Domain 2: Networking (23%)

FTP - File Transfer Protocol

Transfer files between systems. Authenticates with a username and password or some other type of generic / anonymous login. Full feature functionality (List, Add, Delete, etc.)

• TCP / Port 20 (Active Mode Data)

• TCP / Port 21 (Administration/Control)

SSH - Secure Shell

Provides an encrypted communication link. Looks and acts the same as Telnet protocol (old)

• TCP / Port 22

Telnet Protocol - Telecommunication Network

Works identical to SSH, has command line, can log into a device with username and password, can administer that device remotely BUT there is NO ENCRYPTION used. }

• TCP / Port 23

SMTP - Simple Mail Transfer Protocol

Server to server email transfer. Also used to send mail from a device to a mail server, commonly configured on mobile devices and email

• TCP / Port 25

DNS - Domain Name System

Converts domain name (website name) to IP address

• UDP / Port 53

DHCP - Dynamic Host Configuration Protocol

Automated configuration of IP addresses, Subnet Mask, Default Gateway or DNS servers.

• UDP / Port 67 (Server)

• UDP / Port 68 (Client)

HTTP - Hypertext Transfer Protocol

Un-encrupted web server communication / traffic, fetches web pages

• TCP / Port 80

HTTPS - Hypertext Transfer Protocol Secure

Web server communication with encryption, more secure than HTTP

• TCP / Port 443

POP 3 - Post Office Protocol (Version 3)

Receives emails from an email server (often downloads to device) and typically delete messages from server after download - Authenticate and transfer

Basic mail transfer functionality

• TCP / Port 110

IMAP 4 - Internet Message Access Protocol (Version 4)

Allows you to manage your email inbox on the server and keep them synchronized across multiple devices

• Use: make folders, and transfer emails into those folders

• TCP / Port 143

SMB - Server Message Block

Protocol used by Microsoft Windows. Also called CIFS (Common Internet File System)

Use: File transfer / sharing and send information to printers queues and for other processes where Windows need to communicate information between different Windows devices

• TCP / Port 445 (modern, direct hosted)

NetBIOS over TCP/IP (NetBT) - Older version

UDP / Port 137 - NetBIOS name services (nbname)

TCP / 139 - NetBIOS session service (nbsession)

LDAP - Lightweight Directory Access Protocol

Store and retrieve information in a network. It enables centralized authentication and authorization, allowing applications to quickly query user information, credentials, and organizational attributes.

Example: Microsoft Active Directory

• TCP / Port 389

LDAPS - Lightweight Directory Access Protocol Secure

LDAP wrapped in TLS so directory look-ups are protected in transit.

• TCP / Port 636

RDP - Remote Desktop Protocol

Share a desktop from a remote location over TCP / Port 3389. Can connect to an entire desktop or just an application

TCP - Transmission Control Protocol

Connection-oriented, reliable delivery, error checking, used for web, email, file transfer

• Example: HTTPS (Hypertext Transfer Protocol) & SSH (Secure Shell)

• Benefit: Guaranteed delivery, ordered packets, suitable for data integrity requirements

UDP - User Datagram Protocol

Connection-less, faster but unreliable, no error checking, used for streaming, VoIP, gaming

• Benefit: Lower latency, suitable for real-time applications that can tolerate packet loss

RFID (Radio Frequency Identification)

Uses radio waves for identification (Access Badges, Product Tags)

• Tags: Antenna + Chip

  • Most RFID are Passive: No battery, powered by scanner’s radio waves

  • Some Active: Has battery, longer range

• One-way communication (Tag to Scanner)

NFC (Near Field Communication)

Two-way wireless communication

• Builds on RFID, which is mostly one-way

• Very short range (4cm) (tap to connect) payments, device pairing, no pairing required

Uses: Contactless payments, quick device setup/pairing, identification

2.4 GHz

• Longer range

• Better wall penetration

• More interference (microwaves, bluetooth, cordless phones, baby monitors)

5 GHz

• Shorter range

• Less interference from common household devices

• More available channels

• Faster speeds

• More non-overlapping channels available, less congestion

6 GHz

• Most spectrum (1,200 MHz), no legacy device interference

• Wi-Fi 6E only

• Shortest range

802.11n

• Up to 600 Mbps, 2.4 GHz and 5 GHz

• MIMO (Multiple-Input Multiple-Output) support

802.11ac (Wi-Fi 5)

• 1.3 - 3.5 Gbps, 5 GHz only

• MU-MIMO (Multiple User - Multiple-Input Multiple-Output) support

• Channel Width: Utilizes wide channels (80 MHz or 160 MHz) to increase data transfer speeds.

