CompTIA Network+ (Study Notes)

Network+ Exam Foundations

• Network+ (N10-007)
CompTIA Network+ is a vendor neutral networking certification that is trusted around the world.
It validates the essential knowledge and skills needed to confidently design, configure, manage,
and troubleshoot any wired and wireless devices. CompTIA Network+ certified individuals are in-
demand worldwide.
[Link]
• Exam Description
o CompTIA Network+ covers the configuration, management, and troubleshooting
of common wired and wireless network devices
o Understanding of…
▪ Network documentation
▪ Network standards
▪ Network security
▪ Cloud technologies
▪ Virtualization
• Five Domains
o 23% - Networking Concepts
o 18% - Infrastructure
o 17% - Network Operations
o 20% - Network Security
o 22% - Network Troubleshooting & Tools
• Exam Details
o Up to 90 questions in 90 minutes
▪ Multiple-choice
▪ Performance-based/Simulations
o Requires a 720 out of 900
o Recommended Experience:
▪ CompTIA A+ Certification
▪ 9 months of networking experience
o Released: March 2018
• Are You Ready?
o Take practice exams
o Did you score at least 85% or higher?
o If you need more practice, take additional practice exams to hone your skills
before attempting the exam
• What kind of jobs can I get?
o Help Desk Technician
o Network Support Specialist

[Link] 1
 CompTIA Network+ (Study Notes)

o Network Administrator
o Network Field Technician
o Network Engineer
o Network Analyst

[Link] 2
 CompTIA Network+ (Study Notes)

Networks and Their Basic Components

• Overview of Networks
o Computer Networks
▪ What comes to mind?
▪ Is it limited to computers?
▪ Is it limited to Ethernet, WiFi, or fiber?
o Purpose of Networks
▪ To make connections between machines
▪ Converged networks combine multiple types of traffic like data, video,
and voice
▪ We expect 99.999% availability (The 5 9’s)
• Only 5 minutes downtime per year
o Network Traffic Examples
▪ File sharing
▪ Video chatting
▪ Surfing the Web
▪ Social Media
▪ Streaming Video
▪ E-mail
▪ Messaging
▪ VoIP
• Network Components
o Network Components
▪ Client
▪ Server
▪ Hub
▪ Wireless Access Point
▪ Switch
▪ Router
▪ Media
▪ WAN Link
o Client
▪ Device end-user accesses the network with
▪ Workstation, laptop, tablet, smartphone, television, server, or other
terminal devices
▪ Can be any device that connects to the network
o Server
▪ Provides resources to the rest of the network

[Link] 3
 CompTIA Network+ (Study Notes)

▪ Different servers provide different functions, such as an E-mail server,

Web server, File server, Chat server, and Print server
▪ Can be a dedicated server hardware/software or can be a device that is
acting like a server for a particular function
o Hub
▪ Older technology to connect networked devices, such as clients and
servers
▪ Can be interconnected to provide more ports, but leads to increased
network errors
▪ Receives information in one port and rebroadcasts it out all the other
ports
o Wireless Access Point (WAP)
▪ Device that allows wireless devices to connect into a wired network
▪ Commonly used in home, small business, and even some large enterprise
networks
▪ Acts as a wireless hub
o Switch
▪ Connects networked devices such as clients and servers (like a hub)
▪ Switches learn what devices are on which switch ports
▪ Switches only forward traffic received from a port to the destination port
based on the device’s MAC address
▪ Provides more security and efficiently uses available bandwidth
o Router
▪ Connect two different networks together
▪ Intelligently forwards traffic to and from a network based on its logical
address
▪ Most modern routers use Internet Protocol (IP) address to determine
routing of traffic
o Media
▪ Connect two devices or a device to a port
▪ Made from copper cable, fiber optic cable, or radio frequency waves
(WiFi)
▪ Each type has strengths and limitations, such as its available bandwidth,
capacity, distance that can be covered, and cost to install and maintain
o Wide Area Network (WAN) Link
▪ Physically connects networks together
▪ Numerous WAN links are available: leased lines, DSL, Cable, Fiber Optic,
Satellite, Cellular, Microwave, …
▪ Connects internal network to external networks, such as a SOHO network
to Internet

[Link] 4
 CompTIA Network+ (Study Notes)

• Network Resources
o Client/Server Model
▪ Uses dedicated server to provide access to files, scanners, printers, and
other resources
▪ Administration and backup are easier since resources are located on a
few key servers

o Benefits of Client/Server
▪ Centralized administration
▪ Easier management
▪ Better scalability
o Drawbacks of Client/Server
▪ Higher cost
▪ Requires dedicated resources
▪ Requires network operating system
o Peer-to-Peer Model
▪ Peers (PCs) share resources (files/printers) with each other directly
▪ Administration and backup are more difficult since resources are located
on a many PCs which adds to the administrative burden

[Link] 5
 CompTIA Network+ (Study Notes)

o Benefits of Peer-to-Peer
▪ Lower cost
▪ No dedicated resources required
▪ No specialized operating system required
o Drawbacks of Peer-to-Peer
▪ Decentralized management
▪ Inefficient for large networks
▪ Poor scalability
• Network Geography
o Personal Area Network (PAN)
▪ Smallest type of wired or wireless network
▪ Covers the least amount of area (few meters)
▪ Examples:
• Bluetooth cellphone to car
• USB hard drive to laptop
• Firewire video camera to computer
o Local Area Network (LAN)
▪ Connects components in a limited distance
▪ Each segment is limited to short distances, such as 100 meters with CAT 5
cabling
▪ Consists of Ethernet (IEEE 802.3) or WiFi networks (IEEE 802.11)
▪ Examples:
• Internal wired or wireless networks
o Campus Area Network (CAN)
▪ Connects building-centric LANs across a university, industrial park, or
business park
▪ Covers many square miles and buildings
▪ Examples:
• College campus
• Business Parks
• Military bases
o Metropolitan Area Network (MAN)
▪ Connects scattered locations across a city
▪ Larger than a CAN, but smaller than a WAN
▪ Covers up to a 25-mile radius in larger cities
▪ Examples:
• City departments like the police department
• Community college with campuses spread across a county
o Wide Area Network (WAN)
▪ Connects geographically disparate internal networks

[Link] 6
 CompTIA Network+ (Study Notes)

▪
Consists of leased lines or Virtual Private Networks tunneled over the
Internet
▪ Covers distances around the country or around the world
▪ Examples:
• The Internet (largest WAN)
• Connecting two private corporate networks from New York to
Seattle
o Network Geography

• Wired Network Topology

o Defining Network Topology
▪ Physical Topology
• How devices are physically connected by media
▪ Logical Topology
• How the actual traffic flows in the network
o Bus Topology
▪ Uses a cable running through area that required network
connectivity
▪ Each device “taps” into the cable using either a T
connector or vampire tap
▪ Old technology, not commonly used anymore
▪ Devices on cable form single collision domain

o Ring Topology
▪ Uses a cable running in a circular loop
▪ Each device connects to the ring, but data travels in a
singular direction
▪ FDDI (Fiber networks) used two counter-rotating rings for
redundancy

[Link] 7
 CompTIA Network+ (Study Notes)

▪ On token ring networks, devices wait for a turn to communicate on ring

by passing a token

o Star Topology

▪ Most popular physical LAN topology

▪ Devices connect to a single point
▪ Most commonly used with Ethernet cabling, but wireless
or fiber are also used
▪ If the central device fails, the entire network fails

o Hub-and-Spoke Topology

▪ Used for connecting multiple sites

▪ Similar to Star, but with WAN links instead of local area network
connections
▪ Not redundant, if central office (hub) fails, the whole network can fail

o Full-Mesh Topology

▪ Most redundant topology

▪ Every node connects to every other node
▪ Optimal routing is always available
▪ Very expensive to maintain and operate
▪ Number of Connections
▪ x= n(n - 1) / 2

[Link] 8
 CompTIA Network+ (Study Notes)

o Partial-Mesh Topology

▪ Hybrid of the full-mesh and the hub-and-spoke topologies

▪ Provides optimal routes between some sites, while
avoiding the expense of connecting every site
▪ Must consider network traffic patterns to design it
effectively

• Wireless Network Topology

o Infrastructure Mode
▪ Most common type of wireless network
▪ Requires centralized management
▪ Uses a wireless access point as a centralized point like a star topology
▪ Supports wireless security controls
o Ad Hoc Mode
▪ Decentralized wireless network
▪ No routers or access points are required
▪ Forwarding decisions for data on the network are made dynamically
▪ Allows creation/joining of networks “on-the-fly”
▪ Creates P2P connections

o Wireless Mesh Topology

▪ Interconnection of different types of nodes or devices
▪ Consists of clients, routers, and gateways
▪ Utilizes different radio frequencies to extend and expand access
▪ Reliable and redundant connections
• Internet of Things (IoT)
o Internet of Things (IoT)
o IoT Technologies
▪ 802.11
• Operates as infrastructure or ad hoc
▪ Bluetooth
• Low energy use variant of Bluetooth which allows for a mesh
network
▪ RFID
• Uses electromagnetic fields to read data stored in embedded tags
▪ NFC
• Enables two electronic devices to communicate within a 4 cm
range
▪ Infrared (IR)

[Link] 9
 CompTIA Network+ (Study Notes)

• Operates with line of sight

▪ Z-Wave
• Provides short-range, low-latency data transfer at rates and
power consumption lower than Wi-Fi
• Used primarily for home automation
▪ Ant+
• Collection and transfer of sensor data
• Used with remote control systems (tire pressure, TVs, lights)

[Link] 10
 CompTIA Network+ (Study Notes)

OSI Model
• OSI Model Overview
o OSI Model (Open Systems Interconnection)
▪ Developed in 1977 by the International Organization for Standardization
(ISO)
▪ Called the OSI model or OSI stack
▪ Consists of 7 layers
▪ Useful in troubleshooting networks
▪ Serves as a reference model in networks
o Purpose of Reference Model
▪ Categorize functions of the network into particular layer(s)
▪ Compare technologies across different manufacturers
▪ By understanding its functions, you can understand how best
to communicate with that device
o OSI Model Layers

[Link] 11
 CompTIA Network+ (Study Notes)

o Data Types in the OSI Model

• Layer 1 (Physical)
o Physical Layer (Layer 1)
▪ Transmission of bits across the network
▪ Physical and electrical characteristics
▪ Characteristics:
• How bits are represented on the medium
• Wiring standards for connectors and jacks
• Physical topology
• Synchronizing bits
• Bandwidth usage
• Multiplexing strategy
o How are bits represented on the medium?
▪ Electrical voltage (copper wiring) or light (fiber optics) represent 1’s and
0’s (bits)
▪ Current State
• If 0 volts, then 0 is represented
• If +/- 5 volts, then 1 is represented
▪ Transition Modulation

[Link] 12
 CompTIA Network+ (Study Notes)

• If it changed during the clock cycle, then a 1 is represented,

otherwise, a 0
o How are the cables wired?
▪ TIA/EIA-568-B is standard wiring for RJ-45 cables and ports
▪ Crossover cables use T-568A and T-568B
▪ Straight-thru cables typically use T-568B on both ends, but could use T-
568A on both
o How are the cables connected?
▪ Layer 1 devices view networks from a physical topology perspective
▪ Includes:
• Bus
• Ring
• Star
• Hub-and-Spoke
• Full Mesh
• Partial Mesh
o How is communication synchronized?
▪ Asynchronous
• Uses start bits and stop bits to indicate when transmissions occur
from sender to receiver
▪ Synchronous
• Uses a reference clock to coordinate the transmissions by both
sender and receiver
o How is bandwidth utilized?
▪ Broadband
• Divides bandwidth into
separate channels
• Example:
o Cable TV
▪ Baseband
• Uses all available frequency on a medium (cable) to transmit data
and uses a reference clock to coordinate the transmissions by
both sender and receiver
• Example:
o Ethernet
o How can we get more out of a limited network?
▪ Time-Division Multiplexing (TDM)
• Each session takes turns, using time slots, to share the medium
between all users
▪ Statistical Time-Division Multiplexing (StatTDM)

[Link] 13
 CompTIA Network+ (Study Notes)

• More efficient version of TDM, it dynamically allocates time slots

on an as-needed basis instead of statically assigning
▪ Frequency-Division Multiplexing (FDM)
• Medium is divided into various channels based on frequencies
and each session is transmitted over a different channel
o Broadband
o Examples at Layer 1
▪ Cables
• Ethernet
• Fiber optic
▪ Radio frequencies
• Wi-Fi
• Bluetooth
▪ Infrastructure devices
• Hubs
• Wireless Access Points
• Media Converters
• Layer 2 (Data Link)
o Data Link Layer (Layer 2)
▪ Packages data into frames and transmitting those frames on the network,
performing error detection/correction, and uniquely identifying network
devices with an address (MAC), and flow control
• MAC
• Physical addressing
• Logical topology
• Method of Transmission
▪ LLC
• Connection services
• Synchronizing transmissions
o Media Access Control (MAC)
▪ Physical addressing
• Uses 48-bit address assigned to a network interface card (NIC) by
manufacturer
• First 24-bits is the vendor code
• Second 24-bits is a unique value
▪ Logical topology
• Layer 2 devices view networks logically
• Ring, bus, star, mesh, hub-and-spoke, ...
▪ Method of transmission
• Many devices are interconnected

[Link] 14
 CompTIA Network+ (Study Notes)

• Determines whose turn it is to transmit to prevent interference

with other devices
o Logical Link Control (LLC)
▪ Provides connection services
▪ Acknowledgement of receipt of a message
▪ Flow control
• Limits amount of data sender can send at one time to keep
receiver from becoming overwhelmed
▪ Error control
• Allows receiver to let sender know when an expected data frame
wasn’t received or was corrupted by using a checksum
o How is communication synchronized?
▪ Isochronous
• Network devices use a common reference clock source and create
time slots for transmission
• Less overhead than synchronous or asynchronous
▪ Synchronous
• Network devices agree on clocking method to indicate beginning
and end of frames
• Uses control characters or separate timing channel
▪ Asynchronous
• Network devices reference their own
internal clocks and use start/stop bits
o Examples at Layer 2
▪ Network Interface Cards (NIC)
▪ Bridges
▪ Switches
• Layer 3 (Network)
o Network Layer (Layer 3)
▪ Forwards traffic (routing) with logical address
• Example: IP Address (IPv4 or IPv6)
▪ Logical addressing
▪ Switching
▪ Route discovery and selection
▪ Connection services
▪ Bandwidth usage
▪ Multiplexing strategy
o Logical Address
▪ Numerous routed protocols were used for logical addressing over the
years:

[Link] 15
 CompTIA Network+ (Study Notes)

• AppleTalk
• Internetwork Packet Exchange (IPX)
• Internet Protocol (IP)
▪ Only Internet Protocol (IP) remains dominant
• IP v4
• IP v6
o How should data be forwarded or routed?
▪ Packet switching (known as routing)
• Data is divided into packets and forwarded
▪ Circuit switching
• Dedicated communication link is established between two devices
▪ Message switching
• Data is divided into messages, similar to packet switching, except
these messages may be stored then forwarded
o Route Discovery and Selection
▪ Routers maintain a routing table to understand how to forward a packet
based on destination IP address
▪ Manually configured as a static route or dynamically through a routing
protocol
• RIP
• OSPF
• EIGRP
o Connection Services
▪ Layer 3 augment Layer 2 to improve reliability
▪ Flow control
• Prevents sender from sending data faster than receiver can get it
▪ Packet reordering
• Allows packets to be sent over multiple links and across multiple
routes for faster service
o Internet Control Message Protocol (ICMP)
▪ Used to send error messages and operational information about an IP
destination
▪ Not regularly used by end-user applications
▪ Used in troubleshooting (ping and traceroute)
o Examples at Layer 3
▪ Routers
▪ Multilayer switches
▪ IPv4 protocol
▪ IPv6 protocol
▪ Internet Control Message Protocol (ICMP)

[Link] 16
 CompTIA Network+ (Study Notes)

• Layer 4 (Transport)
o Transport Layer (Layer 4)
▪ Dividing line between upper and lower layers of the OSI model
▪ Data is sent as segments
▪ TCP/UDP
▪ Windowing
▪ Buffering
o TCP (Transmission Control Protocol)
▪ Connection-oriented protocol
▪ Reliable transport of segments
• If segment is dropped, protocol detects it and resends segment
▪ Acknowledgements received for successful communications
▪ Used for all network data that needs to be assured to get to its
destination
o UDP (User Datagram Protocol)
▪ Connectionless protocol
▪ Unreliable transport of segments
• If dropped, sender is unaware
▪ No retransmission
▪ Good for audio/video streaming
▪ Lower overhead for increased performance
o TCP vs UDP

o Windowing
▪ Allows the clients to adjust the amount of data sent in each segment
▪ Continually adjusts to send more or less data per segment transmitted

[Link] 17
 CompTIA Network+ (Study Notes)

