CompTIA Network+

EXAM NEED TO KNOW TOPICS

PREPARED BY:
KNOWLEDGEBASE SUPERUSER
 KBSUPERUSER.COM

Open System Interconnection Reference Model

− Network Models -OSI and TCP/IP- Explained - superuser (kbsuperuser.com)

− All People Seem To Need Data Processing.

− OSI enables to communicate with other technicians easily, examine applications

and understand how an application works.

− Layer 1 – Physical: Signaling, Cabling, Connectors

− Ability to get the signal. Troubleshoot it by fixing cable, punch-down,

run loopback, test/replace cable, swap adapters.

− Layer 2 – Data Link: MAC (Media Access Control) address on Ethernet.

− Switching Layer

− Layer 3 – Network: “Routing” layer -> associating with IP Address.

− Forwarding decisions based on IP Address.

− Communication between different networks.

− Layer 4 – Transport: “Post Office” Layer.

− How data is delivered where it has been delivered.

− E.g. Webpage is divided small parts and send to destination, they will
be combined later.

− Layer 5 – Session: Communication management between devices.

− Start / Stop / Restart communication

− Control protocols, tunneling protocols

− Layer 6 – Presentation: Character encoding, application encryption

− Always combined with Layer 7.

− Layer 7 – Application: The layer the eyes see.

− HTTP, HTTPS, FTP, DNS, POP3

PAGE 1
 KBSUPERUSER.COM

Encapsulation and Decapsulation

− Each layer has a header and payload.

TCP Flags
− Header describes the payload and contain important information with TCP
Flags.

− According to flags the way of communication will be defined.

Maximum Transmission unit (MTU) and Building Ethernet Frame

− Maximum IP Packet to transmit. Above the values fragmentation starts.

− Fragmentation slow things down and if one is lost, the packet is lost.

− Automated methods between hoops are often inaccurate.

PAGE 2
 KBSUPERUSER.COM

− If MTU is set to 1500, that does not mean the usable value 1500. “Ethernet Header
– IP Header – TCP Header and CRC” also needs to be calculated.

− MTU is configured once generally and does not change.

− If the organization uses tunneling small sizes will be needed. So the size should
be set to automatic.

− Test it with ICMP:

− Ping -f -l 1472 8.8.8.8

− Ping -d -s 1472 8.8.8.8

Network Topologies
− Network Topologies Explained - superuser (kbsuperuser.com)

− Useful in planning a new network.

− Assist to understand the signal flow. “How signal goes from “A” to “B”?

− Useful for troubleshooting.

− Star “Hub and Spoke”: Hub in the center, spokes are located outside. Used
in most large and small networks. No point is directly connected to other.

PAGE 3
 KBSUPERUSER.COM

− Ring: Used in many popular topologies. Token ring is no longer used. Ring
is still used in WAN and MAN. Dual rings are created for fault tolerance.

− Bus: Used in early local networks. Coaxial cable was the bus. Simple but
prone to errors. One break can fail all connection

− Mesh: Multiple links to same place. Fully connected or partially connected.

Can set primary and secondary ways. Redundancy, Fault Tolerance, Load
Balancing. Used in WANs.

− Hybrid: Combination of one or more topologies. More networks are hybrid.

E.g. Using start topology in local, using ring in the center.

PAGE 4
 KBSUPERUSER.COM

− Wireless Topologies:

− Infrastructure: All devices are connected via access point. This is the most
common used.

− Ad Hoc Networking: No pre-existing infrastructure. Devices communication

among themselves.

− Mesh: Devices work together to form a mesh. Many different kinds of devices
can be linked. Self-form and self-heal!

Network Types
- Peer to Peer: Everyone talks to everyone. All devices are both server and clients.
Easy to deploy with low cost. Since all distributed difficult to administer and
difficult to secure.

- Client – Server: Clients talk to server. No communication between clients.

Performance and administration are advantages but cost and complexity are
high.

- Local Area Network: Local is relative but we can accept the local if the sources
are in the same place. High-speed connectivity. If the speed is not high then it is
not local.

- Metropolitan Area Network: A network in a city. It is larger than LAN, smaller

than WAN. Third parties are included for connecting different sites.
Governments can have their own MAN since they can lay cables underground.

- Wide Area Network: Much larger distance. Many different WAN technologies
are included such as point to point, MPLS, Satellite.

- Wireless Local Area Network: 802.11 Technologies. Limited Area but it can be
expanded with more access points to a specific area.

- Personnel Area Network: Wireless headset, Bluetooth, IR, NFC, audio

connection to a car.

- Campus Area Network: Corporate Area Network. Limited Area such as group
of buildings, no third party included. Fiber connected so the speed is high.

- Network Attached Storage: Connect to a share storage device across network.

File-Level Access: any change needs to be done in the storage. Needs to overwrite
all data.

- Storage Area Network: Looks and feels like a local storage device. Block level
access is enabled. Efficient write and read is available.

PAGE 5
 KBSUPERUSER.COM

- Multiprotocol Label Switching: MPLS created by learning from ATM and

Frame Delay. Packets through the WAN have a label. Routing is decided and it
is easily connected. Any type of connection or protocol can be sent with MPLS.

o Labels are put / pushed onto packet when enter the cloud.

o Labels are popped of on the way out.

- mGRE (Multipoint Generic Router Encapsulation): Used extensively for

Dynamic Multipoint VPN. It is common in cisco routers. Remote sites
communicate to each other and the VPN builds itself. It is a dynamic mesh. Sites
establish connection if needed and it will be cancelled automatically when not
needed.