802.11ax (Wi-Fi 6/6E)

• Up to 9.6 Gbps, 2.4/5/6 GHz,

• OFDMA

• Better efficiency in dense environments

WPA2 with AES - Wi-Fi Protected Access 2

Minimum recommended security for business networks

WPA3 - Wi-Fi Protected Access 3

• Latest standard

• stronger encryption

• protection against brute-force attacks

Bluetooth

• Short-range (10-100m)

• Uses 2.4 GHz ISM (Industrial Medical Medical) Band

• device pairing

• low power consumption

2.4 GHz non-overlapping channels

1, 6, and 11 (North America) - use these to avoid interference

Channel width

Wider channels (40 MHz, 80 MHz) provide faster speeds but more interference

Channel overlap

Causes interference and reduced performance

NFC (Near Field Communication)

• very short range (4cm)

• contactless payments

• device pairing

• no pairing required

RFID (Radio-Frequency Identification)

• Asset tracking

• Inventory management

• Access control badges

2.4 GHz interference sources

Microwave ovens, Bluetooth devices, cordless phones, baby monitors

Wi-Fi Troubleshooting

• Use Wi-Fi analyzer to identify channel congestion, switch to less congested channel

IPv4 private ranges

• Not internet-routable; used with NAT (Networkd Address Translation)

• 10.0.0.0 - 10.255.255.255 (Class A size)

• 172.16.0.0 - 172.31.255.255 (Class B size)

• 192.168.0.0 - 192.168.255.255 (Class C Size - Common for SOHO - Small Office / Home Office)

IPv4 public

Routable on internet, assigned by ISP (Internet Service Provider)

IPv6

• 128-bit addresses (e.g., FE80::5D18:0652:FEFD:8F52)

• DNS is crucial (addresses are long/complex)

• eliminates need for NAT (Network Address Translation)

• auto-configuration support

APIPA (169.254.x.x)

Automatic Private IP Addressing when DHCP fails

Static IP (Internet Protocol)

Manually configured, used for servers, printers, network devices

Dynamic IP

Automatically assigned by DHCP, used for client devices

Subnet Mask

• Defines network and host portions of IP address

• Common masks: 255.255.255.0 (/24) | 255.255.0.0 (/16) | 255.255.255.128 (/25)

• Determines which devices are on same local network

Default Gateway

• Router IP address that forwards traffic to other networks

• Required for internet access and inter-network communication

• Typically first or last usable IP in subnet (e.g., 192.168.1.1 or 192.168.1.254)

Routers

• Connect different networks (e.g., LAN to WAN/internet)

• Make forwarding decisions based on IP addresses (Layer 3)

• Provide NAT (Network Address Translation) for private to public IP conversion

• Include firewall capabilities in SOHO models

Switch: Un-managed switches

• Plug-and-play, no configuration options, lower cost

• No advance features (VLAN, QoS remote management)

Switch: Managed switches

• Advanced configuration & remote management

• VLAN (Virutal Local Area Network) support, port configuration, monitoring, QoS (Prioritize

Switches “Local Street Directors” - Layer 2

• Connect wired devices (computers, printers, servers) within a single LAN

• Forwarding traffic using MAC addresses

• High-speed (ASIC hardware), many ports

Quality of Service (QoS)

• A set of technologies used in networking to manage traffic, reduce latency, and ensure the performance of critical applications

• It works by prioritizing bandwidth for high-priority data (e.g., video conferencing) over less critical traffic during network congestion. Key components include classification, marking, and queuing, which manage packet loss, jitter, and delays

Access Points

• Provide wireless connectivity to wired network

• Can be standalone or controller-managed for enterprise deployments

• Support multiple SSIDs (Service Set Identifier) for network segmentation

• PoE-powered for flexible placement

Power over Ethernet (PoE)

• PoE standards: 802.3af (15.4W), 802.3at/PoE+ (25.5W), 802.3bt/PoE++ (up to 100W)

• PoE injector: Adds power to single Ethernet cable

• PoE switch: Provides power to multiple devices through Ethernet ports

• Powers access points, IP cameras, VoIP phones without separate power cables

Patch panel

Organizes and terminates network cables in wiring closet

NIC (Network Interface Card)

Connects computer to network (wired or wireless)

ONT (Optical Network Terminal)

Converts fiber optic signal to Ethernet

DSL (Digital Subscriber Line) modem

Converts phone line (copper) signal to Ethernet for internet access

Cable modem

Converts coaxial cable signal to Ethernet for internet access

Firewall

Dedicated security appliance for traffic filtering

Cable Installation Tools

• Crimper: Attaches RJ45 connectors to Ethernet cables by compressing metal contacts