• Adjusts lower as number of retransmissions occur

• Adjusts upwards as retransmissions are eliminated
o Buffering
▪ Devices, such as routers, allocate memory to store segments if bandwidth
isn’t readily available
▪ When available, it transmits the contents of the buffer
▪ If the buffer overflows, segments will be dropped
o Examples at Layer 4
▪ TCP
▪ UDP
▪ WAN Accelerators
▪ Load Balancers
▪ Firewalls
• Layer 5 (Session)
o Session Layer (Layer 5)
▪ Think of a session as a conversation that must be kept separate from
others to prevent intermingling of the data
▪ Setting up sessions
▪ Maintaining sessions
▪ Tearing down sessions
o Setting up a Session
▪ Check user credentials
▪ Assign numbers to session to identify them
▪ Negotiate services needed for session
▪ Negotiate who begins sending data
o Maintaining a Session
▪ Transfer the data
▪ Reestablish a disconnected session
▪ Acknowledging receipt of data
o Tearing Down a Session
▪ Due to mutual agreement
• After the transfer is done
▪ Due to other party disconnecting
o Examples at Layer 5
▪ H.323
• Used to setup, maintain, and tear down a voice/video connection
▪ NetBIOS
• Used by computers to share files over a network
• Layer 6 (Presentation)
o Presentation Layer (Layer 6)

[Link] 18
 CompTIA Network+ (Study Notes)

▪ Responsible for formatting the data exchanged and securing that data
with proper encryption
▪ Functions
▪ Data formatting
▪ Encryption
o Data Formatting
▪ Formats data for proper compatibility between devices
• ASCII
• GIF
• JPG
▪ Ensures data is readable by receiving system
▪ Provides proper data structures
▪ Negotiates data transfer syntax for the Application Layer (Layer 7)
o Encryption
▪ Used to scramble the data in transit to keep it secure from prying eyes
▪ Provides confidentiality of data
▪ Example:
• TLS to secure data between your PC and website
o Examples at Layer 6
▪ HTML, XML, PHP, JavaScript, …
▪ ASCII, EBCDIC, UNICODE, …
▪ GIF, JPG, TIF, SVG, PNG, …
▪ MPG, MOV, …
▪ TLS, SSL, …
• Layer 7 (Application)
o Application Layer (Layer 7)
▪ Provides application level services
• Not Microsoft Word or Notepad
▪ Layer where the users communicate with the computer
▪ Functions:
• Application services
• Service advertisement
o Application Services
▪ Application services unite communicating components from more than
one network application
▪ Examples:
• File transfers and file sharing
• E-mail
• Remote access
• Network management activities

[Link] 19
 CompTIA Network+ (Study Notes)

• Client/server processes
o Service Advertisement
▪ Some applications send out announcements
▪ States the services they offer on the network
▪ Some centrally register with the Active Directory server instead
▪ Example:
• Printers
• File servers
o Examples at Layer 7
▪ E-mail (POP3, IMAP, SMTP)
▪ Web Browsing (HTTP, HTTPS)
▪ Domain Name Service (DNS)
▪ File Transfer Protocol (FTP, FTPS)
▪ Remote Access (TELNET, SSH)
▪ Simple Network Management Protocol (SNMP)

[Link] 20
 CompTIA Network+ (Study Notes)

TCP/IP Model
• TCP/IP Model
o TCP/IP Model
▪ Also known as TCP/IP stack or the DoD Model
▪ Alternative to the OSI Model
▪ More relevant model for network designers since it’s based on TCP/IP
▪ Only a 4-layer model
o OSI Model to TCP/IP Model

o Network Interface (Layer 1)

▪ Physical and electrical characteristics
▪ Describes how to transmit bits across the network (1’s and 0’s)
▪ Determines how interface uses network medium
▪ Coaxial, Optical fiber, or Twisted-pair copper cabling
▪ Examples:
• Ethernet, Token Ring, FDDI, RS-232
o Internet (Layer 2)
▪ Packages data into IP datagrams
• Contains source and destination IPs
• Forwards datagrams between hosts across the networks
▪ Routes IP datagrams across networks
▪ Connectivity occurs externally
▪ Examples:
• IP, ICMP, ARP, RARP
o Transport (Layer 3)
▪ Provides communication session management between hosts
▪ Defines level of service and status of connection used for transport
▪ Examples:
• TCP
• UDP

[Link] 21
 CompTIA Network+ (Study Notes)

• RTP
o Application (Layer 4)
▪ Defines TCP/IP application protocols
▪ Defines how programs interface with the transport layer service
▪ Layer with which the user interacts
▪ Examples:
• HTTP, TELNET, FTP, SNMP, DNS, SMTP, SSL, TLS, …
• Data Transfer Over Networks
o Ports
▪ Port numbers can be 0 to 65,536
▪ “Well-known” & Reserved Ports
• Ports 0 to 1024
▪ Ephemeral Ports
• Short-lived transport port that is automatically selected from a
predefined range
• Ports 1025 to 65,536
o Data Transfer

o IPv4 Packets
▪ Source Address
• IP of sender
▪ Destination Address
• IP of receiver
▪ IP Flags
• Allows packet fragmentation
▪ Protocol
• Is this packet using TCP or UDP?

[Link] 22
 CompTIA Network+ (Study Notes)

o Overhead of TCP and UDP

• Ports and Protocols

o File Transfer Protocol FTP (Port 20, 21)
▪ Transfers computer files between a client and server on a computer
network
▪ Unsecure method
▪ Data transferred in the clear
o Secure Shell SSH (Port 22)
▪ Cryptographic network protocol for operating network services securely
over an unsecured network
▪ Best known for remote login to computer systems by users
o SSH File Transfer Protocol SFTP (Port 22)
▪ Provides file access, file transfer, and file management over any
reliable data stream
o Telnet (Port 23)
▪ Provides bidirectional interactive text-oriented communication facility
using a virtual terminal connection
▪ Like SSH, but insecure
o Simple Mail Transfer Protocol SMTP (Port 25)
▪ Internet standard for sending electronic mail
▪ RFC 821 was defined originally in 1982
▪ RFC 5321 developed in 2008 (current version)
o Domain Name Service DNS (Port 53)
▪ Hierarchical decentralized naming system for computers, services, or
other resources connected to the Internet or a private network
▪ Converts domain names to IP addresses

[Link] 23
 CompTIA Network+ (Study Notes)

o Dynamic Host Control DHCP (Port 67, 68)

▪ DHCP server dynamically assigns an IP address and other

network configuration parameters to a client
▪ Enables computers to request IP addresses and
networking parameters automatically?
▪ Reduces burden on network administrators

o Trivial File Transfer TFTP (Port 69)

▪ Transmits files in both directions of a client-server application
▪ Used for booting an operating system from a local area network file
server
▪ Doesn’t provide user authentication or directory visibility
▪ Essentially a stripped-down version of FTP
o Hyper Text Transfer HTTP (Port 80)
▪ Foundation of data communication for WWW
▪ Designed for distributed, collaborative, and hypermedia presentation
across many devices
o Post Office Protocol v3 POP3 (Port 110)
▪ Used by local e-mail clients to retrieve e-mail from a remote server over
TCP/IP connection
o Network Time Protocol NTP (Port 123)
▪ Provides clock synchronization between computer systems over packet-
switched, variable-latency data networks
▪ Created in 1985, one of the oldest Internet protocols in current use

[Link] 24
 CompTIA Network+ (Study Notes)

o NetBIOS (Port 139)

▪ Network Basic Input/Output System
▪ Provides services allowing applications on separate computers to
communicate over a local area network for file and printer sharing

o Internet Mail Application IMAP (Port 143)

▪ Provides e-mail clients to retrieve e-mail messages from a mail server
over a TCP/IP connection
▪ Allows the end user to view and manipulate the messages as if they’re
stored locally
o Simple Network Management SNMP (Port 161)
▪ Provides collection and organization of information about managed
devices on IP networks
▪ Can modify that information to change device behavior, commonly used
in network devices

o Lightweight Directory Access LDAP (Port 389)

[Link] 25
 CompTIA Network+ (Study Notes)

▪ Open, vendor-neutral, industry standard for accessing and maintaining

distributed directory information services
▪ LDAP and Active Directory use this port
o HTTP Secure HTTPS (Port 443)
▪ Foundation of ecommerce on WWW
▪ Designed for adding security to the insecure HTTP protocol
o Server Message Block SMB (Port 445)
▪ Provides shared access to files, printers, and miscellaneous
communications between devices on a network

o LDAP Secure LDAPS (Port 636)

▪ Open, vendor-neutral, industry standard for accessing and maintaining
distributed directory information services
▪ LDAP and Active Directory use this port
o Remote Desktop Protocol RDP (Port 3389)
▪ Proprietary protocol developed by Microsoft
▪ Provides a user with a graphical interface to connect to another
computer over a network connection
▪ User employs RDP client software for this purpose and the other
computer must run RDP server software
o Session Initiation Protocol SIP (Port 5060, 5061)
▪ Provides signaling and controlling multimedia communication sessions in
applications
▪ Used for Internet telephony for voice and video calls, VOIP, and instant
messaging

[Link] 26
 CompTIA Network+ (Study Notes)

o Ports to Remember

[Link] 27
 CompTIA Network+ (Study Notes)

Media and Cabling Distribution

• Media (Copper)
o Types of Media
▪ Three categories:
• Copper
• Fiber optic
• Wireless
▪ Each category is divided into subcategories
▪ Each has different specifications and uses
o Coaxial Cable (Coax)
▪ Inner
• Insulated conductor or center wire passes data
▪ Outer
• Braided metal shield used to help shield and protect the data
transmission
• Provides EMI resistance due to shielding

o Coaxial Cables
▪ RG-6
• Commonly used by local cable companies to connect individual
homes
▪ RG-59
• Typically used to carry composite video between two nearby
devices
• Example:
o TV to the cable box
o Coaxial Connectors
▪ BNC
• Termed Bayonet Neill-Concelman or British Naval Connector

[Link] 28
 CompTIA Network+ (Study Notes)

• Was used for 10BASE2 Ethernet networks

▪ F-connector
• Typically used for cable TV and cable modem connections
o Twisted Pair Cables
▪ Most popular physical LAN media type
▪ Eight individually insulated strands of copper wire inside each cable
▪ Each pair twisted together to reduce EMI
• Tighter twists = less EMI
▪ Types:
• Unshielded Twisted Pair (UTP)
• Shielded Twisted Pair (STP)
o Unshielded Twisted Pair (UTP)
▪ Number of twists determines how much EMI can be blocked
• CAT 6 has more twists per inch than CAT 5
▪ UTP is cheaper than STP
▪ Media of choice in most LANs

o Shielded Twisted Pair (STP)

▪ Wires are twisted in pairs and surrounded in a metallic shielding to
minimize EMI
▪ Outer shielding minimizes EMI, but makes STP cost more than UTP
o Twisted Pair Connectors
▪ RJ-45
• 8-pin connector in Ethernet networks
• Most Ethernet use only 4-pins
▪ RJ-11
• 6-pin connector
• Commonly only 2 or 4 pins are used
• Commonly found in telephone systems
▪ DB-9 or DB-25 (RS-232)
• 9-pin or 25-pin D-subminiature
• Used for asynchronous serial communications and connecting to
an external modem

[Link] 29
 CompTIA Network+ (Study Notes)

o Twisted-Pair Cable Throughput

o Straight-Through Patch Cables

▪ Both ends of the cable have matching pin outs
▪ T-568B is the preferred standard for wiring a building if no pre-existing
pattern is used
▪ Data Terminating Equipment (DTE) to Data Communications Equipment
(DCE)
• Computer to switch
• Router to modem
o Crossover Cables
▪ Send and receive pins of the cable are swapped in the end pin outs
▪ Use to connect a workstation to a workstation
▪ Used to connect a switch to a switch
• Not required if switch support MDIX
o Pinouts (568A/568B)
▪ TIA/EIA-568A and TIA/EIA-568B are standard
▪ Orange and Green pairs swap
o Plenum and Non-Plenum Cable
▪ Plenum Cable
• Special UTP/STP cable that has a fire-retardant outer insulator
o Minimizes dangerous fumes if cable on fire
o Safe for use in ceilings, walls, and raised floors
▪ Non-plenum Cable
• Also known as PVC
• Normal UTP/STP rated cable

[Link] 30
 CompTIA Network+ (Study Notes)

• Cannot be used in raised floors, ceilings, or walls

• Media (Fiber)
o Fiber Optic Cables
▪ Uses light from an LED or laser to transmit information through a glass
fiber
• Immune to EMI
• Uses light instead of electricity
▪ Benefits:
• Greater range (many miles)
• Greater data-carrying capacity (measured in Tbps)
▪ Types:
• Multimode Fiber (MMF)
• Single-mode Fiber (SMF)
o Multimode Fiber (MMF)
▪ Shorter distances than single-mode fiber
▪ Larger core size allows for multiple modes of travel for the light signal
▪ Core size: 62.5 microns
▪ Common uses:
• Routers to switches
• Switches to switches
• Servers to switches
o Single-Mode Fiber (SMF)
▪ Longer distances than multimode fiber
▪ Smaller core size allows for only a single mode of travel for the light
signal
▪ Core size: 10 microns
▪ Common uses:
• Routers to switches
• Switches to switches

[Link] 31
 CompTIA Network+ (Study Notes)

o Fiber Optic Connectors

o Specialized SC Connectors

[Link] 32
 CompTIA Network+ (Study Notes)

• Transceivers
o Copper vs Fiber Optic Cables
▪ Fiber-Optic Advantages
• Higher bandwidth
• Longer distances
• Immune to EMI
• Better security
▪ Copper Advantages
• Less expensive
• Easy to install
• Inexpensive tools
o Media Converters
▪ Convert media from one format to another
▪ Layer 1 device
• Physical conversion of signal only
▪ Examples:
• Ethernet to Fiber Optic
• Fiber Optic to Ethernet
• Coaxial to Fiber
• Fiber to Coaxial
o Transceivers
▪ Device that sends and receives data
▪ Bidirectional
• Devices take turns communicating
• Known as half-duplex
▪ Duplex
• Devices can both communicate at the same time (full duplex)
▪ GBIC
• Standard, hot-pluggable gigabit Ethernet transceiver (copper or
fiber)
▪ Small Form-factor Pluggable
(SFP)
• Compact, hot-pluggable optical module transceiver
• Support up to 4.25 Gbps
• Known as Mini-GBIC
▪ SFP+
• Enhanced SFP
• Support up to 16 Gbps
▪ Quad Small Form-factor Pluggable (QSFP)
• Compact, hot-pluggable optical module transceiver

[Link] 33
 CompTIA Network+ (Study Notes)

• Supports up to 100 Gbps

• Cable Distribution
o Cable Distribution System
▪ Use an organized system that is hierarchical
▪ Components
• Entrance facilities
• MDF
• Cross-connect facilities
• IDF
• Backbone wiring
• Telecommunications closet
• Horizontal wiring
• Patch Panels
• Work area
o Punch Down Blocks
▪ 66 block
• Used for phones and older LAN wiring
• Causes crosstalk due to proximity of cables
• Bad choice for higher-speed LAN wiring
o Do not use for CAT 5 or above
▪ 110 block
• Used for higher-speed network wiring
o Required for CAT 5or above cabling
o Patch Panels (Copper)
▪ Device with jacks to connect wiring from the jack to a network switch in a
flexible manner
▪ Back has punch downs like a 110 block to connect wiring to wall jacks in
building
▪ Front has RJ-45 jacks
o Patch Panels (Fiber)
▪ Connect fiber jacks throughout building to a single patch panel in
network closet
▪ Front uses patch cables to connect to different wall jacks and switch
ports

[Link] 34
 CompTIA Network+ (Study Notes)

o Example of Cable Distribution

[Link] 35
 CompTIA Network+ (Study Notes)

Ethernet Fundamentals
• Ethernet Fundamentals
o Ethernet Fundamentals
▪ In early computer networks, there were many different network
technologies competing for a portion of the market share
▪ Ethernet, Token Ring, Fiber Distributed Data Interface (FDDI), and others
fought for dominance
▪ Currently, Ethernet is dominant for Layer 1
▪ Due to Ethernet’s popularity, it is important to understand the
fundamentals of Ethernet
o Origins of Ethernet
▪ Was first run over coax cables (10Base5, 10Base2)
▪ Ethernet has changed to using twisted pair cables
▪ 10BASE-T is Unshielded Twisted Pair
• Maximum speed: 10 Mbps
• Maximum distance: 100 meters
o How should devices access the network?
▪ Deterministic
• Very organized and orderly
• Need an electronic token to transmit
• For example, Token Ring networks
▪ Contention-based
• Very chaotic
• Transmit (almost) whenever you want
• For example, Ethernet networks
o Carrier Sense Multiple Access/ Collision Detect (CSMA/CD)
▪ Ethernet devices transmit based on a principle called carrier sense
multiple access/collision detect (CSMA/CD)
▪ Carrier sense
• Listen to the wire, verify it is not busy
▪ Multiple access
• All devices have access at any time
▪ Collision detect
• If two devices transmit at the same time, a collision occurs
• Back off, wait a random time, and try again

[Link] 36
 CompTIA Network+ (Study Notes)

o Example of CSMA/CD

o Collision Domains
▪ Comprised of all devices on a shared Ethernet segment (everything on
same cable or hub)
▪ Devices operate at half-duplex when connected to a hub (Layer 1 device)
▪ Devices must listen before they transmit to avoid collisions when
operating as CSMA/CD
o Collision Domains with Switches
▪ Ethernet switches increase scalability of the network by creating multiple
collision domains
▪ Each port on a switch is a collision domain, no chance of collisions, and
increases speed
▪ Switches can operate in full-duplex mode