- SD-WAN: A wan built for cloud. Useful for cloud application. No need to hop
from a centralized point data center. Easy quick access to cloud based
applications.

WAN Termination
- Demarcation Point (The Demarc): The physical point which connects
internal network to service provider network.

o Demarc is in a central point in a building and it is usually a network

interface device. It makes easy to troubleshoot if know the borders of the
responsibility.

o Service provider puts a “Network Interface Unit (NIU)” to determine and

control demarc. It is usually a “smart jack” can be circuit card in a chassis.
It can be monitored by screen to follow alarms and status.

Virtual Networks
- Since the numbers of the servers has changed and there are lots of physical /
virtual servers, managing the network al changed.

- Network Function Virtualization (NFV): Replace all physical network devices

with virtual versions and manage from hypervisor. Provides same functionality
as a physical device. (Routing switching, load balancing, firewall etc.) No need a
physical device so it is easy to deploy.

- Virtual Machine Manager: Manages all virtual platform and guest OS from one
screen like vSphere Client. Provides Hardware management such as CPU, RAM,
Networking, Security.

- Virtual Switch (vswitch): Same functionality with a physical switch. Capable of

forwarding, link aggregation, port mirroring, NetFlow etc. Automation is easy.

- Virtual network Interface Card (vNIC): Virtual machines needs vNIC to

communicate with others. Additional features also available such as VLAN,
multiple interfaces etc.
PAGE 6
 KBSUPERUSER.COM

Provider Links
- Satellite Networking: Non-terrestrial communication, high cost, 50 bit down
and 3 bit up are common, works with line of sight. Difficult remote sites can be
handled.

- Copper: Relatively inexpensive, limited bandwidth, easy to install, used in WAN

to cable modem, always combined with fiber.

o DSL / ADSL: Uses telephone lines, Distance limitation. If you are close
to source, you are lucky. 200 Mbit down 20 Mbit up.

o Cable Broadband / Cable Modem: Transmission different frequencies,

different traffic types such as voice, tv, data.

o DOCSIS: “Data over cable service interface specification” provides high

speed 50-100 Mbit.

- Fiber: High speed, frequencies of light, long distances. High installation cost,
high maintenance cost, difficult to repair.

- Metro Ethernet: A contained regional area. Connect the sites with ethernet.
Fiber always used in provider site and copper always used in client site.

Cabling
- Copper Cabling: Twisting is the key for success. Do it once and do it correct!
Balanced pair operation needed which means Transmit+ Transmit- / Receive+
Receive-

PAGE 7
 KBSUPERUSER.COM

- Optical Fiber: No RF signal so very hard to monitor. Supports long distances,

Immune to radio interference.

o Multimode: Short Range. Up to 2 km. Inexpensive LED.

o Single mode: smaller core, long range. Up to 100 km. Expensive. Laser
Beams.

o The amount of return must be less so:

▪ Ultra-Polished Connector: Zero-degree, high return loss.

▪ Angle-Polished Connector: 8 degrees, low return loss.

- Network Connectors:

o LC: 2 different fibers to send and receive.

o ST: Plug and twist.

o SC: Squared, push and pull, separate or together

o MRTJ: Small, 2 tiny fibers, smallest space

o RJ11 Connector: Telephone and DSL, 6 position 2 conductor. If 6

position 4 conductor it is RJ14.

o RJ45: 8 position 8 conductor. Modular, ethernet.

o F Connector: Cable Television, DOCSIS.

PAGE 8
 KBSUPERUSER.COM

- Network Transceivers:

o Media Converter: OSI Layer 1 – provides signal conversion in physical

layer. Extends copper wire over long distance, can put into chassis.

o Transceiver: Usually a single component. Provides modular interfaces

and duplex communication.

o BiDi Transceiver: User 2 different wave lengths, reduce number of

fiber cost by half.

o SFP: Commonly used to provide 1G connection.

o SFP+: Same size with SFP Supports up to 16G connection, commonly

10G.

o QSFP: 4 channel SFP. 4 x 1G

o QSFP+: 4 channel SFP+. 4 x 10 G

o BiDi QSFP / BiDi QSFP+: Additional efficiency over a single fiber.

- Cable Management:

o Copper Patch Panel: End user – Punch Down Block – Patch Cable –
Switch. Only move the patch cables between switches.

o Fiver Distribution Point: Permanent fiber installation needs panel in

both ends so it is costly. Not to tight. Often includes a service loop for
future changes.

o 66 Block: Analog voice, left and right patched, easy to follow the path,
just a punch down tool is enough. Generally replaced with 110 Block.

o 110 Block: Patch CAT5 – CAT 6. Punched into a block.

o Krone Block: Alternative 110 Block. Analog + Digital.

o BIX: 1970 Model old system.

PAGE 9
 KBSUPERUSER.COM

- Ethernet Standards: Most popular networking technology. Standard,

Common, nearly universal.

o 10 BASE-T: 2 pair, minimum CAT3, max 100 meters.

o 100 BASE-TX: “Fast Ethernet” Min CAT5, 2 pair, Max 100 meters.

o 1000 BASE-T: 4 pair balanced, max 100 meters, 125 MHz, CAT5/CAT5E

o 10G BASE-T: 4 pair balanced, Frequency 500 MHz, Min CAT6

(Unshielded 55m, shielded 100 m), CAT6A 100 meters.

o 40G BASE-T: 4 pair balanced, min CAT8, max 30 meters.

o 100 Megabit Ethernet over Fiber: pair of multimode fiber, laser

components, 400 meters half duplex, 2 km full duplex.

o Gigabit Ethernet over Fiber: 200 meters to 5 km.

o 10Gigabit Ethernet over Fiber: 20 meters to 10 km.

o Wavelength-Division Multiplexing: Bidirectional Communication

over a single fiber by using different wave lengths.