• Cable stripper: Removes outer jacket from cables without damaging internal wires

• Punchdown tool: Terminates wires into patch panels, keystone jacks, 110 blocks

Cable Testing Tools

• Toner probe (tone generator and probe): Traces and identifies cables in walls, ceilings, cable bundles

• Wi-Fi analyzer: Scans wireless networks, identifies channel congestion, measures signal strength

• Cable tester results: Tests all 8 wires in Ethernet cable, identifies miswiring or broken connections

Common Cable Issues

• Improper termination: Four wire pairs not properly punched down causes connectivity issues

• 10/100 Mbps Ethernet: Uses only 2 pairs (4 wires), can work with partial wiring

• Gigabit Ethernet: Requires all 4 pairs (8 wires) properly terminated

Connection Technologies

• Fiber: Fastest (up to 10 Gbps+), most reliable, symmetric speeds, requires ONT

• Cable: Fast (up to 1 Gbps), shared bandwidth with neighbors, asymmetric speeds

• DSL (Digital Subscriber Line): Moderate speed (up to 100 Mbps), dedicated connection, speed decreases with distance

• Satellite: Available anywhere, high latency (500-700ms), weather-dependent

• Cellular (4G/5G): Mobile connectivity, variable speeds, data caps common

• WISP (Wireless ISP): Fixed wireless, line-of-sight required, rural areas

Network Types

• LAN (Local Area Network): Single building or campus, high speed, private ownership

• WAN (Wide Area Network): Connects LANs across large distances, internet is largest WAN

• PAN (Personal Area Network): Very small area, Bluetooth devices, typically 10m range

• MAN (Metropolitan Area Network): City-wide network, between LAN and WAN in size

• SAN (Storage Area Network): High-speed network for storage devices

• WLAN (Wireless LAN): Wireless version of LAN using Wi-Fi

DNS (Domain Name System)

Translates domain names to IP addresses, critical for internet connectivity

DHCP (Dynamic Host Configuration Protocol)

Automatically assigns IP addresses, subnet masks, gateways, and DNS servers to clients

File server

Centralized file storage and sharing (SMB/CIFS for Windows, NFS for Linux)

Print server

Manages network printers, handles print queues and job distribution

Mail server

Handles email delivery (SMTP for sending, POP3/IMAP for receiving)

Web server

Hosts websites and web applications (HTTP/HTTPS)

Database server

Stores and manages structured data for applications

NTP (Network Time Protocol)

Synchronizes system clocks across network

Firewall

Controls inbound and outbound traffic based on security rules

Proxy server

Intermediary for client requests, caching, content filtering

Load balancer

Distributes traffic across multiple servers for performance and redundancy

UTM (Unified Threat Management)

All-in-one security device, combines firewall, antivirus, IDS/IPS, content filtering

Spam gateway

Filters unwanted email before reaching mail server

A record - (DNS Records)

Maps hostname to IPv4 address

AAAA - record (DNS Records)

Maps hostname to IPv6 address

CNAME (DNS Records)

Alias for another domain name (canonical name)

MX record (DNS Records)

Mail exchange server for domain

TXT records (DNS Records)

• Text information, used for SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), DMARC (Domain-based Message Authorization, Report, Conformance) email authentication

• SPF/DKIM for spam prevention

Syslog Server

Central log collection (often to a SIM / SIEM)

Scope (DHCP Configuration)

Range of IP addresses available for assignment

Lease (DHCP Configuration)

Time period client can use assigned IP address (typically 24 hours to 7 days)

Reservation (DHCP Configuration)

Permanently assigns specific IP address to specific MAC address

Exclusions (DHCP Configuration)

IP addresses within scope that DHCP won't assign (reserved for static devices)

VLAN (Virtual Local Area Network)

• Logically segments network into separate broadcast domains without physical separation

• Improves security by isolating traffic between departments or device types

• Reduces broadcast traffic and improves network performance

• Requires managed switch with VLAN support

DORA (Discover Offer Request Acknowledge) Process:

Discover: Client Broadcasts for DHCP server

Offer: Server offers IP addresses

Request: Client accepts an offer

Acknowledge: Server confirms assignment

VPN (Virtual Private Network)

• Creates encrypted tunnel over public internet for secure remote access

• Site-to-site VPN connects entire networks, client-to-site VPN connects individual users

• Common protocols: IPsec, SSL/TLS, L2TP