryption
❖ Telnet (Port 23)

○ Telnet Remote Operation Systems Telnet based
Applications Virtual Terminal (Universal Interface) (Command-Line
Interface) Login Management (Unsecure Protocol
Plain Text )

❖ Secure Shell (SSH) (Port 22)
○ SSH Nodes 2 Data (Commands) Exchanged Encrypted
Secure SSH Channel
○ Remote Access Environments
❖ File Transfer Protocol (FTP) (Port 21)

○ Data amounts Transfer Protocol
○ FTP Connection Oriented Communication Data Transfer
Data Transfer Error Checking Delivery Check
○ FTP Authentication User name Password
❖ Trivial File Transfer Protocol (TFTP) (Port 69)

○ TFTP FTP Data Transfer
○ TFTP Connection Less Communication Checking
Systems
○ TFTP FTP
○ TFTP Authentication Mechanism
❖ NFS (Port 1025)

○ Network File System (NFS) Network File Sharing Protocol
○ NFS Sun Microsystems Create
○ Sun Version Unix Solaris
○ Linux all versions File Sharing Printer Sharing
❖ SMB (Port 445)

○ Microsoft Message Server Block (SMB) Novell's Netware Core Protocol
Redirectors Protocols
○ Redirectors Protocols Applications Messages
Communications Software
○ SMB NCP Microsoft Novell Networks File and Printer Sharing
❖ Simple Network Management Protocol (SNMP) (Port 162)

○ SNMP Network Management Data Shared Access
Protocol
○ Network Administrators Management Data Monitor Performance ,
Troubleshoot Management Node (Server) Information
Shared Protocol Protocol User Shared
Management Data Access

❖ Messaging Protocols
○ Application Layer Protocols Messaging Service
Messaging Protocols
○ Popular Messaging Protocols
 IMAP
 POP3
 SMTP
❖ Internet Message Access Protocol version 4 (IMAP4)

○ Email Server Connect Server Email boxes Mails
Download Protocol
○ IMAP4 POP3 POP3 Users Email Server Email
Box Mails Download Email Server Email Box
Mails IMAP4 Download Emails Email Box
IMAP4 Network Node (Email Client )
○ IMAP4 Computer Mobile Devices
❖ Post Office Protocol version 3 (POP3) (Port 110)

○ POP3 Email Client Email Server Connect Email Server
Email Box Mails Download Protocol
○ Mail User Mail Server Connect (First Step)
○ Mail Server Mail User Mail box Mails Download
(Second Step)
○ POP3 Computer (Email Clients)
❖ Simple Mail Transfer Protocol (SMTP) (Port 25)

○ SMTP Internet Mail Transfer Protocol
○ SMTP Network Users (Mails Users) Emails Send , Receive (Upload
to Server and Download from Server) Protocol
○ SMTP Session Mails Transfer Session SMTP
Connection
○ SMTP States 3
 State 1 : Initializing SMTP Connection
 State 2 : Transferring Data ( ..)
1. Sending Destination E-mail Address
2. Sending Source E-mail Address
3. Sending the Subject of email message
4. Sending Body of the email message
 State 3 : Terminating SMTP Connection

❖ DHCP
○ Dynamic Host Configuration Protocol
○ IP Address Computers Auto Assign Protocol
○ Network Computers IP Addresses
❖ Client IP Request Steps

○ Computer Power On On Computer IP Request
( ) .RARP Request (Before OS Boot)

( ) .DHCP Request (After OS Boot)
➢ RARP BOOTP Process
❖ RARP Request Process

○ RARP Reverse Address Resolution Protocol
○ BIOS LAN Option ROM Service Network Computer BIOS
First Boot Device Network Boot Configure Power On
Computer
 POST
 RARP Protocol Network Card Broadcast
Network DHCP Service Request
○ RARP Protocol IP Address Request

○ RARP Protocol Default , LAN Options ROM BIOS Protocol
○ RARP Process RARP Packets RARP Packets

DHCP Messages Packets RARP Packets IP Address
Subnet Mask Default Gateway
 RARP Process IP Address BOOTP Process Windows Installation or

Remote Setup
 RARP Process IP Internal Hard Disk OS OS Boot
Error Message
❖ DHCP Request Process

○ Windows OS Network Card IP Address Auto Assign
Windows Network Network DHCP Server Broadcast IP
Address DHCP Discovery Message

❖ DHCP Components
○ DHCP Client/Server Protocol DHCP Infrastructure
1. DHCP Clients
2. DHCP Server
3. DHCP Relay Agent
❖ DHCP Clients
○ DHCP Client DHCP Server IP Configurations
○ Request Every Windows Built-In Program
Program Client Access Program
○ Windows Client Access Program " DHCP Client " Name
○ " DHCP Client " Program Every Windows Startup Automatically
Start
○ " DHCP Client " Program Services.msc " DHCP Client " Service
❖ DHCP Server
○ DHCP Server IP Request Reply Program / Service
○ IP Configurations IP Assign Management Program /

Service
○ Windows Server DHCP Role " DHCP Server " Program
Services.msc " DHCP Server " Program IP
Configurations
○ DHCP Server DHCP Service Run Windows Server OS
○ DHCP Server Restart Server Reboot

Services.msc " DHCP Server " Service Restart
DHCP Server Restart
❖ DHCP Relay Agent

○ DHCP Relay Agent Network Network
DHCP Service
○ DHCP Relay Agent DHCP Request Messages / DHCP
Reply Messages ( ) Forward
○ DHCP Relay Agent Internetworks

Router Interface Run

❖ DHCP Messages
○ DHCP Clients DHCP Server IP Configurations DHCP
Messages Information Exchange
○ DHCP Technology DHCP Message Types 8
○ DHCP Messages DHCP Formats DHCP Options DHCP Protocols
RFC 2131 RFC 2132
○ DHCP UDP (User Datagram Protocol) DHCP Messages Carry
DHCP Clients DHCP Server UDP Protocol Communicate
 DHCP Clients DHCP Messages Listen UDP Port 68 Listen
 DHCP Servers DHCP Messages UDP Port 67 Listen

 DHCP Relay Agent UDP Port 67 Listen
❖ DHCP Message Types

○ DHCP Message Types 8
▪ DHCP-Discover
▪ DHCP-Offer
▪ DHCP-Request
▪ DHCP-ACK
▪ DHCP-NAK
▪ DHCP-Decline
▪ DHCP-Release
▪ DHCP-Inform
❖ DHCP-Discover
○ DHCP Clients Network DHCP Server Broadcast
Message
○ Clients IP Address Clients Discovery
'DHCP-Discover' Packet Source IP Address "Unspecified Address"
0.0.0.0
○ Destination Broadcast IP Address 255.255.255.255 Broadcasting
○ Message Size 342 bytes or 576 bytes

○ Client DHCP-Discover Message DHCP-Offer Message
Network DHCP Server Automatic Private IPv4 Address (APIPA)
Address Self-Sign

❖ DHCP-Offer
○ DHCP Server DHCP Clients DHCP Server DHCP Service Offer
, IP IP Address Information Message
○ DHCP Server All IP Configurations Message Type
○ DHCP Clients "DHCP-Discover" Messages

Message
○ Network DHCP Servers Client "DHCP-Discovery
Broadcast Message" DHCP Servers DHCP-Offer Messages Respond
○ DHCP-Offer Messages Client

DHCP-Offer Messages DHCP Information
○ DHCP Server DHCP-Offer Message Source IP DHCP Server IP
Address Destination IP Address Client IP Address DHCP
Server Broadcast IP (255.255.255.255) Respond
○ Message Size 342 bytes
❖ DHCP-Request
○ DHCP Client ' " DHCP-Offer " Message
IP Address DHCP Server
Confirmation Message
○ DHCP Client DHCP Server 'DHCP-Offer'
Message IP Address
Server DHCP-Request Message
Source IP Unspecified Address 0.0.0.0 Destination Address
Broadcast Address 255.255.255.255
○ Message Size 342 bytes or 576 bytes
DHCP-Request Message in Renewing Process

○ DHCP Clients IP Address Lease Time Renewing Process
DHCP-Request Message Renewing
○ Client Server IP Address Lease Time 50% Lease
Time Expired DHCP Server IP Address
Destination IP Address DHCP-Request (Unicast) Message
Renewing Process
○ Lease Time 50% DHCP Server Renewing Process
Lease Time 87.5% Renewing Process
Renewing Process DHCP-Request Message
Broadcast IP Address Broadcasting

❖ DHCP-ACK
○ DHCP Server DHCP Clients ' DHCP-Request Message
(IP Address )' Acknowledge
Message
○ Server DHCP-ACK Message Source IP Address Server IP Address
Destination IP Address Broadcast IP Address
255.255.255.255
○ Client Server DHCP-ACK Message 'DHCP-
Offer' Message IP Address Information
○ Message Size 342 bytes
❖ DHCP-NAK
○ DHCP Server Client Client DHCP-Request Message
Deny DHCP Server Deny DHCP Client
1. Client IP Address Another Computer
2. DHCP-Request Message Information Fields

Expire OR Invalid
3. Client 'Leased Time' Expired
○ DHCP-NAK Message Client DHCP Request Process
(DHCP-Discovery Message Broadcast )
○ Server DHCP-NAK Message Source IP Address Server IP Address
Destination IP Address Broadcast IP Address
255.255.255.255
❖ DHCP-Decline
○ DHCP Client DHCP Server
○ DHCP Client DHCP Server Server IP Address ..
Server DHCP-Offer Message IP Address
Information Computer OR Valid
Message
○ DHCP Client Server DHCP Request Process
Message
○ Client DHCP-Decline Message Source IP Address Unspecified Address
(0.0.0.0) Destination IP Address (255.255.255.255)

❖ DHCP-Release
○ DHCP Client DHCP Server
○ DHCP Client IP Address
○ Client Computer > Command Prompt IP Address Release Command

(ipconfig /release) Command Message
❖ DHCP-Inform
○ DHCP Client Additional IP Configurations DHCP Server
Message
○ DHCP Client IP Address DHCP Options
Gateway IP
 DHCP Clients IP Broadcast IP Request

...
 DHCP Server IP ..DHCP Server Location Unicast
Request
 Renewal Process Unicast Request
❖ DHCP Message Format

❖ DHCP Initial Lease Process
○ DHCP Initial Lease Process IP Address Client
DHCP Server IP Assign Process
DHCP Server
DHCP Client
❖ DHCP Lease Time and Renewal Process

○ Client DHCP Server IP IP Lease Time Limit
time
○ Lease Time Client Lease Time IP
Address Auto IP
○ Lease Time DHCP Server

○ Lease Time (Limit Time) DHCP Client DHCP Server
IP
○ Renewal Process DHCP Client IP Address Lease Time
Auto Additional Lease Time Process
○ Lease Time DHCP Clients IP DHCP
Server Request
○ Renewal Process Client IP Address Lease Time
○ Renewal Process "DHCP Client" Windows Clients Service Auto
 Client Lease Time (Lease Time 50%) Renewal

Process Additional Lease Time DHCP Server Lease
Time Lease Time Update
 Renewal Process Every 5 Minutes DHCP
Request Messages Renewal Requests

 Renewal Request DHCP Client IP Least
Time 87.5% DHCP Server Direct DHCP Renewal
Request Broadcast Network DHCP Server
 Client IP Address Expire Client IP
 DHCP Server Lease Time Value Client
Renewal Network Traffic
 Renewal Client DHCP Server DHCP Messages 2
DHCP-Request
Renewal Process
DHCP-ACK
○ Client DHCP Server DHCP-Request Message Lease

Time Update
○ DHCP Server Client DHCP Request Message DHCP-ACK
Message Lease Time
 DHCP-Request Message DHCP-ACK Message

○ DHCP Client DHCP Server Messages
Unicast
○ DHCP Client DHCP Server , DHCP Server
Restart (Service Restart) DHCP Messages
Broadcast
 Renewal Process
○ Client IP Address Lease Time (Lease Expire) (OR)
○ User cmd>ipconfig /release cmd>ipconfig /renew

❖ DHCP Server and DHCP Client Changing Subnets
○ DHCP Client IP Network Network
Client Lease Time Update DHCP-Request Message
( Network DHCP Server ) Request
○ DHCP Client DHCP Request Message DHCP Server
DHCP-NAK Message Reply Deny
○ DHCP Client Initial Request Step IP
DHCP-Request
DHCP-NAK
DHCP Server
DHCP Client DHCP-Discover
DHCP-Offer
DHCP-Request
DHCP-ACK

❖ DHCP In IPv6 Modes
○ DHCP IPv6 Modes 2

1. Stateful Mode
2. Stateless Mode
1. Stateful Mode
○ Stateful Mode DHCP IPv6 Clients IPv6 Address
DHCP Server IPv6 Scope
2. Stateless Mode
○ Stateless Mode DHCP IPv6 Clients IPv6 Address
DHCP Server IPv4 Scope
○ DHCP Server Create Stateless Mode DHCP Server
Clients IP IPv4 Scope IPv4 Configurations
IPv6 Configurations IPv6 Configurations
► IPv6 Domain name

► IPv6 Preferred DNS Server Address
► IPv6 Alternate DHS Server Address
○ DHCP Server IPv4 Scope DHCP
Server Create Stateless Mode " IPv6 DNS Settings " Page
Configurations

❖ DNS and Name Resolution
❖ Name Types
○ Machines Name
1. NetBIOS Name (NetBIOS Service Name & WINS Server)
2. DNS Name (Host File Name Resolution & DNS Server)
❖ What is NetBIOS Name ?

○ Old Name Resolution Systems Name System
○ Network Broadcast Name Request Name Resolution NetBIOS
"Network Basic Input / Output System" Protocol
○ NetBIOS API (Application Programming Interface) Network Protocol
○ OSI Model NetBIOS Protocol Session Layer Name

Resolution
○ LAN Name Resolution Service Network Protocols
IPX/SPX (NBX "NetBIOS over IPX/SPX") TCP/IP (NBT "NetBIOS over TCP/IP")
Protocol
○ NetBIOS Name Computer Services
○ Computer Services Computer Services
NetBIOS Services
○ NetBIOS Name NetBIOS Services Name
○ NetBIOS Host Name Host NetBIOS
Name Services
○ NetBIOS Name Resolution Every Computer UDP 137 Listen
TCP Port 137 UDP/TCP 138 NetBIOS NetBIOS
Session Service
○ NetBIOS Name IPv4 Compatible IPv6 NetBIOS Support
○ OS Vista 2008 NetBIOS Name Resolution Support
NetBIOS Name
○ NetBIOS Name Default 16 Hexadecimal Characters (16 bytes) 16
Hex Characters Computer NetBIOS Name 15 Characters 1
Character NetBIOS Suffix Name (NetBIOS Service Name)
○ NetBIOS Name - Hyphen . Dot Space FQDN Support
○ NetBIOS Service Name Service Type or Record Type Value
○ Default NetBIOS Suffix Name Hidden

(CMD>nbtstat -n)
Server <20> Server NetBIOS Name <20> Hidden
NetBIOS Suffix Name

NetBIOS Services
○ Name Resolution Computer NetBIOS Services
▪ Name service (NetBIOS-NS) (For name registration and resolution)

▪ Datagram distribution service (NetBIOS-DGM) (For connectionless
communication)
▪ Session service (NetBIOS-SSN) (For connection-oriented communication)
NetBIOS Suffix Name

○ NetBIOS Suffix Name Type Service Types
For unique names,

Suffix Service
00 Workstation Service (Workstation Name) (Domain Name)
01 / 03 Windows Messenger service
06 Remote Access Service (Remote Access Server)
20 File Service (also called Host Record)
21 Remote Access Service client
1B Domain Master Browser – Primary Domain Controller for a domain
1D Master Browser
For group names,

Suffix Service
00 Workstation Service (workgroup/domain name)
1C Domain Controllers for a domain (group record with up to 25 IP

addresses)
1E Browser Service Election

NetBIOS Node Type
○ Computer (OS) NetBIOS Name IP Address Name
Resolution NetBIOS Node Types 4
▪ B-node: 0x01 Broadcast

▪ P-node: 0x02 Peer (WINS only)
▪ M-node: 0x04 Mixed (broadcast, then WINS)
▪ H-node: 0x08 Hybrid (WINS, then broadcast)
○ Computer (OS) Using NetBIOS Name Resolution Method

Command Prompt (ipconfig /all) 'Windows IP Configuration' Section
'Node Type'
 Maximum Characters 15 Name Resolution Broadcast

NetBIOS Name Internet
Testing NetBIOS Name Resolution

○ NetBIOS Name Resolution NBTStat (NetBIOS over TCP/IP Status) Tool
 Looking Current Computer NetBIOS Name and Service Type

 nbtstat -n
 Testing Another Computer Name Resolution

 nbtstat -a "IP Address"
 nbtstat -a "HostName"
❖ What is DNS Name ?

○ Domain Name System (DNS)
○ 1985 Internet Name Resolution System
○ DNS Name FQDN (Fully Qualified Domain Name) Hierarchical
○ Domains (Networks) Name Space

○ Host Multiple Naming
○ DNS Name Character
○ DNS ASCII characters A to z, 0 to 9 Special Characters

❖ Name Resolve Types
1. Static Name Resolve Method
2. Dynamic Name Resolve Method
Static Name Resolve

○ Static Name Resolve Host File LMHosts File Preconfigured
IP Name Resolve
Dynamic Name Resolve

○ Dynamic Name Resolve IP Name Dynamically Resolve
Dynamic Name Resolve DNS Server (OR) WINS Server

❖ What is Name Resolution ?
○ IP Address Computer Name (OR) Computer Name
IP Address Process Name Resolution
❖ Name Resolution Methods

○ Windows Server Environment Name Resolution Methods (4)
1. Domain Name System Name Resolution (DNS)
2. Link Local Multicast Name Resolution (LLMNR)
3. NetBIOS Name Resolution
4. Host File Name Resolution
❖ 1.DNS Name Resolution

○ Domain Name System
○ Microsoft Primary Name Resolution System Domain Name System (DNS)
○ Windows DNS Preferred ( ) Name Resolution Methods

(DNS Server Name Resolution Query )
❖ 2.Link Local Multicast Name Resolution (LLMNR)

○ Windows Vista Server 2008
○ LLMNR Protocol Name Resolution Windows Network Discovery
Enabled
○ LLMNR Multicasting IPv6 Enabled Computers Computer Name
IPv6 Address Request Name Resolution
○ LLMNR Name Resolution Methods the whole subnet Name Resolve
Computers IPv6 Address Network Discovery Enabled
○ LLMNR Local Subnet

○ LLMNR Workgroup Name Resolution
○ LLMNR No Required Configurations
○ LLMNR Protocol Name Resolution Queries Reply OS UDP Port 5355
Listen (Multicast Address Respond UDP Port 5355 Listen
Unicast Address TCP Port 5355 Listen )
 LLMNR Service Start Local Computers Auto Name

Resolution Run>\\Client B Name Resolution

LMNR Name Resolution Steps
• LLMNR Client A Client B Name Resolution
(2) Client B
(2)
Client -A
Client C
(1)
Client D
(2)
LLMNR Cache
(1) Client A LLMNR Cache ( Resolve )
(2) Client A IPv6 Multicast Address FF02::1 "LLMNR Name Query

Request Packet" Local Subnet
(3) Packets Local Subnet IPv6 Multicast IP Address Network

Discovery Enabled Computers
(4) Client B , C , D IPv6 Address Computer

Name Client A Respond
(5) Client A Reply Respond LLMNR Cache Stored

Name Resolution
 "LLMNR Name Resolution Request Packet" IPv4 Multicast Address Network

224.0.0.0
 LLMNR Disabled Group Policy Computer Configuration

\Administrative Templates\Network\DNSClient Policy Double Click> "Turn Off
Multicast Name Resolution" Enabled

❖ 3.NetBIOS Name Resolution
○ NetBIOS Windows Workgroup State Default IPv4 Name Resolution
Default Enabled
 Computer NetBIOS DNS Name Resolution
❖ NetBIOS Name Resolution Methods

○ NetBIOS Name Resolution Methods 3
(1) Broadcast
(2) WINs
(3) LMhosts file
❖ (1) Broadcast
○ Computer NetBIOS Enabled NetBIOS Method
○ Computer Name Resolution Broadcast (Destination 255.255.255.255
Packet) Local Network
○ Request Computers Respond Respond
Computers Computer Name Resolution
❖ (2)WINS
○ WINS NetBIOS Name Resolution System Name Resolution Server
○ WINS Clients IP Address NetBIOS Name Records
WINS Server
○ WINS Older Networks Local Network Name Resolution

❖ (3) LMHosts File
○ LMHosts (LAN Manager Hosts) File
○ LMHosts File Name Resolution Process NetBIOS Name Resolution Process
Name Resolution
○ DNS , WINs , Client Broadcast Range ..
Name Resolution
○ WINs Server WINs Server Unavailable WINs Backup Name
Resolution Name Resolution Method
○ LMHosts File NetBIOS Computer Name IP Address Mapping
Database File
○ File Static File NetBIOS Computer Name IP Address Manually
○ Computer Name Resolution LMHosts File Database

Name IP Address
○ LMHosts File %SystemRoot%\Windows\System32\drivers\etc Folder
❖ NetBIOS Name Resolution Step by Step Flows
First NetBIOS Broadcast

NetBIOS Name Resolution Flows
Second WINs
Third LMHosts File
❖ Configuring LMHosts File
1. LMHosts File Extension Computer Explorer Tools Menu

Folder Options
2. Folder Options Box View Tab Advanced Settings List

○ Hide extensions for known file types Select Uncheck (OK)
3. Windows\System32\Drivers\etc Folder lmhosts.sam File

lmhosts.sam File Extension .sam
 Microsoft Windows Extension Files Files
 lmhosts.sam file Extension lmhosts file

Sample File

4. lmhosts file NetBIOS Name Resolution lmhosts.sam File
Select>Righ Click>Open with Notepad
5. Pawn # Sign
Pawn # Sign
192.168.10.1 server1 (IP) (Space) (NetBIOS Name)
6. Save As File .txt extension

7. lmhosts.txt File Select>Right Click>Rename .txt extension .sam
Extension

8. Run>ncpa.cpl>Network Adapter>Right Click>Properties>
9. "The Connection uses the following Items" List Internet Protocol Version 4 (TCP/IPv4)
Node Select "Properties" button
10. "Advanced TCP/IP Settings" Box WINS Tab
 Enable LMHOSTS lookup Check box Enable .. "Import LMHSTS.."