PAGE 10
 KBSUPERUSER.COM

Network Addressing:
- Binary Math:

- IPv4 Addressing:

o Every device needs a unique IP address.

o Subnet Mask shows the device subnet => where the data should be sent.

o Default Gateway => Communicate local subnet to outside. Must be in

the same subnet with IP.

o Loopback Address: Reference itself. 127.0.0.1-127.255.255.255.254.

o Reserved Address: Future or testing. 240.0.0.1-254.255.255.254. Class E.

o 32 Bits, 4 octets, 4 bytes. Max value is 255.

- Network Address Translation: IPv4 supports 4.29 billion address but more
than 20 billion devices are connected now. So unique IP address defining is not
possible. Routers keeps the NAT table.

PAGE 11
 KBSUPERUSER.COM

- Network Communication:

o Unicast: one to one communication. Send information between 2

systems. Does not scale optimally for reel time streaming media. (web
browser, file transfer)

o Broadcast: one to all communication. Source sends and all receives.

Limited scope in broadcast domain. (Routing updates, ARP requests).
Used in IPv4. IPv6 uses Multicast.

o Multicast: one to many of many communications. Only interested

parties. Difficult to scale across large network. Extensive use in IPv6.

o Anycast: one to one of many. Closest device will reply of many.

Commonly used in DNS.

- Construction of Subnet:

o Why Subnetting: Very difficult to connect all devices simultaneously.

Provide more manageable and secure network.

o Variable Length Subnet Mask (VLSM): Customize network and

subnets according to requirements. Using different subnet masks in the
same classful network. Just like cutting pizza smaller pieces.

o Network Address: First IP Address of subnet. Set all host bits to zero.

o First Usable Address: Network Address +1

o Broadcast Address: Last IP of subnet. Set all host bits to 1.

o Last Usable Address: Broadcast Address -1

PAGE 12
 KBSUPERUSER.COM

- IPv6 Addressing:

o 128 bits address – 16 bytes. 6.8 billion people can get 5X1027 each.

o DNS is now more important.

o Group of zeros can be abbreviated with double column.

o Removing leading zeros is optional.

o DHCP can still be used but it is better to use IPv6 and MAC Address
together. (Extended Unique Identifier)

- IPv6 Subnetting: Internet Assigned Number Authority (IANA) provides blocks

to Regional Internet Registries (RIR). RIRs assign smaller subnets to ISPs. ISPs
provide /48 subnet to clients.

- Tunnelling IPv6:

o 6to4 Addressing: Send IP6 over IPv4. Does not support NAT. Creates
IPv6 based on IPv4. Require relay routers.

o 4in6 Tunneling: Since there are challenges it is not used currently.

o Teredo: Tunnel IPv6 through IPv4. No special IPv6 is needed.

Temporary design. Used in Windows.

o Miredo: Same functions with Teredo but used in Linux.

o Dual Stock Routing: Router run both. IPv4 and IPv6 routing tables are
separately saved.

PAGE 13
 KBSUPERUSER.COM

- Neighbor Solicitation: Since there is no broadcast with IPv6, multicast

requests.

- Neighbor Discovery Protocol (NDP): Works with multicast.

- Stateless Address Autoconfiguration (SLAAC): Configuring IP without

DHCP. Needs “Duplicate Address Detection (DAD)” needs to be used to find
duplicate addresses.

- Router Solicitation and Router Advertisement are used to discover

routers.

Ports and Protocols:

- https://kbsuperuser.com/tcp-udp-explained
- https://kbsuperuser.com/tcpip-cheat-sheet
- Common Ports - Cheat Sheet - superuser (kbsuperuser.com)

PAGE 14
 KBSUPERUSER.COM

DHCP Overview:
- What is DHCP and How DHCP works? - superuser (kbsuperuser.com)
- DHCP - Cheat Sheet - superuser (kbsuperuser.com)

- When connected to a switch:

o Sent DHCP discover (0.0.0.0:udp:68) to 255.255.255.255:udp/67
o DHCP sent offer message from own local IP:udp/67 with broadcast
255.255.255.255:udp/68
o Client sent DHCP request message from broadcast and tell server that it
wants to use offered IP address.
o DHCP server sends DHCP ACK message as broadcast and client
configure itself.
o If there is no DHCP server in LAN. The broadcast will not be forwarded
outside. So DHCP Relay needs to be configured. If it is configured. The
process goes same but only with the help of the router.

- Configuring DHCP:
o Scope: IP Address Range, Excluded Address, Subnet Mask, Lease
Duration, DNS, Default Gateway.
o After the lease duration address reclaimed and added back to pool.
o Automatic Assignment: DHCP gives the IP Address from past
assignments.
o Static Assignment: Administratively configured. Add MAC address and
assign IP address for servers, admin computers etc.
- DHCP Renewal Process:
o T1 Timer: Check the lending DHCP server to renew IP Address. %50 lease
time (by default)
o T2 Timer: If the original DHCP server is down try rebinding from any
DHCP Server. %87.5 lease time.
o E.g. Lease Time=8 days. T1=4 days and T2=7 days.
o No checkback needed in the first half of the lease time.

