Chapter 2: Networking

DHCP Server (Dynamic Host Configuration Protocol)

Automatically assigns IP addresses and other network configuration settings to devices on a network

File Share

A networked service that allows multiple users or devices to access and share files over a network. It enables centralized storage and retrieval of data for easier collaboration.

Print Server

Connects a printer to the network to provide printing services for all network devices

Mail Server

Responsible for storing incoming mail and sending outgoing mail

Syslog

A standard for message logging that allows diverse systems to send their logs to a consolidated location

Web Server

◦Designed to respond to browser requests using standard web browsing protocols like HTTP/HTTPS.

◦Web pages are built with HTML or HTML5 and stored on the server.

◦Pages can be static or built dynamically in real-time.

Authentication Server

Manages login authentication to resources through centralized management

Database Servers

Used for database table storage, saving information in columns and rows, similar to a spreadsheet

NTP Servers (Network Time Protocol)

Crucial for ensuring the time of day is consistent across all network devices

Spam Gateways

Designed to stop spam emails at the gateway before they reach the user

All-in-one Security Appliance

A single hardware device that integrates multiple network security functions, such as firewalls, VPNs, intrusion preventaion, and antivirus scanning, into one unit

Load Balancers

Distribute the load across multiple servers, making the process invisible to the end-user

Proxy Server

An intermediary server that sits between a client (like your web browser) and a destination server (like a website). Its main job is to forward requests and responses between the two.

SCADA / ICS

Refers to large-scale, multi-site industrial control systems

Legacy Systems

An expression for "really old" systems that may still be "really important"

Embedded Systems

Purpose-built devices where you typically don't have direct access to the operating system

IoT Devices (Internet of Things)

Refers to a wide range of devices that connect to the internet.

IEEE Standards

A set of protocols that define wireless networking technologies

Wireless Frequencies

◦Common frequencies for 802.11 technologies are 2.4 GHz, 5 GHz, and 6 GHz

Wireless Channels

Segments of the wireless frequency band that are used for communication in wireless networks

Wireless Bandwidth

It determines the amount of data that can be transmitted over the wireless network at any given time

Bluetooth

Technology standard for short-range communication that allows devices to communicate over short distances

RFID (Radio-frequency identification)

A wireless technology that uses electromagnetic fields to automatically identify and track tags attached to objects

NFC (Near Field Communication)

A set of standards for devices to communicate by bringing them close

802.11a

• 5 GHz

• 54 Mbps speed

• Higher speed, less interference than 2.4 GHz, but shorter range

802.11b

• 2.4 GHz

• 11 Mbps

• Greater range than 802.11a, widely used in early Wi-Fi devices

802.11g

• 2.4 GHz

• 54 Mbps

• Combined speed of 802.11a with range of 802.11b; backwards compatible

802.11n

• 2.4 GHz & 5 GHz

• 600 Mbps

• Introduced MIMO (multiple antennas), higher speeds, better coverage

802.11ac

• 5 GHz

• 3.5 Gbps

• MU-MIMO, beamforming, wider channels, big speed boost

802.11ax

• 2.4 GHz & 5 GHz

• 9.6 Gbps

• OFDMA, better performance in crowded networks, more efficiency

802.11be

• 2.4 GHz, 5Ghz, 6 GHz

• 46 Gbps+

• 320 MHz channels, multi-link operation, massive speed jump

The overlap problem

To avoid interference, we use channels that don’t touch each other:

• Channel 1

• Channel 6

• Channel 11

FTP (File Transfer Protocol)

-tcp/20 and tcp/21

-Transfers files between systems

SSH (Secure Shell)

-tcp/22

-A critical technology for secure remote access to computer systems, it encrypts all data transmitted between a client and a server, providing a secure way to manage systems and transfer files over an unsecured network like the internet

Telnet (Telecommunication Network)

-tcp/23

-Login to devices remotely

SMTP (Simple Mail Transfer Protocol)

tcp/25

A standard protocol used for sending emails between servers

DNS (Domain Name System)

-tcp/53

-Converts names to IP addresses

DHCP (Dynamic Host Configuration Protocol)

-udp/67 and udp/68

-Automated configuration of IP address, subnet mask and other options

HTTP (Hypertext Transfer Protocol)