Button lmhosts.sam file (Open)

❖ Looking Lmhosts file is Working
○ Configure Lmhosts file Name Resolution
Cmd>nbtstat -n<enter> NetBIOS Name Resolution Table
 Table S81 2 S81 Multiple NetBIOS Service Server

S81 Server NetBIOS Services 2
❖ Enabling and Disabling NetBIOS Name Resolution

○ NetBIOS Every Computer Default Enabled
○ NetBIOS Disabled
1. Run>ncpa.cpl>Network Adapter>Right Click>Properties>

2. "The Connection uses the following Items" List Internet Protocol Version 4 (TCP/IPv4)
Node Select "Properties" button
3. IPv4 Properties Box "Advanced" Button

4. "Advanced TCP/IP Settings" Box WINS Tab
 Enable LMHOSTS lookup LMHOSTS File Lookup (Enable , Disable)
 NetBIOS Setting
 Default Computer NetBIOS Settings DHCP Server
 Enable NetBIOS over TCP/IP NetBIOS Enable

 Disable NetBIOS over TCP/IP NetBIOS Disable
 NetBIOS Settings Enable Windows NetBIOS Settings

Default Windows NetBIOS Settings
 NetBIOS Setting Default (Default) DHCP Server
Client Static IP Configurations Auto Enabled NetBIOS
 NetBIOS Name Resolution Advantages

○ NetBIOS Auto Neighboring Computers Name , IP Resolve
○ NetBIOS Without User Configuration
○ Enabled in all version of windows
○ Subnets Names Resolve
 NetBIOS Name Resolution Disadvantages

○ Client Name
○ IPv4 NetBIOS IPv6

4.Hosts File Name Resolution
○ Operating System Name Resolution Hosts Database File
○ Hosts File Name IP Mapping Records OS

Name Resolution
○ Hosts File Name IP Map Record Manually
○ Host File Location Windows\System32\Drivers\etc Folder

○ Records Notepad Save
File Save Replace

Google DNS Server
○ Google Google Public DNS Server
○ Internet Computer DNS Host File Google DNS Server IP
Address
○ Google DNS Server Addresses
○ Service Provider Random DNS IP Address

Computer Static Google DNS Server Address

Name Resolution Order
1. First, Client check request namespace is available in Domain (If Domain Model).
2. Second, Client check its "DNS Resolver Cache"
3. Client check its Hosts File.
4. Client perform DNS Resolution (Contacting DNS Server)
5. LLMNR (If IPv6)
6. NetBIOS Resolution Sequences happen. (Depend on NetBIOS Node Type)
(1). NetBIOS Name Cache
(2). WINS Server
(3). Broadcast
(4). LMHosts File
DNS Resolver Cache

• DNS Resolver Cache OS DNS Service Resolution
Records File
• OS Name Resolution Cache
CMD>ipconfig /displaydns
• Cache Clear
CMD>ipconfig /flushdns
• Windows Clients DNS Resolver Cache RAM DNS Servers

Cache %systemroot%\System32\dns Folder "Cache.dns"
Extension

❖ What is Namespace ?
○ A computer (OR) a company Name DNS Namespace
Domain Tree Namespace
Root Domain "."
Top Level
.net .com .org
Domain
globalmantics
Second Level Domain
US HQ Asia
Sub Domain
 Namespace Hierarchical Tree Structure
 Namespace FQDN Right to Left Domain Tree Structure Up to
Dedicated Sub Domain
down
Sales
 "." Root Domain Internet Root Domain "."
host
 Server1.Sales.HQ.Globomantics.com.
Server1.Sales.HQ.Globomantics.com
( Root Domain)
 Namespace Root Domain
 Namespace Host Name Namespace Root Domain

 Server1.Sales.HQ.Globomantics.com Namespace
○ Server1 Host name
○ Sales.HQ.Globomantics.com Subdomain Name
○ HQ.Globomantics.com Subdomain Name
○ Globomantics.com Domain Name
 Domain Sub-Domains Domain

Namespace Subdomains 127
 Server1.Sales.HQ.Globomantics.com Namespace
○ FQDN Name
○ Fully Qualified Domain Name
○ Primary DNS Suffix Name
 DNS Namespace 255 Characters Root Domain Reserved

Actual Maximum 253 Characters
 DNS Namespace Characters

 Upper Characters , Lower Character (A to z) (ASCII Characters)
 Numbers (0 to 9)
 Hyphen (-) DNS Namespace Space
 Letters + Digits + Hyphen (LDH Rule)
 DNS Namespace Upper Character , Lower Character
 Name Resolution DNS Servers Namespace
 DNS Namespace Machines 2
 Machine DNS Namespace

Internationalized Domain Names (IDN)
• DNS Namespace ASCII Characters Limitation
English Languages Internet Domain
Namespace
• ICANN 'Internationalizing Domain Names in Applications'

(IDNA) System
• IDNA Namespace Request Web Browser Unicode Strings (Any

Languages) Valid DNS Character 'Punycode'
• Punycode Unicode Characters Valid DNS Namespace

(ASCII Characters)
 "München" (German name for the city of Munich) would be encoded as

"Mnchen-3ya".
Domain Namespace Management Organization

• Domain Namespace Form Namespace Registration
IANA (Internet Assigned Numbers Authority) Internet
Namespace Database ICANN (Internet Corporation for
Assigned Names and Numbers ) Maintenance

❖ TLD (Top-Level Domain)
• Internet or Local Network Namespace (Root Domain " . "
) .com / .net / .org Top-Level Domain (TLD)
 www.kbtc.com .com TLD
❖ 2015 IANA Defined Top Level Domains Types
Infrastructure Top-Level Domain (.arpa)

○ Domain Name "ARPA" is the first Domain in Internet.
Generic Top-Level Domains (gTLD)

○ .com / .net / .org / .mil / etc.. (Up to 700) (Organizational Domain Name Space)
Restricted Generic Top-Level Domains (grTLD)

○ .name / .us / etc.. (Only associate with persons or entities)
Sponsored Top-Level Domains (sTLD)

○ .asia / .edu / .gov / etc.. (Sponsored for ..)
Country Code Top-Level Domains (ccTLD)

○ .us / .uk / .mm / etc.. (Country Region)
Test Top-Level Domains (tTLD)

○ .test / etc.. (Reserved for IETF testing)
❖ Hierarchical of Domains

❖ Components of DNS System
○ DNS System Components 4
1. DNS Servers
2. DNS Resolvers
3. DNS Forwarders
4. DNS Clients
 1.DNS Servers
▪ DNS Server Program Run Machine
▪ Windows DNS Server Unix BIND (Berkeley Internet Name
Domain)
▪ Name IP Address Name Server
▪ Name IP Address Record Files

▪ Record Files DNS Server Database DNS Servers
Database Replicate
▪ DNS Servers Features 2
1. Translating (Resolution) (Human-memorable "Domain Names"
"Hostnames" IP Addresses )
2. Identify Resources (Computer Systems Resources
Locate )

 2. DNS Resolvers
▪ DNS Resolvers DNS Cache Servers
▪ Resolving Name Server
▪ DNS Resolvers DNS Protocol Remote DNS Servers
DNS Information (Records) Temporarily Stored Clients
Request DNS Resolver Temporarily Stored
Information Name Resolve
▪ DNS Information (Record) Records
TTL (Time To Live) ($TTL) Value
▪ DNS Servers Server Function Resolver Function
▪ DNS Resolvers Clients Name Resolution Process

Compress
▪ ISP, Organization DNS Resolver Service

 3. DNS Forwarders
▪ DNS Forwarders DNS Server
▪ DNS Server Resolve Namespace DNS
Server DNS Server Forwarder (Forwarding DNS
Server)
▪ Networks DNS Forwarder Traffic
Security Internal DNS Servers Namespaces External (WAN)
Query Service Forwarder Server
 4. DNS Clients
○ Name Request Device DNS Client

Two types of DNS Servers ( DNS Server Types)
○ DNS Queries DNS Server Types 2
(1) Authoritative DNS Server

○ Authoritative DNS Server Queries DNS
Server
○ DNS Queries Name Resolution
Answers Database Database
Authoritative DNS Server Queries Authoritative
(2) Nonauthoritative DNS Server

○ Nonauthoritative DNS Server Recursive DNS Server
○ Nonauthoritative DNS Server Queries

DNS Server
○ Nonauthoritative DNS Server DNS Queries
Name Resolution Answers Database
.. (Authorization) .. DNS Database
DNS Server DNS Queries
○ Nonauthoritative DNS Servers DNS Cache Server , DNS Resolver , DNS
Forwarder

13 Root Servers
○ Internet Root Domain "." Name Server "Root Name Server" (Root
DNS Server)
○ Root Name Servers Internet
○ Root Servers Root Domain (Root Zone) Namespaces
Top-Level Domain (TLD) Name Queries
Authoritative Name Server
○ DNS DNS Process Protocols UDP Packet Limitation
Internet (Root Domain) 13 Root Name Server Addresses
○ Root Name Server Addresses 13 Loading
Root Name Servers Anycast Addressing
○ Root Servers Anycast Addressing 2016 October Root
Servers 632 (2017 762 )( Sites
)
○ Root Name Servers A,B,C,D,E,F,G,H,I,J,K,L,M 12

Independent Organizations Manager Management
○ Organization Multi-Vendors / Multi-Organization Group

Root Server Management
○ Root Server Sites
○ Root Server Autonomous System Number
○ Root Servers Links

 https://www.iana.org/domains/root/servers
 http://www.root-servers.org

❖ What is a DNS Query ?
○ A query is a request for name resolution directed to a DNS Server.
○ Name Resolution DNS Query
❖ Two Types of DNS Queries

○ DNS Queries Types 2
1. Interactive Queries ( )
2. Recursive Queries ( .. .. )
❖ 1.Interactive Queries
○ Interactive Queries
○
○
○ Interactive Queries ( )
❖ 2.Recursive Query
○ Recursive query
○ Recursive query
○ Recursive Query ..
 Default DNS Servers Name Resolve Recursive Query

❖ How DNS Queries Work
(1) Application Name Query
(2) Computer "DNS Client Service" Client Resolver (Local Cache)
.
(3) Hosts file
(4) Recursive Query Local DNS Server Request
(5) Local DNS Server Recursive Query
DNS Server Database (DNS Zones) ..
(6) DNS Resolver (Server Cache)
(7) ( Default Root Hints Lists Root Servers Query
) Forwarder Conditional Forwarder Enable
Forwarder Servers
(8) Conditional Forwarder List Conditional Forwarder Servers .
(9) Root Hints Lists Root Hints DNS Servers Request

 DNS Clients DNS Servers Recursive Query.
 Local DNS Server Forwarder Conditional Forwarder Servers
Recursive Query.
 Local DNS Server Root Hints Servers Interactive Query.
 Forwarder (Or Conditional Forwarder) Forwarder (Conditional
Forwarders Recursive Query.
 Root Hints Servers Interactive Query.

❖ What is a Zone ?
○ DNS Zone Zone File
○ Zone DNS Domain Namespace Authoritative Source Information
Stored
○ DNS Server Namespace Information Stored
File Zone File
○ DNS Domain Namespace Root Domain Namespace , Child Domain
Namespace Zones
○ Zone Create Domain Create
○ DNS Server Zones (Zone Files) DNS Server Namespaces
Authoritative
❖ DNS Zones 2
○ Name Resolution Process Zones 2
1. Forward Lookup Zone
2. Reverse Lookup Zone
❖ Forward Lookup Zone

○ Name to IP Address (name Request Name IP Address )
○ Widely Used
❖ Reverse Lookup Zone

○ IP Address to Name (IP address Request IP address Name
)
○ Not Always needed.
○ Applications Request
○ Name Resolution Check
❖ DNS Zone Types

○ Forward Lookup Zone Reverse Lookup Zone DNS Zone Types (4)
1. Primary Zone (Standard Zone)

2. Secondary Zone (Standard Zone)
3. Stub Zone
4. Active Directory Integrated Zone

❖ Primary Zone
○ Master Zone
○ Read / Write
○ Active Directory Integrated Zone
❖ Secondary Zone
○ Master Zone Database
○ Zone (Database) Read Access
○ Active Directory Integrated Zone
❖ Stub Zone
○ Stub Zone Special Lookup Zone
○ Stub Zone Forward Lookup Zone Reverse Lookup Zone
○ Stub Zone Zone DNS Information Stored

.Authorization Information , DNS Servers Information Stored
Stub Zone Full DNS Database (NS Records SOA Records
)
○ Stub Zone DNS Namespace Authoritative Permission DNS
Server Point Zone
○ Stub Zone Primary Zone Authorization Information Copy
Read Only Zone Stub Zone Currently All Delegated
Information Up to Date Write Permission
○ Stub Zone DNS Servers Local
DNS Server Namespace (Authorize DNS Server) .
Namespace Authorized DNS Server Stub Zone
○ Stub Zone Domain Controller Child Domain
○ Stub Zone Active Directory Integrated Zone
○ Stub Zone Master Zone Backup Single Master (Replication)
○ Stub Zone Master DNS Server Child Domains
○ Zone Transfer Stub Zone NS Records
❖ Active Directory Integrated Zone

○ Active Directory Integrated Zone DNS Zones (Database) Domain
Controller Application Directory Zone Database Domain
Controllers Replication
○ DNS Server Writeable Domain Controller Run Zone Active
Directory Integrated Zone

❖ What is a Record ?
○ Zone or Zone File Records
○ Record or Record File Resource (IP Address or Other Address) Name
Mapping File
❖ What is DNS Root Hints ?

○ DNS Server Data / Record
○ Root Hints File DNS Namespace Root Namespace (Root Domain)
Authoritative DNS Servers Information File
○ Root Hints Files Root Domain / Authoritative Domain
Domain DNS Servers
○ Internet Root DNS Server Addresses Internet Local Network
Local DNS Servers Root Hints
▪ Internet Root Hints File Links Download
https://www.iana.org/domains/root/files
○ Default DNS Servers (DNS Services) Internet Root DNS Servers

Information Root Hints Files DNS Cache
○ (Cache.dns File in %systemroot%\System32\Dns folder)
○ Root Hints File 13 Root DNS Servers A Records NS Records

❖ DNS Resource Records
○ DNS Server Resource Records Name Resolution
Name IP Mapping Data Files
○ DNS Resource Records
 SOA (Start of Authority)
 Host (A or AAAA)
 Pointer PTR
 Alias (CNAME)
 Name Server (NS)
 Mail Exchanger (MX)
 Service Location (SRV)
 SOA (Start of Authority)

○ SOA Record Zone Record File
DNS Zone Authoritative Information (Primary
Name Server / Domain Administrator Email / Domain Serial Number
/ Zone Refresh Timers / Record File TTL / etc.. )
domain.com. • This is the root of the zone. This specifies that the zone file is for
the domain.com.domain. Often, you'll see this replaced with @,
which is just a placeholder that substitutes the contents
IN SOA • The "IN" portion means internet (and will be present in many
records). The SOA is the indicator that this is a Start of Authority
record.
ns1.domain.com. • This defines the primary master name server for this domain.
Name servers can either be master or slaves, and if dynamic DNS
is configured one server needs to be a "primary master", which
goes here. If you haven't configured dynamic DNS, then this is just
one of your master name servers.
admin.domain.com This is the email address of the administrator for this zone. The "@"
. is replaced with a dot in the email address. If the name portion of
the email address normally has a dot in it, this is replace with a "\"
in this part (your.name@domain.com becomes your
\name.domain.com).

12083 • This is the serial number for the zone file. Every time you edit a zone file,
you must increment this number for the zone file to propagate correctly.
Slave servers will check if the master server's serial number for a zone is
larger than the one they have on their system. If it is, it requests the new
zone file, if not, it continues serving the original file.
3h • This is the refresh interval for the zone. This is the amount of time that
the slave will wait before polling the master for zone file changes.
30m • This is the retry interval for this zone. If the slave cannot connect to the
master when the refresh period is up, it will wait this amount of time and
retry to poll the master.
3w • This is the expiry period. If a slave name server has not been able to
contact the master for this amount of time, it no longer returns
responses as an authoritative source for this zone.
1h • This is the amount of time that the name server will cache a name error
if it cannot find the requested name in this file.

 Host (A or AAAA) Resource Records
○ Host A Resource Records Computer FQDN Name IP Address Mapping
(IPv4 A Record / IPv6 AAAA Record)
○ Name IP DNS Server Host A Record
○ Dynamic Update Host A Records DNS Server Clients

DNS Clients Name , IP Changes Clients Auto
Host A Records Update
○ Host A Resource Records Create Forward Lookup Zone Create
○ Web Server Web Server Host Record type www
 Host File with FQDN
 Host File for Web Server
 Base Domain Resolved Host File
or
 Wildcard Masking Resolved Host File

 Pointer PTR Record
○ Pointer PTR Record Host A Record
○ IP Name DNS Server Pointer PTR Record
○ PTR Record Reverse Lookup Zone Create

○ Public IP Addresses .ARPA Root Domain Redirect
PTR Record (Root Domain Namespace)
 IPv4 PTR Record "in-addr.arpa" Root Namespace
 IPv6 PTR Record "ip6.arpa" Root Namespace
PTR Record and Usage

○ IP Name PTR Record
○ Internet Network Routers Physical Location Detect
PTR Record Traceroute Run Location
○ Dedicated Servers VPS Servers

○ Email Service Email Server Email IP Address
Name PTR Record IP Address Valid Domain
Name Email Server Email Spam / Reject
PTR Important Fact

○ PTR Record FQDN Name Host A or Host AAAA Record FQDN
Name

 Alias (CNAME) Resource Records
○ Alias (CNAME) Resource Records Canonical Name Resource Records
○ Alias (CNAME) Records Host Multiple Names
○ Ftp www Namespace Alias (CNAME) Records
○ Alias Name CNAME Record Additional CNAME Record File

Query Performance Looses
○ CNAME Record Alias Name Additional Host
A or AAAA Record
○ Current Zone Namespace Alias Alias (CNAME) Record
 Name Server (NS) Resource Records

○ Zone Name Server (DNS Server) Information Stored Record File
○ DNS Servers Information (Zone' Authoritative Information)
Record File
○ Network (Domain) Multiple DNS Servers DNS Server
Communication / Replication
○ Name Server (NS) Records DNS Servers Auto Generate
Situations Manual NS Record
○ Domain Subdomain Parent
Domain Delegate Parent Domain Name Space Subdomain
Parent Domain

 Mail Exchanger (MX) Resource Records
○ Mail Exchanger (MX) Resource Records Email Applications MX Records
Domain Name Mail Server
○ MX Records Domain Name Mail Server Computer Name
Domain Name Mapping
○ Domain Name Mapping Host Name (Mail Server Name) Mapping
MX Record & Preference Number

○ MX Record Number (10) Preference Number
○ Preference Number Domain Multiple Mail Servers Mail
Server Point
○ Preference Number Lower Higher Priority
○ MX Records Host Records Pointer CNAME Record Pointer

Service Location (SRV) Resource Record
• Service Location Record Network ( Domain )
Services Point Record
• Network Services (Network Resources) Key Network Resources
• SRV Records Domain Controller
• SRV Records Network Server Domain Controller Promoting

Auto Network Domain Model
Network DNS Server Network DNS Server
DNS Server Records
Domain Controllers 'Kerberos , LDAP, etc.. Services SRV Records
• SRV Records Auto Create Manual Create
• SRV Records Active Directory Integrated Zone "_msdcs.<domainname>

zone" Name Zone
• SRV Record Types
 _Kerberos record (Transfer Protocol = TCP, Port Number = 88)
 NS record (Transfer Protocol = TCP, Port Number = 389)
 _ldap record (Priority of Servers)
 MX record (Exchange Server Location Record), etc..

❖ Hostname
○ Hostname Microsoft Windows Computer Hostname
TCP/IP Utility
❖ NSLOOKUP
○ NSLOOKUP DNS Server Name Resolution Test
○ NSLOOKUP Name Resolution Troubleshooting
○ NSLOOKUP Modes 2
▪ Interactive Mode
○ Interactive Mode NSLOOKUP Command Prompt
○ Interactive Mode DNS Databases Queries
○ Interactive Mode Command Prompt cmd>nslookup<enter>
○ Command Prompt > Interactive Mode

○ Interactive Mode NSLOOKUP Commands Per Line All
NSLOOKUP Commands
○ Interactive Mode NSLOOKUP Command Prompt exit

▪ Noninteractive Mode
○ Noninteractive Mode cmd NSLOOKUP Commands Queries Options
Query
❖ NSLOOKUP Options

DNS Using Ports
• DNS Servers DNS Database Transfer TCP Port 53
Namespace Queries UDP Port 53
• Namespace Queries UDP Port 53
• Namespace Query UDP Port 53 Query 3 to 5
Seconds DNS Query Respond DNS Client TCP Port 53
Query
• DNS UDP Port 53 TCP Port 53
DNS Message Types

DNS Suffix Name
• DNS Suffix Name Host Name DNS Name
 (pc1.kbtc.com kbtc.com DNS Suffix Name )
• Domain DNS Suffix Name DNS Name Registration DNS Name Resolution
• Computer Domain Joined

Computer Current Host Name Domain Name FQDN Name
Computer Domain Name Primary DNS Suffix Name
• Computer Name Resolution Request Primary

DNS Suffix Name Name Domain Detect
• Name Resolution Request Primary DNS Suffix Name

FQDN Name Name Request FQDN Name Domain Name
Resolution FQDN Name Request Host Name Request
Primary DNS Suffix Name Domain Name Resolution
• Computer Name Name Resolution Request Computer

Configure Primary DNS Suffix Name "Domain Namespace"
Domain
▪ (Primary DNS Suffix Name kbtc.com Computer Name
Resolution kbtc.com Domain
)
• Domain Joined Default Primary DNS Suffix Name

Another DNS Suffix Name ( PC DNS Suffix Name
Default Primary DNS Suffix Name Manual DNS Suffix
Names )
• DNS Suffix Names "DNS Suffix Search List"
• FQDN Name Name Resolution Client Primary DNS

Suffix Name (Domain) DNS Suffix Search List
Domains

Where to used ?
• Child Domain (mdy.kbtc.com) Parent Domain (kbtc.com)
• Server1 Host Parent Domain (kbtc.com) Name Resolution Request

Client Child Domain (mdy.kbtc.com)
• Child Domain Client Parent Domain (kbtc.com) Server 1

Name Resolution Server1 FQDN Name Server1.kbtc.com
Host Name Server1 Request Client
mdy.kbtc.com Domain Server1 Error
• Case Client Parent Domain (kbtc.com) DNS Suffix
Primary DNS Suffix Name
1. Run>sysdm.cpl > Computer Name (Tab)

2. Change > More >
Adding DNS Suffix Search List
1. Run>ncpa.cpl
2. Network Adapter > RC > Properties > IPv4 (SC) > Properties > Advanced
3. DNS (Tab) > Check
"Append these DNS suffixes (in orders):" and Click Add
4. In TCP/IP Domain Suffix Box > Added DNS Suffix Name and Click Add
5. Set Order

IPv6
History of IPv6
▪ People become to use IPv6 address because IPv4 address space is not enough
for long time.
▪ IPv4 is still alive because people use NAT/PAT, CIDR to solve inefficient
addresses.
▪ In 1998, IPv6 is published IETF with RFC 2460.
▪ IPv6 is also called IPng (Internet Protocol Next Generation)
About IPv6
* With IPv6, everything from appliances to automobiles can be interconnected.
* But an increased number of IT addresses isn't the only advantage of IPv6 over
IPv4.
* Some old protocols and versions need to use compatible with IPv6.
* So, IPv6 use Neighbor Discovery Protocol (NDP) instead of IPv4 in Address
Resolution Protocol (ARP).
* IPv6 address have 128 bits and 8 Octets.
* One group in IPv6 have 16 bits and 4 hexadecimal digits, each group is divided
with colons (:).
e.g. 2001:0db8:3c4d:0012:0000:0000:1234:56ab

IPv4 and IPv6 Total Address Space
IPv6 Addressing and Expressions
▪ Base 10 (decimal) number system =10 digits.