[Link] 37
 CompTIA Network+ (Study Notes)

o Speed Limitations

▪ Bandwidth is the measure of how many bits the network can transmit in
1-second (bps)
▪ Type of cable determines the bandwidth capacity of the network
o Distance Limitations

** Not an exhaustive list of cable types **

▪ Type of cable determines the distance limitation of the network
• Network Infrastructure Devices
o Network Infrastructure
▪ Primary devices used in our networks

▪ Devices they evolved from

[Link] 38
 CompTIA Network+ (Study Notes)

o Hub
▪ Layer 1 device used to connect multiple network devices/workstations
▪ Known as multiport repeaters
▪ Three basic types of Ethernet hubs:
• Passive hub
o Repeats signal with no amplification
• Active hub
o Repeats signal with amplification
• Smart hub
o Active hub with enhanced features like SNMP
o Collision Domains
▪ Hubs (layer 1) were used to connect multiple network segments together
▪ Each LAN segment becomes a separate collision domain

o Bridges
▪ Bridges analyze source MAC addresses in frames entering the bridge and
populate an internal MAC address table
▪ Make intelligent forwarding decisions based on destination MAC address
in the frames

[Link] 39
 CompTIA Network+ (Study Notes)

o Switch
▪ Layer 2 device used to connect multiple network segments together
▪ Essentially a multiport bridge
▪ Switches learn MAC addresses and make forwarding decisions based on
them
▪ Switches analyze source MAC addresses in frames entering the switch
and populate an internal MAC address table based on them
o Layer 2 Switch
▪ Each port on a switch represents an individual collision domain
▪ All ports belong to the same broadcast domain

[Link] 40
 CompTIA Network+ (Study Notes)

o How Switches Improve Network Performance

[Link] 41
 CompTIA Network+ (Study Notes)

o Router
▪ Layer 3 device used to connect multiple networks together
▪ Make forwarding decisions based on logical network address information
• Such as using IP addresses (IPv4 or IPv6)

[Link] 42
 CompTIA Network+ (Study Notes)

▪ Routers are typically more feature rich and support a broader range of
interface types than multilayer switches
▪ Each port is a separate collision domain
▪ Each port is a separate broadcast domain

o Layer 3 Switch
▪ Layer 3 device used to connect multiple network segments together
▪ Can make Layer 3 routing decisions and interconnect entire networks
(like a router), not just network segments (like a switch)

o Summary of Network Infrastructure

[Link] 43
 CompTIA Network+ (Study Notes)

• Additional Ethernet Features

o Additional Ethernet Switch Features
▪ Features to enhance network performance, redundancy, security,
management, flexibility, and scalability
▪ Common switch features
▪ Virtual LANs (VLANs)
▪ Trunking
▪ Spanning Tree Protocol (STP)
▪ Link aggregation
▪ Power over Ethernet
▪ Port monitoring
▪ User authentication
o Link Aggregation (802.3ad)
▪ Congestion can occur when ports all operate at the same speed

▪ Allows for combination of multiple physical connections into a single

logical connection
▪ Bandwidth available is increased and the congestion is minimized or
prevented

o Power Over Ethernet (PoE 802.3af, PoE+ 802.3at)

▪ Supplies electrical power over Ethernet
• Requires CAT 5 or higher copper cable
• Provides up to 15.4 watts of power to device
• PoE+ provides up to 25.5 W of power to device
▪ Two device types

[Link] 44
 CompTIA Network+ (Study Notes)

• Power Sourcing Equipment (PSE)

• Powered Device (PD)

o Port Monitoring or Mirroring

▪ Helpful to analyze packet flow over network
• Connect a network sniffer to a hub and it sees all
• But, switches require port monitoring for network analyzer to see
all the traffic
▪ Port mirroring makes a copy of all traffic destined for a port and sends it
to another port

o User Authentication (802.1x)

▪ For security purposes, switches can require users to authenticate
themselves before gaining access to the network
▪ Once authenticated, a key is generated and shared between the
supplicant (device wanting access) and the switch (authenticator)

▪ Authentication server checks the supplicant’s credentials and creates the

key
▪ Key is used to encrypt the traffic coming from and being sent to the client

[Link] 45
 CompTIA Network+ (Study Notes)

o Management Access and Authentication

▪ To configure and manage switches, you can use two options:
• SSH
o Remote administration program that allows you to
connect to the switch over the network
• Console port
o Allows for local administration of the switch using a
separate laptop and a rollover cable (DB-9 to RJ-45)
▪ Out-of-band (OOB) management involves keeping all network
configuration devices on a separate network

[Link] 46
 CompTIA Network+ (Study Notes)

o First-Hop Redundancy
▪ Hot Standby Router Protocol (HSRP) uses virtual IP and MAC addresses to
provide a “active router” and a “standby router”
• HSRP is a Cisco-proprietary protocol
• If Active is offline, then standby answers
o Other First-Hop Redundancy Protocols
▪ Gateway Load Balancing Protocol (GLBP)
• Cisco-proprietary protocol
▪ Virtual Router Redundancy Protocol (VRRP)
• Open-source protocol
▪ Common Address Redundancy Protocol (CARP)
• Open-source protocol
o MAC Filtering
▪ Permits or denies traffic based on a device’s MAC address to improve
security

o Traffic Filtering
▪ Multilayer switches may permit or deny traffic based on IP addresses or
application ports

[Link] 47
 CompTIA Network+ (Study Notes)

o Quality of Service (QoS)

• Spanning Tree Protocol (STP)

o Spanning Tree Protocol (STP) (802.1D)
▪ Permits redundant links between switches and prevents looping of
network traffic
▪ Availability is measured in 9’s
• Five 9’s is 99.999% uptime
• Only 5 minutes down per year allowed
▪ Shortest Path Bridging (SPB) is used instead of STP for larger network
environments

o Without STP…
▪ MAC Address table corruption can occur

o Broadcast Storms
▪ If broadcast frame received by both switches, they can forward frame to
each other

[Link] 48
 CompTIA Network+ (Study Notes)

▪ Multiple copies of frame are forwarded, replicated, and forwarded again

until the network is consumed with forwarding many copies of the same
initial frame

o Root and Nonroot Bridges

▪ Root bridge
• Switch elected to act as a reference point for a spanning tree
• Switch with the lowest bridge ID (BID) is elected as the root bridge
• BID is made up of a priority value and a MAC address (with the
lowest value considered root)
▪ Nonroot bridge
• All other switches in an STP topology
▪ MAC Address table corruption can occur

o Root, Designated, and Non-Designated Ports

▪ Root Port
• Every non-root bridge has a single root port
• Port closest to the root bridge in terms of cost
• If costs are equal, lowest port number is chosen

▪ Designated Port
• Every network segment has a designated port
• Port closest to the root bridge in terms of cost

[Link] 49
 CompTIA Network+ (Study Notes)

• All ports on root bridge are designated ports

▪ Non-Designated Port
• Ports that block traffic to create loop-free topology
o Root and Nonroot Bridges
▪ Single root port on non-root bridge
▪ All other ports on non-root bridge are non-designated
▪ All ports on root bridge are designated

o Port States
▪ Non-designated ports do not forward traffic during normal operation, but
do receive bridge protocol data units (BPDUs)
▪ If a link in the topology goes down, the
non-designated port detects the failure and determines whether it needs
to transition to a forwarding state
▪ To get to the forwarding state, though, it has to transition through four
states
▪ Blocking
• BPDUs are received but they are not forwarded
• Used at beginning and on redundant links
▪ Listening
• Populates MAC address table
• Does not forward frames
▪ Learning
• Processes BPDUs
• Switch determines its role in the spanning tree
▪ Forwarding
• Forwards frames for operations
▪ Root and Non-designated port are blocking
▪ Designated ports are forwarding

[Link] 50
 CompTIA Network+ (Study Notes)

o Link Costs
▪ Associated with the speed of a link
▪ Lower the link’s speed, the higher the cost

▪ Long STP is being adopted due to higher link speeds over 10 Gbps
▪ Values range from 2,000,000 for 10-Mbps Ethernet to as little as 2 for 10
Tbps

• Virtual LAN (VLAN)

o Virtual Local Area Network (VLAN)
▪ Switch ports are in a single broadcast domain
▪ Allow you to break out certain ports to be in different broadcast domains
▪ Before VLANs, you had to use routers to separate departments,
functions, or subnets
▪ Allow different logical networks to share the same physical hardware
▪ Provides added security and efficiency
o Before VLANs
▪ Different switches were required for each LAN for separation

[Link] 51
 CompTIA Network+ (Study Notes)

o Using VLANs
▪ Same switches but switch ports can be in different VLANs
o VLAN Trunking (802.1q)
▪ Multiple VLANs transmitted over the same physical cable
▪ VLANs are each tagged with 4-byte identifier
• Tag Protocol Identifier (TPI)
• Tag Control Identifier (TCI)
▪ One VLAN is left untagged
• Called the Native VLAN
• Specialized Network Devices
o Specialized Network Devices
▪ Many other types of network devices besides routers, switches, servers,
and workstations
▪ Others devices serve specific functions to improve usability, performance,
and security
▪ Devices include
• VPN concentrators
• Firewalls
• DNS servers
• DHCP servers
• Proxy servers
• Content engines and switches
o VPN Concentrator
▪ Virtual private network (VPN) creates a secure, virtual tunnel network
over an untrusted network, like the Internet
▪ One of the devices that can terminate VPN tunnels is a VPN concentrator,
although firewalls can also perform this function
o Firewalls
▪ Network security appliance at your boundary
▪ Firewalls can be software or hardware
▪ Stateful firewalls
• Allows traffic that originates from inside the network and go out
to the Internet
• Blocks traffic originated from the Internet from getting into the
network

[Link] 52
 CompTIA Network+ (Study Notes)

o Next-Generation Firewall (NGFW)

▪ Conducts deep packet inspection at Layer 7
▪ Detects and prevents attacks
▪ Much more powerful than basic stateless or stateful firewalls
▪ Continually connects to cloud resources for latest information on threats
o Intrusion Detection or Prevention System (IDS/IPS)
▪ IDS recognizes attacks through signatures and anomalies
▪ IPS recognizes and responds
▪ Host or network-based devices

o Domain Name System (DNS)

▪ Converts domain names to IP addresses
▪ Similar to the contact list on your phone
• You rarely dial your friends’ phone numbers
• Instead you just click their name to call them

[Link] 53
 CompTIA Network+ (Study Notes)

o Fully-Qualified Domain Name (FQDN)

▪ Domain name under a Top-Level Domain and represents a web, mail, or
file server

o Uniform Resource Locator (URL)

▪ Contains the FQDN with method of accessing information
([Link]
o DNS Record Types

o Dynamic Host Configuration Protocol (DHCP)

▪ Initially, clients on networks needed IP addresses manually configured (or
statically assigned) to communicate
• Can lead to configuration errors
• Can become a hassle for large networks

[Link] 54
 CompTIA Network+ (Study Notes)

▪ Automates process so the majority of devices on a network automatically

receive
• IP address
• Subnet mask
• Default gateway
• DNS server addresses

o Proxy Server
▪ Device that makes a request to external network on behalf of a client
▪ Used for security to perform content filtering and logging
▪ Workstation clients are configured to forward their packets to a proxy
server

o Content Engine
▪ Dedicated appliances that perform the caching functions of a proxy
server
▪ Are more efficient than a proxy server
▪ Also called Caching Engines

[Link] 55
 CompTIA Network+ (Study Notes)

o Content Switches
▪ Distributes incoming requests across the various servers in the server
farm
▪ Also known as Load Balancers

[Link] 56
 CompTIA Network+ (Study Notes)

Virtualization and Cloud Computing

• Virtual Network Devices
o Virtual Network Devices
▪ Major shift in the way data centers are designed, fielded, and operated
▪ Virtualization is everywhere
• Virtual Servers
• Virtual Routers
• Virtual Firewalls
• Virtual Switches
• Virtual Desktops
• Software-Defined Networking
• VoIP
• Cloud Computing
o Virtual Servers
▪ Multiple virtual instances exist on a single physical server
▪ Multiple Windows and Linux servers running simultaneously
▪ Considerable cost savings for an IT budget
▪ Allows for consolidation of physical servers
▪ Multiple NICs increase bandwidth available
o Hypervisor
▪ Specialized software that enables virtualization to occur
▪ Hypervisor is the software that emulates the physical hardware
▪ Also called a Virtual Machine Monitor (VMM)
▪ Examples
• VMWare ESXi
• Microsoft Hyper-V
• Virtual Box
• VMWare Workstation

o Virtualized Storage Solutions

▪ Network Attached Storage (NAS)
• Disk storage is delivered as a service over TCP/IP
▪ Storage Area Network (SAN)
• Specialized LAN designed for data transfer/storage
• Transfers data at block level with special protocol
• Fibre Channel (FC)
o Special purpose hardware providing 1-16 Gbps

[Link] 57
 CompTIA Network+ (Study Notes)

• Fibre Channel over Ethernet (FCoE)

o Removes need for specialized hardware
o Runs over your Ethernet networks
• iSCSI (IP Small Computer System Interface)
o Lower cost, built using Ethernet switches (<10 Gbps)
o Relies on configuration allowing jumbo frames over the
network
o Infiniband (Virtualized Storage)
▪ Switched fabric topology for high-performance computing
▪ Very high throughput (>600 Gbps) with very low latency (0.5 µsec)
▪ Direct or switched connection between servers and storage systems
o Virtual Firewalls and Routers
▪ To fully virtualize your network, you will need a firewall and router
▪ Manufacturer’s offer virtualized versions of their most popular devices
▪ Virtualized routers and firewalls provide the same features as their
physical counterparts
o Virtual Switches
▪ Overcomes the problem of all virtual servers being on one broadcast
domain
▪ Layer 2 control provides VLANs and trunking
▪ Provides Quality of Service and security

o Virtual Desktops
▪ User’s desktop computer is run in browser
▪ Used from web, laptop, tablet, or phone
▪ Easier to secure and upgrade for the admins

[Link] 58
 CompTIA Network+ (Study Notes)

o Software-Defined Networking (SDN)

▪ Provides the administrator with an easy-to-use front end to configure
physical and virtual devices throughout the network
▪ All the configurations are automatically done
▪ Provides administrator and overview of the entire network

• Voice over IP (VoIP)

o Voice over IP (VoIP)
▪ Digitizes voice traffic so that it can be treated like other data on the
network
▪ Uses the SIP (Session Initiation Protocol) to setup, maintain, and tear
down calls
▪ VoIP can save a company money and provide enhanced services over a
traditional PBX solution
o VoIP Topology
▪ User’s desktop computer is run in browser

[Link] 59
 CompTIA Network+ (Study Notes)

o Virtual Private Branch Exchange (PBX) and VoIP

▪ Ability to outsource your telephone system
▪ Utilizes VoIP to send all data to provider, then provider connects it to
telephone system
• Cloud Computing
o Cloud Computing
▪ Private Cloud
• Systems and users only have access with other devices inside the
same private cloud or system
▪ Public Cloud
• Systems and users interact with devices on public networks, such
as the Internet and other clouds
▪ Hybrid Cloud
• Combination of private and public
o 4 Models of Cloud Computing
▪ Network as a Service (NaaS)
▪ Infrastructure as a Service (Iass)
▪ Software as a Service (SaaS)
▪ Platform as a Service (PaaS)
o Network as a Service (NaaS)
▪ Allows outsourcing of the of a network to a service provider
▪ Hosted off-site at the service provider’s data center and the customer is
billed for usage
▪ Charged by hours, processing power, or bandwidth used like utility
services
▪ Amazon’s VPC or Route 53 offerings

[Link] 60
 CompTIA Network+ (Study Notes)

o Infrastructure as a Service (IaaS)

▪ Allows outsourcing of the infrastructure of the servers or desktops to a
service provider
▪ Hosted off-site at the service provider’s data center and the customer is
billed for usage
▪ Charged by hours, processing power, or bandwidth used like utility
services
▪ Examples
• Amazon Web Services (AWS)
• Microsoft’s Azure
o Software as a Service (SaaS)
▪ User interacts with a web-based application
▪ Details of how it works are hidden from users
▪ Examples:
• Google Docs
• Office 365
o Platform as a Service (PaaS)
▪ Provides a development platform for companies that are developing
applications without the need for infrastructure
▪ Dion Training uses PaaS for our courses
▪ Examples:
▪ Pivotal
• OpenShift
• Apprenda

[Link] 61
 CompTIA Network+ (Study Notes)

Wireless Networks
• Wireless Networking (WLAN)
o Wireless Networks (WLANs)
▪ Allows users to roam within a coverage area
▪ Popularity has increased exponentially
▪ Convenient to use and expand network access throughout a room, floor,
or building
▪ IEEE 802.11 is the most common type
▪ Other wireless options exist (used for PAN)
• Bluetooth
• Infrared (IR)
• Near-Field Communications (NFC)
• Ant+
• Z-Wave
o Ad Hoc
▪ Wireless devices communicate
directly with each other
without the need for a
centralized access point
▪ Peer-to-Peer connections

o Infrastructure
▪ Wireless devices communicate
with other wireless or wired
devices through a wireless
router or access point
▪ Traditional WiFi in Home and
Office networks

o Wireless Access Point (AP or WAP)

