n

tio

ua

al

Ev
se

U
y
nl

O
CompTIA Network+ Certification
Support Skills (Exam N10-005)

Study Notes
G523eng ver073

Acknowledgements
Course Developer............................................................ gtslearning
Editor ....................................................................... James Pengelly
This courseware is owned, published, and distributed by
gtslearning, the world's only specialist supplier of CompTIA
learning solutions.

www.gtslearning.com

+44 (0)20 7887 7999 +44 (0)20 7887 7988

Unit 127, Hill House, 210 Upper Richmond Road,
London SW15 6NP, UK

al

Ev

sales@gtslearning.com

COPYRIGHT

ua

This courseware is copyrighted 2013 gtslearning. Product images are the copyright of the
vendor or manufacturer named in the caption and used by permission. No part of this courseware
or any training material supplied by the publisher to accompany the courseware may be copied,
photocopied, reproduced, or re-used in any form or by any means without permission in writing

tio

from the publisher. Violation of these laws will lead to prosecution.

All trademarks, service marks, products, or services are trademarks or registered trademarks of
their respective holders and are acknowledged by the publisher.
LIMITATION OF LIABILITY

Every effort has been made to ensure complete and accurate information concerning the material
presented in this course. Neither the publisher nor its agents can be held legally responsible for

any mistakes in printing or for faulty instructions contained within this course. The publisher
appreciates receiving notice of any errors or misprints.

se

Information in this course is subject to change without notice. Companies, names, and data used
in examples herein are fictitious unless otherwise noted.

Where the course and all materials supplied for training are designed to familiarize the user with
the operation of software programs and computer devices, the publisher urges the user to review
the manuals provided by the product vendor regarding specific questions as to operation.

There are no warranties, expressed or implied, including warranties of merchantability or fitness

for a particular purpose, made with respect to the materials or any information provided herein.
Neither the author nor publisher shall be liable for any direct, indirect, special, incidental, or

y
nl

consequential damages arising out of the use or the inability to use the contents of this course.

Warning

All gtslearning products are supplied on the basis of a single copy of a course per

student. Additional resources that may be made available from gtslearning may only be used in
conjunction with courses sold by gtslearning. No material changes to these resources are

permitted without express written permission from gtslearning. These resources may not be used
in conjunction with content from any other supplier.
If you suspect that this course has been copied or distributed illegally,
please telephone or email gtslearning.

Table of Contents

Table of Contents
Course Introduction

Table of Contents .......................................................................................... iii

About This Course ....................................................................................... viii
Module 1 / Network Media and Devices

Ev

Module 1 / Unit 1
Topologies and the OSI Model

al
Module 1 / Unit 2
Cabling and Connectors

tio

ua

Key Features of Networks ............................................................................. 3

Clients and Servers ....................................................................................... 7
Network Topologies ..................................................................................... 10
The OSI Model ............................................................................................ 16
Physical Layer ............................................................................................. 19
Data Link Layer ........................................................................................... 20
Network Layer ............................................................................................. 22
Upper Layers ............................................................................................... 23
OSI Model Summary ................................................................................... 25
TCP/IP Protocol Suite.................................................................................. 26
32

Module 1 / Unit 3
Ethernet

se

Selecting Network Cable ............................................................................. 32

Twisted Pair Cable (UTP / STP / ScTP)....................................................... 33
Other Copper Cable Types .......................................................................... 36
Fiber Optic Cable ........................................................................................ 38
Repeaters.................................................................................................... 42
Media Converters ........................................................................................ 43
45

y
nl

IEEE 802 Standards .................................................................................... 45

Media Characteristics .................................................................................. 46
Media Access Control.................................................................................. 49
Ethernet (IEEE 802.3) ................................................................................. 52
Ethernet Media Specifications ..................................................................... 54
MAC Addressing ......................................................................................... 58
Address Resolution Protocol (ARP) ............................................................. 60
Network Adapters ........................................................................................ 63
Protocol Analyzer ........................................................................................ 67

Page iii
2013 gtslearning

Table of Contents

Module 1 / Unit 4
Bridges and Switches

70

Hubs and Bridges ........................................................................................ 70

Switches ...................................................................................................... 73
Configuring a Switch .................................................................................... 76
Power over Ethernet (PoE) .......................................................................... 79
Virtual LANs (VLAN) .................................................................................... 80
Spanning Tree Protocol (STP) ..................................................................... 82

Ev

Module 1 / Summary
Network Media and Devices

85

Module 2 / Addressing and Routing

87

al

Module 2 / Unit 1
Internet Protocol

ua

89

tio

Internet Protocol Basics ............................................................................... 89

Subnet Masks.............................................................................................. 92
Configuring TCP/IP...................................................................................... 94
ipconfig / ifconfig .......................................................................................... 97
IP Routing Basics ........................................................................................ 99
ICMP and ping ........................................................................................... 101

Module 2 / Unit 2
Addressing Schemes

106

se

Module 2 / Unit 3
DHCP, APIPA, and NTP

IP Addressing Schemes ............................................................................ 106

Creating Subnets ....................................................................................... 108
Public Internet Addressing ......................................................................... 112
115