▪ Base 2 (binary) number system = 2 digits.
Base 16 (hexadecimal) number system =16 digits

Rules in IPv6 of Missing “0”
▪ There are two rules of IPv6 with missing “0” when assign the address or
configuration.
1. Group of Zero to Zero

2. Drop Leading Zero
✓ Original : 2001:0000:3c4d:0000:0000:0000:1234:56ab
✓ Short : 2001:0000:3c4d::1234:56ab
✓ Shorter : 2001:0:3c4d::1234:56ab
Rule 1: Group to Zero to Zero
▪ If IPV6 address include “0” group with 3 octet or 4 octet, hide 3 or 4 octets with ::
Double Column instead of “0” groups.
▪ IPv6 with group of zero can hide with :: double column each one time.
✓ Original : 2001:0000:3c4d:0000:0000:0000:1234:56ab
✓ Short : 2001:0000:3c4d::1234:56ab
Rule 2: Drop Leading Zero

If one octet have four zero hexadecimal number,
✓ original : 2001:0000:3c4d:0000:0000:0000:0000:56ab
✓ short : 2001:0:3c4d:0:0:0:0:56ab
Use with Group of zero and drop leading zero

✓ original : 2001:0000:3c4d:0000:0000:0000:0000:56ab
✓ short : 2001:0:3c4d::56ab

IPv6 Header Format
Note : IPv6 header has a new field, named Flow Label, that can identify
packets belonging to the same flow.
Different between IPv4 and IPv6 Header

Benefits of IPv6
❖ In honor of World IPv6 Day, there have 6 benefits of IPv6.
More Efficient Routing

▪ IPv6 reduces the size of routing tables and makes routing more efficient and
hierarchical.
More Efficient Packet Processing
▪ Compared with IPv4, IPv6 contains no IP-level checksum, so the checksum does
not need to be recalculated at every router hop.
▪ Most link-layer technologies already contain checksum and error-control

capabilities.
Directed Data Flows
▪ IPv6 supports multicast rather than broadcast.
▪ Multicast allows packet flows (like multimedia streams) to be sent to multiple

destinations simultaneously, saving network bandwidth.

Simplified Network Configuration
▪ Address auto-configuration (address assignment) is built in to IPv6.
▪ A router will send the prefix of the local link in its router advertisements.
▪ A host can generate its own IP address by appending its link-layer (MAC) address,
converted into Extended Universal Identifier (EUI) 64-bit format, to the 64 bits of
the local link prefix.
Support for New Services
▪ IPv6 is to eliminate NAT (Network Address Translation) technology for multi-

device connectivity and depletion of IPv4 addresses.
▪ True end-to-end connectivity at the IP layer is restored then create, maintain, and
new services such as VoIP and Quality of Service (QoS).
Security
▪ IPv6 include built-in IPsec.
▪ IPsec provides confidentiality, authentication and data integrity.
▪ IPv4 ICMP packets are often blocked by corporate firewalls, but ICMPv6 may be
permitted because IPsec can be applied to the ICMPv6 packets.

IPv6 Address Types
IPv6 Addressing Model
▪ There are 3 types of addressing in IPv6.
✓ Unicast
✓ Multicast and
✓ Anycast
Note: Not use Broadcast address, instead of broadcast address want to send
packets in LAN use Link local address (ff02::1).

Unicast Addresses
▪ An IPv6 unicast address is an identifier for a single interface of on a router or on a

host.
▪ Packets addressed to a unicast address will be delivered to a specific network

interface.
▪ Unicast is unique and there have no same IPv6 address on the internet.
Global Unicast Address
✓ Public IP address
✓ Assigned by IANA
✓ Routable IP address
✓ 2000::/3
✓ Too much addresses space that’s why no need NAT, PAT.
Note : ISP network can provide at least /48 network ID.

Unique Local Address or Site Local
✓ Private IP address
✓ Non-Routable IP address
✓ Used for intranets that are not connected to the IPv6 Internet
✓ FC00::/7 or FD00::/8 (Default prefix is 7 bits)

✓ Assign address in prefix with /64
❖ E.g. FC00::/64 or FD00::/64
Link Local Address
✓ Start with FE80::/10
✓ Can only communicate on one network segment
✓ Similar to theIPv4 APIPA address (169.254.0.0/16)
✓ To be used for
❖ Stateless Auto-address Configuration (SLAAC)
❖ Neighbor Discovery

Subnet ID
✓ Include 16 bits
✓ Use for users, organizations, companies given by IANA for 16bits
✓ Each global IP address can use 65,536 Subnets.
Interface ID
✓ The lowest-order 64 bit field addresses

✓ May be assigned in several different ways
✓ Auto-configured from a 48 bit MAC address expanded into a 64 bit
EUI-64 (SLAC)
✓ Assigned with Stateful DHCP
✓ Manually Configured
✓ IPv6 hosts can use the Neighbor Discovery protocol to automatically
generate their own interface IDs.
Interface ID Format

Link-Local Address in Computer
• When Computer generate with FE80::/64.
Multicast Address
✓ Prefix ff00::/8
✓ Equivalent to the IPv4 multicast address 224.0. 0.0/4
✓ A device sends a single packet to multiple destinations simultaneously (one-to-

many).
✓ Can assign different multicast addresses in one host
✓ Can assign only one multicast address in many hosts
✓ There are four types of Multicast address.
❖ Local Scope Multicast Address
❖ Link–Local Multicast Address
❖ Site Local Multicast Address
❖ Solicited-node multicast address

Local Scope Multicast Address
✓ Also called Multicast Loopback Address
✓ Packet cannot go through with local scope multicast in current interface
✓ Start with FF01::
❖ FF01:: >> Local Scope All Nodes Multicast Address
❖ FF02:: >> Local Scope All Routers Multicast Address
Link-Local Multicast Address
✓ Link-Local Multicast address use in LAN when nodes want to send each other with
multicast address
✓ Start with FF02 ::
✓ FF02::1 Link-Local All Nodes Multicast Address | FF02::5: All OSPFv3 Routers
✓ FF02::2 Link-Local All Routers Multicast Address | FF02::a: All EIGRP (IPv6) Router

Site Local Multicast Address
✓ Current network is related with Multicast Address
✓ Start with FF05::
✓ FF05::1 >> Site-Local All nodes (DHCP Nodes) Multicast Address
✓ FF05::2 >> Site-Local Routers Multicast Address
Solicited Node Multicast Address
✓ Use in LAN
✓ Every Enable IPv6’s interface include solicited node multicast address
✓ Start with Fe80::1ff:/104
✓ E.g. Original >> Fe80::2aa:ff:fe28:9c5a (exclude Link-local Address)
Solicited >> ff02::1ff28:9c5a

Anycast Address
▪ An IPv6 anycast address is an address that can be assigned to more than one
interface (typically different devices).
▪ A packet sent to an anycast address is routed to the “nearest” interface having that
address, according to the router’s routing table.
▪ Routers will select the desired path on the basis of number of hops, distance,
lowest cost, latency measurements or based on the least congested route.
▪ The basic idea of Anycast is very simple: multiple servers, which share the same IP
address, host the same service.
Anycast Address Topology

Special Addresses
✓ Unspecified Address
❖ ::/0 = 0000: 0000: 0000: 0000: 0000: 0000: 0000: 0000 = ::/0
❖ Also use ::
❖ 0.0.0.0/0 in IPv4
❖ Also use in default route in IPv6
✓ Loopback Address
❖ 0:0:0:0:0:0:1 = ::1/128
❖ Also use ::1
❖ 127.0.0.1/8 in IPv4
✓ Discard Address
❖ To discard Remote DDOS Attack Packets
❖ To filter routing traffics in router as block hole filtering
❖ 100::/64
✓ IPv4-Mapped IPv6 Addresses
❖ 0:0:0:0:0:192.168.100.1
✓ ::ffff:0:0/96
✓ IPv4-IPv6 Translation Address
✓ 64:ff9b::/96

IPv6 Addresses with Description
Overall IPv6 Addressing Structure
Zone ID for Link Local Address
▪ In Window
▪ E.g. Host A : fe80::2abc:d0ff:fee9:4121% 4 Zone ID
Host B : fe80::3123:e0ff:fe12:2001% 3 Zone ID
▪ Ping from Host A to Host B
❖ ping fe80::3123:e0ff:fe12:2001%4 (not %3)
Note : Identifies the interface zone ID on the host which is connected to the
segment

IPv6 Autoconfigurations
▪ Stateless Autoconfiguration (SLAC)
✓ No Manual configuration required
✓ Minimal Configuration of routers
✓ No additional servers
▪ Stateful Autoconfiguration (SAC)
✓ Need a DHCP server
✓ DHCPv6
IPv6 to IPv4 Mechanism
▪ There are 3 types of IPv4 to IPv6 mechanism.
✓ Dual Stack
✓ IPv6 Tunneling over IPv4
✓ NAT64

Dual Stack Network
▪ A dual stack network involves nodes that are capable of processing IPv4 and IPv6
traffic simultaneously.
▪ This is especially important at the router, as the router is typically the first node on
a given network to receive traffic from outside of the network.
▪ When a node within a dual stack network receives traffic, it is programmed to

prefer IPv6 over IPv4 traffic.
Different Between IPv4 only and Dual Stack

IPv6 over IPv4 Tunneling
▪ 6 to 4 tunneling is an integration method where an IPV6 packet is encapsulated

within an IPv4.
▪ 6 to4 is very useful when trafficking IPv6 data over an IPv4 network, it especially
works best in WAN settings where a remote network is still running IPv4 protocols.
▪ There are two types of 6 to 4 tunneling.
❖ Manual 6to4 tunneling
❖ Auto 6 to4 tunneling
Manual Tunnel (IPv6 over IPv4 GRE Tunnel)
▪ An IPv6 over IPv4 GRE tunnel uses the standard GRE tunneling technology to
provide P2P connections.
▪ Any types of protocol packets that GRE supports can be encapsulated and
transmitted through a GRE tunnel.
▪ The protocols may include IPv4, IPv6, Open Systems Interconnection (OSI), and
Multiprotocol Label Switching (MPLS).

Auto Tunnel (Intra-Site Automatic Tunnel Addressing Protocol) (ISATAP)
▪ The ISATAP tunnel uses a specially formatted IPv6 address with an IPv4 address
embedded into it.
▪ Different from the IPv6-to-IPv4 address that uses the IPv4 address as the network
prefix, the ISATAP address uses the IPv4 address as the interface ID.

NAT64
▪ NAT64/DNS64 uses a protocol translation approach, versus an encapsulation

approach, to connect IPv6 users to IPv4 services.
▪ The NAT64 gateway is a translator between IPv4 and IPv6 protocols for which
function it needs at least one IPv4 address and an IPv6 network segment
comprising a 32-bit address space.
▪ In the NAT64 gateway, two interfaces are connected to the IPv4 for an IPv6
network.
▪ Traffic from IPv6 goes through the gateway, which transfers and translates data
packets.
▪ Although NAT64 is an effective gateway for these two network types, some
technologies such as Skype and other types of real-time interfacing are not
supported.
Note : NAT64 connects the IPv6 network to the IPv4 network.
This NAT64 uses the Well-Known Prefix 64:ff9b::/96.

Explanation of NAT64 and DNS64
▪ The IPv6 only client wants to connect to an IPv4 only server.
▪ The IPv4 only server means that the DNS system has only an “A” record for the
server and no “AAAA” records.
▪ DNS64 server should be set as the DNS server of the IPv6 only client.
▪ When the IPv6 only client tries to connect to the web server, it sends a recursive
query to the DNS64 server to find the IPv6 address of the web server.
▪ The DNS64 server uses the normal DNS system to find out the IP address of the
web server.
Stateless and Stateful Translations
• Stateful means the computer or program keeps track of the state of interaction,
usually by setting values in a storage field designated for that purpose.
• Stateless means there is no record of previous interactions and each interaction

request has to be handled based entirely on information that comes with it.
• There are two types of NAT translations.
• The gateway maintains IPv6-to-IPv4 address mapping, which may be established

with an automatic algorithm (stateless mapping) or with special and manual
translations (stateful mapping) when the first packet from the IPv6 network
reaches the NAT64 gateway.

Stateless NAT64
▪ Stateless NAT64 is a good tool to provide Internet servers with an accessible IP

address for both IPv4 and IPv6 on the global Internet.
▪ To aggregate many IPv6 users into a single IPv4 address, stateful NAT64 is
required.
Stateful NAT64
• Stateful NAT64 allows IPv6-only clients to contact IPv4 servers using unicast UDP,
TCP, or ICMP based on RFC 6146.
• This technology will be used mainly where IPv6-only networks and clients (i.e.
Mobile handsets, IPv6 only wireless, etc...) need access to the IPv4 internet and its
services.

Difference Between Stateless and Stateful NAT64 Translations

IPv6 Subnetting
▪ Provider A has been allocated an IPv6 Block
▪ 2001:DB8::/32
▪ Provider A will delegate /48 blocks to its customer
▪ Find the blocks provided to the first 4 customers
Assign IPv6 Network Address

Neighbor Discovery Protocol (NDP)
* Replaces ARP, ICMP (redirects, router discovery) and reachability of neighbors
* Hosts use it to discover routers, auto configuration of addresses
* Features of NDP
Discovering Routers Dynamically
Discovering Network Prefixes Dynamically:
Resolving MAC address dynamically
Autoconfiguration of IPv6 addresses
DAD (Duplicate Address Detection)
Five Neighbor Discovery Messages
▪ Router Solicitation Message (RS)
✓ Router Solicitation messages are requests to IPv6 Routers for Router

Advertisement Messages.
▪ Router Advertisement message (RA)
✓ Router Advertisements are the NDP messages generated by IPv6 Routers to

advertise their presence in the link and to inform other IPv6 devices in the link
about important IPv6 link parameters like network prefix, prefix length, MTU
etc.
▪ Neighbor Solicitation message (NS)
✓ Sent by an IPv6 device to resolve the link-layer address (MAC Address) of an

IPv6 neighbor, to verify the reachability of cached link-layer address (MAC
Address) and for Duplicate Address Detection (DAD).
▪ Neighbor Advertisement message (NA)
✓ Neighbor Advertisement messages are response to a Neighbor Solicitation

message sent from an IPv6 neighbor.
▪ Redirect message
✓ Redirect messages are sent by IPv6 routers to inform IPv6 hosts in the link
about a better next hop.

Manual Address Assign
▪ Enable IPv6 on Router (Global Mode) and Manual

• R1(config)#IPv6 unicast-routing
• R1(config)#interface gi0/0
• R1(config-if)#IPv6 address 2001:DB8::1/48
• Enable IPv6 on Interface
• R1#conf t
• R1(config)#int fa0/0
• R1(config-if)#IPv6 enable
▪ Note : Use for EUI-64

Configure with Eui-64
Assign Two interfaces with SLACC and EUI-64
SLACC
EUI-64

IPv6 with ND Command
▪ Ipv6 nd prefix 2001:db8:1234:(router #)::/64 120 120
❖ ND command = enable RA
Use five minutes = 120 seconds for life time (both preferred and valid)
▪ Change RA interval to 30 seconds
❖ Ipv6 nd ra interval 30
IPv6 with Show Commands
✓ Show ipv6 interface fa0/0
✓ Debug Ipv6 icmp
✓ Debug ipv6 nd
✓ Ping ipv6 fe80:: (link local address of host)
✓ Show ipv6 neighbors
✓ Undebugg all

VPN(Virtual Private Network)
History of Virtual Private Network (VPN)
▪ While Millions of online users rely VPNs whenever they access the web almost every
day.
▪ It’s very likely that not many people know a lot about VPN history - how it started
and how it developed over the years.
▪ In 1996, Gurdeep Singh-Pall, a Microsoft employee started developing the Point-to-

Point Tunneling Protocol (PPTP) to allow users to have a secure internet connection
while working from their homes. Most experts consider this event as the beginning
of the VPN.
▪ VPN technology was originally developed only by big companies and organizations
for their own goals, and it wasn’t meant for average online users.
▪ VPNs didn’t stay exclusive business tools for long.
▪ Pretty soon, third-party VPN providers appeared on the market to provide this
technology to consumers.
About VPN
▪ Virtual private network (VPN) is a network that is constructed using public network
usually the internet to connect remote users or regional offices to a company's
private, internal network.
▪ VPN enables users to send and receive data across shared or public networks as if
their computing devices were directly connected to the private network.
▪ VPN uses different tunneling protocols to encrypt online connections, and hides
user IP addresses to let people bypass geo-blocks, and enjoy secure browsing.
▪ It prevents unauthorized people from eavesdropping on the traffic and allows the
user to conduct work remotely.
▪ VPN technology is widely used in corporate environments.

How VPN works?
• When you connect your computer or a smartphone or tablet to a VPN, the

computer acts as if it’s on the same local network as the VPN.
• All your network traffic is sent over a secure connection to the VPN.
• Because your computer behaves as if it’s on the network, this allows you to
securely access local network resources even when you’re on the other side of
the world.
• You’ll also be able to use the Internet as if you were present at the VPN’s
location, which has some benefits if you’re using pubic Wi-Fi or want to access
geo-blocked websites.
• The VPN forwards the request for you and forwards the response from the
website back through the secure connection.
• If you’re using a USA-based VPN to access Netflix, Netflix will see your
connection as coming from within the USA.
• If you travel, a VPN can give you access to geo-block websites and streaming
content from your home country (even your local Netflix library) while you're
away.

NO VPN & Use VPN
✓ The internet has now become the real marketplace and the place for cybercriminals
to be.
✓ Most people use internet when people wake up early in the morning, or they are
going to sleep at night.
✓ There was a time when street criminals would steal from you showing up a weapon
or cutter, (financial) resources are now moving towards digital currencies.
✓ Significant data is no longer kept in physical forms; it is often moved on to digital

platforms like cloud computing.
✓ Nowadays, it is quite easy for a young rookie hacker nearby to try his hands-on
hacking.
✓ It is very easy for hackers to steal user’s personal data and information.
✓ So, to keep your data and personal information protected on the internet, it is
advised to use a VPN.
✓ VPN helps a user to hide IP Address, which makes it impossible to trace the actual
location of a user.
✓ For instance, if you are living in Myanmar and connected to an Singapore server
with the help of a VPN you will appear to be Singaporean having an Singaporean IP
Address.
✓ However, there are numerous VPN providers in the market place promising to
provide the best of services and privacy and no-data logging policy.
provide the best of services and privacy and no-data logging policy.

Four Critical Functions of VPN
Confidentiality (encryption)
▪ The common network security concern is protecting data from hackers.
▪ Data confidentiality aims at protecting the contents of messages from being

intercepted by unauthorized sources.
▪ VPNs achieve data confidentiality by using mechanisms of encapsulation and

encryption.
Data Integrity
▪ Data Integrity protects data from interception and modification.
▪ So, integrity ensures data has not been altered when in transmit.
▪ In the case with VPN's, data has not been intercepted and changed when traveling
from one VPN gateway to another VPN gateway.
Origin Authentication
▪ Authentication ensures that a message comes from a reliable source and goes to
an authentic destination.
▪ VPNs can use passwords, digital certificates, smart cards, and biometrics to
establish the identity of parties at the other end of a network.
▪ However, this is usually used when setting up remote / mobile user VPN. This is
executed at the end of phase 1 negotiation.
Anti-replay
Anti-replay ensures IP packet-level security by making it impossible for a
hacker to intercept message packets and insert changed packets into the data
stream between a source computer and a destination computer.

Usage of VPN
✓ Hide your IP address
✓ Hide your Geographic Location (Country, City)
✓ Use a specific country or IP of your choice (Dedicated)
✓ Unblock Streaming Channels such as Hulu, Netflix
✓ Watch Free Streaming TV in Other Countries
✓ Unblock YouTube, Facebook, Gmail and any other blocked websites
✓ Get secured over Public Wi-Fi Connection
✓ Unblock specific Television Channels with content in your native language
✓ Torrenting / P2p File Sharing
✓ VoIP Phone Calls
✓ Bypass government restrictions online
✓ Set your search engines and websites to your preferred language
✓ Alternate to Windows & Router Firewall
✓ Secure your Home Network via VPN on router
✓ Make secure billing transactions and bank money transfers
✓ Access AppStore or Google Play of different countries

Types of VPN
Remote-Access VPN
▪ A remote access VPN is for home or travelling users who need to access their
central LAN from a remote location.
▪ They dial their ISP and connect over the internet to the LAN.
• E.g. Offsite workers to easily and securely connect with their company's
network while working remotely.
Site-to-Site VPN (Intranet-based)
* Site-to-site VPN connection lets branch offices use the internet as a conduit for
accessing the main office's intranet.
* Site-to-site VPN allows offices in multiple fixed locations to establish secure

connections with each other over a public network such as the internet.
* Site-to-site VPN typically creates a direct, unshared and secure connection

between two end points.

Sit-to-Site VPN (Extranet-based)
▪ When a company has a close relationship with another company, they can
build an extranet VPN that connects LAN to LAN.
▪ This VPN provides privileged access to authorized vendors, customers, and
other third parties.
▪ This allows your company to share information with its partners, while still
securing its LAN (intranet).