PAGE 15
 KBSUPERUSER.COM

DNS Overview:
- What is DNS and How DNS works? - superuser (kbsuperuser.com)

PAGE 16
 KBSUPERUSER.COM

NTP Overview:
- Every device has own clock. And synchronization of devices important. (log files,
authentication, outage details etc.)
- NTP Server: Listen on udp/123 responds to NTP Clients.
- NTP Clients: Request time from NTP Server.
- NTP Server / Client: Get time from other server, respond queries.
- Stratum Layers:
o 0: Atomic clock, GPS Clock, very accurate.
o 1: Synchronized to stratum 0.
o 2: Synchronized to stratum 1.
o Downtime wins.
- It is very important to plan who will be the server and who will be the client. If
there are more than 1 server is defined as NTP. The small stratum is more
accurate so it wins.

Network Architectures:
- Core: Center of the network. Webserver, Database, Applications etc.
- Distribution: Midpoint between users and core communication between access
switches.
- Access: Where the users and end-user devices connected.

PAGE 17
 KBSUPERUSER.COM

- SDN: Extend the functionality and management. Perfectly build for cloud.

- Spine and Leaf Architecture: Top of rack switching. Simple cabling,

redundancy, fast connection, adding new switch is costly. No direct connection
between leaves and spines.

PAGE 18
 KBSUPERUSER.COM

Cloud Models:
- Cloud Computing Explained - superuser (kbsuperuser.com)
- IaaS – HaaS: Outsourcing the equipment. Organization is still responsible for
security and management.
- SaaS: No local installation. Provider responsible for managing and security.
Gmail, Office 365 etc.
- PaaS: No Server No Software. Someone else handles the platform organization
handles the development. Public: Everyone has access. Community: Share
resources with other organizations. Private: Organization owned local data
center. Hybrid: a mix of public and private.
- DaaS: virtual desktop infrastructure. Minimum operating system needed on the
client. Applications run on remote server. Network connection must be strong.

Designing Cloud:
- On-Demand computing power: One click to create server, switch etc.
- Elasticity: Scale up and down easily.
- Multitenancy: Many clients can use the same infrastructure.
- Infrastructure as Code: Define server, network, applications as code. Modify,
copy, move code.
- Orchestration: Automation is the key. Services appear and disappear
automatically. Security policies are also automated.
- Connecting to Cloud: VPN, Virtual Private Cloud Gateway, VPC Endpoint.
- VM Sprawl Avoidance: Since it is easy to build server, switch, fw etc. the process
will get out of hand after some time. Formal process needs to be followed.
- VM Escape Protection: VM owners should not break VM Instance and interact
with OS / Hardware.

Networking Devices:
- Hub: OSI Layer 1 – Multiport repeater – Half duplex – 10/100 Mbit/sec.
- Bridge: OSI Layer 2 – Switch 2-4 ports, traffic is based on MAC – can connect
different topologies.
- Switch: OSI Layer 2 – More ports and features. Forward traffic based on MAC.
- Router: OSI Layer 3 – Routes traffic between IP Subnets.
- Access Point: Connect wired and wireless networks.
- Cable Modem: Transmission across multiple frequencies. Data, voice, video.
- DSL / ADLS Modem: Download is faster.
- Repeater: Receive and forward signal. No decision made.
- Converting Media: OSI Layer 1 – Convert F/O to copper, copper to F/O
- Layer 3 Capable Switch / Layer 3 Switch / Multilayer Switch: Switch, Routing
- Wireless Networks / Wireless LAN Controller: Centralized management of
Access points. Deploy, config, monitor and report usage via one point.
- Load Balancer: Multiple servers, invisible to end-users. Large scale
implementation, fault tolerance, managed access servers.
- IDS and IPS: Intrusion Detection And Prevention Systems (IDS&IPS) Explained
- superuser (kbsuperuser.com)

PAGE 19
 KBSUPERUSER.COM

- Proxies: Sits between user and external network. Receive the request on their
behalf. Caching, URL Filtering, access control, scanning.
- VPN: encrypted tunnel, often integrated to firewall.
- VOIP: Phone switch.
- Network Based Firewalls: Filter traffic by port number / application. Encrypt
traffic, Layer 3 device, NAT, routing.

Networked Devices:
- VOIP: Each device is a computer, individual config.
- Printer: B&W, Colored, All in One, Ethernet, 802.11 Wireless, Bluetooth.
- Card Reader: Access to door / rooms, biometric auth.
- Cameras: CCTV, motion recognition, object detection, central recording
device
- HVAC: heating, ventilation, air conditioning managed commonly by one PC.
- IoT: Appliances, refrigerators, smart devices, usually wireless.
- SCADA / ICS: Power generation, manufacture equipment, real time info.

Dynamic Routing:
- Routers listen for subnet information from other routers.
- Routers also provide information to other routers. With the gathered
information routers determine the best path.
- If change occurs, then convergence process take place for every protocol.
- Which routing protocol:
o Define the best path: State of link, how far away?
o Rank the routes best to worst.
o Convergence time can widely change.
- Distance-Vector Protocol: How many hoops away is another network? Good
for small networks, usually automatic. Routing Information Protocol (RIP)
- Link-State routing Protocol: Connectivity is the key. More often in large
network. Open shortest Path First.
- Hybrid Routing Protocols: Mixed of link state and distance vector protocol.
o Border Gateway Protocol defines the path with criteria “network
topology”, “speed”, “rules” etc.