▪ Expands wired LAN into the wireless domain
• Does not interconnect two networks (not a router)
• Functions as a hub
▪ Connects wired LAN and wireless devices into the same subnet
▪ All clients on an access point are on a single collision domain
o Wireless Router
▪ Gateway device and base station for wireless devices to communicate
with each other and connect to the Internet
▪ Often combines many features into one device:

[Link] 62
 CompTIA Network+ (Study Notes)

• Wireless Access Point (WAP or AP)

• Router
• Switch
• Firewall
• Fiber, Cable, or DSL modem
• WLAN Service Sets
o Independent Basic Service Set (IBSS)

o Basic Service Set (BSS)

o Extended Service Set (ESS)

[Link] 63
 CompTIA Network+ (Study Notes)

o Mesh Topology
▪ May not use a centralized control
▪ Range of combined wireless defines network
▪ Uses WiFi, Microwave, Cellular, and more

o AP Placement
▪ Careful planning is required to
prevent the APs from interfering
with one another and still
maintaining the desired
coverage area in ESS
▪ Coverage should overlap
between APs to allow
uninterrupted roaming from one
cell to another but can’t use
overlapping frequencies

[Link] 64
 CompTIA Network+ (Study Notes)

o AP Placement (2.4 Ghz)

▪ Non-overlapping coverage cells
for 2.4 GHz band should have
10% to 15% coverage overlap in
coverage area

o AP Placement (5 Ghz)
▪ Identical channels should be separated by at least two cells instead of
one

o Site Surveys
▪ Wireless survey to determine coverage areas
▪ Produces a heat map with coverage

o Wireless Range Extenders

▪ Specialized device that overcomes distance limitations of wireless
networks
▪ Amplifies the signal and extends reachability or a wireless cell
▪ Wireless repeater receives signal on one antenna and repeats it on other
• Wireless Antennas
o Antennas

[Link] 65
 CompTIA Network+ (Study Notes)

▪Coverage areas vary based on the type used

▪Most SOHO wireless APs have fixed antennas
▪Enterprise-class APs support different types
▪Factors in antenna effectiveness
• Distance
• Pattern of Wireless Coverage
• Environment (indoor/outdoor)
• Avoiding Interference with other APs
o Omnidirectional Antenna

o Unidirectional Antenna

• Wireless Frequencies
o Spread Spectrum Wireless Transmissions
▪ Direct-Sequence Spread Spectrum (DSSS)
▪ Frequency-Hopping Spread Spectrum (FHSS)
▪ Orthogonal Frequency-Division Multiplexing (OFDM)
▪ Only DSS and OFDM are commonly utilized in today’s WLANs
o Direct-Sequence Spread Spectrum (DSSS)

[Link] 66
 CompTIA Network+ (Study Notes)

▪ Modulates data over an entire range of frequencies using a series of

signals known as chips
▪ More susceptible to environmental interference
▪ Uses entire frequency spectrum to transmit

o Frequency-Hopping Spread Spectrum (FHSS)

▪ Devices hop between predetermined frequencies
▪ Increases security as hops occur based on a common timer
o Orthogonal Frequency Division Multiplexing (OFDM)
▪ Uses slow modulation rate with simultaneous transmission of data over
52 data streams
▪ Allows for higher data rates while resisting interference between data
streams

o Frequencies and Channels

▪ IEEE 802.11 standards are differentiated by their characteristics, such as
frequency range used:
• 2.4 GHz band
o 2.4 GHz to 2.5 GHz range
• 5 GHz band
o 5.75 GHz to 5.875 GHz range
▪ Each band has specific frequencies (or channels) to avoid overlapping
other signals
▪ Channels 1, 6, and 11 will avoid overlapping frequencies in 2.4 GHz band

[Link] 67
 CompTIA Network+ (Study Notes)

o 802.11 Wireless Standards

o Radio Frequency Interference (RFI)

▪ Caused by using similar frequencies to WLAN
▪ Common sources of interference:
• Other wifi devices (overlapping channels)
• Cordless phones and baby monitors (2.4 GHz)
• Microwave ovens (2.4 Ghz)
• Wireless security systems (2.4 GHz)
• Physical obstacles (Walls, appliances, cabinets)
• Signal strength (Configurable on some devices)
o Carrier Sense Multiple Access/Collision Avoidance
▪ WLAN uses CSMA/CA to control access to medium, where wires Ethernet
uses CSMA/CD
▪ Listens for transmission to determine if safe to transmit
• If channel is clear, transmits Request to Send (RTS)
• Device waits for acknowledgment
• If received an RTS, responds with Clear to Send (CTS)
• If not received, device starts random back off timer
• Wireless Security
o Wireless Security
▪ Wireless networks offer convenience, but also many security risks
▪ Encryption of data transferred is paramount to increasing security
o Pre-Shared Key
▪ Both AP and client uses same encryption key
▪ Problems:
• Scalability is difficult if key is compromised
• All clients must know the same password
o Wired Equivalent Privacy
▪ Original 802.11 wireless security standard

[Link] 68
 CompTIA Network+ (Study Notes)

• Claimed to be as secure as wired networks

▪ Static 40-bit pre-shared encryption key
• Upgraded to 64-bit and 128-bit key over time
▪ Uses 24-bit Initialization Vector (IV)
• Sent in clear text
▪ Brute Force Attack within minutes using AirCrack-ng and other tools
o Wi-Fi Protected Access (WPA)
▪ Replaced WEP and its weaknesses
▪ Temporal Key Integrity Protocol (TKIP)
• 48-bit Initialization Vector (IV) instead of 24-bit IV
• Rivest Cipher 4 (RC4) used for encryption
▪ Uses Message Integrity Check (MIC)
• Confirms data was not modified in transit
▪ Enterprise Mode WPA
• Users can be required to authenticate before exchanging keys
• Keys between client and AP are temporary
o Wi-Fi Protected Access 2 (WPA2)
▪ Created as part of IEEE 802.11i standard
• Requires stronger encryption and integrity checks
• Integrity checking through CCMP
o Counter Mode with Cipher Block Chaining Message
Authentication Code Protocol
▪ Uses Advanced Encryption Standard (AES)
• 128-bit key or above
▪ Supports two modes
• Personal mode with pre-shared keys
• Enterprise mode with centralized authentication
o WiFi Exam Tips

[Link] 69
 CompTIA Network+ (Study Notes)

o WEP and WPA/WPA2 Security Cracking

▪ Utilities can capture wireless packets and run mathematical algorithms to
determine the pre-shared key
o Network Authentication 802.1x
▪ Each wireless user authenticates with their own credentials
▪ Used also in wired networks
o Extensible Authentication Protocol (EAP)
▪ Authentication performed using 802.1x
▪ EAP-FAST
• Flexible Authentication via Secure Tunneling
▪ EAP-MD5
▪ EAP-TLS

o MAC Address Filtering

▪ Configures an AP with a listing of permitted MAC addresses (like an ACL)
▪ Problems:
• Knowledgeable users can falsify their MAC easily using freely
available tools
• Examples:
o MAC Address Changer (Windows)
o MacDaddyX (OSX)
o Macchanger (Linux)
o Network Admission Control (NAC)
▪ Permits or denies access to the network based on characteristics of the
device instead of checking user credentials
▪ Conducts a posture assessment of client
• Checks the OS and antivirus version of client
o Captive Portals
▪ Web page that appears before the user is able to access the network
resources
▪ Webpage accepts the credentials of the user and presents them to the
authentication server

[Link] 70
 CompTIA Network+ (Study Notes)

o Geofencing
▪ GPS or RFID defines real-world boundaries
▪ Barriers can be active or passive
▪ Device can send alerts if it leaves area
▪ Network authentication can use it to determine access
o Disable SSID Broadcast
▪ Configures an AP to not broadcast the name of the wireless LAN
▪ Problem:
• Knowledgeable users can still easily find the SSID using wireless
sniffing tools
o Rogue Access Point
▪ Malicious users set up an AP to lure legitimate users to connect to the AP
▪ Malicious users can then capture all the packets (data) going through the
rogue access point

o Unsecured Wireless Networks

▪ War Driving
• Occurs when users perform reconnaissance looking for unsecured
wireless networks
▪ War Chalking
• Occurs when users write symbols on a wall to notify others of AP
characteristics

[Link] 71
 CompTIA Network+ (Study Notes)

IP Addressing
• IPv4 Addressing
o Internet Protocol Version 4 (IPv4) Addressing
▪ Written in dotted-decimal notation
• [Link]
• [Link]
▪ Each IPv4 address is divided into 4 separate numbers and divided by dots
▪ Each of these division are call octets due to having 8 bits assigned
▪ 32-bits in length

o IPv4 Addressing
▪ IPv4 address is divided into network and host portions
▪ Subnet mask defines the network portion
• Network portion if a binary 1
• Host portion if binary 0

o Classes of IP Addresses
▪ Default subnet mask assigned by first octet
• Classful Masks if using default subnet mask
▪ Defines the Class of IP Address

Notice that 127 is skipped between Class A and Class B. It is a reserved block for the loopback address ([Link])
o Routable IPs
▪ Publicly routable IP addresses are globally managed by ICANN
• Internet Corporation for Assigned Names and Numbers
o ARIN, LACNIC, AFNIC, APNIC, and RIPE NCC
▪ Public IP’s must be purchased before use through your Internet Service
Provider

[Link] 72
 CompTIA Network+ (Study Notes)

o Private IPs
▪ Private IP’s can be used by anyone
▪ Not routable outside your local area network
▪ Network Address Translation (NAT) allows for routing of private IPs
through a public IP

o Specialized IPs
▪ Loopback addresses (127.x.x.x range)
• Refers to the device itself and used for testing
• Most commonly used as [Link]
▪ Automatic Private IP Addresses (APIPA)
• Dynamically assigned by OS when DHCP server is unavailable and
address not assigned manually
• Range of 169.254.x.x

Special address ranges never assigned by an administrator or DHCP server

o Identifying Network and Hosts in IPv4

• IPv4 Data Flows

o Data Flows
▪ Unicast
• Data travels from a single source device to a single destination
device

[Link] 73
 CompTIA Network+ (Study Notes)

▪ Multicast
• Data travels from a single source device to multiple (but specific)
destination devices

▪ Broadcast
• Data travels from a single source device to all devices on a
destination network

• Assigning IP Addresses
o Assigning IP Addresses
▪ Static
• Simple
• Time-consuming
• Prone to human errors
• Impractical for large networks
▪ Dynamic
• Quicker
• Easier

[Link] 74
 CompTIA Network+ (Study Notes)

• Less confusing
• Simplistic for large networks
o Components of an IP Address
▪ Information assigned from static or dynamic
• IP Address
• Subnet Mask
• Default Gateway
• Server addresses
o DNS
▪ Converts domain names to IP address
o WINS (optional)
▪ Converts NetBIOS computer name into an IP
address
o Dynamic Host Control Protocol (DHCP)
Configuration
▪ Based on the older Bootstrap Protocol
(BOOTP for short)
• Required static database of IP
and MAC to assign
▪ DHCP service assigns an IP from an
assignable pool (scope)
▪ IP Address Management is a piece of
software used to manage the IP’s
being assigned
o Dynamic Host Control Protocol (DHCP)
▪ Provides clients with
• IP
• Subnet mask
• Default gateway
• DNS server
• WINS server
• Other variables needed for VoIP
▪ Each IP is leased for a given amount of time and given back to the pool
when lease expires (TTL)

[Link] 75
 CompTIA Network+ (Study Notes)

o Automatic Private IP Address (APIPA)

▪ Used when device does not have a
static IP address and cannot reach a
DHCP server
▪ Allows a network device to self-assign
an IP address from the [Link]/16
network
▪ Designed to allow quick configuration of
a LAN without need for DHCP
▪ Non-routable but allows for network
connectivity inside the local subnet
o Zero Configuration (Zeroconf)
▪ Newer technology based on APIPA providing:
• Assigning link-local IP addresses
o Non-routable IP usable only on local subnet
• Resolving computer names to IP addresses without the need for
DNS server on local network
o mDNS - Multicast Domain Name Server
• Locating network services
o Provides service discovery protocols
▪ Service Location Protocol (SLP)
▪ Microsoft’s Simple Service Discovery Protocol
(SSDP)
▪ Apple’s DNS-based Service Discovery (DNS-SD)
• Computer Mathematics
o Computer Mathematics
▪ Humans count using Base-10 numbers
• Decimals
• 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, …
▪ Computers and networks do not understand decimal numbers natively
▪ Process numbers using Base-2 numbers
• Binary
• 0, 1, 10, 11, …
o Converting Binary to Decimal
▪ Use table to convert from binary to decimal
▪ Each number is a factor of 2
▪ Starting from the right and go to the left

[Link] 76
 CompTIA Network+ (Study Notes)

▪ Populate the table with the binary digits

▪ Add up any columns that contain a 1

o Converting Decimal to Binary

▪ Use subtraction to convert decimal to binary

Convert 167 into decimal

(Check Your Answer by Adding It Back Up)

128 + 32 + 4 + 2 + 1 = 167
• Computer Mathematics Practice
o Computer Mathematics Practice
▪ You must be able to convert:
▪ Binary Decimal
Decimal Binary
o Converting Binary to Decimal

[Link] 77
 CompTIA Network+ (Study Notes)

o Converting Decimal to Binary

[Link] 78
 CompTIA Network+ (Study Notes)

• Subnetting
o Subnetting
▪ Default classful subnet masks are rarely the optimal choice for a subnet
size
▪ Subnets can be modified using subnet masks to create networks that are
better scoped
▪ Creating a subnet involves borrowing bits from the original host portion
and adding them to the network portion

o Purpose of Subnets
▪ More efficient use of IP addresses than classful default
▪ Enables separation of networks for security
▪ Enables bandwidth control

[Link] 79
 CompTIA Network+ (Study Notes)

o Subnet Masks

Classful subnets for Class A, B, and C in red

o Subnetting Formulas

o Classful vs Subnetted Networks

[Link] 80
 CompTIA Network+ (Study Notes)

o Calculating Number of Subnets

o Calculating Number of IPs

o Listing Subnets

[Link] 81
 CompTIA Network+ (Study Notes)

o Classless Interdomain Routing (CIDR)

▪ Instead of advertising multiple individual routes, the routes can be
summarized and advertised as a single route
▪ Used to summarize contiguous networks
• Called route aggregation

o Variable-Length Subnet Masking (VLSM)

▪ Allows subnets of various sizes to be used
▪ Requires a routing protocol that supports it
• RIPv2, OSPF, IS-IS, EIGRP, and BGP
▪ Basically, it is subnetting subnets
▪ Without VLSM, all subnets would have to be the same size

o Subnetting Exam Tip

[Link] 82
 CompTIA Network+ (Study Notes)

• Subnetting Practice

[Link] 83
 CompTIA Network+ (Study Notes)

[Link] 84
 CompTIA Network+ (Study Notes)

• IPv6 Addresses
o Internet Protocol Version 6 (IPv6)
▪ We’ve essentially ran out of IPv4 addresses due to proliferation of
networked devices
▪ IPv6 addressing provides enough IP addresses for generations to come
▪ Enough IPv6 addresses for every person on the planet (5 x 10 28)

▪ If you are curious, IPv5 was an experimental protocol

that was abandoned, although some of its concepts
have been incorporated into other protocols
o IPv6 Benefits
▪ No broadcasts
▪ No fragmentation
• Performs MTU (maximum transmission units) discovery for each
session
▪ Can coexist with IPv4 during transition
• Dual stack (run IPv4 and IPv6 simultaneously)
• IPv6 over IPv4 (tunneling over IPv4)
▪ Simplified header
• 5 fields instead of 12 fields
o Headers (IPv4 and IPv6)

o IPv6 Address Structure

▪ Each hexadecimal digit is 4-bits
▪ 128-bits in an IPv6 address
▪ No more than 32 hexadecimal digits

[Link] 85
 CompTIA Network+ (Study Notes)

o IPv6 Address Types

▪ Globally routable unicast addresses
• Begins with 2000 to 3999
▪ Link-local address
• Begins with FE80
▪ Multicast addresses
• Begins with FF
o Do you need DHCP for IPv6?
▪ IPv6 uses auto configuration to discover the current network and selects
its own host ID based on its MAC using the EUI64 process
▪ If you want to still use DHCP, there is a DHCPv6 protocol
▪ IPv6 uses Neighbor Discovery Protocol (NDP) to learn the Layer 2
addresses on the network
o Neighbor Discovery Protocol (NDP)
▪ Used to learn Layer 2 addresses on network
▪ Router Solicitation
• Hosts send message to locate routers on link
▪ Router Advertisement
• Router advertise their presence periodically and in response to
solicitation
▪ Neighbor Solicitation
• Used by nodes to determine link layer addresses
▪ Neighbor Advertisement
• Used by nodes to respond to solicitation messages
▪ Redirect
• Routers informing host of better first-hop routers
• IPv6 Data Flows
o IPv6 Data Flows
▪ Three data flow methods, like IPv4
• Unicast
• Multicast
• Anycast (new to IPv6)
o Unicast
▪ Data travels from a single source device to a single destination device

[Link] 86
 CompTIA Network+ (Study Notes)

o Multicast
▪ Data travels from a single source device to multiple (but specific)
destination devices

o Anycast
▪ Designed to let one host initiate the efficient updating of router tables for
a group of hosts
▪ IPv6 can determine which gateway host is closest and sends the packets
to that host as though it were a unicast communication
▪ That host can anycast to another host in the group until all routing tables
are updated
▪ Data travels from a single source device to the device nearest to multiple
(but specific) destination devices