VPN Server
▪ VPN server is a physical or virtual server that is configured to host and deliver VPN
services to users worldwide.
▪ The server is a combination of VPN hardware and VPN software that allow VPN
clients to connect to a secure private network.
▪ VPN works by encrypting your data as it travels back and forth between your client
machine and the internet resources you're using, such as web servers.
VPN Server Software & Protocols
▪ VPN server software is what allows a server to offer VPN services to users.
▪ VPN server software configures servers with added security which allows them
to encrypt and decrypt connection requests and incoming information.
▪ VPN Protocols
❖ E.g. OpenVPN / SSTP / L2TP / IPsec / IKEv2 / SoftEther
VPN Clients
▪ VPN client is a software-based technology that establishes a secure connection

between the user and a VPN server.
▪ Typically, a VPN client first connects to a VPN server before it can make use of the
VPN services.
▪ After providing user credentials and authentication, the VPN client is connected to
the VPN.
▪ Some organizations provide a purpose-built VPN client that is a hardware device

preinstalled with VPN software.

Free VPN Clients for PCs and Phones
✓ DotVPN
✓ TotalVPN Free
✓ TunnelBear Free
✓ Windscribe Free
✓ VPN Gate Open Source
✓ Browsec VPN Free
✓ Hideme VPN
VPN Client-Server Architecture

Tunneling Protocols for VPN
Point-to-Point Tunneling Protocol (PPTP)
• Point-to-point tunneling protocol (PPTP) is a set of communication rules that

govern the secure implementation of virtual private networks (VPN).
• PPTP allows corporations to extend their own corporate network through private
"tunnels" over the public Internet.
Layer 2 Tunneling Protocol
▪ Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual

private networks (VPNs) or as part of the delivery of services by ISPs
▪ L2TP VPN uses a client application on a remote system, with a VPN termination
device that sits inside the network.
Note: L2TP protocol is more secure than PPTP as it doesn't have any major
security vulnerabilities.
It uses the IPsec suite to provide end-to-end encryption, data origin

authentication, replay protection, as well as data integrity.

GRE VPN Tunnel
▪ GRE creates a private point-to-point connection like that of a virtual private

network (VPN).
▪ GRE works by encapsulating a payload that is, an inner packet that needs to
be delivered to a destination network inside an outer IP packet.
▪ GRE tunnels allow VPNs across wide area networks (WANs).
IPsec VPN Tunnel
▪ Internet Protocol Security (IPsec) protocol is a secure network protocol suite

that authenticates and encrypts the packets of data to provide secure
encrypted communication between two computers over an Internet Protocol
network.
▪ IPsec is the most popular secure network protocol suites used in Virtual
Private Networks.
▪ IPsec VPN uses tunneling to establish a private connection for the network
traffic.
▪ VPN protocols that use IPsec encryption include L2TP, IKEv2, and SSTP.

VPN Features
Security
✓ Tunneling support between sites with at least 128bit encryption of the data.
Scalability
✓ Extra users and bandwidth can be added easily to adapt to new requirements.
Services
✓ Quality of service (QoS) features, including bandwidth, management and traffic

shaping, are important to avoid congestion.
Management
✓ Reports on user activity, management of user policies and monitoring of the VPN
as a whole.
Advantages of VPN
✓ Enhanced security
✓ Remote control
✓ Share files
✓ Online anonymity
✓ Unblock websites & bypass filters
✓ Change the IP address
✓ Better performance
✓ Reduce costs

4 Best Free VPN Software
PROTONVPN FREE
WINDSCRIBE
SPEEDIFY
HOTSPOT SHIELD FREE VPN

VPN Categories
Future of VPN
▪ VPN would be entirely possible to see every online user using a VPN whenever they
browse the web in the future.
▪ After all, VPN can become one of the essential factors in creating the internet as it
should be – secure, democratic, and free.
VPN Technology
✓ Open source Projects
✓ Protocol obfuscation (“hide” or “confuse” or “puzzle”)
✓ Anonymous tokenized authentication
✓ A focus on Network Access Control
✓ Multi-factor authentication
✓ Complete VPN client automation

Network Security
Why is Network Security important?
▪ With the increasing reliance on technology, it is becoming more and more essential
to secure every aspect of online information and data.
▪ As the internet grows and computer networks become bigger, data integrity has
become one of the most important aspects for organizations to consider.
▪ Network security is one of the most important aspects to consider when working
over the internet, LAN or other method, no matter how small or big your business
is.
▪ While there is no network that is immune to attacks, a stable and efficient network
security system is essential to protecting client data.
▪ A good network security system helps business reduce the risk of falling victim of
data theft and protect your workstations from harmful spyware.

What Makes Network Security so important?
▪ Hackers are impersonating Zoom, Microsoft Teams, and Google Meet for phishing
scams.
▪ Both businesses and households should consider the security of their networks
seriously:
▪ To protect the computers in the network

➢ Computers and other devices connected to unsecured networks are highly
vulnerable to external threats such as malware, ransomware and spyware attacks.
➢ A single attack can bring down the entire computer system of an organization and
compromise your personal information.
➢ By assuring the security of the network typically with the assistance of a network
security specialist you can stay away from such expensive threats.
▪ To prevent identity theft

▪ No matter whether you are an organization or an individual, your identity is
valuable.
▪ If you log into an unsecured network, your identity can become visible to third-
parties.
▪ To avoid such a situation, you should secure your network. Such an approach
becomes mandatory if you are a business that deals with client information.
▪ To protect shared data

➢ When it comes to a business, special precautions should be taken to protect shared
data.
➢ Network security can be applied with different restrictions on different computers
depending on the types of files they handle.
▪ To Stabilize the network connection

➢ In an unrestricted, unprotected network, network activity can become too heavy.
Eventually, the entire network will become vulnerable to various external attacks.

Social Engineering Attack
▪ Social engineering is the art of exploiting human psychology, rather than technical
hacking techniques, to gain access to buildings, systems or data.
▪ Social engineering, in the context of information security, is the psychological
manipulation of people into performing actions or divulging confidential
information.
▪ With a social engineering attack, the attacker compromises the network or system
through social interaction with an individual, through an e-mail message or phone
call, and tricks the individual into divulging information that can be used to
compromise security.
▪ The social engineer "impersonates" or plays the role of someone you are likely to
trust or obey convincingly enough to fool you into allowing access to your office, to
information, or to your information systems.
▪ Social engineering happens because of the human instinct of trust.
▪ Social engineering has proven to be a very successful way for a criminal to "get
inside" your organization.
▪ Criminals will often take weeks and months getting to know a place before even
coming in the door or making a phone call.
▪ Cybercriminals know that social engineering works best when focusing on human
emotion and risk.
▪ Cybercriminals have learned that a carefully worded email, voicemail, or text
message can convince people to transfer money, provide confidential information,
or download a file that installs malware on the company network.

Types of Social Engineering Attacks
➢ Hacker impersonates administrator

➢ Hacker impersonates user
➢ Hacker impersonates vendor
➢ Phishing Attack
Hacker impersonates Administrator
▪ Hacker calls and impersonates the network administrator, tries to trick the user into
compromising security by asking the user to do things such as changing their
password or giving away account information.
▪ The hacker also may ask the user questions about the general setup of the system.
Describe example as following;

Hacker impersonates user
▪ The hacker calls an unsuspecting network administrator and plays the role of a
frustrated user who cannot log on to the network.
▪ In this scenario the hacker will pretend they do not remember their password or
how to get onto the system.
▪ An unaware administrator may help the hacker (acting as a frustrated user) gain
access to the system by resetting a password and guiding them through the
process of gaining access. Example : Acting as a frustrated User
Hacker impersonates Vendor

▪ The hacker may e-mail a customer pretending to be the vendor of a piece of
software.
▪ In this example, the hacker tries to get the user to install an update, but the user
doesn’t realize the update is really a Trojan virus that gives the hacker access to
the system.

Phishing Attack
▪ A very popular type of attack today is what is known as a phishing attack.
▪ A phishing attack is when the hacker creates a fake web site that looks exactly like
a popular site such as the bank or eBay.
▪ Phishing part of the attack is that the hacker then sends an e-mail message trying
to trick the user into clicking a link that leads to the fake site.
▪ Phishing is a type of social engineering attack often used to steal user data,
including login credentials and credit card numbers.
Phishing Attack Happens

▪ It occurs when an attacker, masquerading as a trusted entity, dupes a victim into
opening an email, instant message, or text message.
▪ Phishing is an example of social engineering techniques being used to deceive
users.
▪ Users are often lured by communications purporting to be from trusted parties
such as social web sites, auction sites, banks, online payment processors or IT
administrators.
▪ When the user attempts to log on with their account information, the hacker
records the username and password and then tries that information on the real
site.
▪ An attack can have devastating results. For individuals, this includes unauthorized
purchases, the stealing of funds, or identify theft.

How Phishing Attack works?
Example: Spear Phishing Attack
Network Attacks
✓ Eavesdropping attack
✓ Hijack attack or Man-in-the-middle attack (MITM)
✓ Spoof attack
✓ Denial of service (DoS)
✓ Distributed denial of service (DDOS)
✓ Buffer overflow
✓ Exploit attack
✓ Password attack

What is Network Attack?
▪ Network-based attacks are threats that are launched and controlled from a device
or devices other than those under attack.
▪ Network-based attacks are attacks designed to compromise network security by
either eavesdropping on or intercepting and manipulating network traffic.
▪ A network attack is an attempt to gain unauthorized access to an organization's
network, with the objective of stealing data or perform other malicious activity.
▪ These may be active attacks, wherein the hacker manipulates network activity in
real-time; or passive attacks, wherein the attacker sees network activity but does
not attempt to modify it.
▪ Attackers gain access to a network and can monitor or steal sensitive information,
but without making any change to the data, leaving it intact.
Eavesdropping Attack
▪ Eavesdropping attack, also known as a sniffing or snooping attack, is a theft of

information as it is transmitted over a network by a computer, smartphone, or
another connected device.
▪ Eavesdropping is an unauthorized and illegal interception of a private
communication.
▪ It refers to listening to the private conversions of two or more parties secretly.
▪ When an attacker listens to private communication is also referred to sniffing or
snooping.
▪ Eavesdroppers can make a successful attack in different ways, including

wiretapping, email, and online chat.
▪ As the internet has expanded, people across the globe are using different web
services.
▪ If all these services are not fully encrypted, then privacy of web users will be
always at risk.
▪ There are two types of eavesdropping attacks; passive eavesdropping and active
eavesdropping.
▪ An eavesdropping attack can be difficult to detect because the network
transmissions will appear to be operating normally.

How Eavesdropping Attack Work?
One example of a MITM attack is active eavesdropping
Note : This widely used type of attack typically involves the use of network
monitoring tools to analyze and read communications on the network.
Key Takeaways of Eavesdropping Attack
▪ The attack takes advantage of unsecured network communications to access data

as it is being sent or received by its user.
✓ Avoid public wi-fi networks.
✓ Keep your antivirus software updated.
✓ Use strong passwords

Man-in-the-Middle Attack (MITM)
❖ Man-in-the-middle attack (MITM), also known as a hijack attack is an attack where

the attacker secretly relays and possibly alters the communications between two
parties who believe that they are directly communicating with each other.
❖ Man-in-the-middle attacks (MITM) are a common type of cybersecurity attack that
allows attackers to eavesdrop on the communication between two targets.
❖ The attack takes place in between two legitimately communicating hosts, allowing
the attacker to “listen” to a conversation they should normally not be able to listen
to, hence the name “man-in-the-middle.”
❖ MITM attack can succeed only when the attacker impersonates each endpoint
sufficiently well to satisfy their expectations.
❖ Most cryptographic protocols include some form of endpoint authentication
specifically to prevent MITM attacks.
❖ For example, TLS can authenticate one or both parties using a mutually trusted
certificate authority.
❖ A man-in-the-middle attack can be divided into three stages.
➢ The first stage is obtaining access to a location from which the attacker can
strike.
➢ The second stage is actually becoming a man in the middle.
➢ The third (if necessary) is overcoming encryption.

How Man-in-the-Middle Work?
▪ Alice sends a message to Bob, which is intercepted by Mallory:
▪ Alice "Hi Bob, it's Alice. Give me your key." → Mallory Bob
▪ Mallory relays this message to Bob; Bob cannot tell it is not really from
Alice:
▪ Alice Mallory "Hi Bob, it's Alice. Give me your key." → Bob
▪ Bob responds with his encryption key:
▪ Alice Mallory ← [Bob's key] Bob
▪ Mallory replaces Bob's key with her own, and relays this to Alice, claiming
that it is Bob's key:
▪ Alice ← [Mallory's key] Mallory Bob
▪ Alice encrypts a message with what she believes to be Bob's key, thinking
that only Bob can read it:
▪ Alice "Meet me at the bus stop!" [encrypted with Mallory's key] → Mallory
Bob
▪ However, because it was actually encrypted with Mallory's key, Mallory can
decrypt it, read it, modify it (if desired), re-encrypt with Bob's key, and
forward it to Bob:
▪ Alice Mallory "Meet me at the van down by the river!" [encrypted with
Bob's key] → Bob
Bob thinks that this message is a secure communication from Alice.

▪ Bob thinks that this message is a secure communication from Alice.

Best Practices to Prevent Man-in-the-Middle Attacks
➢ Strong WEP/WAP Encryption on Access Points
➢ Strong Router Login Credentials
➢ Virtual Private Network
➢ Force HTTPS
➢ Public Key Pair Based Authentication
Spoof Attack
▪ Spoofing is the act of disguising a communication or identity so that it appears to

be associated with a trusted, authorized source.
▪ A spoofing attack is when a malicious party impersonates another device or user on
a network in order to launch attacks against network hosts, steal data and bypass
access controls.
▪ A spoofing attack is a situation in which a person or program successfully identifies
as another by falsifying data, to gain an illegitimate advantage.
▪ Spoofing attacks are used more frequently on unprotected non-enterprise systems
than on larger enterprise systems.
Types of Spoofing
➢ Email Spoofing
➢ Caller ID Spoofing
➢ Website Spoofing
➢ IP Spoofing
➢ ARP Spoofing
➢ DNS Server Spoofing

How DNS Spoofing of Spoofing Attacks Work?
Denial of Service (DoS) Attack
▪ Denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator

seeks to make a machine or network resource unavailable to its intended users by
temporarily or indefinitely disrupting services of a host connected to the Internet.
▪ Denial-of-service (DoS) attack occurs when legitimate users are unable to access
information systems, devices.
▪ Services affected may include email, websites, online accounts (e.g., banking), or
other services that rely on the affected computer or network.
▪ DoS attacks accomplish this by flooding the target with traffic, or sending it
information that triggers a crash.
▪ Denial-of-Service (DoS) attacks block or disrupt an organization or business’s ability
to use its own resources such as network bandwidth, system resources (CPU,
memory), and application resources (web server, DNS server).
▪ Common DoS attacks include Ping attacks, Syn attacks, Flooding, and Reflection
and Recursion.
▪ Some organizations use a mitigation strategy known as “black hole routing” to
defend against DoS attacks.
A Distributed Denial of Service (DDoS) attack is a more advanced form of a DoS
attack where the target network is flooded by requests not from a single server or
machine but from multiple attack points.

machine but from multiple attack points.

How DoS Attack Work?
Distributed Denial-of-Service (DDoS) Attack
▪ DDoS is a type of DsOS attack where multiple compromised systems, which

are often infected with a Trojan, are used to target a single system causing
a Denial of Service (DoS) attack.
▪ Distributed Denial of Service (DDoS) attack is a non-intrusive internet
attack made to take down the targeted website or slow it down by flooding
the network, server or application with fake traffic.
▪ In a distributed denial-of-service attack (DDoS attack), the incoming traffic
flooding the victim originates from many different sources.
▪ This effectively makes it impossible to stop the attack simply by blocking a
single source.
▪ DDoS attack occurs when multiple systems flood the bandwidth or
resources of a targeted system, usually one or more web servers.
▪ DDoS is a large-scale DoS attack where the perpetrator uses more than
one unique IP address or machines, often from thousands of hosts infected
with malware.
▪ DDoS attack typically involves more than around 3–5 nodes on different
networks; fewer nodes may qualify as a DoS attack but is not a DDoS attack.
▪ DDoS attacks can last as long as 24 hours, and good communication can
ensure that the cost to your business is minimized while you remain under
attack.

How does a DDoS Attack Work?
▪ The DDoS attack will test the limits of a web server, network, and application
resources by sending spikes of fake traffic.
▪ DDoS attacks use an army of zombie devices called a botnet.
▪ These botnets generally consist of compromised IoT devices, websites, and
computers.
▪ When a DDoS attack is launched, the botnet will attack the target and deplete the
application resources.
▪ A successful DDoS attack can prevent users from accessing a website or slow it
down enough to increase bounce rate, resulting in financial losses and performance
issues.

What is Buffer Overflow
▪ A buffer overflow occurs when the volume of data exceeds the storage capacity of
the memory buffer.
▪ Buffer overflows can affect all types of software. They typically result from
malformed inputs or failure to allocate enough space for the buffer.
▪ If the transaction overwrites executable code, it can cause the program to behave
unpredictably and generate incorrect results, memory access errors, or crashes.
Buffer Overflow Attack
▪ A buffer overflow attack is when the attacker sends more data to an application
than is expected.
▪ A buffer overflow attack usually results in the attacker gaining administrative
access to the system in a command prompt or shell.
▪ Attackers exploit buffer overflow issues by overwriting the memory of an
application.
▪ This changes the execution path of the program, triggering a response that
damages files or exposes private information.
▪ If attackers know the memory layout of a program, they can intentionally feed
input that the buffer cannot store, and overwrite areas that hold executable code,
replacing it with their own code.

How Hacker Buffer Overflow Attack Works?
Types of Buffer Overflow Attacks
▪ Stack-based buffer overflows are more common, and leverage stack memory that
only exists during the execution time of a function.
▪ Heap-based attacks are harder to carry out and involve flooding the memory space
allocated for a program beyond memory used for current runtime operations.

What is Exploit
▪ An exploit is a program or piece of code that finds and takes advantage of a

security flaw in an application or system so that cybercriminals can use it for their
benefit, i.e., exploit it.
▪ Exploits are not malware themselves, but rather methods for delivering the
malware.
▪ An exploit kit doesn't infect your computer.
▪ An exploit can be used by crackers for breaking security or for otherwise attacking
a host over the network.
▪ In some cases, an exploit can be used as part of a multi-component attack.
▪ Instead of using a malicious file, the exploit may instead drop another malware,
which can include backdoor Trojans and spyware that can steal user information
from the infected systems.
Exploit Attack
▪ An exploit attack refers to a program or code that takes advantage of a security

weakness in an application or system.
▪ By exploiting a person’s or business’ security weakness, cyber criminals can easily
break in and create chaos and steal sensitive information.
▪ Exploit attacks are often confused with malware.
▪ Instead, they are the picklocks that allow malware through the door.
▪ Often delivered as a collection of exploits, or a kit, exploit attacks can be hidden in
play view on your favorite websites.

How Exploit Attack Works?
Password Attack
▪ The most widely used mechanism to authenticate a user to a system is a password.

▪ Consequently, obtaining passwords is a common and effective attack.
▪ A password attack is exactly what it sounds like: a third party trying to gain access
to your systems by cracking a user’s password.
▪ An attacker tries to crack the passwords stored in a network account database or a
password-protected file.
▪ There is software that attackers use to try and crack your password, but this
software is typically run on their own system.
How Password Attack Work?
Example : Brute-force attack

FIREWALL
Why do We need Firewall?

▪ A number of organizations and individuals have an Internet connection allowing
them to communicate with the outside world.
▪ Although this is a great flexibility allowing access to a wealth of information, there
are a number of security risks involved in connecting directly to the Internet.
▪ As a general rule, you should always put another device between you and the
Internet, and that device is known as a firewall.
Firewall
▪ A firewall is a network security device that monitors incoming and outgoing
network traffic and permits or blocks data packets based on a set of security rules.
▪ Network firewalls are frequently used to prevent unauthorized Internet users from
accessing private networks connected to the Internet, especially intranets like
viruses and hackers.
▪ Firewalls can be implemented as both hardware and software, or a combination of
both.
▪ All messages entering or leaving the intranet pass through the firewall, which
examines each message and blocks those that do not meet the specified security
criteria.

Two Categories of Firewall
▪ Firewalls are often categorized as either network firewalls or host-based firewalls.

▪ Network-based firewalls are positioned on the gateway computers of LANs, WANs
and intranets.
▪ They are either software appliances running on general-purpose hardware, or
hardware-based firewall computer appliances.
▪ Firewall appliances may also offer other functionality to the internal network they
protect, such as acting as a DHCP or VPN server for that network.
▪ Host-based firewalls are positioned on the host itself and control network traffic in
and out of those machines.
▪ The host-based firewall may be a daemon or service as a part of the operating
system or an agent application such as endpoint security or protection.
How Firewall work?

Dual-Homed Host Firewalls
▪ A dual-homed host is an application-based firewall and first line of
defense/protection technology between a trusted network, such as a corporate
network, and an untrusted network, such as the Internet to provide secure access.
▪ Dual-homed is a general term for proxies, gateways, firewalls, or any server that
provides secured applications or services directly to an untrusted network.
▪ Dual-homed host may be considered a unique type of bastion host, a network
computer designed to withstand attacks from hackers, viruses and any other type
of interference from those with malicious intentions.
▪ A dual-homed host firewall consists of a single computer with two physical network
interfaces that acts as a gateway between the two networks.
How Dual-Homed-Host Work?

Screened-Host Firewall
▪ Whereas a dual-homed host architecture provides services from a host that's

attached to multiple networks, a screened host architecture provides services from
a host that's attached to only the internal network, using a separate router.
▪ Screened-host firewall configurations are considered by many to be more secure
than the dual-homed firewall.
▪ In this architecture, the primary security is provided by packet filtering.
▪ In this configuration, you place a screening router between the dual-homed host
and the public network.
How Screened-Host Firewall work?