-tcp/80

-Communication in the browser

HTTPS (Hypertext Transfer Protocol Secure)

-tcp/443

-An extension of the HTTP protocol that encrypts data transferred between a web browser and a server

POP3 (Post Office Protocol version 3)

-tcp/110

-Receive emails from an email server

IMAP4 (Internet Message Access Protocol v4)

-tcp/143

-A standard protocol used by email clients to retrieve and manage email messages on a remote mail server

SMB (Server Message Block)

-tcp/445

-A network file sharing protocol that allows a computer to securely read, write, and manage files, directories, printers, and other resources on a remote server over a network

LDAP (Lightweight Directory Access Protocol)

-tcp/389
-Store and retrieve information in a network directory

RDP (Remote Desktop Protocol)

-tcp/3389
-Remote Desktop Services on many Windows versions

NetBIOS session

-tcp/139 and tcp/137
-Enables connection-oriented, reliable communication between two applications on different computers over LAN

Wi-Fi Analyzer

Used to measure wireless signal strength, identify interference, and analyze channel usage. This tool helps in optimizing wireless network performance and resolving connectivity issues

Tone Generator / Inductive Probe

-A tone generator puts an analog sound onto a wire

-An inductive probe can hear this sound without touching the copper, typically through a small speaker

Punch Down Tool

Used to "punch" a wire into a wiring block (like 66 block or 110 block)

Cable Testers

A tool that performs a continuity test and provides a simple wire map

Loopback Plugs

Useful for testing physical ports or "fooling" applications into thinking a connection exists

Taps (Physical) / Port Mirrors (SPAN)

◦Methods used to intercept network traffic and send a copy to a packet capture device.

◦Physical taps require disconnecting the link and inserting the tap in the middle; they can be active or passive.

◦Port mirroring is a software-based tap that offers limited functionality but can be effective.

Satellite Networking

Non-terrestrial communication to a satellite

Fiber (Internet Connection)

Provides high-speed data communication using frequencies of light. Has higher installation costs and is more difficult to repair than copper, but can communicate over long distances

Cable (Internet Connection)

Broadband technology transmitting across multiple frequencies for different traffic types

DSL (Digital Subscriber Line)

Uses existing telephone lines for internet connectivity

Cellular Networks

◦Used by mobile devices ("cell" phones).

◦Land areas are divided into "cells," each covered by an antenna using specific frequencies.

◦Allows for tethering (turning your phone into a wireless router) and standalone mobile hotspots.

WISP (Wireless Internet Service Provider)

Provides terrestrial internet access using wireless technologies

LAN (Local Area Network)

A computer network that interconnects devices within a limited geographic area, such as a home, school, office building, or a small campus

WAN (Wide Area Network)

◦A network spanning a large geographical area, often connecting LANs across distances.

◦Generally much slower than a LAN.

◦Includes various technologies like point-to-point serial and Multiprotocol Label Switching (MPLS), both terrestrial and non-terrestrial.

PAN (Personal Area Network)

The smallest and most localized computer network, designed to connect the devices that are immediately surrounding a single person, typically within an arm’s reach or 10 meters

MAN (Metropolitan Area Network)

A network that covers a city, larger than a LAN but often smaller than a WAN

SAN (Storage Area Network)

A specialized, high-speed network that provides servers with access to a shared pool of storage devices

WLAN (Wireless LAN)

A Wireless Local Area Network that uses 802.11 technologies

IPv4 Addresses (Internet Protocol version 4)

◦A Layer 3 address in the OSI model.

◦Supports approximately 4.29 billion addresses.

◦Public IPv4 addresses are unique on the Internet.

◦Network Address Translation (NAT) is used to manage scalability issues due to the limited number of addresses.

Private IP Address Ranges

10.x.x.x, 172.16-31.x.x, or 192.168.x.x.

IPv6 Addresses (Internet Protocol version 6)

◦A 128-bit address, allowing for a very large number of addresses to address the scalability issues of IPv4.

◦The first 64 bits are generally the network prefix (/64), and the last 64 bits are the host network address.