[Link] 87
 CompTIA Network+ (Study Notes)

Routing
• Routing Fundamentals
o Routing Fundamentals
▪ Traffic is routed to flow between subnets
▪ Each subnet is its own broadcast domain
▪ Routers are the layer 3 devices that separate broadcast domains, but
multilayer switches are also used

o Basic Routing Process

[Link] 88
 CompTIA Network+ (Study Notes)

• Routing Tables
o Routing Decisions
▪ Layer 3 to Layer 2 Mapping
• Router’s use ARP caches to map an IP address to a given MAC
address
▪ Make packet-forwarding decisions based upon their internal routing
tables

o Routing Tables
▪ Table kept by the router to help determine which route entry is the best
fit for the network
▪ A route entry with the longest prefix is the most specific network
▪ [Link]/24 more specific than [Link]/8

o Sources of Routing Information

▪ Directly Connected Routes
• Learned by physical connection between routers
▪ Static Routes
• Manually configured by an administrator
• Default static route ([Link]/0) is a special case
o “If I don’t know where, then send out default static route.”
▪ Dynamic Routing Protocols
• Learned by exchanging information between routers

[Link] 89
 CompTIA Network+ (Study Notes)

o Directly Connected Routes

o Static Routes

o Dynamic Routing Protocols

▪ More than one route can exist for a network
▪ Different protocols consider different criteria when deciding which route
to give preference
▪ Based on number of hops (hop count in RIP), link bandwidths (OSPF), or
other criteria

[Link] 90
 CompTIA Network+ (Study Notes)

o Preventing Routing Loops

▪ Split horizon
• Prevents a route learned on one interface from being advertised
back out of that same interface
▪ Poison reverse
• Causes a route received on one interface to be advertised back
out of that same interface with a metric considered to be infinite

o Routing Loops

[Link] 91
 CompTIA Network+ (Study Notes)

• Routing Protocols
o Internal and Exterior Routing Protocols
▪ Interior Gateway Protocols (IGP)
• Operate within an autonomous system
▪ Exterior Gateway Protocols (EGP)
• Operated between autonomous systems

[Link] 92
 CompTIA Network+ (Study Notes)

o Router Advertisement Method

▪ Characteristic of a routing protocol
▪ How does it receive, advertise, and store routing information?
• Distance vector
• Link state
▪ Not every routing protocol fits neatly into one of these two categories
(hybrids exist)
o Distance Vector
▪ Sends full copy of routing table
to its directly connected
neighbors at regular intervals
▪ Slow convergence time
• Time it takes for all
routers to update their
routing tables in
response to a topology
change
▪ Holding-down timers speeds up convergence
• Prevents updates for a specific period of time
▪ Uses hop count as a metric
o Link State
▪ Requires all routers to know about the paths that all other routers can
reach in the network
▪ Information is flooded throughout the link-state domain (OSPF or IS-IS) to
ensure routers have synchronized information
▪ Faster convergence time and uses cost or other factors as a metric
▪ Each router constructs its own relative shortest-path tree with itself as
the root for all known routes in the network
o Routing Information Protocol (RIP)
▪ Interior Gateway Protocol
▪ Distance-vector protocol using hop count

[Link] 93
 CompTIA Network+ (Study Notes)

▪ Maximum hops of 15, 16 is infinite

▪ Oldest dynamic routing protocol, provides updates every 30 seconds
▪ Easy to configure and runs over UDP
o Open Shortest Path First (OSPF)
▪ Interior Gateway Protocol
▪ Link-state protocol using cost
▪ Cost is based on link speed between routers

o Intermediate System to Intermediate System (IS-IS)

▪ Interior Gateway Protocol
▪ Link-state protocol using cost
▪ Cost is based on link speed between two routers
▪ Functions like OSPF protocol, but not as popular or widely utilized
o Enhanced Interior Gateway Routing Protocol (EIGRP)
▪ Interior Gateway Protocol
▪ Advanced distance-vector protocol using bandwidth and delay making it
a hybrid of distance-vector and link-state
▪ Proprietary Cisco protocol that is popular in Cisco-only networks
o Border Gateway Protocol (BGP)
▪ External Gateway Protocol
▪ Path vector using the number of autonomous system hops instead of
router hops
▪ Widespread utilization, this protocol runs the backbone of the Internet
▪ Does not converge quickly, though, when the topology changes
o Route Believability
▪ If a network is using more than one routing protocol, how does it choose
which routing protocol to make decisions from?
▪ Some routing protocols are considered more believable than others, so
routers use an index of believability called administrative distance (AD)
▪ If a route has a lower the administrative distance (AD), the route is more
believable

[Link] 94
 CompTIA Network+ (Study Notes)

o Metrics
▪ If a routing protocol knows multiple paths to reach a network, how does
it choose its path?
• Metrics are the values assigned to a route
• Lower metrics are preferred over higher metrics
▪ Metrics calculated differently for each protocol (RIP, OSPF, IS-IS, EIGRP,
and BGP)
• Hop count
• Bandwidth
• Reliability
• Delay
• Other metrics
o Routing Protocol Summary

• Address Translation (NAT & PAT)

o Address Translation

[Link] 95
 CompTIA Network+ (Study Notes)

▪ Network Address Translation (NAT) is used to conserve the limited supply

of IPv4 addresses
▪ NAT translates private IP addresses to public IP addresses for routing over
public networks
▪ Port Address Translation (PAT) is a variation of address translation that
utilizes port numbers instead of IP addresses for translation
o Types of Address Translation
▪ Dynamic NAT (DNAT)
• IP addresses automatically assigned from a pool
• One-to-one translations
▪ Static NAT (SNAT)
• IP addresses manually assigned
• One-to-one translations
▪ Port Address Translation (PAT)
• Multiple private IP addresses share one public IP
• Many-to-one translation
• Common in small networks
o Names of NAT IP Addresses
▪ Inside local
• Private IP address referencing an inside device
▪ Inside global
• Public IP address referencing an inside device
▪ Outside local
• Private IP address referencing an outside device
▪ Outside global
• Public IP address referencing an outside device
o How NAT Works

[Link] 96
 CompTIA Network+ (Study Notes)

o How PAT Works

• Multicast Routing
o Multicast Routing
▪ Multicast sender sends traffic to a Class D IP Address, known as a
multicast group
▪ Goal
• Send the traffic only to the devices that want it
▪ Two primary protocols
• Internet Group Management Protocol (IGMP)
• Protocol Independent Multicast (PIM)
o Internet Group Management Protocol (IGMP)
▪ Used by clients and routers to let routers known which interfaces have
multicast receivers
▪ Used by clients to join a multicast group
▪ Versions
• IGMPv1
o Clients requests joining the group and is asked every 60
seconds if it wants to remain in the group
• IGMPv2
o Client can send a leave message to exit multicast group
• IGMPv3
o Client can request multicast from only specific server
o Called source-specific multicast (SSM)
o Allows multiple video streams to single multicast

[Link] 97
 CompTIA Network+ (Study Notes)

• Protocol Independent Multicast (PIM)

o Routes multicast traffic between multicast-enabled routers
o Multicast routing protocol forms a multicast distribution tree
o Modes
▪ PIM Dense Mode (PIM-DM)
• Uses periodic flood and prune behavior to form optimal
distribution tree
• Causes a negative performance impact on the network
• Rarely used in modern networks
▪ PIM Sparse Mode (PIM-SM)
• Initially uses a shared distribution tree, which may be suboptimal,
but…
• Eventually creates an optimal distribution tree through shortest
path tree (SPT) switchover

[Link] 98
 CompTIA Network+ (Study Notes)

• PIM Dense Mode: Flooding

o Uses source distribution tree (SDT) to
form an optimal path between source
router and lap-hop router. Before the
optimal path is formed, entire network is
initially flooded and consumes
unnecessary bandwidth.

• PIM Dense Mode: Pruning

o If a router receives multicast traffic in the
initial flood and the traffic is not needed,
then the router sends a prune message
asking to be removed from the source
distribution tree.

• PIM Dense Mode: After Pruning

o After sending prune messages, the
resulting source distribution tree has an
optimal path between source router and
last-hop router. Flood and prune repeat
every 3 minutes which can cause excessive
performance impacts on the network.

• PIM Sparse Mode: Shared Distribution Tree

o An optimal path between the source and
last-hop routers is not initially created.
Instead, a multicast source sends traffic
directly to a rendezvous point (RP). All
last-hop routers send join messages to the
RP.

o Originally provides a suboptimal

distribution tree,
but when first multicast packet is received
by last-hop router, then optimal
distribution tree is created based on
unicast routing table. Unneeded branches
are pruned during Shortest Path Tree (SPT)
switchover.

[Link] 99
 CompTIA Network+ (Study Notes)

Wide Area Networks

• Wide Area Networks (WANs)
o Wide Area Networks (WANs)
▪ In the early 1990s, computer-networking design guides commonly
invoked the Pareto principle (80-20 rule)
▪ Concept is that 80% of traffic stays on the LAN, while only 20% of traffic
goes to WAN
▪ Today, most network traffic leaves the LAN and travels across the WAN
o WAN Connection Types
▪ Dedicated leased line
▪ Circuit-switched connection
▪ Packet-switched connection
o Dedicated Leased Line
▪ Logical connection that connects two sites through a service provider’s
facility or telephone company’s central office
▪ More expensive than other WAN technologies because a customer
doesn’t share bandwidth with other customers

o Circuit-Switched Connection
▪ Connection is brought up only when needed, like making a phone call
▪ On-demand bandwidth can provide cost savings for customers who only
need periodic connectivity to a remote site

o Packet-Switched Connection
▪ Always on like a dedicated leased line, but multiple customers share the
bandwidth
▪ SLAs used to guarantee a certain quality
(5mbps at least 80% of the time)
▪ Virtual circuits are represented as dashed lines

[Link] 100
 CompTIA Network+ (Study Notes)

o WAN Physical Media

▪ Unshielded twisted-pair (UTP)
• Supports analog/digital
• Examples (T1, DSL, Dial-up, ISDN)
▪ Coaxial cable
• RG-6 cabling
• Example (Cable modems)
▪ Fiber-optic cable
• High bandwidth, long distance, and no EMI
▪ Electric power lines
• Broadband over Power Lines (BPL)
• Supports up to 2.7 Mbps
• Utilizes extensive infrastructure already in place (Power lines)
o WAN Wireless Media
▪ Cellular (Phones and Hot Spots)
• LTE, 4G, 3G, 2G
• GSM vs CDMA
• Tethering or ICS (Internet Connection Sharing)
▪ HSPA+: Evolved High-Speed Packet Access
• Advancements over LTE and 4G
• Wireless broadband up to 84 Mbps
▪ Worldwide Interoperability for Microwave Access (WiMAX)
• Alternative to DSL/Cellular
• Wireless fixed location service
▪ Satellite
• HughesNet Gen 5
• Very Small Aperture Terminal
(VSAT)
• Used for remote areas
• Shipboard use
• Expensive in comparison to cellular, cable, or fiber connections
▪ Radio

[Link] 101
 CompTIA Network+ (Study Notes)

• Implementation varies country to

country based on frequencies
• WAN Technologies (Part 1)
o Dedicated Leased Line
▪ Point-to-point connection between two sites
• All bandwidth on line is available all the time
▪ Digital circuits are measured in 64-kbps channels called Digital Signal 0
(DS0)
▪ Channel Service Unit / Data Service Unit (CSU/DSU) terminates the digital
signals at customer location
▪ Common digital circuits include
T1, E1, T3, and E3 circuits
o Examples of Digital Signal Levels

o Metro Ethernet
▪ Service providers are beginning to offer Ethernet interfaces to their
customers
▪ Less expensive and more common than specialized serial ports used in a
CSU/DSU
▪ Technology used by service provider is hidden from customer and they
only need to connect their network’s router to a Smart Jack
o Point-to-Point Protocol (PPP)
▪ Commonly used Layer 2 protocol on dedicated leased lines to
simultaneously transmits multiple Layer 3 protocols (IP, IPX)
▪ Each Layer 3 control protocol runs an instance of PPP’s Link Control
Protocol (LCP)
• Multilink interface
o Allows multiple physical connections to be bonded
together into a logical interface
• Looped link detection
o Layer 2 loop can be detected and prevented
• Error detection
o Frames containing errors can be detected and discarded
• Authentication

[Link] 102
 CompTIA Network+ (Study Notes)

o Device on another end can authenticate the link

o PPP Authentication Methods
▪ Password Authentication Protocol (PAP)
▪ Challenge-Handshake Authentication Protocol (CHAP)
▪ Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP)
o Password Authentication Protocol (PAP)
▪ Performs one-way authentication between client and server
▪ Credentials sent in clear-text

o CHAP and MS-CHAP

▪ CHAP
• Challenge-Handshake Authentication Protocol
• Performs one-way authentication using a three-way handshake
• Credentials are hashed before transmission
▪ MS-CHAP
• Microsoft Challenge-Handshake Authentication Protocol
• Microsoft-enhanced version of CHAP, includes two-way
authentication

o PPP over Ethernet (PPPoE)

▪ Commonly used with DSL modems
▪ PPPoE encapsulates PPP frames within Ethernet frames
▪ Allows for authentication over Ethernet

o Digital Subscriber Line (DSL)

▪ Asymmetric DSL (ADSL)
• Maximum distance to DSLAM: 18,000 feet
• Voice and Data on same line
• Downstream: Up to 8 Mbps
• Upstream: Up to 1.544 Mbps

[Link] 103
 CompTIA Network+ (Study Notes)

▪ Symmetric DSL (SDSL)

• Maximum distance to DSLAM: 12,000 feet
• No simultaneous voice and data on same line
• Downstream: 1.168 Mbps
• Upstream: 1.168 Mbps
▪ Very High Bit-Rate DSL (VDSL)
• Maximum distance to DSLAM: 4,000 feet
• Downstream: Up to 52 Mbps
• Upstream: Up to 12 Mbps
• WAN Technologies (Part 2)
o Cable Modems
▪ Hybrid Fiber-Coax (HFC) distribution network is a cable television
infrastructure containing both coaxial and fiber-optic cabling
▪ Specific frequency ranges are used for upstream and downstream data
transmission as determined by Data-Over-Cable Service Interface
Specification (DOCSIS)
• Upstream (5 MHz to 42 MHz)
• Downstream (50 MHz to 860 MHz)
▪ Transmits and receives over cable television infrastructure
o Satellite Modems
▪ Used in remote, rural, or disconnected locations where other connections
are not available
▪ Provides relatively fast speeds like a DSL modem, but contain low
bandwidth usage limits and charge high costs for over limit usage
▪ Potential issues with Satellite communications:
1
• Delays - Time to satellite and back ( > second)
4
• Weather conditions
o Thunderstorms and snow can cause loss of connectivity
between satellite and receiver
o Plain Old Telephone Service (POTS)
▪ Public switched telephone network (PSTN) consists of telephone carriers
from around the world
▪ Analog connections (voice and/or data) using the PSTN are called POTS
connections
▪ Dial-up modems have a maximum bandwidth of 53.3-kbps because they
can only access one 64-kbps channel at a time
o Integrated Services Digital Network (ISDN)
▪ Supports multiple 64-kbps B (Bearer) channels
▪ Older technology designed to carry voice, video, or data over B channels

[Link] 104
 CompTIA Network+ (Study Notes)

▪D channel (data or delta channel) existed for

64-kbps signaling data
▪ Circuits classified as a basic rate interface (BRI) or primary rate interface
(PRI):
• BRI: Offers a two 64-kbps B-channels with a 16kbps D-channel
• PRI: Offers a 1.472-Mbps data path over 23 B-channels and a 64-
kbps D-channel
o Frame Relay
▪ Losing market share due to cable and DSL
• Frame Relay sites connected to virtual circuits (VC)
• VCs are point-to-point or point-to-multipoint
• Low cost and widely available
• Always-on or on-demand
• Layer 2 technology
o Synchronous Optical Network (SONET)
▪ Layer 1 technology using fiber as media
▪ Transports Layer 2 encapsulation (like ATM)
▪ High data rates (155 Mbps to 10 Gbps)
▪ Covers large distances (20 km to 250 km)
▪ Physical topology can be a bus or ring
o Asynchronous Transfer Mode (ATM)
▪ Layer 2 WAN technology operating using Permanent Virtual Circuits
(PVCs) and Switched Virtual Circuits (SVCs)
▪ Similar to Frame Relay, except all frames are transferred as fixed-length
(cells) as its protocol data unit (PDU)
▪ Fixed-length cells of 53-bytes used to increase speed of transmissions
• Contains 48-byte payload and 5-byte header
o Generic Flow Control (GFC)
o Virtual Circuit Identifier (VCI)
o Virtual Path Indicator (VPI)
o Payload Type Indicator (PTI)
o Cell Loss Priority (CLP)
o Header Error Control (HEC)

o ATM Virtual Circuits

▪ User-Network Interface (UNI)
• Used to connect ATM switches and endpoints
▪ Network-Node Interface (NNI)

[Link] 105
 CompTIA Network+ (Study Notes)

• Used to connect ATM switches together

o Multiprotocol Label Switching (MPLS)