Screened Subnet Firewalls
▪ Screened subnet firewall is a model that includes three important components for
security.
▪ This type of setup is often used by enterprise systems that need additional
protection from outside attacks.
▪ Screened subnet firewall is built on other models including dual-homed gateways
and screened host firewalls, which were developed for best practices in system
security.
▪ A screened subnet firewall configuration takes security to the next level by further
isolating the internal network from the public network.
▪ A screened subnet firewall also called a 'triple-homed’ setup.
▪ An additional screening router is placed between the internal network and the
dual-homed firewall.
▪ This provides two additional levels of security.
▪ First, by adding a screening router internally, you can protect the dual-homed
firewall host from an attack by an internal source.
▪ Second, it makes an external attack much more difficult because the number of
layers that an attacker must go through is increased.
▪ Normally the outside screening router will be configured to pass any data that has
passed the filter rule to the dual-homed firewall that will perform more tests on the
incoming traffic.
The internal screening router is typically configured to accept only data from the
dual-homed firewall, ensuring that hackers can’t skip past the outside firewall
layers.
How Screened Subnet Firewalls work?

Types of Firewall
▪ There are three types of firewalls that can be used:
➢ Packet-level firewall
➢ Application-Level firewall
➢ Circuit-Level firewall.
Packet-Filtering Firewall
▪ A packet-level firewall is usually a form of screening router that examines packets

based on filters set up at the network and transport layers.
▪ Packet filters work by inspecting the source and destination IP and port addresses
contained in each Transmission Control Protocol/Internet Protocol (TCP/IP) packet.
▪ TCP/IP ports are numbers that are assigned to specific services that help to identify
for which service each packet is intended.
▪ For example, the port number for the HTTP protocol is 80.
▪ As a result, any incoming packets headed for an HTTP server will specify port 80 as
the destination port.
▪ Packet filters are the least expensive type of firewall.
▪ As a result, packet-filtering firewalls are very common.
▪ Packet filtering is usually an effective defense against attacks from computers
outside a local area network (LAN).
▪ As most routing devices have integrated filtering capabilities, packet filtering is
considered a standard and cost-effective means of security.
How Packet Filtering Firewall Work?

Application-Level Firewall
▪ The application-level firewall understands the data at the application level.

▪ Application-level firewalls operate at the application, presentation, and session
layers of the OSI model.
▪ An application firewall is a type of firewall that scans, monitors and controls
network, Internet and local system access and operations to and from an
application or service.
▪ This type of firewall makes it possible to control and manage the operations of an
application or service that's external to the IT environment.
▪ An example of an application-level firewall is a proxy server.
▪ The proxy server can analyze the application data in the packet and decide if it is
allowed through the firewall.
▪ This is different than a packet-filtering firewall, which can only analyze the header
of the packet, including information such as the source and destination IP
addresses and port numbers.
▪ Proxy services manage traffic through a firewall for a specific service such as HTTP
or FTP.
▪ Proxy services can provide increased access control, detailed checks for valid data,
and generate audit records about the traffic they transfer because the proxy
services are specific to the protocol that they are designed to forward.
How Application-Level Firewall Work?

Circuit-Level Firewall
▪ Circuit-level firewalls are similar in operation to packet-filtering firewalls, but they

operate at the transport and session layers of the OSI model.
▪ The biggest difference between a packet-filtering firewall and a circuit-level firewall
is that a circuit-level firewall validates TCP and UDP sessions before opening a
connection, or circuit, through the firewall.
▪ When the session is established, the firewall maintains a table of valid connections
and lets data pass through when session information matches an entry in the table.
▪ The table entry is removed, and the circuit is closed when the session is terminated.
How Circuit-Level Firewall Work?

Firewall Types
➢ There are two types of Firewall;
✓ Stateful Firewall
✓ Stateless Firewall
Stateful Firewall
▪ A stateful firewall is a firewall that monitors the full state of active network
connections.
▪ This means that stateful firewalls are constantly analyzing the complete context of
traffic and data packets, seeking entry to a network rather than discrete traffic and
data packets in isolation.
▪ Stateless firewalls watch network traffic and restrict or block packets based on
source and destination addresses or other static values.
▪ By taking multiple factors into consideration before adding a type of connection to
an approved list, such as TCP stages, stateful firewalls are able to observe traffic
streams in their entirety.
Stateless Firewall
▪ A stateless firewall uses simple rule-sets that do not account for the possibility that
a packet might be received by the firewall 'pretending' to be something you asked
for.
▪ A stateless firewall filter, also known as an access control list (ACL), does not
Stateful inspect traffic.
▪ Stateless Firewalls are basically ACLs.
▪ They contain rules about which traffic to allow or block depending on Source IP,
Destination IP, Port numbers, Network Protocols and a bunch of other stuff.
▪ Stateless firewall filter is to enhance security through the use of packet filtering.
▪ If match conditions are not met, unidentified or malicious packets will be blocked.

Difference Between Stateful and Stateless Firewall
Caching Server
▪ Cache Server is a server used to speed corporate access to Web content on the
Internet by caching the Web pages that users most frequently request.
▪ A cache server is a dedicated network server or service acting as a server that
saves Web pages or another Internet content locally.
▪ By placing previously requested information in temporary storage, or cache, a
cache server both speeds up access to data and reduces demand on an
enterprise's bandwidth.
How Caching Server Work?

Proxy Server
▪ By definition, a proxy server is a server that performs a function on behalf of

another system.
▪ The employees who want to access the Internet perform the actions they normally
would with their browser, but the browser submits the request to the proxy server.
▪ The proxy server then transmits the request on the Internet and receives the
results, which are sent to the original requester.
▪ The benefit of a proxy is that anyone who captures the traffic sent out on the
Internet would have the IP address of the proxy and not that of the internal
network systems.
▪ Some proxy servers implement caching features as well, allowing the administrator
to filter the web sites that are allowed to be viewed by internal clients.
How Proxy Server Work?

Port Filtering
▪ Port filtering is a major part of building firewall rules.

▪ It is extremely important for you to be comfortable with the protocol (either TCP or
UDP) and the port number used by an application to establish a socket when
administering firewalls.
▪ Port filtering is when a router monitors the destination ports of the tcp/udp and/or
other port-based network protocol packets that pass through it.
▪ With port filtering you can have the router block packets that are heading to a
certain port or block some packets based on their content.
▪ It is used for security or may be for other reasons.
How Port Filtering Work?

Popular Network Services Port Number

Content Filtering
▪ On the Internet, content filtering is the use of a program to screen and exclude
from access or availability Web pages or e-mail that is deemed objectionable.
▪ Content filtering is used by corporations as part of Internet firewall computers and
also by home computer owners, especially by parents to screen the content their
children have access to from a computer.
▪ Content filtering allows you to filter what information users are allowed to see
when using an application.
▪ For example, we may allow web traffic out of the private network onto the Internet
but we want to make sure that users on the network are not surfing inappropriate
content.
▪ For example, we may deny any web pages with the word “sex” in them.
How Content Filtering work?

Data Encryption
▪ Many different types of data encryption are available with each methodology,
providing advantages and varying levels of security.
▪ To date, there are a number of complex encryption standards that have not yet
been broken, along with other standards that use simple encryption methods and
have been cracked but can still provide a level of security if used appropriately.
▪ Encryption is the method by which information is converted into secret code that
hides the information's true meaning.
▪ The science of encrypting and decrypting information is called cryptography.
▪ Encryption is the process of taking plain text data and converting it to a
meaningless format that is unreadable, better known as cipher text.
▪ Once the data has been transformed into cipher text, anyone wishing to decrypt
the content would need to know the encryption key to convert the data back to
plain text.
▪ The encryption key is passed through an encryption algorithm to encrypt the
contents of the data.
There are a limited number of encryption algorithms, so if a hacker knows the
algorithm, that is not considered a security issue, but if a hacker obtains the
encryption key, that is a compromise of network security.
Types of Encryption
▪ There are two popular forms of encryption:

✓ Symmetric key encryption
✓ Asymmetric encryption

Symmetric Key Encryption
▪ Symmetric encryption is a type of encryption where only one key (a secret key) is
used to both encrypt and decrypt electronic information.
▪ The entities communicating via symmetric encryption must exchange the key so
that it can be used in the decryption process.
▪ By using symmetric encryption algorithms, data is converted to a form that cannot
be understood by anyone who does not possess the secret key to decrypt it.
▪ Once the intended recipient who possesses the key has the message, the algorithm
reverses its action so that the message is returned to its original and
understandable form.
▪ The secret key that the sender and recipient both use could be a specific
password/code or it can be random string of letters or numbers that have been
generated by a secure random number generator (RNG).
▪ For banking-grade encryption, the symmetric keys must be created using an RNG
that is certified according to industry standards, such as FIPS 140-2.
Types of Symmetric Encryption Algorithms
▪ There are two types of symmetric encryption algorithms:
▪ Block Algorithms
➢ Set lengths of bits are encrypted in blocks of electronic data with the use of a
specific secret key.
➢ As the data is being encrypted, the system holds the data in its memory as it
waits for complete blocks.
▪ Stream Algorithms
➢ Data is encrypted as it streams instead of being retained in the system’s
memory.

How Symmetric Key Encryption Work?
Asymmetric Encryption
▪ Asymmetrical encryption is also known as public key cryptography, which is a

relatively new method, compared to symmetric encryption.
▪ Asymmetric encryption uses two keys to encrypt a plain text.
▪ Secret keys are exchanged over the Internet or a large network.
▪ It ensures that malicious persons do not misuse the keys.
▪ It is important to note that anyone with a secret key can decrypt the message and
this is why asymmetrical encryption uses two related keys to boosting security.
▪ A public key is made freely available to anyone who might want to send you a
message.
▪ The second private key is kept a secret so that you can only know.
▪ A message that is encrypted using a public key can only be decrypted using a
private key, while also, a message encrypted using a private key can be decrypted
using a public key.
▪ Security of the public key is not required because it is publicly available and can be
passed over the internet.
▪ Asymmetric key has a far better power in ensuring the security of information
transmitted during communication.

Types of Asymmetric Key Encryption
▪ Asymmetric encryption is mostly used in day-to-day communication channels,

especially over the Internet.
▪ Popular asymmetric key encryption algorithm includes:
➢ EIGamal
➢ RSA
➢ DSA
➢ Elliptic curve techniques
➢ PKCS
How Asymmetric Encryption Work?

Encryption Standards
Data Encryption Standard (DES)
▪ The Data Encryption Standard

▪
is a symmetric-key algorithm for the encryption of digital data.

▪ Although its short key length of 56 bits makes it too insecure for modern
applications, it has been highly influential in the advancement of cryptography.
▪ DES works by using the same key to encrypt and decrypt a message, so both the
sender and the receiver must know and use the same private key.
▪ DES is an implementation of a Feistel Cipher. It uses 16 round Feistel structure.
The block size is 64-bit.
Rivest–Shamir–Adleman (RSA) Encryption
▪ RSA (Rivest–Shamir–Adleman) is one of the first public-key cryptosystems and is widely

used for secure data transmission.
▪ Messages are encrypted with a code called a public key, which can be shared
openly.
▪ Due to some distinct mathematical properties of the RSA algorithm, once a
message has been encrypted with the public key, it can only be decrypted by
another key, known as the private key.
▪ Each RSA user has a key pair consisting of their public and private keys.
▪ Public key encryption schemes differ from symmetric-key encryption, where both
the encryption and decryption process use the same private key.
These differences make public key encryption like RSA useful for communicating in
situations where there has been no opportunity to safely distribute keys
beforehand.

Secure Sockets Layer (SSL)
▪ Secure Sockets Layer (SSL) is a session-layer protocol that encrypts data sent from
any higher-layer program such as FTP, HTTP, SMTP, and so on.
▪ SSL has become the standard method of encrypting traffic between a web client
and a web server, ensuring that malicious users cannot capture such traffic and
read it.
▪ SSL can work only with guaranteed transports or basically anything using the TCP
protocol and is made up of the two protocols:
❖ SSL Handshake and
❖ SSL Record.
▪ SSL Handshake is used to create a secure session between the two systems that
are communicating.
▪ This includes all methods and parameters used for the encryption.
▪ SSL Record is used to encrypt all data packets, including the SSL Handshake data
packets.
▪ SSL is mainly used on e-commerce web sites during the exchange of personal
information such as credit card numbers, because SSL can encrypt the traffic
between the client and the server.

Secure Socket Layer Topology
How SSL Certificate work?

How Secure Socket Layer Work?

Cloud Computing
• Virtualized services and solutions are often offered by service providers as cloud
computing.
• In cloud computing, it is likely that virtualized switches, routers, servers, and
firewalls will be used as part of cloud-based services.
• There are three types of Cloud Services,
 IaaS (Infrastructure as a Service) & NaaS
 SaaS (Software as a Service)
 PaaS (Platform as a Service)
 Community Cloud Service
IaaS
○ Services that can be available as part of cloud computing include
"Infrastructure as a service" (IaaS), where the company rents virtualized
servers (which are hosted by a service provider) and then runs specific
applications on those servers. Also called "Network as a Service" (NaaS).
SaaS
○ Another type of cloud service is "Software as a service", SaaS, where the
details of the servers are hidden from the customer and the customer’s
experience is similar to using a web-based application.
○ An application service provider (ASP) provides application software access to
subscribers. This service is sometimes called software as a service (SaaS).
PaaS
○ Another cloud service is called platform as a service, PaaS, which can provide a
development platform for companies that are developing applications and want
to focus on creating the software and not have to worry about the servers and
infrastructure that are being used for that development.
Community Cloud
○ Another type of cloud is the community cloud, which is a term referring to
cloud services used by individuals, companies or entities with similar interests.
• There are also 3 Cloud types based on shared type,

 Public Cloud
 Private Cloud
 Hybrid Cloud

Content Engines
• Many proxy servers are capable of performing content caching; however, some
networks used dedicated appliances to perform this content caching.
• These appliances are commonly referred to as caching engines or content engines.
• A corporate branch office can locally cache information from a server located at the
corporate headquarters location.
• Multiple requests from branch office clients for the content can then be serviced
from the content engine at the branch office, thus eliminating the repetitive transfer
of the same data.

Content Switches (Load Balancer)
• Also called Load Balancer
• For companies with a large Internet presence (for example, a search engine
company, an online book store, or a social networking site), a single server could be
overwhelmed with the glut of requests flooding in from the Internet.
• To alleviate the burden placed on a single server, a content switch distributes

incoming requests across the various servers in the server farm, each of which
maintains an identical copy of data and applications.

Virtual Network Devices
Virtual Servers
Virtual Routers / Virtual Switches / Virtual Firewalls

Virtual Desktop
• Users being more mobile than ever, they need access to information traditionally
stored on their office computers’ hard drives from a variety of other locations.
• For example, a user might be at an airport using her smartphone, and she needs
access to a document she created on her office computer.
• With virtual desktops, a user’s data is stored in a data center rather than on an
office computer’s hard drive.
• By providing authentication credentials, a secure connection can be established
between the centralized repository of user data and that user’s device
NaaS
• Network as a Service
• If a service provider’s customer did not want to house and maintain his own data
center, these virtualization technologies could be located at a service provider’s
data center, and the customer could be billed based on usage patterns. Such a
service provider offering is called network as a service (NaaS), implying that
network features can be provided by a service provider.

Network Devices
Repeater
○ Extender
○ To refill signal because of Transmission Media Limitation or Attenuation
○ Layer 1 Device
○ Only 2 Interfaces
○ Extra 12 Volts Electric Supply from Adapter
○ Using Extra Volts , Repeater regenerate signal from one side to another.
○ Repeater can fill up to double of cable distance.

Hub
○ Also called "Multiport Repeater" or "Concentrator"

○ Layer 1 Device
○ "Physical Star" , "Logical Bus"
○ Hub has no MAC Table or Routing Table , so Hub is not a intelligence device.
○ Hub used "Broadcasting Method" that duplicate one port signals (0,1,1,0) to all
other left ports. (Data Broadcasting Method can cause Bottlenecks)
○ Hub used "Integrated Circuit" to regenerate signals.
○ Half Duplex Device (10 Mbps to 100 Mbps) (1Share per - 1Speed)
○ Because of Half Duplex Device , Hub can't separate Collisions Domain and Broadcast
Domain.
○ Types of Hubs
▪ Passive Hub
□ Small Hub
□ No Power (DC 5Volts from NIC)
□ No power can cause short distance connections.
□ 4 Ports to Max 8 Ports
□ Without Fan
□ Can't used in daisy-chain multiple hubs network.
 Active Hub
▪ Enterprise Hub
▪ With Power (DC 12Volts from Outlet)
▪ Using Input DC to regenerate signals , so Active hubs is also called
Multiport Repeater.
▪ Active Hub support long distance connections.
▪ Mini 12 Ports to 24 Ports
▪ With Fan
▪ Can used as daisy-chain multiple hubs network.
 Smart Hub
▪ Smart Hub is also active hub and also has an enhanced feature
called "Simple Network Management Protocol (SNMP)".

Switching Hubs
○ There is also another Hub called Switching Hub.
○ Modern day of Ethernet Network Switching Hub appeared.
○ Switching hub is intelligence device and not used Broadcasting Method.
○ Switching hub only send to intended port by using "MAC Table".
○ Switching hub become successor to "Switch".
Cascading Hubs
○ Cascading Hubs Hubs
○ Hubs
1. Cross Over Cable Hub Hub
(Hub Connection Half duplex
)
2. Straight Through Cable Hub Uplink Port

Hub Port (Hub Connection
Full duplex )
Uplink Port
○ Uplink Port Hub
○ Hubs Uplink Port Uplink ( Cross Over , MDI-X ,

OUT )
○ Hubs Uplink Port Ports Uplink
Port , Normal Port Hub First Port (Port 1) or Last
Port Uplink Port
○ Uplink Port Straight Cable

❖ Daisy-Chained and Unlink Port
○ Hub Uplink Port , Hub Port

○ Hub Uplink Port , Hub Port
○ Uplink Port to Normal Port
○ Port , Uplink Port
○ Straight Cable

Repeater (Active Hub) and 5-4-3 Rule
○ Network Nodes Support Hubs Ports
Multiple Hubs Daisy Chain
Nodes
○ Multiple Hubs Ethernet Maximum 5-4-3 Rules
 Nodes
 Maximum Cable Length
 Maximum Segments Support
○ 5-4-3 Rule Ethernet Multiple Hubs Daisy Chain Design

 5 Segments
 4 Repeaters (4 Hubs)
 3 Attachable Segments Support
Rules Ethernet

Token Ring MAU
○ Multi-station Access Unit
○ Also called MSAU (Media Station Access Unit)
○ MAU "Ring in a box"
○ MAU Layer 1 Layer 2 Device
○ 1997 IBM Token (Frames) Ring Rotate

Network Device
○ MAU Token Rotate MAU Token Passing Programmed Circuit
○ MAU Token Passing Technology Collisions

(Token Passing MAU CSMA/CD )
○ Collisions Domain Breakup Broadcast Domain Breakup
○ MAU Types 2
1. Passive MAU (No Power , 12Volts Battery)
2. Active MAU (With Power)
○ Full Duplex Device
○ MAU Products Token Ring Topology IBM Company

Bridge
○ Bridge
○ Bridge OSI Layer 2 (Data Link Layer)
○ Bridge Same Large Network (Hubs )
○ Bridge Network Smaller Segments
 ( Bridging )
 (Network Segments Network Devices
Network Collisions )
 ( Collisions Bridge )
○ Bridge Network Devices Network

Network 2 Bridge "Bridge Table" (MAC Table)
Connect
○ Switch MAC Table Forwarding Decisions

Software
○ Broadcast Traffics Bridge Table

Forward Bridge Broadcast Domain
○ Bridges Ports 2 (OR) Ports 2
○ Half Duplex

Switch
○ Normally Switch is "Layer 2 Device" but some switches are "Layer 3 Device" or "Multi
Layers Device"
○ "Physical Star" , "Logical Ring"
○ Switches are working with "Switching Method" that take frame to specific location.
○ Switch use "MAC Table or CAM Table" to take frame.
○ Switch also have 4 or More Ports . (Enterprise have 48 Ports)
○ Full Duplex Device (100Mbps or More)
○ Switch used CSMA/CD in Half Duplex Mode to avoid Collision Domain (Switch in Full
Duplex Mode can't cause Collisions and CSMA/CD don't work) and also used
"Spanning Tree Protocol" for Loop Avoidance.
○ Switch Features are
▪ Port Mirroring
▪ Port Authentication
▪ Content Switching (Must be Content Switch)
▪ VLAN
▪ Trunking
○ Small and Medium Brands (D-Link , C-Net , TP-Link , Trendnet , Belkin , Netgear)
○ Enterprise Brands (Cisco , MikroTik , Juniper , HP)

Router
○ "Layer 3 Device"
○ Inside is "Peer to Peer" or "Star Topology"
○ Interconnecting Different LANs
○ Router do "Routing Function" that forward packet to another.
○ Router forwarding packets by using "Routing Table"
○ The Router must have at least 2 Interfaces. One for LAN1 another for LAN2.
○ Full Duplex Device (100 Mbps or 1Gbps to More)
○ Two Types of Route
▪ Static Route
▪ Dynamic Route
○ Router used popular Routing Protocols are RIP , RIPv4 , EIGRP , OSPF , BGP , etc..
○ Routing Function can be Server or Integrated Device.
○ Microsoft "Routing and Remote Access Server"
○ Linux "Static Route" or "Proxy Server"
○ Small and Medium Brands (D-Link , Linksys , TP-Link , Trendnet , Belkin , Netgear)
○ Enterprise Brands (Cisco , Juniper , MikroTik , HP)

Brouter
○ Brouter or Bridge Router
○ Network device that works as a bridge and as a router.
○ As networks continue to become more complex, a mix of routable and non-routable

protocols has led to the need for the combined features of bridges and routers
○ Brouter operate at both the network layer for routable protocols and at the data link
layer for non-routable protocols.
○ Brouter routes (forward) for routable protocols and bridging (bridge) for non-routable
protocol.
○ Brouter operate on both Layer 3 and Layer 2.
○ Brouters are Half-Duplex Device.

Load Balancer
○ Load balancing is a method of distribution workloads to multiple resources.
○ Load balancing environments are

 DNS Round-Robin
 Client-side load balancing
 Server-side load balancing
○ Load balancing can be implemented with hardware, software, or a combination of both.
○ Load Balancer are Full-Duplex Devices.
○ A hardware load-balancing device (HLD), also known as a Layer 4 or Layer 7 Router that
directs computers to multiple servers in a network.
○ Load balancer can breakup Collisions Domain and Broadcast Domain.
○ A load balancer acts as the “traffic cop” sitting in front of your servers and routing client
requests across all servers capable of fulfilling those requests in a manner that maximizes
speed and capacity utilization and ensures that no one server is overworked, which could
degrade performance.
○ If a single server goes down, the load balancer redirects traffic to the remaining online
servers.
○ Typical Load Balancer functions are
▪ Distributes client requests or network load efficiently across multiple servers
▪ Ensures high availability and reliability by sending requests only to servers that
are online
▪ Provides the flexibility to add or subtract servers as demand dictates
○ Popular Enterprise Load Balancer brands are F5 , Barracuda , JetNEXUS , Fortinet ,

Cisco , etc…
○ Small Environment Load Balancer brands are TP-Link , D-Link Load Balancer ,etc..