IP Address

Every device on a network needs a unique IP address

Subnet Mask (e.g., 255.255.255.0)

A 32-bit number used in the computer networking to divide an IP address into two parts: the network portion and the host portion

Default Gateway (e.g., 192.168.1.1)

A default gateway is the path or “door” that a computer or device uses to send information to a destination that is outside of its immediate local network

Static IP Addressing

An IP address that does not change without manual configuration

APIPA (Automatic Private IP Addressing)

Uses the range 169.254.0.0 through 169.254.255.255

DHCP Reservations

A method that allows the DHCP server to pre-set an IP address for a specific client based on its MAC address. This ensures that the client will always get the same IP addressfrom the DHCP server when it connects to the network

Local host IP

127.0.0.1

Routers

Their primary function is to route traffic between IP subnets. They make forwarding decisions based on IP addresses

Switches

A piece of hardware that acts as a central connecting point for all wired devices within a local area network (LAN), such as computers, servers, and printers

Multilayer Switch

A type of switch that includes routing functionality

Unmanaged Switches

A network device that allows you to easily connect multiple devices on a local network, often refers to as a “plug-and-play” device

Managed Switches

Provide VLAN support and can interconnect with other switches via 802.1. Offer features like traffic prioritization, redundancy support, and port mirroring

Access Point (AP)

Functions as a bridge that extends the wired network onto the wireless network. Makes forwarding decisions based on MAC addresses.

Patch Panels

A hardware device used for cable management and organization, acting as a central hub for network, telephone, or coaxial connections

Firewalls

A network security system that monitors and controls incoming and outgoing network traffic based on a set of predetermined security rules

PoE (Power over Ethernet)

A networking technology that allows Ethernet cables to carry both data and electrical power simultaneously to network devices

PoE, PoE+, PoE++

◦Different standards for Power over Ethernet, offering increasing wattage:

▪PoE: Original specification, provides 15.4 watts DC power

▪PoE+: Provides 25.5 watts DC power

▪PoE++: Provides 51 W (Type 3) or 71.3 W (Type 4) DC power, with Type 4 supporting PoE with 10G BASE-T

Cable Modem

A device that connects your home to the internet. Taking the signal from your internet provider and converting it into a signal that your computer and other devices can understand

DSL Modem (Digital Subscriber Line)

◦Uses telephone lines for internet connectivity.

◦Characterized by asymmetric speeds, where download speed is faster than upload speed (e.g., 200 Mbit/s downstream / 20 Mbit/s upstream).

◦Has a limitation of approximately 10,000 feet from the central office (CO), with faster speeds possible closer to the CO.

ONT (Optical Network Terminal)

The device installed at your home or business that serves as the endpoint of a fiber-optic network connection

NIC (Network Interface Card)

A fundamental piece of hardware that enables your computer to connect to a network and communicate with other devices

VPN (Virtual Private Network)

Provides encrypted (private) data communication traversing a public network

Site-to-site VPN

A secure and private connection between the networks of two or more different locations over the internet

Resource Records (RR)

Database records of the domain name services

A Records (Address Records)

◦Defines the IPv4 address of a host.

◦This is the most popular query type for DNS.

AAAA Records

Defines the IPv6 address of a host

CNAME Records

Establishes a name as an alias of another, canonical name. Allows one physical server to host multiple services

MX Records (Mail Exchanger Record)

A specialized type of DNS record that tells the Internet where to send email for a particular domain

TXT Records (Text Records)

Human-readable text information used for email security

DKIM (Domain Keys Identified Mail)

A critical email authentication standard that provides a way to verify that an email message was truly sent and authorized by the domain it claims to be from

SPF (Sender Policy Framework)

Defines a list of all servers authorized to send emails for a specific domain. Helps prevent mail spoofing by allowing mail servers to check if incoming mail came from an authorized host.

DMARC (Domain-based Message Authentication, Reporting, and Conformance)

An extension of SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) that helps prevent unauthorized email use (spoofing)

DORA Process

◦The four-step process a client uses to obtain an IP address from a DHCP server:

▪Discover: The client finds a DHCP server.

▪Offer: The server offers an IP address to the client.

▪Request: The client requests to lock in the offer.

▪Acknowledge: The DHCP server confirms the IP assignment.