▪ Supports multiple protocols on the same network (used by service
providers)
▪ Support both Frame Relay and ATM on the same MPLS backbone
▪ Allows traffic to be dynamically routed based on load conditions and path
availability
▪ Label switching is more efficient than Layer 3 IP address routing
▪ Used by service providers for forwarding data in the backend, the
customer remains unaware of the details
o Dynamic Multipoint Virtual Private
Network (DMVPN)
▪ Allow Internet to be used as WAN
connection for secure site-to-site
communication
▪ VPN tunnel has authentication and
encryption so users on the
unsecure network cannot read or
decrypt the traffic without proper
keys
▪ Can connect remote locations with low cost, instead of dedicated or
leased-line access
o WAN Data Rates
▪ Bandwidth measured in Kbps, Mbps, & Gbps
▪ ATM and SONET measured by optical carrier
• OC levels are based off of OC-1 (51.84 Mbps)
• All others are multiples (OC-3 is 155.52 Mbps))

[Link] 106
 CompTIA Network+ (Study Notes)

Network Security
• CIA Triad
o Network Security Fundamentals
▪ Networks are increasingly dependent on interconnecting with other
networks
▪ Risks exist not just on the untrusted Internet, but also inside our own
organization’s networks and must be minimized or eliminated
▪ Understanding the various threats facing our networks is important in
order to best defend the network against the onslaught of cyber-attacks
they are constantly facing
o Network Security Goals
▪ Commonly called the CIA Triad
• Confidentiality
• Integrity
• Availability
o Confidentiality
▪ Keeping the data private and safe
• Encryption
• Authentication to access resources
▪ Encryption ensures that data can only be read (decoded) by the intended
recipient
• Symmetric encryption
• Asymmetric encryption
o Symmetric Encryption (Confidentiality)
▪ Both sender and receiver use the same key
▪ DES (Data Encryption Standard)
• Developed in the mid-1970s
• 56-bit key
• Used by SNMPv3
• Considered weak today
▪ 3DES (Triple DES)
• Uses three 56-bit keys (168-bit total)
• Encrypt, decrypt, encrypt
▪ AES (Advanced Encryption Standard)
• Preferred symmetric encryption standard
• Used by WPA2
• Available in 128-bit, 192-bit, and 256-bit keys

[Link] 107
 CompTIA Network+ (Study Notes)

▪ Sender and receiver use the same key to encrypt and decrypt the
messages

o Asymmetric Encryption (Confidentiality)

▪ Uses different keys for sender and receiver
▪ RSA is the most popular implementation
▪ RSA algorithm is commonly used with a public key infrastructure (PKI)
▪ PKI is used to encrypt data between your web browser and a shopping
website
▪ Can be used to securely exchange emails
▪ Sender and receiver use different keys to encrypt and decrypt the
messages

o Confidentiality with HTTPS

▪ Uses asymmetrically encrypted messages to transfer a symmetric key

o Integrity
▪ Ensures data has not been modified in transit
▪ Verifies the source that traffic originates from
▪ Integrity violations
• Defacing a corporate web page

[Link] 108
 CompTIA Network+ (Study Notes)

• Altering an e-commerce transaction

• Modifying electronically stored financial records
o Hashing (Integrity)
▪ Sender runs string of data through algorithm
• Result is a hash or hash digest
▪ Data and its hash are sent to receiver
▪ Receiver runs data received through the same algorithm and obtains a
hash
▪ Two hashes are compared
• If the same, the data was not modified
o Hashing Algorithms (Integrity)
▪ Message digest 5 (MD5)
• 128-bit hash digest

▪ Secure Hash Algorithm 1 (SHA-1)

• 160-bit hash digest

▪ Secure Hash Algorithm 256 (SHA-256)

• 256-bit hash digest

▪ Challenge-Response Authentication Mechanism Message Digest 5

(CRAMMD5)
• Common variant often used in e-mail systems
o Availability
▪ Measures accessibility of the data
▪ Increased by designing redundant networks
▪ Compromised by
• Crashing a router or switch by sending improperly formatted data
• Flooding a network with so much traffic that legitimate requests
cannot be processed
o Denial of Service (DoS)
o Distributed Denial of Service
• Network Security Attacks (Part 1)
o Network Security Attacks
▪ Our security goals (CIA) are subject to attack
▪ Confidentiality attack
• Attempts to make data viewable by an attacker
▪ Integrity attack
• Attempts to alter data
▪ Availability attack

[Link] 109
 CompTIA Network+ (Study Notes)

• Attempts to limit network accessibility and usability

o Attacks on Confidentiality
▪ Packet capture ▪ Wireless interception
▪ Wiretapping o EMI interference interception
▪ Dumpster diving ▪ Man-in-the-Middle
▪ Ping sweep ▪ Social engineering
▪ Port scan ▪ Malware/Spyware
o Attacks on Integrity
▪ Man-in-the-middle
▪ Data diddling
• Changes data before storage
▪ Trust relationship exploitation
▪ Salami attack
• Puts together many small attacks to make one big attack
▪ Password attack
• Trojan Horse, Packet Capture, Keylogger, Brute Force, Dictionary
Attack
o Man-in-the-Middle
▪ Causes data to flow through the attacker’s computer where they can
intercept or manipulate the data

▪ Causes data to flow through the attacker’s computer where they can
intercept or manipulate the data

[Link] 110
 CompTIA Network+ (Study Notes)

o Session Hijacking
▪ Attacker guesses the session ID for a web session, enabling them to take
over the already authorized session of the client

o Botnets
▪ Software robot that lies on a compromised computer
▪ Collection of computers (called zombies) can be controlled by a remote
server to perform various attacks/functions for the criminals
• Network Security Attacks (Part 2)
o Attacks on Availability
▪ Attack vary widely from consuming server resources to physically
damaging the system
• Denial of service (DoS)
• Distributed Denial of Service (DDoS)
• TCP SYN flood
• Buffer overflow
• ICMP attacks (Smurf)
• UDP attacks (Fraggle)
• Ping of Death
• Electrical disturbances
• Physical environment attacks
o Denial of Service
▪ Continually floods the victim system with requests for services and
causes the system to run out of memory and crash

[Link] 111
 CompTIA Network+ (Study Notes)

o TCP SYN Flood

▪ Variant on a Denial of Service (DOS) attack where attacker initiates
multiple TCP sessions, but never completes the 3-way handshake

o Smurf (ICMP Flood)

▪ Attacker sends a ping to subnet broadcast address and devices reply to
spoofed IP (the victim) using up bandwidth and processing

o Electrical Disturbance
▪ Launched by interrupting or interfering with electrical service available to
a system
▪ Uninterruptable power supply (UPS), line conditioners, and backup
generator can help to combat these threats
▪ Examples
• Power spikes
• Electrical surges
• Power faults
• Blackouts
• Power sag
• Brownout

[Link] 112
 CompTIA Network+ (Study Notes)

o Physical Environment
▪ Computing equipment can be damaged by influencing the physical
environment
• Temperature
o Attacker disturbs the HVAC to overheat your systems
• Humidity
o Create a high level of moisture/humidity
• Gas
o Inject gas into an environment that could ignite
▪ Threats generally mitigated through physical restrictions, access
credentials, and visual monitoring
• Network Security Attacks (Part 3)
o Other Attacks to Consider
▪ Insider Threats
▪ Phishing
▪ Ransomware
▪ Logic Bombs
▪ Deauthentication
▪ VLAN Hopping
o Insider Threats
▪ Employees or other trusted insiders who use their network access to
harm the company
o Logic Bomb
▪ Specific type of malware that is tied to a time or logical event
o Phishing
▪ Attackers send email to get a user to click link
o Ransomware
▪ Attackers gain control of your files, encrypt them, and hold them for a
ransom
o Deauthentication
▪ Attacker sends a deauthentication frame a victim to disconnect them
from the network
▪ Often used in wireless hacking attacks
o VLAN Hopping
▪ Attacker physically connects to a different switch port to access a
different VLAN
▪ Manually assigning switch ports and using NAC can help prevent this
• Protecting the Network
o Protecting the Network
▪ To successfully defend a network attacks use

[Link] 113
 CompTIA Network+ (Study Notes)

• Physical controls
• User training
• Patching
• Vulnerability scanners
• Honey pots and Honey nets
• Remote-access security
• Security policies
• Incident response
o Physical Controls
▪ Reduces unauthorized access
▪ Mantraps
▪ Keypads
▪ Locked facilities
▪ Authenticated access
• Badges
• Biometrics
• Key fobs
• Passwords/Pins
o User Training
▪ Users present one of the greatest vulnerabilities to the network
▪ Training should include
• Social engineering awareness
• Virus transmission dangers
• Password security
• E-mail security
• Physical security
o Vulnerability Scanners
▪ Periodically test the network to verify that network security components
are behaving as expected and to detect known vulnerabilities
▪ Vulnerability scanners are applications that conduct these tests
▪ Examples
• Nessus
• Zenmap
• Nmap
o Patching
▪ Designed to correct a known bug or fix a known vulnerability in programs
and apps
▪ Should be implemented as they become available
▪ Updates add new features, but patches fix known vulnerabilities

[Link] 114
 CompTIA Network+ (Study Notes)

o Honey Pots and Honey Nets

▪ Systems designed as an attractive target
• Distraction for the attacker
▪ Attackers use their resources attacking the honey pot and leave the real
servers alone
• Honey pot is a single machine
• Honey net is a network of multiple honey pots
▪ Used to study how attackers conduct attacks
o Remote Access Security
▪ Controls access to network devices such as routers, switches, servers, and
clients

• Security Policies
o Security Policy
▪ Lack of a security policy, or lack of enforcement of an existing policy, is a
major reason for security breaches
▪ Security policies serve multiple purposes
• Protecting an organization’s assets
• Making employees aware of their obligations
• Identifying specific security solutions
• Acting as a baseline for ongoing security monitoring
▪ Acceptable Use Policy (AUP) is a common component of a corporate
security policy
▪ Security policies contain a myriad of other complementary policies
▪ Larger organizations have complex policies

[Link] 115
 CompTIA Network+ (Study Notes)

o Parts of a Security Policy

▪ Governing Policy
• Focused toward technicians and managers
• High level document that focuses the organization
▪ Technical Policies
• Password, E-mail, Wireless, Remote Access, and Bring Your Own
Device (BYOD)
▪ End-User Policies
• Acceptable Use (AUP), Privileged User Agreement,
Onboarding/Off-boarding, Consent to Monitoring, Non-Disclosure
(NDA), Cellular, etc.
▪ Standards, Guidelines, Procedures
o Bring Your Own Device (BYOD)
▪ BYOD brings new vulnerabilities
• Bluejacking
o Sending of unauthorized messages over Bluetooth
• Bluesnarfing
o Provides unauthorized access to wireless through
Bluetooth
• Bluebugging
o Unauthorized backdoor to connect Bluetooth back to
attacker
o Data Loss Prevention
▪ Policy that seeks to minimal accidental or malicious data losses
▪ Policy should cover the entire network, not just email or file storage
▪ How will your organization
guard sensitive data at the…
• Client level (data in operation)
• Network level (data in transit)
• Storage level (data at rest)
o System Lifecycle
▪ You are responsible for your systems from cradle to grave…
• Conceptual Design
• Preliminary Design
• Detailed Design
• Production and Installation
• Operations and Support
• Phase Out
• Disposal

[Link] 116
 CompTIA Network+ (Study Notes)

▪ How are you planning to dispose of your hard drives and devices when
they aren’t useful?
o Licensing Restrictions and Export Controls
▪ All software needs to have proper licensing, including any virtual
machines
▪ Some items are restricted from being exported to certain regions of the
world (cryptography)
• If your organization crosses international borders, check with your
legal and compliance teams to ensure you aren’t breaking any
laws
o Incident Response
▪ How will you react to a security violation?
▪ Prosecuting computer crimes can be difficult
▪ Successful prosecution relies on
• Means
o Did suspect have technical skills to perform the attack?
• Motive
o Why would they perform the attack?
• Opportunity
o Do they have the time and access?
• Multifactor Authentication
o Multifactor Authentication
▪ Something you know
▪ Something you have
▪ Something you are
▪ Something you do
▪ Somewhere you are
o Something You Know (Knowledge Factor)
▪ Usernames
▪ Passwords
▪ PINs
▪ Answers to personal questions
o Weaknesses of Passwords
▪ Not changing the default credentials
▪ Using common passwords
▪ Weak and short passwords
o Something You Have (Possession Factor)
▪ Smartcard
• Stores digital certificates on the card which are accessed once a
valid PIN is provided

[Link] 117
 CompTIA Network+ (Study Notes)

▪ Key fobs
▪ RFID tags
o Something You Are (Inherence Factor)
▪ Fingerprints
▪ Retina scans
▪ Voice prints
o Something You Do (Action Factor)
▪ How you sign your name
▪ How you draw a particular pattern
▪ How you say a certain passphrase
o Somewhere You Are (Location Factor)
▪ Geotagging
▪ Geofencing
• Firewalls
o Firewalls
▪ Uses a set of rules defining the types of traffic permitted or denied
through the device
▪ Can be either software or hardware
▪ Also, can perform Network Address Translation (NAT) or Port Address
Translation (PAT)
o Packet-Filtering Firewalls
▪ Permits or denies traffic based on packet header
• Source IP address/port number
• Destination IP address/port number
▪ Looks at each packet individually
o Stateful Firewalls
▪ Inspects traffic as part of a session
▪ Recognizes whether traffic originated from inside or outside the LAN
o NextGen Firewalls (NGFW)
▪ Third generation firewalls that conduct deep packet inspection and
packet filtering
▪ Operates at higher levels of the OSI model than traditional stateful
firewalls
▪ Web Application Firewalls are a good example of these, as they inspect
HTTP traffic
o Access Control List (ACL)
▪ Set of rules typically applied to router interfaces that permit or deny
certain traffic
▪ ACL filtering criteria includes:
• Source IP, Port, or MAC

[Link] 118
 CompTIA Network+ (Study Notes)

• Destination IP, Port, or MAC

o Firewall Zones
▪ Firewall interfaces can be defined as zones
▪ You set up rules based on those zones
▪ Typical zones
• Inside
o Connects to your corporate LAN
• Outside
o Typically connects to the Internet
• DMZ (Demilitarized Zone)
o Connects to devices that should have restricted access
from the outside zone (like web servers)
o Unified Threat Management (UTM) Devices
▪ Device that combines firewall, router, intrusion detection/prevention
system, antimalware, and other security features into a single device
▪ Agent is run on an internal client and can be queried by the UTM before
allowing connection to the network
▪ UTM can be purchased as a physical device to install in your network, or
you can look to a cloud solution
• IDS and IPS
o Intrusion Detection System and Intrusion Prevention System
▪ Can recognize a network attack and respond appropriately
▪ Incoming data streams are analyzed for attacks using different detection
methods
o Intrusion Detection System
▪ Passive device
▪ Operates parallel to the network
▪ Monitors all traffic and sends alerts

o Intrusion Prevention System

▪ Active device
▪ Operates in-line to the network

[Link] 119
 CompTIA Network+ (Study Notes)

▪ Monitors all traffic, sends alerts, and drops or blocks the offending traffic

o Detection Methods
▪ Signature-based detection
• Signature contains strings of bytes (a pattern) that triggers
detection
▪ Policy-based detection
• Relies on specific declaration of the security policy
• Example: No Telnet allowed
▪ Anomaly-based detection
• Statistical anomaly
o Watches traffic patterns to build baseline
• Non-statistical anomaly
o Administrator defines the patterns/baseline
o HIDS/NIDS and HIPS/NIPS
▪ Network-based (NIDS/NIPS)
• Network device to protect entire network
▪ Host-based (HIDS/HIPS)
• Software-based and installed on servers/clients
▪ Network and Host-based can work together for more complete
protection
• NIPS might prevent a DoS attack whereas a HIPS solution could
focus on the protection of applications on a host from malware
and other attacks

[Link] 120
 CompTIA Network+ (Study Notes)

• Virtual Private Networks (VPNs)

o Virtual Private Networks (VPNs)
▪ Enables work in remote offices or telecommuting
▪ Allows users to securely connect to the corporate network over an
untrusted network
o Site to Site
▪ Interconnects two sites and provides an inexpensive alternative to a
leased line
o Client to Site
▪ Connects a remote user with a site and commonly called remote access
o VPN Types: SSL
▪ Secure Socket Layer (SSL) provides cryptography and reliability for upper
layers of the OSI model (Layers 5-7)
▪ Largely replaced by TLS in current networks
▪ Provides for secure web browsing via HTTPS
o VPN Types: TLS
▪ Transport Layer Security (TLS) has mostly replaced SSL
▪ If you are using an HTTPS website, you are probably using TLS
o VPN Types: DTLS
▪ Datagram Transport Layer Security (TLS) is used to secure UDP traffic
▪ Based on the TLS protocol
▪ Designed to give security to UDP by preventing eavesdropping,
tampering, and message forgery
o VPN Types: L2TP
▪ Layer 2 Tunneling Protocol (L2TP) lacks security features like encryption

[Link] 121
 CompTIA Network+ (Study Notes)