CSU/DSU
○ Channel Service Unit / Data Service Unit
○ CSU/DSU Digital-interface Device
○ Digital Signals Digital Circuit (T1 Line) Connection
Digital Terminal Equipment (DTE) Device Router Connect
Digital Interface Device
○ CSU/DSU Device CSU Device DSU Device
○ CSU/DSU External ( ) Device Newer

Routers Module Internal Device (Module CSU/DSU
T-1 WAN Card )
 Telecom Demarc Point T1 Line RJ-45 Connection CSU/DSU

Internet Port (RJ-45 Port)
 V.35 DTE Cable V.35 Connector (34-Pins) CSU/DSU Device V.35 Port
V.35 Cable Serial Connector (DB25) or Smart Serial
Connector Router Serial Port

Another Method of DTE V.35 Connector and DCE V.35 Connector
○ V.35 Cable T1 Connection CSU/DSU Device Router
V.35 DTE Cable
○ V.35 Cable V.35 DTE Cable V.35 DCE Cable
○ V.35 DCE Cable Routers Point to Point Serial Connection
○ Router DCE Cable Router DTE Cable DCE , DTE

Connectors Point to Point Serial Connection
(Routers 2 DCE / DTE Cables Interfaces Smart
Serial Connectors )
V.35 Cable Grade

○ V.35 Cables V.35 Connectors V.xx Connectors
RS232C (DB25) Connector or Smart Serial Connectors
○ V.35 Connectors V.35 Cable Grade
○ V Cables Data Transfer Rate
V.xx Cables Grades ITU

CSU
○ Channel Service Unit
○ CSU
1. WAN Line (T1 Line) Electrical Interferences
2. WAN Line Service Provider Company WAN Link Connection
Echo loopback test
DSU
○ Data Service Unit
○ DSU
1. WAN Line (T1 Line) Connection Control
2. WAN Line (T1 Line) Time-Division Multiplexed (TDM) DSX Frames
LAN Frames
3. Additional DSU Signal Regeneration Timing Errors
Management
 DSU DTE Device Router CSU

Device

Network Interface Card
NIC
○ Network Interface Card or Network Interface Controller
○ Network Adapter , Physical Network Interface , LAN Adapter
○ NIC is mostly Layer 1 Device but NIC also provide Data Link Layer Addressing (MAC Addressing) ,
so NIC can be Layer 2 Device. Every NIC has one "MAC Address"
○ NIC used resources are

▪ Interrupt Request (IRQ)
▪ Programmed Input / Output (PIO)
▪ Direct Memory Access (DMA)
○ NIC can be
▪ Integrated (Onboard) or
▪ Dedicated, Expansion Card (ISA or PCI or PCIe) or
▪ Adapter (USB or Serial)
Differences between Built-in & Dedicated NIC

○ Built-In NICs Dedicated Card NICs Speed Built-In
NICs PCH (or South Bridge) Control PCH Chips Motherboard
Internal Components CPUs RAMs Communication Motherboard
Parallel Bus Speed
○ Dedicated Card NICs PCIe Interfaces Serial
Communication Speed
○ Built-In NICs CPU Resources
○ PCIe NICs Motherboard PCIe x1 or x4 Slots
NIC Support Interfaces

▪ BNC
▪ Serial (Rollover Interface)
▪ RJ45
▪ AUI (Attachment Unit Interface)
▪ Fiber
NIC Speeds
○ Speed (10 Mbps, 100 Mbps, 1Gbps, 10Gbps, 20Gbps, 160Gbps)

NIC Brands
○ Small Business, Home and Gaming NIC Brands are (Intel, Killer, Realtek, Broadcom,
Marvell Technology , Group , QLogic , Mellanox, TP-link, TRENDnet, etc.. )
○ Servers and Enterprise type NIC Brands are (Intel, StarTech, Rosewill, Netgear,
Emulex, Sun, etc..)
NIC Internal Components

○ NIC Internal Components
 NIC Controller
(Low-end CPU, Read Information, Encapsulate with
Information)
 EPROM
(Erasable Programmable Read Only Memory, Firmware)
 Integrated Circuit (Buffer)
(NIC has "Integrated Circuit" for managing traffic and also
has "Queue") (Buffer)
(Modern NICs have two queues) (2 or More Ports have four
queues)
 Tx (Transmit) Queue and
 Rx (Receive) Queue
NIC Features
○ NIC Features
 Data Transmit / Receive
 Buffering (Queues)
 Network Boot (PXE)
 Wake from LAN
 Remote Management
 Directly Off and Plug
 POE Support
 Backpressure (Backward Compatible Mode to Half-Duplex)
 Multiple Platform Support (Independent OS or Software)
 Interrupt to 1 Core
 Dual Port / Multi-Port
 Dual or Multi have VLAN Management Support, Access Different
Same Time
 Accepting Jumbo Frames
 Direct Software Addressable TCP/IP Space (More L)
 Auto MDI/MDIX (on Network Device)
(Medium Dependent Interface/ MDI Crossover)

NIC LEDs
○ LEDs Status
 OFF
 Solid
 Flashing
○ NIC OR Port LEDs

 LED Link LED Connectivity /
 Side LED Activity LED Connectivity

Cases
○ NIC Brands LEDs Colors
 Green ( )
 Amber ( / )
 Port Left Side LED Green
Right Side LED Amber
○ Green or Link LED NIC Interface (Port) Current Connectivity State
 Off Connection
 Network Connectivity Green Solid
 Data 0/1 Transmit / Receive

Flashing
○ Amber or Activity LED Network States
 Off No Problem
 Solid Network Congestion Collisions
Indicate
 Flashing Network Traffics

○ Green
 Green Link LED Connectivity State
 Green Activity LED Speed State
 Off (10 Mbps)

 Flashing (100 Mbps)
 Solid (1000 Mbps)
○ NIC (Ports) LEDs Green Amber

Network Card Testing
○ Network Card ( )
1. Loopback IP Address Ping
2. Loopback Tester Cable

Transceiver
○ Convert Device Interface to Transmission Interface

○ Transceivers are devices that contain transmitter and receiver.
○ Transceiver are Layer 1 Devices
○ Transceiver has "Electric Circuit" for converting signals.
○ Transceiver Jobs and features are
▪ Transmit
▪ Receive
▪ Convert
▪ Collision Detection
▪ Jabber
Types of Transceiver
○ IEEE 802.3 Interfaces (10Base2 , 10Base5) used MAU Transceiver (Old Network)
○ Fiber-Optic (Gigabit Ethernet) used "Fiber Transceivers"
▪ GBIC
▪ SFP
▪ SFP+
▪ SFP
▪ XAUI
▪ CFP

MAU
○ Medium Attachment Unit
○ Layer 1 Device
○ Converting AUI Interface to Ethernet Interfaces
○ Two types of MAU
▪ AUI to BNC
▪ AUI to RJ45 (Ethernet)
Fiber Transceiver
○ Layer 1 Device
○ Fiber Transceivers Device Hot Swappable Interface
○ Device Interface Fiber Interface
○ Fiber Transceiver Device Digital Signals (Electric Signals) Optical

Signals
○ Most used Fiber Transceiver are
▪ GBIC (Gigabit Interface Converter)
▪ SFP (Small Form-factor Pluggable)
▪ SFP+ (Enhanced Small Form-factor Pluggable)
▪ XFS (10 Gigabit Small Form-factor Pluggable)
▪ XAUI (XFS AUI)
▪ CFS (C Form-factor Pluggable)

AUI
○ Attachment Unit Interface
○ AUI Purpose Network Device Variable Interfaces
○ Enterprise Level Network Devices AUI Interfaces

(Router , Switch)
○ 10 Base Networks 10Base5 10Base2
AUI Interface and Connectors
○ AUI IEEE 802.3 Standard Physical Layer Specification

○ AUI Interface 15-Pins (2 Rows) Male or Female Connector
○ D Shaped AUI Interface DB-15 or DIX Interface
○ AUI Interface (On Device) Female Connector
○ AUI Cable AUI Interface (Device) Male Connector
MAU Female Connector
○ AUI Cable Maximum Distance 50 meters

❖ Converter
○ Layer 1 Device
○ Media Converter
○ Network Interface Network Interface Convert
○ Signal Type Signal Type Convert
○ Converter Types
▪ BNC (Coaxial) to RJ45 (Twisted Pair)
▪ Serial to RJ45 (Twisted Pair)
▪ RJ45 (Twisted Pair) to Fiber (Optical)
▪ Fiber Single Mode to Multi Mode

❖ Network Cables and Connectors
○ Networking Network Cables
▪ Serial Cable (RS-232)
▪ Parallel Cable (LPT) Crossover Cable
▪ Coaxial Cable
▪ Twisted Pair Cable
▪ Fiber-Optic Cable
○ Networking Connectors (Interfaces) Types

▪ Serial
▪ Parallel
▪ BNC
▪ RJ11
▪ RJ45
▪ Patch Panel
▪ Fiber Connectors

Twisted Pair Cable
○ Twisted Pair Cables Telephone , Networking
○ Conductor Wires 2 Wires Cross Talk EMI
Twist
○ 1881 Twist Formula Alexander Graham Bell 1900
America Telephone Lines Twist
○ Twisted Pair Cables 3
1. Unshielded Twisted Pair Cable (UTP)
2. Shielded Twisted Pair Cable (STP)
3. Foiled Twisted Pair (FTP)
Unshielded Twisted Pair Cable (UTP)
○ EMI Shield (Foils) Cross Talk Wires Twist
○ Twisted Pair Cable Cable
Shielded Twisted Pair Cable (STP)
○ Shielded EMI Interferences Shield 2 Twist

Cables Shield (Foil Shield) Shields
Shield (Braided Shield)
○ Braided Shield Cable Bent
○ Twisted Pair Cable EMI Interference

Foiled Twisted Pair (FTP)
○ UTP Cable FTP S/UTP , SF/UTP

○ Twist Cables EMI Foil Shield
EMI
Twisted Pair Standards and Cable Types

○ Twisted Pair Cable Manufacturers Environments Prices
Twisted Pair Cables x/xTP Standard Code
Code Brief
U Unshielded (No Shield)
S Braided Shield (Outer Layer Only)
F Foil Shield (Inner Twist Only)
○ Shielded Twisted Pair Cables

Cable Pairs and Color
○ Twisted Pair Cable 4 Pairs 8 Wires
○ Wires 2 Pair
○ Wire Colors
○ Wire RJ-45 Connector Pins
Twisted Standard Connector Type

○ Twisted Pair 8 Wires RJ-45 Connector Pins 2 Pin Numbers
Wires (Colors) TIA/EIA Standards 2
1. 568A
2. 568B
○ 568A Color Standard Connector " 568A Connector "
○ 568B Color Standard Connector " 568B Connector "

RJ-45 Connector or Twisted Pair Connectors (8P8C)
○ Twisted Pair Cables Connectors
○ RJ Connectors (RJ Means , Registered Jack)
○ Male Connector RJ Connectors ( )
1. RJ-11 (Phone) [6 Pins]
2. RJ-45 (Network) [8 Pins]
 RJ-45 Connector 8P8C Modular Connector

 RJ-45 Connector 8 Pins Connector Pin 1
 Pins Signal (Volts) Ethernet Type (Both Cable and NIC Ports)
Name Speed Standard Used Pins Cable
10BaseT 10Mbps 802.3i 2 Pairs, Pins (1,2,3,6) CAT 3 or CAT5
100BaseT 100Mbps 802.3u 2 Pairs, Pins (1,2,3,6) CAT5
1000BaseT 1Gbps 802.3ab 4 Pairs, Pins (1,2,3,4,5,6,7,8) CAT5e
10000BaseT 10Gbps 802.3an 4 Pairs, Pins (1,2,3,4,5,6,7,8) CAT6 or CAT6a
Pin Name Description
TX+ Transmit Plus
TX- Transmit Minus
RX+ Receive Plus
RX- Receive Minus
BI+ Bi-directional Plus
BI- Bi-directional Minus
NC Not Connected

Ethernet Cable Type
○ Twisted Pair Cables Cable Connector Type
1. Straight-Through Cable
2. Crossover Cable
3. Rollover Cable

Straight-Through Cable
○ Twisted Pair Cable 568A Connectors
568B Connectors
○ Connector Pin 1 Cable 1 Connector Pin 1
○ Straight-Through Cable Devices

○ (Device Straight)
Crossover Cable
○ Twisted Pair Cable Connector 568A 568B
Crossover Cable
○ (1 to 3) , (2 to 6) , (3 to 1) , (4 to 4) , (5 to 5) , (6 to 2) , (7 to 7) , (8 to 8)
○ Crossover Cable Devices

○ (Device Cross)

Rollover Cable
○ Connect PC directly to Router
○ Cisco Console Cable Yost Cable

Console Cable
○ Connector RJ-45 Connector Router Console Port (RJ-45 Port)
○ Serial Connector DB9 (RS-232) Connector PC Serial Port

(COM Port)
Rollover and Null-Modem Methods

○ Rollover Cable Null-Modem Adapter
Rollover Cable Null-Modem Cable
○ Communication Connections Device Interface DCE

Device Interface DTE Device Interfaces 2
DTE Data Transfer Data
○ Router Console Interfaces DTE Function
RJ45 Connector Pins
○ Null-Modem Adapter DTE Interfaces Data Transfer
Wires Connect
DTE Interfaces Data Transfer

○ Rollover Cables Working Pins
 RJ45 Pin 2
 RJ45 Pin 3
 RJ45 Pin 6
 RJ45 Pin 7

Twisted Pair Cable Category
○ Twisted Pair Cables Cable Quality Speed Name Categories
○ Network Twisted Pair Cables
Name Cable Type Bandwidth(Speed) Ethernet Type Maximum Distance
Cat 1 TP Under 1Mbps Telephone Unspecified
Cat 2 TP 4 Mbps IBM Terminal System Unspecified
Cat 3 UTP 10 Mbps 10BaseT or 10BaseT4 100 Meters (330 ft)
Cat 4 UTP 16 Mbps Token Ring (IEEE 802.5) 100 Meters
Cat 5 UTP 100 Mbps & 1Gbps 100BaseT & 1000BaseT 100 Meters
Cat 5e UTP 100 Mbps & 1Gbps 100BaseT & 1000BaseT 100 Meters (Enhance Edition)
Cat 6 UTP 10Gbps (In 55 Meters) 10GBaseT 55 Meters and 100 Meters
1Gbps (Over 55 Meters)
Cat 6a U/FTP , F/UTP 10Gbps (In 100 Meters) 10GBaseT 100 Meters (More Shield)
Cat 7 F/FTP , S/FTP 10Gbps (In 100 Meters) 10GBaseT 100 Meters (Full Shield)
Cat 7a F/FTP , S/FTP 10Gbps (In 100 Meters) 10GBaseT 100 Meters
Cat 8 U/FTP , F/UTP 40Gbps 40GBaseT In Development

Ethernet Bandwidth Capacity
Ethernet Types

Network Tools or Twisted Pair Cabling Tools
Ethernet Boots RJ-45 Modular Jack (Wall Outlet or Wall Jack) Cable Tester
Crimping Tools (Crimper) Stripper Punch-down Tools

Patch Panel
❖ Wall Jacks , Patch Panel and Patch Cable

▪ Computer RJ-45 Cable Wall Jacks
▪ Wall Jacks Server Room Patch Panel
▪ Patch Panel Network Cable Switch , Router

❖ MDF
▪ MDF Main Distribution Frame MDF Company Outside
Lines MDF Connect
▪ MDF IDF (Intermediate Distribution Frames) Connect
❖ IDF
▪ Intermediate Distribution Frames
▪ MDF Connection IDF Connect
▪ IDF Workstations Connect

❖ HCC Cable
▪ Patch Panel Switch , Switch Router Connect Cable Horizontal
Cross-Connect (HCC) Cable
❖ VCC Cable
▪ MDF IDF Connect Cables Vertical Cross-Connect (VCC)
Cable
❖ Plenum vs. Non-plenum

○ Network Cables Cable Grade 2
1. Plenum Cable
○ Plenum Cables Toxin
2. Non-plenum Cable
○ Non-plenum Cables Plenum Toxin
(PVC) Cable
 PVC (Polyvinylchloride) Cables Poisonous Smoke
 Cables Plenum Cable

Network Interface Management

IP Addressing Assigned by CLI
1. Run as Administrator
cmd>Run as Administrator
2. Interface Name Lookup Command
netsh interface show interface
3. Interface Renaming
netsh interface set interface name="Local Area Connection" newname="FastEthernet"

Assign Static IP Address Only
netsh interface ip set address name=”Local Area Connection” static 192.168.0.1

255.255.255.0
Assign Static IP Address and Default Gateway Address
netsh interface ip set address name=”Local Area Connection” static 192.168.0.1

255.255.255.0 192.168.0.254
Assign Static DNS Server Address (Primary DNS Server Address)
netsh interface ip set dns name=”Local Area Connection” static 192.168.0.250
Assign Secondary DNS Server Address
netsh interface ip add dns name=”Local Area Connection” 8.8.8.8 index=2
Assign WIN Server IP Address
netsh interface ip set winsservers="Local Area Connection" static 192.168.0.200
Enabling and Disabling Interface
netsh interface set interface name="Local Area Connection" admin=Disabled
netsh interface set interface name="Local Area Connection" admin=enabled
Changing to Dynamic IP Address
netsh interface ip set address name=”Local Area Connection” source=dhcp
Changing to Dynamic DNS Server Address
netsh interface ip set dnsservers name=”Local Area Connection” source=dhcp

Saving Current IP Configuration as File
netsh_-c_interface_dump_>_c:\netbackup.txt
(Export)
netsh_-f_c:\netbackup.txt (Import)
OR
netsh_interface_dump_>_C:\netcfg.dat (Export)
netsh_exec_C:\netcfg.dat (Import)
Loop Ping or Broadcast Ping
for_/L_%i_IN_(1,1,20)_do_ping_-n_1_192.168.1.%i | find /i "Reply">>C:\iplist.txt
arp -a
for /L %i IN (1,1,20) do ping -n 1 192.168.10.%i | find /i "Reply">>C:\iplist.txt

Optical Spectrum and Fiber Optic Cable
Nature of Light
Light Reflection
○ (Light) Light
Reflection Process
Light Refraction
○ (Light) (Medium)
Light Refraction
○
1. Speed Reduction Speed
2.
Refractive Index (n)

○ Refractive Index (Medium)
Unit
○
○ (Medium)
○ Refractive Index (n)

• Free space (Vacuum) 1.0
• Air is 1.0003
• Water is 1.33
 Various Glasses used in fiber optics is varies between 1.42 and 1.50
○ Refractive Index (n) Optical Cable
Data Variable
○ Fiber Optic Industry Medium Refractive Index (n)
Variable Spectrum Rate ( ) nm
(Nanometer)

Wave-Length & Optical Speed Unit
○ Optical System Optical Link Data Optical
Speed Optical Cable
○ Data Data
Optical Speed (Bandwidth) Wave-Length
○ Optical Cable (Light Wave-Length) Frequency (Hz)

Nanometer (nm)
○ 1 Second Optical Link Data
Speed Rate Frequency (Hertz) Wave-Length Unit Nanometer (nm)
Speed Unit "Spectral-Width
Calculation"
○ Frequency (Hertz) Wave-Length (nm) Unit Conversation Formula
3 x 1014 Hz (300 TeraHertz) = 1000 nm (1µm)
○ Fiber Link OR Fiber Cable Wave-Length 680 nm

Fiber Cable 1 680 / 1000 = 0.68 THz
○ 0.68 THz CPU Speed GHz

 (0.68 x 103) = 0.68 x 1000 = 680 GHz
○ Fiber Optic Cables Light Signal Wave-Length

 680 nm to 1700 nm
Light Wave Types

○
○ Wave-length (Frequency)

Optical Spectrum
○ "Infrared Light Waves" Frequencies Range 680 nm (Wave-length
/Frequencies) Waves Optical Spectrum
○ Light Waves Frequencies Range 650 nm Light (Optical
Spectrum) colors Color (Invisible) Light Wave Optical
Spectrum
○ Optical Fiber Light (Optical Signal) Optical Spectrum
Light Rays or Light Channels

○ Fiber Optic Cable Optical Spectrum
○ Cable Optical Spectrum Single Light Channel
(Single Channel) Optical Spectrums
Multiple Light Channel (Multi Channel)
○ Fiber Optic Cable Multi Channel (Cable
Multiple Light Rays) Light Modular Light
Modular Fiber Link Channels
○ Fiber Optic Cable Light Rays / Channels
Numerical Aperture
○ Numerical Aperture Fiber Optic Cable Optical Spectrums (Light Rays)
○ Fiber Optic Cable Numerical Aperture Value Light

Channels Light Channels Data
Numerical Aperture Value Fiber Optic Cable More
Bandwidth
○ Fiber Optic Cable Numerical Aperture Value Cable Core Area
○ The Higher the Core Area , the Higher the Numerical Aperture and the more
Bandwidth.