Routing Technologies:
- Routing Tables: A list of directions for packets.
- Hop: A packet passes through router, a hop to next router.
- Router does not know how to get everywhere, just need to know how to go
another place. If configured wrong, it will create loop and the data will go wrong
direction.
- IPv4 Time To Live & IPv6 Hop Limit: Avoid packet hop forever.
- Default Route: A route when no other route matches. Go that way to 0.0.0.0/0

PAGE 20
 KBSUPERUSER.COM

Introduction to Ethernet:
- Ethernet Frame:

Network Switching:
- Switches:
o Forward / Drop Frame based on MAC Address.
o Gather / Update MAC Address
o Maintain loop free environment (STP)
- Address Resolution Protocol (ARP): Determine a MAC address based on an
IP address.
- PoE Power Modes:
o Mode A: Power on data pairs greater than 1 Gbps.
o Mode B: Power on spare pairs.
o POE: 802.3 standard / 15.4 watt / 350 mA.
o POE+: 802.3 standard / 25.5 watt / 600 mA.

VLAN and TRUNK:

- VLAN and TRUNK Explained - superuser (kbsuperuser.com)

Spanning Tree Protocol:

- There is no TTL in Layer 2. So, loop protection should be handled. Unplugging
the cable solves the problem.
- States:
o Blocking: Not forwarding to prevent loop.
o Listen: Not forwarding and cleaning MAC.
o Learning: Not forwarding adding to MAC.
o Forwarding: Data passes, operational.
o Disabled: Admin has turned off the port.
- STP is 802.1D and RSTP is 802.1w. 802.1w is compatible with 802.1D.

PAGE 21
 KBSUPERUSER.COM

Interface Configurations:
- Basic Interface Config: speed / duplex. Generally automatic. Need to match
on both sides.
- IP Address Management: Layer 3 interfaces, VLAN Interfaces, Management
Interfaces. IP Address, Subnet Mask, GW CIDR Block, DNS needs to be
configured.
- VLAN Assignment: Each device each port should be assigned to a VLAN.
- LAG and Mirroring: Multiple interface acts like one interface with LAG.
Mirroring copy traffic from one interface to another.
- Jumbo Frame: Send frames more than 1500 bytes of payload. (9216 bytes.)
Especially for backup and high traffic services.
- Ethernet Flow Control: Ethernet is non-deterministic. So, never knows how
fast or slow it will be. IEEE 802.3x pause frame and tell other devices pause
frame before sending.
- Port Security: Prevent unauthorized users from connecting based on source
MAC Address. Unique rules for every interface.

Wireless Standards:

Wireless Technologies:
- Frequency: 2.4 or 5 GHz or both or additional bands. Channels are numbered
by IEEE not to overlap each other.
- Bandwidth: 20 for 2.4, 40,80,160 MHz for 5 GHz.
- SSID: Same for all access points in order to connect once and resume using.
Access points have BSSID just like MAC Address.
- Omnidirectional Antennas: Signal is evenly distributed all sites.
- Directional Antennas: Send – receive single direction. E.g. between buildings.

PAGE 22
 KBSUPERUSER.COM

Wireless Encryption:
- Users needs to be authenticated before login and the communication needs to
be encrypted.
- WPA: Released 2002 after WEP weakness. Every packet gets a unique 128 bits
encryption key. But still everyone can listen and the key must be given to right
person.
- WPA-2: Released 2004. Use AES encryption and CBC-MAC.
- WPA-3: Released 2018. Stronger encryption with Message Integrity Check.
Handshake method have changed. Not only user is authenticated to AP, AP
also authenticate to user.

Cellular Standards:
- Separate land into “cells”.
- 2G: Primary for voice.
- 3G: Upgraded data connectivity.
- 4G and LTE: GSM + CDMA providers.
- 5G: 10G, higher frequencies.

Performance Metrics:
- Device Performance: Temperature, CPU Usage, Memory
- Bandwidth Monitor: Network Statics, SNMP, NetFlow etc.
- Latency: Delay between request and response.
- Jitter: The time between frames. Real time media a sensitive.
- Monitoring Interface: Links status, error rate, discard, packet drops etc.

PAGE 23
 KBSUPERUSER.COM

SNMP
- Database of collected data.
- Pull from devices udp / 61
- SNMPv1: Structured tables in the clear.
- SNMPv2: Data types, enhancements, still clear.
- SNMPv3: Message integrity, authentication, encryption.
- Creating graphs with collected data is too important.
- SNMP Trap: udp / 162. If a value exceeds defined threshold value send alert /
message

Logs and Mirroring:

- View the traffic information from router, switch, fw, etc.
- Audit Logs: What did they do? When did they do?
- Syslog: Standard for message logging. Usually integrated to SIEM. Set the
levels and follow the alerts.
- Interface Errors:
o Runt occurs if frame is less than 64 bits.
o Gia occurs if frame is bigger than 1518.
o CRC occurs if there is a problem with interface or bad cable.
o Encapsulation error.
- Environmental Sensors: Temperature, humidity, electrical, flooding.
- NetFlow: Gather stats from all traffic.
- Uptime and Downtime: A summary of availability.

Plans and Procedures:

- Change Management: Change Management Explained - superuser
(kbsuperuser.com)
- Security Incidents: What to do when an incident happens? User click a mail
attachment, DDoS, Confidential info is stolen etc.
- Disaster Recovery Plan: Disaster Recovery Planning Explained - superuser
(kbsuperuser.com)
- Continuity of Operations Planning (COOP): Relay on computer but
alternate it with paper receipts, fax, phone calls etc.
- System Life Cycle: Managing asset disposal.
- Standard Operating Procedures: What to do? Documentation is the key.
- Common Agreements: SLA, MoU
- Non-Disclosure Agreements: Must stay confidential not to be distributed.