▪ Can be used for secure VPN if combined with additional protocols for
encryption services
o VPN Types: L2F
▪ Layer 2 Forwarding (L2F) was developed by Cisco to provide for tunneling
of PPP
▪ Lacks native security features, like L2TP
o VPN Types: PPTP
▪ Point-to-Point Tunneling Protocol (PPTP) is an older protocol that
supports dial-up networks
▪ Lacks native security features, but Windows added some features in their
implementation
• IP Security (IPSec)
o IP Security (IPSec)
▪ VPNs most commonly use IPsec to provide protections for their traffic
over the internet

o IKE Modes
▪ IPsec uses the Internet Key Exchange (IKE) to create a secure tunnel
• IKE uses encryption between authenticated peers

o Establishing an IPSec Tunnel

▪ IKE Phase 1
• Establishes encryption and authentication protocols between VPN
endpoints to create the IKE Phase 1 tunnel
• ISAKMP is established using main or aggressive mode to create a
Security Association (SA)

[Link] 122
 CompTIA Network+ (Study Notes)

• Key exchange occurs in both directions

▪ IKE Phase 2
• Within the secure IKE Phase 1 tunnel, establishes encryption and
authentication protocols between VPN endpoints to create the
IPsec tunnel
• Each data flow uses a separate key exchange
▪ Peers authenticate using certificates or
pre-shared secret
▪ Each side creates a private key and derives a public key from it, which it
then exchanges
▪ Each side calculates the Shared Secret (DH) using the public and private
keys
▪ Both sides agree to encryption and integrity methods for IKE Phase II
o Steps for an IPSec VPN Session
▪ PC1 sends traffic to PC2 and then RTR1 initiates creation of IPsec tunnel
▪ RTR1 and RTR2 negotiate Security Association (SA) to form IKE Phase 1
tunnel (ISAKMP tunnel)
▪ IKE Phase 2 tunnel (IPsec tunnel) is negotiated and setup
▪ Tunnel is established and information is securely sent between PC1 and
PC2
▪ IPsec tunnel is torn down and the IPsec SA is deleted
o Transport and Tunnel Modes
▪ Transport mode
• Uses packet’s original IP header
• Used for client-to-site VPNs
• Approach works well if increasing the packet size could cause
issues
▪ Tunnel mode
• Encapsulates entire packet to provide new header
• New header has the source and destination of the VPN
termination devices at the different sites
• Used for site-to-site

[Link] 123
 CompTIA Network+ (Study Notes)

Network Availability
• High Availability Networks
o High Availability
▪ Availability is measured by uptime
▪ Five nines of availability (99.999%)
▪ Maximum of 5 minutes of downtime per year
▪ Availability
• Concerned with being up and operational
▪ Reliability
• Concerned with not dropping packets
▪ Mean Time to Repair (MTTR)
• Measures the average time it takes to repair a network device
when it breaks
▪ Mean Time Between Failures (MTBF)
• Measures the average time between failures of a device
o Redundant Network with Single Points of Failure
▪ Link Redundancy (Multiple connections between devices)
• Internal Hardware Redundancy (Power supplies and NICs)
o Redundant Network with Now Single Points of Failure
▪ Link Redundancy (Multiple connections between devices)
• Redundancy of Components (Switches and Routers)
o Hardware Redundancy
▪ Takes many forms
▪ Devices with two network interface cards (NICs), hard drives, or internal
power supplies
▪ Often found in strategic network devices
• Routers, Switches, Firewalls, and Servers
• Not often found in clients due to costs and administrative
overhead involved in management
▪ Active-Active
• Multiple NICs are active at the same time
• NICs have their own MAC address
• Makes troubleshooting more complex
▪ Active-Standby
• One NIC is active at a time
• Client appears to have a single MAC address
o Layer 3 Redundancy
▪ Clients are configured with a default gateway (router)

[Link] 124
 CompTIA Network+ (Study Notes)

• If the default gateway goes down, they cannot leave the subnet
• Layer 3 Redundancy occurs with virtual gateways
▪ Layer 3 Redundancy Protocols
• Hot Standby Router Protocol
• Common Address Redundancy Protocol
• Virtual Router Redundancy Protocol
• Gateway Load Balancing Protocol
• Link Aggregation Control Protocol
o Hot Standby Router Protocol (HSRP)
▪ Proprietary first-hop redundancy by Cisco
▪ Allows for active router and standby router
▪ Creates virtual router as the default gateway
o Common Address Redundancy Protocol (CARP)
▪ Open-standard variant of HSRP
▪ Allows for active router and standby router
▪ Creates virtual router as the default gateway
o Virtual Router Redundancy Protocol (VRRP)
▪ IETP open-standard variant of HSRP
▪ Allows for active router and standby router
▪ Creates virtual router as the default gateway
o Gateway Load Balancing Protocol (GLBP)
▪ Proprietary first-hop redundancy by Cisco
▪ Focuses on load balancing over redundancy
▪ Allows for active router and standby router
▪ Creates virtual router as the default gateway
o Link Aggregation Control Protocol (LACP)
▪ Achieves redundancy by having multiple links between devices
▪ Load balancing occurs over multiple links
▪ Multiple links appear as single logical link
o Content Engine
▪ Dedicated appliances that perform the caching functions of a proxy
server
▪ Are more efficient than a proxy server
▪ Also called Caching Engines
o Content Switches
▪ Distributes incoming requests across the various servers in the server
farm
▪ Also known as Load Balancers
• Designing Redundant Networks
o Design Considerations

[Link] 125
 CompTIA Network+ (Study Notes)

▪ Where will redundancy be used?

• Module (or Parts) Redundancy
• Chassis Redundancy
▪ What software redundancy features are appropriate?
▪ What protocol characteristics affect design requirements?
▪ What redundancy features should be used to provide power to an
infrastructure device?
▪ What redundancy features should be used to maintain environmental
conditions?
o Best Practices
▪ Examine the technical goals
▪ Identify the budget to fund high availability features
▪ Categorize business applications into profiles
• Each requires a certain level of availability
▪ Establish performance standards for high-availability solutions
• Performance standards will drive how success if measured
▪ Define how to manage and measure the high-availability solution
• Metrics help quantify success to decision makers
o Remember…
▪ Existing networks can be retrofitted, but it reduces the cost by integrating
high availability practices and technologies into your initial designs
• Recovery
o Recovery Sites
▪ In addition to hardware and software redundancy, sometimes you need
site redundancy:
• Cold Sites
• Warm Sites
• Hot Sites
o Cold Sites
▪ Building is available, but you may not have any hardware or software in
place or configured
▪ You need to buy resources (or ship them in), and then configure/restore
the network
▪ Recovery is possible, but slow and time consuming
o Warm Sites
▪ Building and equipment is available
▪ Software may not be installed and latest data is not available
▪ Recovery is fairly quick, but not everything from original site is available
for employees

[Link] 126
 CompTIA Network+ (Study Notes)

o Hot Sites
▪ Building, equipment, and data is available
▪ Software and hardware are configured
▪ Basically, people can just walk into the new facility and get to work
▪ Downtime is minimal with nearly identical service levels maintained
o Backup and Recovery
▪ Full
• Complete backup is the safest and most comprehensive; Time
consuming and costly
▪ Incremental
• Backup only data changed since last backup
▪ Differential
• Only backups data since the last full backup
▪ Snapshots
• Read-only copy of data frozen in time (VMs)
• Quality of Service (QoS)
o Need for Quality of Service (QoS)
▪ Networks carry data, voice, and video content
▪ Convergence of media on the network requires high availability to ensure
proper delivery
▪ Optimizing the network to efficiently utilize the bandwidth to deliver
useful solutions to network users is crucial to success and cost savings
o Quality of Service (QoS)
▪ Enables strategic optimization of network performance for different
types of traffic
• Identifies types of traffic needing priority
• Determines how much bandwidth required
• Efficiently uses WAN link’s bandwidth
• Identifies types of traffic to drop during network congestion
▪ For example:
• Voice (VoIP) and Video should have higher priority levels (less
latency)
o Categories of QoS
▪ Delay
• Time a packet travels from source to destination
• Measured in milliseconds (ms)
▪ Jitter
• Uneven arrival of packets
• Especially harmful in VoIP
▪ Drops

[Link] 127
 CompTIA Network+ (Study Notes)

• Occurs during link congestion

• Router’s interface queue overflows and causes packet loss
o “Effective” Bandwidth

• QoS Categorization
o Purpose of QoS
▪ To categorize traffic, apply a policy to those traffic categories, and
prioritize them in accordance with a QoS policy
o Categorization of Traffic
▪ Determine network performance requirements for various traffic types
(Voice, Video, Data)
▪ Categorize traffic into specific categories:
• Low delay
o Voice
o Streaming Video
• Low priority
o Web browsing
o Non-mission critical data
▪ Document your QoS policy and make it available to your users

[Link] 128
 CompTIA Network+ (Study Notes)

o Ways of Categorizing Traffic

▪ Best Effort
• Does not truly provide
QoS to that traffic
• No reordering of packets
• Uses FIFO (first in, first
out) queuing
▪ Integrated Services (IntServ or
Hard QoS)
• Makes strict bandwidth
reservations
• Reserves bandwidth by signaling devices
▪ Differentiated Services (DiffServ or Soft QoS)
▪ Differentiates between multiple traffic flows
▪ Packets are “marked”
▪ Routers and switches make decisions based on those markings
o Methods of Categorizing Traffic
▪ Classification
▪ Marking
▪ Congestion management
▪ Congestion avoidance
▪ Policing and shaping
▪ Link efficiency
• QoS Mechanisms
o Ways of Categorizing Traffic
▪ Classification
▪ Marking
▪ Congestion management
▪ Congestion avoidance
▪ Policing and shaping
▪ Link efficiency
o Classification of Traffic
▪ Traffic is placed into different categories
▪ For example, the E-mail class might contain various types of traffic
• POP3
• IMAP
• SMTP
• Exchange
▪ Classification does not alter any bits in the frame or packet

[Link] 129
 CompTIA Network+ (Study Notes)

o Marking of Traffic
▪ Alters bits within a frame, cell, or packet indicates handling of traffic
▪ Network tools make decisions based on markings
o Congestion Management
▪ When a device receives traffic faster than it can be transmitted, it buffers
the extra traffic until bandwidth becomes available
• Called queuing
▪ Queuing algorithm empties the packets in specified sequence and
amount
▪ Queuing algorithms types
• Weighted fair queuing
• Low-latency queuing
• Weighted round-robin
o Congestion Avoidance
▪ Newly arriving packets would be discarded if the device’s output queue
fills to capacity
▪ Random Early Detection (RED) is used to prevent this from occurring
• As the queue fills, the possibility of a discard increases until it
reaches 100%
• If at 100%, all traffic of that type is dropped
• RED instead drops packets from selected queues based on
defined limits
▪ If TCP traffic, it will be retransmitted
▪ If UDP, it will simply be dropped
o Policing and Shaping
▪ Policing
• Typically discards packets that exceed a configured rate limit
(speed limit)
• Dropped packets result in retransmissions
• Recommended for higher-speed interfaces
▪ Shaping
• Buffers (delays) traffic exceeding configured rate
• Recommended for slower-speed interfaces
o Link Efficiency: Compression
▪ Packet payload is compressed to conserve bandwidth
▪ VoIP payload can be reduced by 50%
• Payload size from 40 bytes to 20 bytes
▪ VoIP header can be reduced by 90-95%
• Uses RTP header compression (cRTP)
• Header size goes from 40 bytes to 2 to 4 bytes

[Link] 130
 CompTIA Network+ (Study Notes)

▪ Utilized on slower-speed links to make most of limited bandwidth

o Link Efficiency: LFI
▪ Link Fragmentation & Interleaving (LFI)
▪ Fragments large data packets and interleaves smaller data packets
between the fragments
▪ Utilized on slower-speed links to make the most of limited bandwidth

[Link] 131
 CompTIA Network+ (Study Notes)

Network Management
• SNMP
o Simple Network Management Protocol (SNMP)
▪ SNMP manager sends/receives messages to managed devices (routers,
switches, servers)
• SET sends information
• GET requests information
• TRAP receives unsolicited information from managed devices

o SNMP Versions
▪ SNMP v1
▪ SNMP v2
▪ SNMP v3
o SNMP v1 and v2
▪ Use community strings to gain access to a device
▪ Default community strings of public (read-only) or private (read-write)
devices are considered a security risk
o SNMP v3
▪ SNMPv3 addressed the weakness of community strings with three
enhancements
• Hashes message before transmitting (integrity)
• Validates source of message (authentication)
• DES-56 to provides confidentiality and privacy (encryption)
▪ SNMPv3 also groups SNMP components as entities to increase security

• Network Logging
o Syslog
▪ Routers, switches, and servers can send their log information to a
common syslog server

[Link] 132
 CompTIA Network+ (Study Notes)

▪ Allows administrators to better correlate events and see trends

▪ Two primary components
• Syslog servers
o Receives and stores logs from clients
• Syslog clients
o Devices that send log information
o Syslog Security Levels
▪ Lowest number is most severe level and logs the most detail

o Syslog Structure

o Logs
▪ Operating systems running on network clients and servers can also
produce logs

[Link] 133
 CompTIA Network+ (Study Notes)

▪ Microsoft Windows provides an Event Viewer application to view logs

o Application Logs
▪ Contains information about software applications running on a client or
server
▪ Severity levels:
• Information, Warning, and Error
o Security Logs
▪ Contains information about the security of a client or server
▪ Contains logs of successful/failed logins and other pertinent security
information
o System Logs
▪ Contains information about operating system events
• Remote Access
o Remote Access Review
▪ Many ways to access data remotely and either control a client, server, or
other device over a network connection
▪ This lesson serves as a quick review of technologies discussed throughout
this course and how they are used to manage and configure network
devices
o Telnet Port 23
▪ Permits sending commands to remote devices
▪ Information is sent in plain text
▪ Telnet should never be used over an insecure connection and is a huge
security risk to use
o Secure Shell Protocol (SSH) Port 22
▪ Works like telnet, but uses encryption to create a secure channel
between the client and the server
▪ SSH should always be used instead of telnet
o Remote Desktop Protocol (RDP) Port 3389
▪ Allows remote access to a machine over the network as if you were
sitting right in front of it
▪ Provides GUI access through an RDP client
o Virtual Network Computing (VNC) Port 5900
▪ Originally used in thin client architectures
▪ Operates much like RDP, but a cross-platform solution for Windows,
Linux, and OS X
o HTTPS and Management URLs
▪ Many systems provide a management system that is accessed through a
web browser
▪ Examples:

[Link] 134
 CompTIA Network+ (Study Notes)

• Wireless access points

• Modems
• Routers
• Firewalls
o Remote File Access (FTP/FTPS, SFTP, TFTP)
▪ FTP – File Transfer Protocol
• Port 20/21
• Unencrypted file transfers (insecure)
▪ FTPS – File Transfer Protocol Secure
• Port 20/21
• Adds SSL/TLS to FTP to secure data
▪ SFTP – Secure File Transfer Protocol
• Port 22
• File transfer over SSH to increase security
▪ TFTP – Trivial File Transfer Protocol
• Port 69
• UDP version of FTP that sacrifices reliability for efficiency
o VPNs
▪ Permits secure connections to different parts of the network for
management and access
▪ IPSec
• Ensures authentication, integrity, & confidentiality
▪ SSL/TLS/DTLS
• Use of web browsers for secure VPN connections
▪ Site-to-Site VPN
• Connect one network to another
▪ Client-to-Site VPN
• Connect a single client to a network
o Out-of-Band Management
▪ Connect to the device using a modem, console router, or direct cable for
configuration
▪ Separation of data and management networks provides additional
security to the network
▪ Requires additional configuration and equipment to implement
• Configuration Management
o Configuration Management
▪ Focuses on maintaining up-to-date documentation of a network’s
configuration
▪ Procedures include
• Asset management

[Link] 135
 CompTIA Network+ (Study Notes)

• Baselining
• Cable management
• Change management
• Network documentation
o Asset Management
▪ Formalized system of tracking network components and managing the
component’s lifecycle
• Prepare
o Budget for the items and gather requirements
• Plan
o Determine what components to acquire
• Design
o Determine the best configuration for the devices
• Implement
o Purchase, install, and configure the devices
• Operate
o Maintain operations and support on a daily basis
• Optimize
o Improve the network design through new devices
o Create a Baseline
▪ Collection of data under normal operating conditions
▪ Useful during comparison when troubleshooting network issues
▪ How do you know if your network is running normally if you don’t know
what normal is?
o Cable Management
▪ Process of documenting the network’s existing cable infrastructure
• Diagrams
• Cable labeling
• Locations of punch-down blocks
• Source cable locations
• Destination cable locations
▪ Using standard naming conventions are considered a best practice
• HR_D_RM102_0012
• IT_L_RM205_0004
o Change Management
▪ Coordinated system to account for upgrades, installs, and network
outages
▪ Simple router or switch upgrades may cause unwanted downtime. They
must be pre-coordinated

[Link] 136
 CompTIA Network+ (Study Notes)

▪Consider downtime, impacts, and vulnerabilities that may

be introduced
o Network Documentation
▪ Document the network appropriately
▪ Keep materials up-to-date
▪ Includes
• Contact Information of administrators
• Policies
• Network maps and diagrams
• Documentation (vendors, warranties, ...)
• Wiring schematics
• Standard Operating Procedures and Instructions

[Link] 137
 CompTIA Network+ (Study Notes)