Optical Network Components
○ Optical Network Components
1. Modulator (Light Source)
2. Receiver (Light Receiver) (also have Photosensitive detector)
3. Fiber Optic transmission strand (Fiber Optic Cable)
4. Optical Connectors (Interface or Connector to Connect each others)
5. Light Signal (Modulated light bean)
Optical Network Working Step by Step Flows
1. Computer Input Signal Modulator Light

Emitting Diode (LED) (OR) Solid State Laser Invisible infrared radiation
Modulated Light bean
2. Signal Light bean Source to fiber connection connector Fiber Optic
transmission strand (Fiber Optic Cable)
3. Signal Fiber to Detector Connection Connector Receiver
4. Receiver Light Signal Photosensitive Detector
Output Signal
 Connectors Optical Signal loss

 Optical Signal Modulator Light Amplitudes /Light Rays
( ) Modulate Light Amplitudes /Light Rays
( ) Data Signal Light Ray
Data Signal

Two Kinds of Light Source
○ Optical Network Light Source Type 2
○ Light Source Types Characteristics Features
Operating Mode Bandwidth Distance Power Levels Response Times
Numerical Aperture Price Characteristics of failure Lifetimes
1.Diode Laser (DL)

○ Use in Single Mode Fiber.
○ Diode Laser Light Source Moderate-Band (
) Wideband ( ) Higher bit rate
○ Higher bit rate Diode Laser Bandwidth
○ Laser Light
○ Moderate or Wideband Power Usage
○ Diode Laser Fast Response Time (typically less than 1 ns)
Fast Response Time
○ Diode Laser Fiber Optic Cable Small Core Diode Laser
Small Numerical Aperture
○ Higher Prices
○ Diode Laser Pulse Width Dispersion Effects Data Failure
○ Diode Laser Lifetime At room temperature (10 to the power 5 to 10 to

the power 6 ) Hours
2.Light-Emitting-Diode (LED)
○ Use in Multi Mode Fiber.
○ LEDs Minimum Band ( ) Slow bit rate
○ Slow bit rate LED Laser Bandwidth

○ LED
○ Minimum Band Power Usage
○ LEDs 5 ns (Nano Second) Slow Response Time Slow
Response Time
○ LED Fiber Optic Cable Large Core LED Large Numerical
Aperture
○ LED Cheaper Price
○ LED Pulse Width Dispersion Effects Data Failure
○ LED Lifetime At room temperature (10 to the power 6 to 10 to the

power 7) Hours

Fiber Optic Cable Structure
○ Fiber Optic Cable Components 3
1.Core Area
2.Cladding Area
3.Protective jacket
1.Core Area
○ ( )
○ Core Portion Light Optical Signals
○ Optical Signal Core Area Light Reflection Light

Refraction Process Glass
○ Glass Very Pure Glass Glass Compounds (silicon
dioxide, doped with small amounts of germanium, boron and phosphorous)
2.Cladding Area
○ ( )
○ Cladding Core Area Glass Area
○ Optical Cable Core Area Light (Optical Signals)
Cladding Area Reflection Surface Refraction
Balance Interface
○ Cladding Area Reflection Area
 Cladding Core Refraction Index Cladding Refraction

Index Core Refraction Index lower Refraction index
3.Protective Jacket
○ Protective Jacket Optical Cable Core Area Cladding Area
Glass Cable External Damage
○ Protective Jacket Buffer

Fiber Cable Area Units
○ Fiber Optic Cable Core Area Cladding Area Fiber
Optic Cable Single Mode Fiber Multi Mode Fiber
○ Fiber Cable Core Area Cladding Area Unit
○ Fiber Cable Core Area Cladding Area "Micro Meter"

µm = "Micrometer" ,
EG. 63.5 µm
○ Fiber Cable Specification Core Area Cladding Area
63.5 / 125 µm
 63.5 Core Area

 125 Cladding Area
 Fiber Optic Cable Singe Mode Fiber Multi Mode Fiber

Core Area
➢ Core Area 50 µm Single Mode Fiber
➢ Core Area 50 µm Multi Mode Fiber
Two Types of Fiber Optic Modes or Cables

○ Fiber Optic Cable Light ( ) Form ( ) Fiber Optic
Cable (2)

1.Single Mode Fiber
○ Laser Light
○ Single Mode Fiber Core Area 7 µm to 10 µm (Typically)
○ Core Area Optical Spectrum Channel
○ Single Mode Fiber Laser Wave-Length 1310 nm or 1550 nm
○ Laser Light Long Distance Fiber
○ 80 Kilometer 80 km Repeater
○ Laser Wave 10 Gbps

○ High-Data-rate Systems Long-distance Systems Backbone , SONET , WAN
Links
○ Single Mode Fiber High Transfer Rate , Less Data Loss Long
Distance
2.Multi Mode Fiber

○ LED Light
○ Multi Mode Fiber Core Area 50 µm 50 µm
100 µm
○ Core Area Multiple Spectrums Multi Channels
○ Multi Mode Fiber Optical Spectrums wavelength 800 to 900 nm
○ LED Light Short Distance

○ Multi Mode Fiber Maximum Distance 2 Kilometer 2 km
Repeater
○ Multi Spectrums Multi Mode Fiber Speed Channels Speed
Channels
○ Multi Mode Fiber Server Clustering Links , Backup System LAN
○ Multi Mode Fiber Secure Fiber Cable

Cladding Area Data Loss

Fiber Connectors
○ Fiber Network Connectors FOA Organization FOCIS Standard
○ Fiber Connectors
▪ BICONIC
▪ ST
▪ SC
▪ FC
▪ LC
▪ MTRJ
▪ Opti-Jack
▪ VF
▪ LX-5
▪ MU
▪ MPO
▪ MTP
▪ FDDI
▪ ECON
BICONIC
○ The BICONIC is the yellow body indicating a SM version.
○ First fiber connector.
○ Single Mode Fiber.
○ BICONIC is covered in the TIA connector standard FOCIS-1 (TIA-604-1).

ST
○ Straight Tip
○ Also called BFOC (Bayonet Fiber Optic Connector)
○ 2.5 mm , Bayonet Coupling type.
○ Used in Datacom.
○ Commonly used as Single Mode Fiber.
○ ST (an AT&T Trademark) is probably still the most popular connector for
multimode networks, like most buildings and campuses (2005).
○ ST is covered in the TIA connector standard FOCIS-2 (TIA-604-2).
SC
○ Subscriber Connector or Square Connector
○ 2.5 mm , Snap (push-pull) Coupling type.
○ Used in Datacom & Telecom , GPON , EPON , GBIC
○ Commonly used as Single Mode Fiber.
○ SC is widely used for it's excellent performance.
○ SC was twice as expensive as a ST.
○ ST is covered in the TIA connector standard FOCIS-3 (TIA-604-3).

FC
○ Ferrule Connector or Fiber Channel
○ 2.5 mm , Screw Coupling type.
○ Datacom, telecom, measurement equipment.
○ FC was one of the most popular Single mode connectors for many years.
○ FC has been mostly replaced by SCs and LCs.
○ FC is covered in the TIA connector standard FOCIS-4 (TIA-604-4).
LC
○ Lucent Connector or Little Connector or Local Connector
○ High-density connections, (Transceiver in SFP , SFP+ , XFP ).
○ Good performance, highly favored for Single mode.
○ LC is covered in the TIA connector standard FOCIS-10 (TIA-604-10).

MT-RJ
○ Mechanical Transfer Registered Jack or Media Termination Recommended jack
○ Datacenter , Optical LAN.
○ MT-RJ are Multimode Fiber only.
○ MT-RJ uses pins for alignment and has male and female versions.
○ MT-RJ is covered in the TIA connector standard FOCIS-12 (TIA-604-12).
Opti-Jack (OJ)
○ Opti-Jack is two ST-type ferrules in a package the size of a RJ-45.
○ OJ can be Single Mode or Multi Mode.
○ Opti-Jack has male and female versions.
○ LC is covered in the TIA connector standard FOCIS-6 (TIA-604-6).

VF
○ Volition Fiber
○ Also used Single Mode or Multi Mode.
○ VF is a slick, inexpensive duplex connector.
○ VF aligns fibers in a V-groove like a splice , plug and jack versions.
○ VF is covered in the TIA connector standard FOCIS-7 (TIA-604-7).
LX-5
○ Lucxis
○ Used in High-density connections.
○ Used as Single Mode Fiber.
○ LX-5 is like a LC but with a shutter over the end of the fiber.
○ LX-5 is covered in the TIA connector standard FOCIS-13 (TIA-604-13).

MU
○ Miniature unit
○ Used as Single Mode Fiber.
○ MU looks a miniature SC and more popular in Japan.
○ MU is covered in the TIA connector standard FOCIS-17 (TIA-604-17).
MPO or (MTP)
○ MPO means multi-position optical.
○ MPO connector is sometimes called a MTP which is a commercial name.
○ MPO is a 12 fiber connector for ribbon cable.
○ 12 Connectors are 2.5 mm , Bayonet Coupling type.
○ MPO is use for preterminated cable assemblies and cabling systems.
○ MPO is a 12 fiber MT broken out into 12 STs.
○ MPO is covered in the TIA connector standard FOCIS-5 (TIA-604-5).

FDDI
○ FDDI is SC Duplex, so FDDI is SC Duplex connectors.
○ FDDI use 2.5 mm ferrules.
○ FDDI Socket is Single Mode Fiber.
○ FDDI are generally used to connect to the equipment from a wall outlet, but the rest
of the network will have ST or SC connectors.
○ Usually used in FDDI Network.
ESCON
○ ESCON is SC Duplex, so also called SC Duplex Connector.
○ ESCON also use 2.5 mm ferrules.
○ Single Mode Fiber.
○ ESCON used to connect wall outlet.
○ ESCON is an IBM trademark and also seen in IBM Networks.

Fiber Cables
○ Fiber Optic Cables
▪ Speed
▪ Fiber Mode
▪ Light Source Type
▪ Wavelength
▪ Distance (Maximum)
▪ Connectors
○ Fiber Optic Cables

 10BaseFL
 100BaseF
 1000BaseSX
 1000BaseLX
 10GBaseER
 10GBaseEW
 10GBaseSR
 10GBaseSW
 10GBaseLR
 10GBaseLW
 10GBaseL4
 10GBaseLRM
 10GBaseZR

Name Speed Mode Light Source Wavelength Distance Connect
10BaseFL 10 Mbps Multimode LED 850 nm 2 km ST , SC

(Fiber)(Long Distance)
100BaseFX 100 Mbps Multimode LED 850 nm 2 km ST , SC

(Fiber) (Ethernet St)
1000BaseSX 1 Gbps Multimode LED 850 nm 220 to 550 LC Only

(Short Distance) meters
(Ethernet Standard)
1000BaseLX 1 Gbps Single Mode Laser 1300 nm 5 to 70 km LC , SC

(Long Distance)
(Ethernet Standard)
10GBaseER 10 Gbps Single Mode Laser 1550 nm 40 to 80 LC , SC

(Extra Long Wave km
Length)
(LAN)
10GBaseEW 10 Gbps Single Mode Laser 1550 nm 40 to 80 LC , SC

(Extra L W L) km
(WAN)
10GBaseSR 10 Gbps Multimode LED 850 nm 26 to 300 BOM

(Short Distance) meters (Base
(LAN) OnManu)
10GBaseSW 10 Gbps Multimode LED 850 nm 26 to 300 BOM

(Short Distance) (WAN) meters
10GBaseLR 10 Gbps Single Mode Laser 1310 nm 10 km LC

(Long Distance) (LAN)
10GBaseLW 10 Gbps Single Mode Laser 1310 nm 10 km LC

(Long Distance)
(WAN)
10GBaseL4 10 Gbps Multimode Laser 1300 nm 10 km BOM

(Four Lasers Group)
10GBaseLRM 10 Gbps Multimode Laser 1550 nm 220 meters BOM

(Long Distance)
(LAN)
(Multi Laser Group)
10GBaseZR 10 Gbps Single Mode Laser 1550 nm 80 km BOM

(Industry , Air Port
Standard)

WAN Connection Types
• Some WAN connections are 'always on' , some are 'On demand' meaning that the
connection is not established until needed.
• Some WAN connections provide multiple users 'Share Bandwidth' , some are
'Dedicated Bandwidth' and some are 'Share a Common Pool of available Bandwidth'.
• Based on these facts WAN connection can be classified into three categories,
 Dedicated Leased Line
 Circuit-Switched Connection
 Packet-Switched Connection

Dedicated Leased Line
• A connection interconnecting two sites.

• It is 'Logical Connection' and provided by 'Service Provider' or 'Telephone Company'.
• It is start with physical connection connected to company' central office and customer
area.
• Because of dedicated leased line which can't shared bandwidth with others, it is more
expensive than other WAN Technologies.
• Example of Dedicated Leased Line is 'T1 circuit' and common layer 2 protocol 'PPP' run
on these physical line.
Circuit Switched Connection
• Integrated Services Digital Network (ISDN) can operate as a circuit-switched

connection, bringing up a virtual circuit (VC) on demand.
• Cost savings for some customers who only need periodic connectivity to a remote
site.

Packet-Switched Connection
• Similar to a dedicated leased line because most packet-switched networks are always
on.
• Unlike a dedicated leased line, packet-switched connections allow multiple customers
to share a service provider’s bandwidth.
• Even though bandwidth is being shared among customers, customers can purchase a
service-level agreement (SLA), which specifies performance metrics (for example,
available bandwidth and maximum delay) guaranteed for a certain percentage of
time.
• An SLA might guarantee a customer that he has a minimum of 5 Mbps of bandwidth
available 80 percent of the time.
• Frame Relay is an example of a packet-switched connection.
• Frame Relay network allows multiple customers to connect to a service provider’s
network, and virtual circuits (VCs) logically interconnect customer sites.
• Asynchronous Transfer Mode (ATM) is often categorized as a packet-switched
connection.
• However, to be technically accurate, ATM is a cell-switched connection because ATM
uses fixed-length (that is, 53 byte) cells, as opposed to variable-length frames.

WAN Data Rates
• LAN links are typically faster than WAN links ;however, some WAN technologies (for
example, Synchronous Optical Network [SONET]) boast a bandwidth capacity in the
tens of gigabits per second (Gbps).
• Higher-speed WAN technologies are actually metropolitan-area network (MAN)

technologies.
• Aside from measuring bandwidth in kilobits per second (Kbps), megabits per second
(Mbps), or gigabits per second (Gbps), high-speed optical networks often use optical
carrier (OC) levels to indicate bandwidth.
 As a base reference point, the speed of an OC-1 link is 51.84 Mbps.
 OC levels are simply multiples of an OC-1. For example, an OC-3 link has three times
the bandwidth of an OC-1 link (that is, 3 * 51.84 Mbps = 155.52 Mbps).

Dedicated Lease Line
• A dedicated leased line is typically a point-to-point connection interconnecting two

sites.
• All the bandwidth on that dedicated leased line is available to those sites.
• The bandwidth of a dedicated leased line connection does not need to be shared
among multiple service provider customers.
• WAN technologies commonly used with dedicated leased lines include digital circuits,
such as T1, E1, T3, and E3.
• These circuits can use multiplexing technology to simultaneously carry multiple
conversations in different 64-Kbps channels.
• A single 64-Kbps channel is called a Digital Signal 0 (DS0).

Circuit Types used in Lease Line
Digital Signal 0 (DS0) Explain

○ This is the basic digital signaling rate of 64 Kbps, equivalent to one channel.
○ This is the generic term used by several multiplexed digital carrier systems and is
also the smallest-capacity digital circuit.
○ Europe uses the E0 and Japan uses the J0 to reference the same channel speed.
Typical to T-carrier transmission.
○ 1 DS0 = 1 voice/data line. DS0 =64 kbps
T Carriers
○ Transmission System 1 (T-1), was introduced in 1962 in the Bell System, and could
transmit up to 24 telephone calls simultaneously over a single transmission line of
copper wire.
○ T-1 is a hardware specification for telecommunications trunking. A trunk is a single
transmission channel between two points on the network: each point is either a
switching center or a node (such as a telephone).

T1
• T1 circuits were originally used in telephony networks, with the intent of one voice
conversation being carried in a single channel (that is, a single DS0).
• A T1 circuit is composed of 24 DS0s, which is called a Digital Signal 1 (DS1). The
bandwidth of a T1 circuit is 1.544 Mbps.
• Explain for T1 bandwidth,

▪ The size of a T1 frame = 193 bits
(that is, 24 channels * 8 bits per channel + 1 framing bit = 193 bits).
▪ The Nyquist theorem requires 8,000 samples to be sent per second for a voice
conversation (that is, a rate at least twice the highest frequency of 4000 Hz).
▪ Total bandwidth = 193-bit frames * 8,000 samples per second = 1.544 Mbps.
• In a T1 environment, more than one frame is sent at once. Two popular approaches to
grouping these frames are the following:
▪ Super Frame (SF): Combines 12 standard 193-bit frames into a super frame.
▪ Extended Super Frame (ESF): Combines 24 standard 193-bit frames into an

extended super frame.
• T1 circuits are popular in North America and Japan.
E1
• An E1 circuit contains 32 channels, in contrast to the 24 channels on a T1 circuit.
Only 30 of those 32 channels, however, can transmit data (or voice or video).
• Specifically, the first of those 32 channels is reserved for framing and synchronization,
and the seventeenth channel is reserved for signaling (that is, setting up, maintaining, and
tearing down a call).
• Because an E1 circuit has more DS0s than a T1, it has a higher bandwidth capacity.
• Specifically, an E1 has a bandwidth capacity of 2.048 Mbps (8000 samples per
second as required by the Nyquist theorem * 8 bits per sample * 32 channels =
2,048,000 bits per second)
• Unlike a T1 circuit, an E1 circuit does not group frames in an SF or an ESF.
Rather, an E1 circuit groups 16 frames in a multiframe.
• E1 circuits are popular outside of North America and Japan.

T3
• In the same T-carrier family of standards as a T1, a T3 circuit offers an increased
bandwidth capacity.
• Although a T1 circuit combines 24 DS0s into a single physical connection to offer 1.544
Mbps of bandwidth, a T3 circuit combines 672 DS0s into a single physical connection,
which is called a Digital Signal 3 (DS3).
• A T3 circuit has a bandwidth capacity of 44.7 Mbps
E3
• Just as a T3 circuit provided more bandwidth than a T1 circuit, an E3 circuit’s available
bandwidth of 34.4 Mbps is significantly more than the 2.048 Mbps of bandwidth offered
by an E1 circuit.
• A common misconception is that the bandwidth of an E3 is greater than the bandwidth of
a T3 because an E1’s bandwidth was greater than a T1’s bandwidth.
• However, that is not the case, with a T3 having a greater bandwidth (that is, 44.7 Mbps)
than an E3 (that is, 34.4 Mbps).

Metro Ethernet (MetroE)
○ It is also called Metropolitan Area Network (MAN) Network.
○ Metropolitan-area Ethernet is a metropolitan area network (MAN)
○ MAN based on Ethernet standards and can connect a customer to a larger network and
the Internet, also called Ethernet as a WAN Technolgy. (Private WAN)
○ Metro Ethernet service usess Ethernet physical links to connect the customer's device to the
service provider's device.
○ The limitation of Ethernet, it does not used Twisted Pair Cable for connection (Ethernet standard
cabling support 1 kilometer or 2 kilometer) (Only Campus LAN) , it is only used fiber optic cable
connection.
○ IEEE improved Ethernet Standards a reasonable WAN Technology, 1000 BASE-LX (Single Mode
Fiber Cable / Up to 5-km) and 1000 BASE-ZX (Single Mode Fiber Cable / Up to 70-km).
○ Company Sites are connected each other using Fiber Connection. To connect Internet , MAN
need service provider.
○ Businesses can use Metro Ethernet to connect their own offices together, which is
another very cost-effective connection option.

Metro Ethernet Design and Topology
Metro Ethernet in Data Link Layer (Layer 2)
○ Metro Ethernet uses Ethernet Emulation / EoMPLS (Ethernet over MPLS) for layer 2
transmission.
○ MPLS-based Metro Ethernet networks use MPLS in the ISP by providing an Ethernet or fiber
cable to the customer as a connection.

IEEE Ethernet Standards Useful for Metro Ethernet Access
Ethernet WAN Services and Topologies
• Enterprise (Company) must choose between several possible variations of MetroE services.
• Those variations use different topologies that meet different customer needs.
• MEF (Metro Etherent Forum) (http://www.mef.net) defines the standards for Metro Ethernet,
including the specificications for different kinds of MetrE services.

Ethernet Line Service (E-Line) (Point-to-Point)
• The Ethernet Line Service (E-Line), is the simplest of the Metro Ethernet Services.
• The customer connects two sites with access links. Then the MetroE service allows the two
customer devices to send Ethernet frames to each other.
• The MetroE specifications define the concept of Ethernet Virtual Connection (EVC), defines
customer devices can communicate with each other by using single link instead of multiple links.
• For example, common Enterprise WAN Topology with 1 Central Site and 100 Remote Sites. The
Central Site Router need only 1 interface for that 100 Remote sites by using 802.1Q trunking
with different VLAN ID for each sites.
Ethernet LAN Service (E-LAN) (Full Mesh)
• The people who created MetroE anticipated the need for designs that allow a full mesh, allowing
all devices to send directly to every other device like an Ethernet LAN. That kind of service called
an E-LAN (Ethernet LAN Service).
• One EVC connects to four customer sites, creating one E-LAN. They would also all be in the
same Layer 3 subnet on WAN.

Ethernet Tree Service (E-Tree) (Hub and Spoke)
• Ethernet Tree Service (E-Tree) creates a WAN topology in which the central site device (E-Tree
Root) can send Ethernet frames directly to each remote sites (E-Tree Leaves), but the remote
sites can send only to the central site.
• The topology goes by many names: Partial Mesh, Hub-and-Spoke, Point-to-Multipoint.
Layer 3 Design Using Metro Ethernet
○ Layer 3 Design with E-Line Service

○ Layer 3 Design with E-LAN Service
○ Layer 3 Design with E-Tree Service

Layer 3 Design with E-Line Service
• On E-Line service, each E-Line as a subnet.
Layer 3 Design with E-LAN Service
• On E-LAN Service, all are connected in the same VLAN and same subnet.

Layer 3 Design with E-tree Service
• Uses Ethernet Virtual Circuit (EVC) to connect each sites.

• All routers have an IP Address in the same subnet (10.1.123.0/24).
• R1 will form a routing protocol neighbor relationship with both R2 and R3, but R2 will not form
a routing protocol neighbor relationship with R3.

MPLS
○ Multi Protocol Label Switching (MPLS Cloud)

○ Service Providers WAN Technology (Private
WAN)
○ MPLS Network Multiple Protocols Support
○ Packet Switching Circuit Switching Switching

Layer 2 Frame Labels (Numbers) Switching Process
○ Layer 2 Header Layer 3 Header 32 bits Shim Header Switching

Process
○ 32 bits Shim Header 20 bits Label Information MPLS Cloud

Forwarding 20 bits Label Information Forwarding
MPLS Label Switching
○ MPLS Network Routers Packets Packets

Destination IP Address Forwarding 20-bit Label Address
Forward 20-bit Label Address Shim bit
○ MPLS Layer 2 Frame Label Forwarding Switching

Used Information Shim Header Layer 2 Layer 3 Headers
Layer 2 1/2 Technologies

MPLS Label and Shim Header
• The MPLS label is a fixed 4 byte identifier added to the packet by the ingress router between
the data-link layer (Layer2) and the network layer (Layer3) and is used by all middle routers to
switch the packet to its destination without the need for any routing table (Layer3) look-ups.
• MPLS is considered a layer 2.5 technology and the MPLS header is called the shim header.
• One or more labels are pushed on the packet at the ingress router forming a label stack.
• The first label is called the top label or the transport label, other labels are used by different
MPLS applications if needed.
Label : label value, 20 bits.