PAGE 24
 KBSUPERUSER.COM

Security Policies:
- Password Policy: Resist guessing, greater than 8 chars, symbols, numbers etc.
- Acceptable use Policies: Rules of behavior.
- BYOD: what happens if lost? What happens if employee sells?
- Remote Access Policies: Encrypted connection, credentials, who can reach
internal area from outside?
- On-Boarding: New comers needs to sign IT Agreement
- Off-Boarding: What to do when someone leaves?
- Data Loss Prevention: Look for confidential data before transfer.
- Security policy includes everything not a static document and change is
constant.

Network Documentation:
- Floor Plans: Where the wires are laid? Where are the wireless? Patch Panels?
- Physical Network Maps: How each device is connected to other?
- Distribution Frames: Patch Panels, passive cable termination, MDFs, IDFs
- Logical Network Maps: High level views. Useful for planning.
- Managing Cables: ANSI / TIA / EIA606, everything needs to be labeled.
- Site survey: Determine existing and plan new requirements.
- Audit and Assessment Report: Are we following the rules?
- Baseline: Seeing current situation and following it.

High Availability and Disaster Recovery:

- Disaster Recovery Planning Explained - superuser (kbsuperuser.com)
- Fault Tolerance: Maintain uptime in the case of a failure. Add cost and
complexity.
- Redundancy: Redundant hardware components, RAID, UPS, Cluster, Load
Balance
- Port Aggregation: connect 2G instead of just 1G to create HA.
- Infrastructure Support: UPS, PDU, Generators, HVAC, Fire Suspension.
- Recovery Sites: Alternate processing site.
o Cold Site: No hardware, empty building / room, no data.
o Hot Site: Exact replica of current data center.
o Warm Site: Rackspace, some hardware, between cold and hot.
o Cloud Site: Use cloud for some sources.
- Network Redundancy:
o Active-Passive: 2 devices configured and installed; one fall second
continue.
o Active-Active: Use both devices at the same time. Config is different
data may flow different routes.
o Diverse Paths: Create multiple paths with different ISPs.
o HA Protocols: First Hop Redundancy, Virtual router Redundancy.

PAGE 25
 KBSUPERUSER.COM

- Availability Concepts:
o Recovery:
▪ Recovery Time Objective (RTO): How long it will take to take it
back?
▪ Recovery Point Objective (RPO): How much data loss is
acceptable?
▪ Mean Time to Repair (MTTR): Time required to fix the issue.
▪ Mean Time Between Failure (MTBF): Predict time between
outages.

Network Security:
- CIA Triad: Infosec - CIA Triad Explained - superuser (kbsuperuser.com)

- Security Concepts:
o Vulnerability: A weakness in system.
o Zero-Day Attack: Vulnerabilities not found yet.
o Threat: Vulnerability can be exploited by threat.
o Insider Threats: Least privilege, create policies.
o Vulnerability Databases: CVE Community, National Vulnerability
Database.
o Exploits: Take advantage of vulnerability, gain control of a system.
o Role Based Access Control: provide access according to user role.
o Zero Trust: Holistic approach to network security. No one is trusted
unless verified.

- Defense in Depth:
o Layering the defense.
o Physical Controls: Door locks, fences, rack blocks, cameras.
o Technical Controls: Hardware, software, firewall, AD, encryption.
o Firewall, screened subnet, hashing, salting, authentication, IPS,
VPN, Card, badge, antimalware, antivirus, security guard.
o Physical Segmentation: Separate devices, separate infrastructure.
o Logical Segmentation: VLAN.
o Separation of Duties: Split knowledge, dual control.
o Network Access Control:
▪ IEEE 802.1x port-based access after auth.
▪ EAP or RADIUS
▪ Disable un-used ports
▪ MAC address checking to stop spoofing.
o Honey Pots:
▪ Attract attackers and trap them to a pot. Create a virtual world to
explore. See the capabilities and methods of attackers.

- Authentication Methods:
PAGE 26
 KBSUPERUSER.COM

o Local Auth: Credentials stored on local machine. Not centralized.

o MFA: More than one factor. Something you are, something you love,
something you know, somewhere you are, something you do.
o RADIUS: Centralized auth for users. Supported widely by
manufacturers.
o TACACS: Terminal Access Controller Access Control System.
o LDAP: Protocol for reading writing directories over an IP Network.
o Kerberos: One-time auth is enough.

- Risk Management: Risk Management Explained - superuser

(kbsuperuser.com)

- Common Attacks: Types of Cyber Attacks Explained - superuser

(kbsuperuser.com)

Network Hardening
- SNMP
- Router Advertisement Guard
- Port Security
- Dynamic ARP Inspection
- Patch Management
- Control Plane Policing
- Role-based Access
- Private VLAN
- Access Control List
- Firewall Rules
- Disabling un-used ports
- Change default credentials
- Password complexity
- DHCP Snooping
- Changing default VLAN
- Upgrading firmware

Wireless Security:
- MAC Filtering
- Antenna Placement
- Wireless Isolation
- Wireless Security Nodes
- EAP
- Geo Config
- Captive Portal

PAGE 27
 KBSUPERUSER.COM

Remote Access:
- Use VPNs via firewall, standalone hardware, software etc.
- Full Tunnel: All traffic goes to corporate FW even if not related with
organization.
- Split Tunnel: Only corporate related traffic goes to corporate firewall.
- Remote Desktop Connection: RDP, VNC. Use Remote Desktop Gateway.
- Use SSH tcp/22 and encrypt all traffic.
- Out of band management: serial connection, USB, console router

Physical Security:
- CCTV: Object detection, motion detection, plate and face detection.
- Asset Tracking Tags: Record all assets.
- Tamper Detection: Use tampered stickers
- Employee Training: One on one, posters, signs, messages/
- Access Control Hardware: Gate, lock, camera
- Badge Reader, biometrics, smart locks
- Locking cabinets
- Data destruction
- Access control vestibules