Troubleshooting
• Troubleshooting Methodology
o Troubleshooting Methodology
▪ Troubleshooting occurs through a three-step process

o Problem Report
▪ Issues are reported either by the end user, by administrators, or by
automated systems
o Problem Diagnosis
▪ Majority of a troubleshooter’s efforts are spent diagnosing the problem

o Problem Resolution
▪ Occurs once the problem is fixed
▪ Notate it in your trouble ticket system
▪ Verify user is happy with the resolution
o Why Use A Structured Approach to Troubleshooting?
▪ Using a structured approach saves time and is repeatable
▪ Prevents the technician from “hunting and pecking” for the solution
▪ Many approaches that could be used but for the Network+ exam you
must use CompTIA’s methodology

[Link] 138
 CompTIA Network+ (Study Notes)

o CompTIA’s Troubleshooting Methodology

• Troubleshooting (Layer 1)
o Network Troubleshooting
▪ Resolving network issues is one of the main roles of a network
administrator
▪ Network Issue Categories
• Physical Layer
• Data Link Layer
• Network Layer
• Wireless Network
o Physical Layer
▪ If the physical layer isn’t working, none of the other layers will either!
▪ Common Issues:
• Bad cables or connectors
• Cable placement
• Distance limitations exceeded
• Splitting pairs in a cable
• EMI interference/Cross talk
• Transposed Tx/Rx
o Bad Cables or Connectors (Physical Layer)
▪ Faulty cables or connectors
▪ Wrong category of cable for the purpose
o Cable Placement (Physical Layer)
▪ Too close to high voltage cables, generators, motors or radio transmitters
o Distance Limits Exceeded (Physical Layer)
▪ Exceeding the Ethernet distance limitations can degrade the transmission
▪ Remember, always be less than 100 meters for copper cabling (CAT 5, 5e,
6, 6a, 7)

[Link] 139
 CompTIA Network+ (Study Notes)

▪ If running high bandwidth applications (like 4k video), then keep it under

70 meters
o Splitting Pairs in a Cable (Physical Layer)
▪ Ethernet only uses 2 pairs of the cable
• 4 of 8 wires used
▪ Technicians sometimes use other pairs to create a second jack instead of
running new cables
▪ Leads to nonstandard wiring of the jack and possible EMI/crosstalk
o EMI Interference/Crosstalk (Physical Layer)
▪ Can be caused by cable placement
• Cables over florescent lights, in same cable tray as electrical wires,
etc.
▪ Caused by crosstalk inside the wire bundles
▪ Shielded cables can alleviate this problem
o Transposed Tx/Rx (Physical Layer)
▪ Medium Dependent Interface Crossover (MDIX) allows a switch port to
configure itself as a crossover or normal port
▪ Older switches don’t support MDIX and require a crossover cable
▪ With fiber cables, each fiber is Tx or Rx
• Troubleshooting (Layer 2)
o Data Link Layer
▪ Understanding the Layer 2 operations is critical to troubleshooting many
LAN issues
▪ Common Issues:
• Bad module
• Layer 2 loops
• Port misconfiguration
• VLAN configuration
o Bad Module (Data Link Layer)
▪ Modular interfaces can be swapped out and replaced
o Layer 2 Loop (Data Link Layer)
▪ If Spanning Tree Protocol (STP) fails, a spanning-tree loop can result and
cause a broadcast storm
▪ Misconfigured STP can cause traffic to take a suboptimal path causing
network degradation
o Port Misconfiguration (Data Link Layer)
▪ Mismatched speed, duplex, or MDIX settings on a switch port to a
workstation can result in slow or no communication
o VLAN Configuration (Data Link Layer)
▪ Traffic must be routed between VLANs

[Link] 140
 CompTIA Network+ (Study Notes)

▪ All devices in the same VLAN should be on the same subnet

• Troubleshooting (Layer 3)
o Network Layer
▪ Understanding the Layer 3 routing is crucial to troubleshooting many LAN
and WAN issues with routing, subnetting, and services like DNS
▪ Common Issues:
• Duplicate IP address
• Incorrect default gateway
• Incorrect DNS configuration
• Mismatched MTU
o Duplicate IP Address (Network Layer)
▪ Two hosts with same IP address can cause unpredictable behavior in the
network
o Incorrect Default Gateway (Network Layer)
▪ Host will be unable to communicate with devices that are outside of the
local subnet
o Incorrect DNS Configuration (Network Layer)
▪ Host will be unable to browse the Internet using domain names
o Mismatched MTU (Network Layer)
▪ Maximum Transmission Units (MTU) defines the largest packet size the
router’s interface will forward
▪ If MTU is too small, packets will be dropped
• Default is usually 1500 bytes
▪ This is a common issue with VPN tunneling in Site to Site since packets
are “wrapped” with an additional header…
• Troubleshooting (Wireless)
o Wireless Troubleshooting
▪ Troubleshooting wireless networks can require a variety of skill sets
• Layer 1, 2, and 3 issues can occur
• Radio frequency (RF) conflicts
• Placement of Access Points
• Signal strength issues
o Radio Frequency Issues (Wireless)
▪ Radio frequency interference (RFI) from cordless phones, baby monitors,
microwaves, and other wireless networks
▪ Solution
• Pick an unused channel in the 2.4 Ghz spectrum
• Upgrade the network to 5 Ghz spectrum
• Determine the best placement of your WAP

[Link] 141
 CompTIA Network+ (Study Notes)

o Misconfiguration of Devices (Wireless)

▪ Variety of wireless settings must match between the client and the access
point for communication to be successful
▪ Solution
• Verify SSID
• Verify channel
• Verify encryption
o Incorrect Placement of AP (Wireless)
▪ Coverage areas should overlap but not with the same channel numbers
• 2.4 GHz should use Channels 1, 6, 11
• 5 Ghz need 2 cells between channel overlap
• Troubleshooting Problems
o Problem #1

o Problem #2

[Link] 142
 CompTIA Network+ (Study Notes)

o Problem #3

o Problem #4

[Link] 143
 CompTIA Network+ (Study Notes)

Networking Tools and the Command Line

• Networking Tools (Part 1)
o Networking Tools
▪ Physical cabling still serves as the backbone of networks even with
wireless networking
▪ Many network problems can be reduced through proper installation and
configuration
▪ Multiple hardware and software tools are available to help diagnose,
isolate, and resolve network issues
▪ It is important to understand the various tools, management devices, and
protocols in use by network technicians
o Electrostatic Discharge (ESD) Strap
▪ Allows static buildup in your body to be discharged into a grounded
object instead of damaging the electrical components
▪ Static discharge can be several thousands of volts but at low amperage
• Humans aren’t injured by the shock
• Circuit boards and components can be destroyed
o Multimeter
▪ Used with copper cabling to verify continuity, resistant, amperage, or
voltage
• Can be used to verify a cable is broken or not by checking
resistance
▪ Used to test source power to a device or device’s own power supply
• US (115-125 VAC)
• Europe (230-240 VAC)
o Loopback
▪ Connects transmit pins (or fibers) to receive pins (or fiber) to test a
network interface
• Ethernet Pinout
o Pins 1 to 3 (Tx+ to Rx+)
o Pins 2 to 6 (Tx- to Rx-)
• Fiber
o Transmit fiber to Receive fiber
▪ Used with diagnostic software to
test Ethernet connectivity of a client
o Crimper
▪ Used to attach a connector to the cable’s end
▪ Allows technicians to make cables of varying lengths instead of a
standard size

[Link] 144
 CompTIA Network+ (Study Notes)

▪ Physically crimps the plastic

connector to a cable
• RJ-45 for networks
• RJ-11 for phones
o Cable Tester
▪ Verifies continuity for each wire in the cable to ensure there are no
breaks
▪ Verifies the pinouts of the connectors
▪ Different testers for
different cable types
o Cable Certifier
▪ Used with existing cable to determine its category or test data
throughput
• Cat 3, Cat 5, Cat5e, Cat 6, Cat 7, …
▪ Identifies the frequency range supported by a cable to determine data
throughput
▪ Can be used to determine length of cable and if the cable is
crimped properly
o Punch-Down Tool
▪ Used to terminate wires on a punch-down block without stripping off the
insulation
▪ Used with 66 block or 110 block, network jacks, and patch panels
o Butt Set
▪ Test equipment tools used by telephone technicians to check for dial
tone or verify that a call can be placed from the line
▪ Limited use for network technicians, unless you are working on DSL line
▪ Can connect to a punch-down block to connect to telephone line using
alligator clips
o Toner Probe
▪ Allows technicians to generate a tone at one end of a connection and use
the probe to audibly detect the wire pair connected to the tone
generator
▪ Often called a “Fox and Hound”
• Fox is a tone generator
• Hound is a toner probe
o Time Domain Reflectometer (TDR)
▪ Locates breaks in copper cables and provide an estimate of severity and
distance to break
▪ Optical Time Domain Reflectometer (OTDR) is used like a TDR, but for
fiber-optic cables

[Link] 145
 CompTIA Network+ (Study Notes)

• Networking Tools (Part 2)

o Speed Test Sites
▪ Verifies throughput from client to Internet
▪ Downloads a random large file from the test server and uploads the file
to server
• Transfers are timed to determine connection speed
• Uses Ping to determine latency
▪ Determines overall connection speed to the Internet
o Throughput Tester
▪ Network appliance that typically has multiple network interfaces and can
generate high volumes of pseudo-random data for wired and wireless
networks
▪ Used on prototype networks to observe how the network performs
under heavy load
▪ Used on production networks to determine the actual throughput of the
existing network
o Bit-Error Rate Tester (BERT)
▪ Generates patterns at one end of a link and analyzes the received
patterns for errors
▪ Bit Error Rate (BER) is a common measurement to test networks
• BER = Bit Errors/Bits Transferred
▪ Useful tool when troubleshooting interferences on a cable or fiber
o Environmental Monitoring
▪ Send alerts if the temperature or humidity in a room changes
above/below configured level
▪ Monitoring of
• Temperature
• Humidity
• Power
• Air Flow
o Protocol Analyzer
▪ Traffic can be captured from the network and then reviewed for
problems in the communication between devices
▪ Also known as a network sniffer
▪ Standalone device or simply software running on a laptop
• Wireshark
• Ethereal
o Wireless Analyzer
▪ Specialized software that can conduct wireless surveys to ensure proper
coverage and prevent non-desired overlap

[Link] 146
 CompTIA Network+ (Study Notes)

o Looking Glass Sites

▪ Allows users to connect to view the routing information from a server’s
perspective
▪ Useful with BGP router configuration
o Remote Connectivity Software
▪ Enables you to access a network client via a PC that is located on a
remote network
▪ Examples
• Microsoft Remote Desktop Connection
• RealVNC
• GoToMyPC
• Windows Command Line Tools
o Command Line Tools
▪ Used to configure and troubleshoot networks by issuing text-based
commands at an operating system prompt
▪ Commands can be used on either clients or servers
▪ Commands can be specific to your version of the operating system
(Windows 10, Server 2016, etc.)
o Accessing the Command Line
▪ Microsoft Windows Operating Systems allow you to quickly access the
Command Prompt by pressing “Windows Key + R”.
▪ In Windows 7 or older, click START then Run, and type CMD <enter>
▪ In Windows 8 or newer, press your Windows key, then type CMD <enter>
o arp (Address Resolution Protocol)
▪ Shows the MAC address (Layer 2) for a known IP address (Layer 3)
• arp –a
o Displays the current ARP table on your computer
• arp –d [Link]
o Deletes the ARP mapping for [Link] on all interfaces
• arp –s [Link] 00-AA-BB-4F-5C-23
o Adds a static ARP entry to force the IP provided to resolve
to the MAC address provided
o ipconfig (IP Configuration)
▪ Displays IP (Internet Protocol) address configuration parameters on a
Windows PC
• ipconfig /all
o Provides additional configuration information
• ipconfig /release
o Releases a DHCP IP address from the PC
• ipconfig /renew

[Link] 147
 CompTIA Network+ (Study Notes)

o Requests an IP address from DHCP server

o ping
▪ Used to check IP connectivity between two devices, most often for
network troubleshooting
• ping [Link]
o Stops pinging after 4 pings (default)
• ping –n 10 [Link]
o Ping 10 times, then stop
• ping –t [Link]
o Ping forever (until user types CTRL+C)
• ping –6 [Link]
o Ping using IPv6 addresses
o tracert
▪ Displays the path between your device (the source) and the destination
IP address, showing each route hop along the path
• tracert [Link]
o Displays the routers between your computer and the
computer at [Link]
• tracert [Link]
o Displays the routers between your computer and the
computer at [Link]
• tracert -6 [Link]
o Traces the route using IPv6
o nbtstat
▪ Displays NetBIOS information for IP-based networks
▪ Displays a listing of the NetBIOS device names learned by the PC
• nbtstat –a <IP>
o Displays the NetBIOS table of the remote PC provided in
<IP>
• nbtstat –c
o Displays a PC’s NetBIOS name cache on the local computer
o netstat (Network Statistics)
▪ Displays information for IP-based connections on a PC including current
sessions, source and destination IP addresses, and port numbers
• netstat –a
o Displays all connections and listening ports
• netstat –n
o Displays addresses and port numbers in numerical form
• netstat –s

[Link] 148
 CompTIA Network+ (Study Notes)

o Displays statistics for connections by protocol type (IPv4

and IPv6, TCP, UDP, and ICMP)
o nslookup (Name Server Lookup)
▪ Resolves a fully qualified domain name (FQDN) to an IP address
• nslookup [Link]
o Non-interactive mode, provides IP address for a given
domain name
• nslookup <enter>
o Loads interactive mode, allows for detailed control of the
environment, including which name server to use for
name resolution/lookup
o Type server <name> to change which name server is used
for lookup
o Type exit to leave interactive mode
o route
▪ Used to change or display the contents of the PC’s current IP routing
table
• route print
o Displays the contents of the IP routing table
• route delete [Link]
o Deletes an entry from the IP routing table with IP
[Link]
• route add [Link] [Link]
o Adds a routing from [Link] to [Link]
• UNIX Command Line Tools
o What is UNIX?
▪ UNIX is implemented in various operating systems, including UNIX, BSD,
Linux, and Macintosh OSX
▪ Command syntax between UNIX and Windows is often slightly different
▪ UNIX maintains manual pages in the OS, making it easy to get help from
the terminal prompt (# or $)
▪ HOSTNAME# man command
o Command Line Tools
▪ Used to configure and troubleshoot networks by issuing text-based
commands at an operating system prompt
▪ Commands can be used on either clients or servers
▪ Commands can be specific to your version of the operating system (UNIX,
BSD, OS X, or Linux variant)
o Accessing the Command Line
▪ In Linux or Unix, you often begin at the command line interface

[Link] 149
 CompTIA Network+ (Study Notes)

▪ If you have a GUI, look for the terminal icon

▪ In OS X, open spotlight and type Terminal, or go to the Utilities folder
under Applications and find Terminal
o arp (Address Resolution Protocol)
▪ Shows the MAC address (Layer 2) for a known IP address (Layer 3)
• arp –a
o Displays the current ARP table on your computer
• arp –d [Link]
o Deletes the ARP mapping for [Link] on all interfaces
• arp –s [Link] 00-AA-BB-4F-5C-23
o Adds a static ARP entry to force the IP provided to resolve
to the MAC address provided
o ifconfig (Interface Configuration)
▪ Displays IP (Internet Protocol) address configuration parameters on a
UNIX machine
• ifconfig -a
o Provides additional configuration information
• ifconfig down
o Turn off the network adapter
• ifconfig up
o Turn on the network adapter
o ping
▪ Used to check IP connectivity between two devices, most often for
network troubleshooting
▪ Similar to Windows version, except it runs forever by default (like –t in
Windows)
• ping [Link]
o Ping forever (until user types CTRL+C)
• ping –c 10 [Link]
o Ping 10 times, then stops automatically
• ping –6 [Link]
o Ping using IPv6 addresses
o traceroute
▪ Displays the path between your device (the source) and the destination
IP address, showing each route hop along the path
• traceroute [Link]
o Displays the routers between your computer and the
computer at [Link]
• traceroute [Link]

[Link] 150
 CompTIA Network+ (Study Notes)

o Displays the routers between your computer and the

computer at [Link]
• traceroute -6 [Link]
o Traces the route using IPv6
o netstat (Network Statistics)
▪ Displays information for IP-based connections on a PC including current
sessions, source and destination IP addresses, and port numbers
• netstat –a
o Displays all connections and listening ports
• netstat –n
o Displays addresses and port numbers in numerical form
• netstat –s
o Displays statistics for connections by protocol type (IPv4
and IPv6, TCP, UDP, and ICMP)
o nslookup and host (Name Server Lookup)
▪ Resolves a fully qualified domain name (FQDN) to an IP address
• nslookup [Link]
o Non-interactive mode, provides IP address for a given
domain name
• host [Link]
o Host works like nslookup, except it only provides a single
line response with the address
o Dig (Name Server Lookup)
▪ Resolves a fully qualified domain name (FQDN) to an IP address and
provides even more detailed information than nslookup
▪ dig has no interactive mode
• Dig –t mx [Link]
o Looks up the mail records (mx) for [Link]
o route
▪ Used to change or display the contents of the PC’s current IP routing
table
• route
o Displays the contents of the IP routing table
• route -n
o Displays the content of the IP routing table, including the
default gateway

[Link] 151