EXP : Experimental bits, Name is currently changed to Traffic class, 3 bits.
S : bottom of stack, 1 bit.
TTL : Time to live, 8 bits.

MPLS Advantages
 Label Forwarding Multiple Protocols Support
▪ Service Provider Customers

Protocols Traffics Service Provider Network
Packets Packet Structures
▪ Forwarding Protocol Supporting Lines
▪ ATM Connections ATM Lines

Frame Relay Frame Relay Lines
Service Provider Network
▪ Traffics Management Bandwidth

Control QOS Line Control
 Label Forwarding Destination IP Address Label Address

Forwarding
 Label Forwarding Customers Traffics
 QOS Packets Control

MPLS Working

MPLS Essential Devices
○ MPLS Network Setup Devices
1. CPE
2. ELSR
3. LSR
1.CPE
○ Customer Premise Equipment
○ CPE Customer Site Device MPLS Cloud Connect Device
○ CPE Router CPE ELSR Router IP Packet
2.ELSR
○ Edge Label Switch Router
○ ELSR is also known as PE (Provider Edge Router)
○ MPLS Cloud Edge( ) Device
○ CPE Router IP Packet 32-bit Shim Header (Label) MPLS
Cloud Forward ELSR Router Packets
Layer 2 Header , Layer 3 Header Label 32-bit Shim Header
○ Label (Shim Header) Packet Layer 2 Header Layer 3 Header
○ ELSR Router MPLS Cloud Label (Shim Header)

Packets Label (Shim Headers) Remove
3.LSR
○ Label Switch Router
○ LSR is also know as P (Provider Router)
○ LSR MPLS Cloud Device MPLS Cloud Packets
Label (Shim Header) Forwarding Router
○ Label (Shim Header) 32-bit Address Forward 20-bit Address
Forward
○ Traffic Management LSR Routers Packet Label (Shim
Header) Forward

MPLS and QoS
MPLS and Routing

DSL
○ Digital Subscriber Line (Digital Subscriber Loop)
○ Telephone Lines Data Carrier
○ DSL Technology Cables Modems Layer 1 Devices Layer 1
○ DSL Phone Copper Wires High Speed Data Transmission DSL

Internet Service Phone Line
○ DSL Modem RJ11 Phone Connection Ethernet Connection

RJ45 Port

DSLAM
○ DSL Access Multiplexer (DSLAM)
○ The DSLAM splits out the data over to the router on the lower right, which completes the
connection to the Internet. The DSLAM also splits out the voice signals over to the voice switch
on the upper right.
DSL Types
○ Upstream Speed Downstream Speed DSL Connections Categories 2
1. Symmetrical DSL
(Upstream speed Downstream speed Speed SDSL
Service Distance High Speed Bandwidth 12,000 feet
)
2. Asymmetrical DSL
(Upstream Speed Downstream Speed
Downstream Speed ADSL Service Distance High
Speed Bandwidth 18,000 feet )
○ DLS Lines Broadband Technologies Channels

Channel Traffics Carry

Other DSL
○ Speed Features DSL Variations xDLS Naming
▪ Synchronous DSL (SDSL)

▪ Asymmetrical DSL (ADSL)
▪ High-bit-rate DSL (HDSL)
▪ Rate Adaptive DSL (RADSL)
▪ ISDN DSL (IDSL)
▪ Very-high-data-rate DSL (VDSL)
Types of DSL
○ DSL
Type of DSL Description
Asymmetric DSL (ADSL) • ADSL Home Environment

• Upload Speed Download Speed
• Maximum Downstream Speed 8 Mbps
• Maximum Upstream Speed 1.544 Mbps
• ADSL Line Modem Phone Internet
Phone Internet
Phone
• DSL Modem DSLAM Device Maximum Distance
18,000 feet
Symmetric DSL (SDSL) • SDSL Small Office Environment

• Maximum Speed Service Provider
• 1.544 Mbps (T1 Line Speed )

• SDSL SDSL Line Internet Phone
SDSL Line Phone Internet

12,000 feet
Very High Bit-Rate DSL (VDSL) • VDSL Large Office Environment Backup Line

• Maximum Downstream Speed 52 Mbps Maximum
Upstream Speed 12 Mbps
4,000 feet

ADSL
○ Asymmetric Digital Subscriber Line

○ ADSL supports both voice and data at the same time
○ ADSL Connection Twisted Pair Phone Line
○ ADSL Data Service Phone
○ ADSL Connection Telephone Line
○ ADSL Phone Line PC Line Same Phone Line
○ ADSL Line ADSL Modem ADSL Modem Phone Line Port (RJ11)
Phone Ethernet Port (RJ45) PC
○ ADSL Modem PC Ethernet Connection Telephone Line
Twisted Pair Line RJ11
○ Phone Line Digital Noise ADSL Broadband Data
Service Data Channel Voice Service Voice Data
Channel Phone Line Noise
○ ADSL Connection Line (Phone Line) Customer Service Provider Service
Provider Central Office DSLAM (DSL Access Multiplexer) Device
Customer DSLAM Max 18,000 feet
○ DSLAM Telephone Network OR Internet Telephone Service Provider
Main Network (Exchange) ATM Line
○ DSLAM ATM Line Main Network (Exchange) Service Provider Router
○ Main Network DHCP Server DHCP Server ADSL Client PCs

IP Address ADSL Line IP Addresses
DHCP Server
○ ADSL Users Bill Login Authentication Server Main
Network ADSL Username Passwords Authentication Server
○ ADSL Network Main Network (Exchange) DSL Modem PPPoE (Point

to Point Protocol Over Ethernet) Network PPP Point to Point
Network Link Authentication , Authorization Accounting AAA Process
Connection ( Point to Point Protocol (PPP) AAA
Process )

ADSL and Speed
○ Home Environments
○ Asymmetric Download Speed Upload Speed Download Speed
○ ADSL Connection Downstream Upstream ADSL

Download
○ ADSL will give you a downstream rate from 256 Kbps to 8 Mbps
○ Upstream is only going to reach around 1.5 Mbps max
ATM & ADSL
○ ATM is Layer 2 Protocol (Data Link Layer Protocol) Layer 1 DSL Line ATM
○ ATM DLS Connection CPE DSLAM DSL Interface Card ATM

Switch (or ATU-Cs) Terminate
○ DSLAM Device Aggregation Router ATM Network
○ Aggregation Router IP Connection

ADSL Operating OSI Layer and Using Protocols
○ ADSL Connection OSI Layers Protocols Run
 Internet Protocol / Layer 3 but Layer 2 Working

○ PC DSL Modem IP Layer 3
PC DSL Modem Layer 2 Ethernet Data Carry
○ Service Provider Router AAA Server , DHCP Server

Layer 2 Network Layer 3 IP Layer 2
 PPPoE Protocol / Layer 2 Working by ATM Line

○ DSL Modem Service Provider Router (Exchange) PPPoE Protocol
Protocol Layer 2 ATM Line Run
Load Coil
○ DSL Modem DSLAM Device Phone Line Maximum 18,000 feet
18,000 feet Load Coil

Cable and DSL
○ Cable TV Cable or Dedicated Cable Line Analog Signal Cables

PC Router Analog
Signals Digital Signals Modem
○ DSL Line DSL Analog Signals PC or Router Modem
○ Cable DSL Line
Speed Cable DSL Speed Location
Security ISP Cable or DSL Security Features
Popularity United State Cable DSL
Customer DSL is top.

Satisfaction
Setup Cable is most easier.
○ Modem Ethernet Connection PC Interface Router Interface

Interfaces IP Assign DHCP Modem Active
Modem Electric Supply PPPoE Run

Cellular 3G/4G
○ Voice Systems 3rd and 4th Generation cellular phone technology that can transmit and receive
data.
○ Smart Phone Tablet GSM Network Data
Carry
○ G Generation International Telecommunication Union , Radiocommunication
Sector (ITU-R) Standard Connections
○ 4G GSM (Cellular) Network Data Technology LTE (Long-Term Evolution)
LTE 4G Network Technology 3.9 G Network
○ Cellular 3G/4G Networks Telecommunication Service Provider Internet
Cellular 3G/4G Advantages

○ Device Internet
○ Cellular Range Data Transfer Cable Geo
○ Bandwidth High Speed Transfer
Cellular 3G/4G Disadvantages

○ Data Usage Costs
Cellular 3G/4G Connections Line Speed Costs Volume Amount

HDLC
○ High-Level Data Link Control (HDLC) Leased Lines Serial Connection

Traffics Encapsulation Encapsulation Protocol
○ HDLC Protocol OSI 7 Layer Data Link Layer (Layer 2) Protocol

HDLC Data Link Layer Protocol
○ ISO Standard HDLC Protocol Develop Cisco

Cisco Proprietary HDLC Protocol Cisco Proprietary HDLC Protocol
Vendors HDLC Protocols ISO Standard HDLC Protocol
Cisco HDLC Protocols
○ Cisco Devices Serial Interfaces Serial Link Default Encapsulation Protocol HDLC
( HDLC Protocol Cisco HDLC Version Industry Version HDLC
Protocol )
○ Layer 2 HDLC Protocol Connection Frames

HDLC Frame Ethernet Frame

○ HDLC Protocol Authentication
○ Cisco HDLC Protocol Multiple Protocol Support Multiple

Protocol Traffics
○ Multi-Protocol Support Cisco HDLC Protocol Frame Extra Field

Extra Field Frame Protocol Information
 ISO Standard HDLC Protocol Cisco HDLC Protocol HDLC Protocol Carry
Layer 3 (Network Layer) Protocols
 Cisco HDLC Protocol Frame Proprietary Filed Field Information

Cisco HDL Protocol Multiple Protocols (Network Protocols ) Serial
Connection Proprietary Field are also called Type Field.
 ISO Standard HDLC Protocol Frame Proprietary Filed Serial

Connection Single Protocol ( Network Protocol )

Configuring HDLC
1. Enabled Serial Interface and Assign IP Address
Router(config)#int s0/0/0
Router(config-if)#ip add 192.168.2.1 255.255.255.0
Router(config-if)#no shutdown (If necessary, default is up for serial)
2. Specifying Encapsulation Protocol on Serial Interface
Router(config-if)#encapsulation hdlc (Default is HDLC)
 (no encapsulation hdlc/ppp) reset default to HDLC.

 If interface down (because of encapsulation mis-match), used (no shutdown).
3. Configured Clock Speed on Serial Interface (If device is DCE)
Router(config-if)#clock rate 2000000 (CR value is in kbps)
4. Configured Bandwidth on Serial Interface
Router(config-if)#bandwidth 1544 (BW value is in kbps)
5. Description for Serial Interface
Router(config-if)#description Link to R2

Verifying Clock Rate on Serial Interface
(show controller serial 0/0/0)
Verifying Encapsulation Protocol and Others Information
(show interface s0/0/0) (show ip interface brief) (show interfaces description)

Point to Point Protocol (PPP)
○ PPP is a pretty famous, industry-standard protocol.

○ Point to Point Protocol OSI 7 Layers Data Link Layer (Layer 2)
Layer 2 Protocol
○ Dedicated Line (Serial Connection) Traffics Encapsulation

Encapsulation Protocol Serial Connection Asynchronous Serial (Dial-up)
or Synchronous Serial (ISDN) Media
○ PPP Protocol Nonproprietary Standard Network Vendors

PPP Protocol Vendors Devices 2 PPP
Serial Connection
○ PPP
▪ Authentication
▪ Compression
▪ Error Checking
▪ Error Correction
▪ Logical Multilink Interface Functions Support

PPP used Sub-Protocols
○ PPP Connection PPP Sub Protocols
1. Link Control Protocol (LCP)
○ LCP Serial Connection PPP Frames Building Maintaining

Protocol LCP Layer 2 Control Protocol
(Setup , Maintain , Teardown)
2. Network Control Protocol (NCP)
○ NCP Network Layers Protocols (Routed Protocols) Traffics Packets

Layer 2 PPP Frame Encapsulate Protocol
○ Network Layer Protocols (IP, IPv6, IPX, etc..) Layer 3 Protocols
Data / Configurations PPP Link Encapsulation

Configuring
○ NCP PPP Control Protocols (CP)
○ PPP Control Protocol Layer 3 Protocols
 Client IPv4 Address Configuration

Internet Protocol Control Protocol (IPCP)
 IPv6 IPv6CP
 Cisco Discovery Protocol (CDP) CDPCP
○ Protocol PPP Frame Protocol Field Defined

Verifying LCP and NCP
○ Cisco Router PPP Protocol Encapsulation LCP Protocol NCP

Protocol (show interface "SerialInterfaceName") Command
 LCP Protocol "LCP Open" "NCPs" Protocols PPP

Connection
 Internet Protocol (IP) Protocol Traffics (IPCP)
 Cisco Cisco Discovery Protocol (CDP) PPP Connection

(CDPCP)
▪ PPP Connection Network Protocols Name

Network Control Protocol (CP)
IP CP , CDP CP (CP Network Control Protocols

(NCPs)

Link Control Protocol (LCP) Configuration Options
○ LCP Protocol PPP Connection Services (

Configurations Options )
1. Authentication Option
(Authentication Options PAP CHAP Tasks
Option )
2. Compression Option
(Compression Option PPP Packets Payload
(Data) Compression PPP Connection Loading
Payload Encryption
Decryption )
3. Error Detection Option

(Error Detection Option Reliable Loop Free Data Link
PPP Quality Magic Number Error Detect
)
4. Multilink Option
(IOS Version 11.1 Cisco Routers PPP Multilink
Options Support Two Separate Physical Paths
One Logical PPP Link Function 1.5
Mbps T1 Lines 2 Layer 3 Routing Protocols Single
3 Mbps Link
5. PPP Callback Option

(PPP Connection Dial-up Connection PPP
Connection Authentication Callback Option
Configure PPP Callback Options Dial-up
Connection Routers 2 Enable
Callback Function Enable Authenticate
Authentication Connection Down Auto
Reconnect )

PPP Authentication Methods
○ PPP Protocol HDLC Protocol Authentication Function
○ PPP Protocol Authentication Process Authentication Protocols 2

PPP Authentication 2
1. Password Authentication Protocol (PAP)
2. Challenge-Handshake Authentication Protocol (CHAP)

 MS-CHAP (Microsoft CHAP) (Microsoft Enhanced Version)
1.Password Authentication Protocol (PAP)
○ PAP One-Way Authentication One-Way Authentication PPP

Connection Device PAP Server Configuration
Device Device PAP Client Configure
○ PAP One-Way Authentication PAP Server Configure

Device PAP Client Device Authentication Process One-Way
PAP Server PAP Client Authentication Process
○ PAP Authentication Password Authentication Process Network Clear

Text Authentication
○ PPP Link Authentication Process Remote Node Server

Login Approval Username Password Clear Text Send
PAP Secure

2. Challenge-Handshake Authentication Protocol (CHAP)
○ CHAP Two-Way Authentication Protocol
○ Two-Way Authentication Authentication
○ CHAP Authentication Password Authentication Process Network Clear Text

Hash Value
○ CHAP PPP Link Username Password Username Password

Calculate MD5 Hash Function Hash Value
Authentication
○ Authentication Router Same Host Connect

Periodic Check Secure

PPPoE
○ Point-to-Point Protocol over Ethernet
○ A popular WAN Technology, that encapsulates PPP frames in Ethernet frames.
○ PPPoE keeps all the useful PPP features such as multiple protocols support, CHAP
Authentication, etc..
○ It gives you a lot of the familiar PPP features like authentication, encryption, and
compression, but there’s a downside , it has a lower maximum transmission unit (MTU)
than standard Ethernet does.
○ It is usually used in conjunction with xDSL services. DSL connections use a variant of
PPP called PPPoE.
○ It’s often used by many hosts on a shared Ethernet interface for opening PPP sessions to
various destinations via at least one bridging modem.

How PPPoE Work
• PPPoE operate at Layer 2 and uses tunneling to create point-to-point link between clients and
server.
• When connection start, PPPoE Client (Router) create a session to PPPoE Server (ISP Router) by
dialing with Username and Password to specific server. (That why Dialing Interface Need !)
• When success, PPPoE logically create a tunnel between PPPoE Client and Server called a PPPoE
Session (with Session ID) , that encapsulate PPP traffic.
• In PPPoE, clients can only get IP Addresses from PPPoE server after PPP tunnel successfully
created. That why ISP can manage IP addresses and track users to individual user accounts.
 PPPoE used Extra 8 Bytes (32 bits) to define PPPoE Header. So, PPPoE exit interface
MTU Size must changed to 1492.
• A device supports multiple PPPoE sessions on each interface, but no more than 256 PPPoE
sessions per device.
• Each PPPoE session is uniquely identified by the Ethernet address of the peer and the session
ID.

PPPoE Stages (PPPoE Phases)
• PPPoE has two distinct stages,

1. Discovery Stage (Type Code 8863)
2. PPP Session Stage (Type Code 8864)
PPPoE Discovery Stage
• When a host wishes to initiate a PPPoE session, it must perform Discovery to identify the
Ethernet MAC Address of peer and establish a PPPoE Session_ID.
• The PPPoE discovery stage consists of the following steps:

1. PPPoE Active Discovery Initiation (PADI)
2. PPPoE Active Discovery Offer (PADO)
3. PPPoE Active Discovery Request (PADR)
4. PPPoE Active Discovery Session-Confirmation (PADS)

Details of PPPoE Discovery Stage;
1. PPPoE Active Discovery Initiation (PADI)

○ The client initiates a session by broadcasting a PADI packet to the LAN to request a service.
2. PPPoE Active Discovery Offer (PADO)

○ Any access concentrator (PPPoE Server) that can provide the service requested by the client
in the PADI packet replies with a PADO packet that contains its own name, the unicast
address of the client, and the service requested. An access concentrator can also use the
PADO packet to offer other services to the client.
3. PPPoE Active Discovery Request (PADR)

○ From the PADOs it receives, the client selects one access concentrator based on its name or
the services offered and sends it a PADR packet to indicate the service or services needed.
4. PPPoE Active Discovery Session-Confirmation (PADS)

○ When the selected access concentrator receives the PADR packet, it accepts or rejects the
PPPoE session:
 To accept the session, the access concentrator sends the client a PADS packet
with a unique session ID for a PPPoE session and a service name that identifies
the service under which it accepts the session.
 To reject the session, the access concentrator sends the client a PADS packet
with a service name error and resets the session ID to zero.
PPPoE PPP Session Stage
• The access concentrator can start the PPPoE session after it sends a PADS packet to the client, or
the client can start the PPPoE session after it receives a PADS packet from the access
concentrator.
• In Session Stage, PPP LCP Options such as Authentication and negotiation processes are made
up.
• After a session is established, the client or the access concentrator can send a PPPoE Active
Discovery Termination (PADT) packet anytime to terminate the session.

PPPoE Dialer Interface and Pool-ID
• Cisco IOS have Dialer Interfaces (Up to 256) for a long time and dialer interfaces act as logical
interfaces that can be dynamically bound to use another interface (physical or logical).
• Dialer Interface uses Dialer Pool (Dialer Pool with Pool-ID) to connect physical interface. Also
physical interface determine Dialer Interface via configured Pool-ID (on physical interface).
• By using different Dialer Pool (Multiple Pool with different Pool-D), the router (client) can have
multiple dialer interfaces and multiple PPPoE Sessions.
Virtual-Access Interface
• When PPPoE session is up and working, IOS dynamically created Virtual-Access Interface and
bound to dialer interface and ethernet interface for dial up PPPoE Session.
BBA Group
• Broadband Access Group or Broadband Aggregation Group

• BBA group is basically a profile that is needed to set up PPPoE connection. The profile contains
all the configuration of PPPoE clients settings.
• Multiple Different BBA Group means you can have multiple profiles. Each group can assign to
different PPPoE enabled interfaces.

Network Book New - 1

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Network Book New - 1

Uploaded by

Copyright:

Available Formats

Contents at a Glance

Network Book New (1) Page 1

Network Book New (1) Page 2

 Network Medium or Media

1. Classifying Network by Geographical Area

Network Book New (1) Page 3

LAN Standard Connections

1. 802.2 (LLC) (Logical Link Control)

Network Book New (1) Page 4

WAN Standard Connections

Network Book New (1) Page 5

MAN Standard Connections

Network Book New (1) Page 6

○ Campus LAN MAN

Network Book New (1) Page 7

Classifying Network by Network Topology

○ Network Topologies (7) (2)

○ Network Topologies Network

Network Book New (1) Page 8

○ Single Cable Network Nodes Data Frames

○ Network Nodes Central (Bus Cable) BNC Barrel Connector OR T Connector

Network Book New (1) Page 9

Network Book New (1) Page 10

Network Book New (1) Page 11

Network Book New (1) Page 12

○ Network Coaxial Cable Distance

Thinnet (Thin Ethernet)

Thicknet (Thick Ethernet)

Other Coaxial Cable

Network Book New (1) Page 13

○ Bus Topology Disadvantages

Network Book New (1) Page 14

○ Ring Topology Logical Ring Shape Physical Ring Shape Ring

○ Token Ring Network Components 2

Network Book New (1) Page 15

○ Token Ring Network Limitation (Hosts) Multiple MAUs

Network Book New (1) Page 16

○ Token Frame Type Ring Network Sequentially

○ Workstation Token Address Information Address

○ Token Destination Workstation Address Token

Token Ring and Active Monitoring

Network Book New (1) Page 17

Network Book New (1) Page 18

○ Network Node Node Data Central Network Device

○ Central Network Device Down

Star Topology Advantages and Disadvantages

○ Star Topology Disadvantages

Network Book New (1) Page 19

 Full Mesh Formula

Network Book New (1) Page 20

○ Partial Mesh Topology Network Bandwidth Efficient WAN Sites

Network Book New (1) Page 21

○ Hub Site Spoke Sites 2 Spoke Sites

○ Spoke Sites Data Transfer

 Internetwork Hub Site Location Hub Site Down

Network Book New (1) Page 22

1. Peer-to-Peer Network (Workgroup Model)

Network Book New (1) Page 23

○ Server Based Network Unequal Situations One Node Server

○ Server Nodes Management

 Server Clients Data Shared Network File System

 Server Shared Data Server' Internal Storage Units