Network Troubleshooting:
- Identify the Problem: Gather information, Question Users, Check Help Desk
Tickets, Get as many details as possible.
- Find out if anything changed
- Establish a Theory: Start with obvious Consider everything, divide and
conquer problem.
- Confirm the theory: Determine next steps to resolve the problem. If it does
not work try with another theory.
- Create a plan of action: Build the plan what to do. Identify potential effects.
- Implement the solution: Try the fix, escalate as necessary, get help from a 3rd
party.
- Verify full system functionality: Check the solution with customer.
- Document Findings: Add the results to knowledgebase.
- Briefly:
o Identify problem
o Establish a theory of probable cause
o Test the theory
o Establish a plan of action
o Implement the solution
o Verify full system function
o Document findings

PAGE 28
 KBSUPERUSER.COM

Cable Connectivity:
- Using Right Cable: Speed / Bandwidth, Throughput, Distance
- Unshielded and Shielded Cable: U / S / F Cable
- S/FTP, F/UTP means: Shielded outside / Foil Shielding inside, Foil outside /
No shielding inside
- Active / Circulating Plenum Airspace
- Traditional Cable Jacket: Polyvinyl chloride (PVC)
- Fire-Rated Cable Jacket: Fluorinated ethylene polymer (FEP) or low-smoke
polyvinyl chloride (PVC)
- Serial Console Cables: D-Subminiature or D-Sub like DB-9 or DB-25.
Commonly used for RS-232. Now used for configuration port.
- Rollover Cable – Rolled Cable – Cisco Console Cable - Yost Cable: A
standard for RJ-45 to serial communications
- Ethernet cross-over cables: Connect to Ethernet devices without using a
switch by using crossover cable. Can be a good alternative to a console
connection.
- PoE: One wire for both network and electricity. Phones, cameras, access points.

Wired Network Troubleshooting:

- Attenuation: Gradual diminishing of signal over distance
- Decibel: Signal strength ratio measurements. Scales up logarithmically. Can
lose all connectivity, intermittent connectivity, poor performance. Test each
connection.
- Avoiding EMI and Interference: No twisting, watch bend radius, don’t use
staples. Avoid power cords, electrical systems. Test after installation.
- Troubleshooting pin-outs: Test the cables prior to implementation. There
may be incorrect pin-out.
- Bad Ports: Interface errors may indicate bad cable or hardware problem.
Verify port configurations, verify two-way connections, Poor Throughput.
Check the speed settings.
- Opens and shorts: Two connections are touching. Wires inside of a cable or
connection. May be difficult to find. Replace the cable. Advance troubleshoot
can be done with a TDR.
- Incorrect Transceivers: Have to match the fiber. Single Mode – Single Mode.
- Duplex / Speed Mismatch: Speed 10 / 100 / 1000 / Auto, Duplex Half / Full /
Auto. Cause less than expected throughput.
- Reversing transmit and receive: Wiring mistake on cable ends or punch
downs. Some network interfaces will automatically correct. (Auto-MDIX)
- TX/RX Reversal: No Connectivity. Try turning Auto-MDIX on. Locate reversal
location.
- Dirty Optical Cables: Always use your dust caps.

PAGE 29
 KBSUPERUSER.COM

Hardware Tools:
- Cable Crimpers: Coaxial, twisted pair, fiber. Connect the modular connector
to Ethernet Cable. Get a good pair of electrician’s scissors.
- Make sure to use correct modular connectors.
- Punch-Down tools: Punch a wire into wiring block such as 66 / 110 blocks.
Trims the wires during the punch.
- Document everything, tag everything.
- Tone Generator: follow the tone to find the cable. Easy wire tracing.
- Loopback Plugs: Useful for testing physical ports or fooling the applications.
Serial / RS-232, Ethernet, T1, fiber. These are not cross-over cables.
- TDR or OTDR: Estimate cable lengths both copper and fiber. Cable impedance
information, signal losses, locate copper or fiber breaks. Resolve layer 1 issues
quickly. Helps to validate installation.
- Multimeters: AC, DC, Continuity.
- Cable Testers: Relatively simple, continuity test. Can identify missing pins.
Not usually used for frequency testing.
- Taps and Port Mirrors: Intercept network traffic and send a copy to a packet
capture device. Disconnect the link put a tap in the middle and do the analysis.
- Fusion Splicer: Joins two ends of a fiver together. Add a connector to end of a
fiber, extend the length, remove damaged section.
- Light Meter: Shows how much light is getting through. Useful during
installation.
- Spectrum Analyzer: See the frequencies and conflicts.

Software Tools:
- Wireless packet analysis: Easy to monitor. You have to be quiet and listening.
“Wireshark”
- Protocol Analyzers: Solve complex application issues. Get and shows the
details. Gather frames and view traffic patterns. “Wireshark”
- Speed Test Sites: Bandwidth Testing. Measure at different times of the day.
IPS sites, speedof.me, speetest.net
- iPerf: Performance monitoring and speed testing. Set iPerf server and client.
- IP and port scanners: Active scan for IP Addresses and open ports. Set the
range and see who responds. Nmap / Zenmap / Angry IP Scanner.
- NetFlow: Gather traffic statics from all traffic flows. Probe watches network
communication. Summary records are sent to collector.
- TFTP Server: perfect for initial file transfers and firmware upgrades.
- Terminal Emulator: Encrypted Terminal communication

PAGE 30
 KBSUPERUSER.COM

Command Line Tools:

- Ping: Tests Reachability. Determine Round-trip time and uses ICMP.
- Ipconfig / Ifconfig / IP: ping local router / gateway. Determine TCP/IP
information.
- Nslookup / dig: lookup information from DNS servers. Canonical names, IP
Addresses, cache timers etc.
- Traceroute: Determine the route a packet takes to a destination. -tracert for
windows or traceroute for unix / linux / macos.
- ARP: Determine a MAC address based on an IP address. Arp -a
- Netstat: show all active connections. Netstat -a, netstat -b, netstat -n
- Hostname: View the FQDN and IP address of the device.
- Route: View the device routing table. Route print, netstat -r
- Telnet: tcp / 23. Login devices remotely. Insecure communication. A great
utility for checking a port or application.
- TCPDump: capture packets from the command line. Apply filter’s view in the
real-time.
- Nmap: network mapper, port scanner, operating system scan, service scan.
Additional scripts can add.
- Show interface: view interfaces on a device
- Show config: view the device config – show run
- Show route: view the routing table – show ip route

Wireless Troubleshooting:
- Performance can vary. Throughput, speed, distance effects the performance.
- RSSI: The strength of a received radio signal. Closer in decibel-milliwatss to
zero is better.
- Wireless survey tools: Signal coverage, potential interference.
- EIRP: The radiated signal strength. Transmit strength + antenna gain - cable
loss. For 2.4GHz maximum EIRP is +36 dBm or 4W.
- Omnidirectional antennas are good choice for most environments.
- Directional antennas focus the signal and provide increased distances. Yagi,
Parabolic. Point to point. Antennas are placed at both ends.
- Polarization: The orientation of an antenna. Transmitting and receiving
should be same.
- AP Association time: Devices must associate with an access point. Also check
the connection with wired network controller.
- Channel Utilization: Everyone can’t talk at one time. Disable legacy, low
speed support and use the fastest possible speeds and configurations. Check
the channels and adjust the output power, split network.
- Site Survey: Determine existing wireless landscape, identify existing Aps, work
around existing frequencies, plan for ongoing site surveys.

PAGE 31
 KBSUPERUSER.COM

Common Wireless Issues:

- Overlapping Channels: Create interferences.
- Attenuation: Signal gets weaker as you move farther. Control the power
output. Use a receive antenna with higher gain. Power lost can be seen in the
antenna cable coax.
- Wrong SSID: SSID needs to confirmed and configured correctly.
- Wrong passphrase: Check the password if not authenticated. Use 802.1x
- Security type mismatch: make sure the client matches access point. Migrate
all WEB to WPA 2/3.
- Incorrect antenna placement: Avoid overlapping, check locations.
- Channels: Using Channels 1 – 6 – 11 is recommended.
- Client Disassociation: Capture the packet via Wireshark. Remove the device
which sends disassociation packet.

General Network Troubleshooting:

- Device Configuration Review: Don’t start blindly, view the configuration.
- Routing Tables: Know how to get from point A to point B. Know which way
data will flow. Create a network map.
- Interface Status: Know the details of the important interfaces. Check the
errors.
- VLAN Assignment: Confirm the specific switch interface.
- Network Performance Baseline: See the baseline and look for where the
problem started. Check the SIEM records.

Common Network Issues:

- Half-duplex Ethernet: If 2 devices communicate simultaneously, there will be
a collision. It is normal in half-duplex networks.
- Full-duplex: Check interface configuration issues, hardware issues if collisions
happen.
- Broadcast Storms: Each device must process every broadcast. Capture the
packets and identify the source. Separate the network into smaller broadcast
domains.
- Duplicate MAC Address: Not a common occurrence. If it happens there may
be an on-path attack. Use ARP command from another computer and check
the IP Address.
- Duplicate IP Address: Static address assignments may cause. DHCP isn’t a
panacea, multiple DHCP Servers overlap. Capture DHCP Process and check it.
- Multicast Flooding: Switch forward multicast traffic. Configuration needs to
be checked.
- IGMP Snooping: Enable it to forward multicasts traffic to specific ports.
- Asymmetric Routes: find out the routing with traceroute and view the
configuration.
- Switching Loops: Configure Spanning Tree Protocol correctly.

PAGE 32
 KBSUPERUSER.COM

- Routing Loops: Check the configuration. Traceroute will show the problem.
- Missing Route: A route to destination network does not exist. The packet will
be dropped.
- Rogue DHCP Server: IP Addresses assigned by a non-authorized DHCP
Server. Intermittent connectivity, no connectivity. Enable DHCP Snooping on
the switch. Authorize DHCP servers in Active Directory. Disable the rogue and
renew the IP Address.
- Exhausted DHCP Scope: Check the server and add more IP address if
possible. Lower the lease time.
- IP Configuration Issues: Check the IP Address, Subnet Mask, Gateway and
DNS. Monitor the traffic. Check the devices and confirm subnet mask and
gateway.
- Low Optical Link Budget: Clean the connectors. Check the cable with a light
meter.
- Certificate Issues: Something is wrong with certificate. Check the certificate
details.
- Hardware Failure: Application does not respond. Confirm connectivity, run a
traceroute. Check the devices, light.
- Incorrect Firewall Setting: Check the configuration. Are ports protocol
allowed? Confirm the rules.
- Incorrect VLAN Configurations: Check the VLAN assignments on the switch.
- DNS Issues: Check the IP configuration and DNS settings on the client. Use
nslookup or dig. Change the DNS server.
- NTP Issues: time is important for applications such as Kerberos Active
Directory. Configure NTP on all devices and automate the settings.
- BYOD: Difficult to secure. Devices need to meet the company’s requirements.

PAGE 33