Static versus Dynamic IP Addressing ........................................................ 115

Configuring DHCP ..................................................................................... 118
Network Time Protocol (NTP) .................................................................... 121
123

y
nl

Module 2 / Unit 4
IPv6

IPv6 Address Format ................................................................................. 123

IPv6 Addressing Schemes ......................................................................... 125
Module 2 / Unit 5
Routing

129

Routing Basics .......................................................................................... 129

Routing Algorithms and Metrics ................................................................. 132
Routing Protocols ...................................................................................... 134
Installing and Configuring Routers ............................................................. 141
Routing Troubleshooting Tools .................................................................. 144
Internet Group Management Protocol ........................................................ 147
Page iv
2013 gtslearning

Table of Contents

Module 2 / Summary
Addressing and Routing

149

Module 3 / Network Applications

151

Module 3 / Unit 1
Transport Protocols

153

Ev

Transmission Control Protocol (TCP) ........................................................ 153

User Datagram Protocol (UDP) ................................................................. 156
TCP/IP Ports ............................................................................................. 157
Port Scanners............................................................................................ 158

al

Module 3 / Unit 2
Name Resolution

161

ua

Host Names............................................................................................... 161

Name Resolution Methods ........................................................................ 163
Configuring DNS Servers .......................................................................... 166
Name Resolution Troubleshooting............................................................. 168

tio

Module 3 / Unit 3
Internet Applications

172

TCP/IP Services ........................................................................................ 172

World Wide Web (HTTP) ........................................................................... 173
File Transfer Protocol (FTP) ...................................................................... 176
Email (SMTP / POP3 / IMAP4) .................................................................. 178
Conferencing and VoIP Protocols .............................................................. 183
186

se

Module 3 / Unit 4
WAN Technologies

211

y
nl

Module 3 / Unit 5
Remote Access

WAN Basics .............................................................................................. 187

Telecommunications Networks .................................................................. 190
Modern Telecommunications Networks ..................................................... 194
Packet-switched WAN Services................................................................. 197
Local Loop Services .................................................................................. 200
Installing Modems ..................................................................................... 207

Remote Connectivity Protocols .................................................................. 211

Virtual Private Networks ............................................................................ 215
Remote Access Servers ............................................................................ 221
Module 3 / Summary
Network Applications

225

Page v
2013 gtslearning

Table of Contents

Module 4 / Network Security

227

Module 4 / Unit 1
Security Fundamentals

229

Module 4 / Unit 2
Security Appliances

254

al

Ev

Security Basics .......................................................................................... 229

Social Engineering..................................................................................... 230
Malware ..................................................................................................... 233
Network Reconnaissance .......................................................................... 236
Network Attack Strategies ......................................................................... 240
Policies and Procedures ............................................................................ 246
Patch Management ................................................................................... 249
Training ..................................................................................................... 251

tio

ua

Secure Network Topologies ....................................................................... 254

Network Address Translation ..................................................................... 259
Firewalls .................................................................................................... 262
Proxy Servers and Gateways .................................................................... 268
Intrusion Detection Systems ...................................................................... 272
Vulnerability Assessments and Pentests .................................................. 276
Module 4 / Unit 3
Authentication

279

Authentication Technologies ...................................................................... 279

Encryption and PKI .................................................................................... 281
Local Authentication Protocols................................................................... 286
Remote Authentication Protocols............................................................... 288
Network Access Control ............................................................................ 292

se

Module 4 / Unit 4
Installing Wireless Networks

296

Wi-Fi (IEEE 802.11)................................................................................... 296

Setting Up a Wireless Network .................................................................. 300
Wireless Security ....................................................................................... 307
Wireless WANs ......................................................................................... 311
315

y
nl

Module 4 / Summary
Network Security

Page vi
2013 gtslearning

Module 5 / Management, Monitoring, Troubleshooting

Module 5 / Unit 1
Configuration Management

Table of Contents

317

319

Change and Configuration Management ................................................... 319

Documentation .......................................................................................... 321
Module 5 / Unit 2
Installing Wired Networks

328

Ev

ua

al

Wiring Standards ....................................................................................... 328

Wiring Distribution ..................................................................................... 330
Distribution Frames ................................................................................... 335
Wiring Schemes ........................................................................................ 340
Installing WAN Links.................................................................................. 342
Cable Testing Tools................................................................................... 344
Planning a SOHO Network Installation ...................................................... 348
Module 5 / Unit 3
Deploying Virtual Networks

352

tio

Virtualization Technologies ........................................................................ 352

Virtual Platform Applications ...................................................................... 354
Cloud Computing ....................................................................................... 359

Module 5 / Unit 4
Monitoring and Management Tools

363

Module 5 / Unit 5
Network Troubleshooting

se

Performance Management Appliances ...................................................... 363

High Availability Appliances ....................................................................... 368
Network Monitoring Utilities ....................................................................... 373
Logs .......................................................................................................... 377
Simple Network Management Protocol ...................................................... 379
Remote Administration Tools ..................................................................... 382
388

Module 5 / Summary
Management, Monitoring, Troubleshooting

Index

y
nl

Troubleshooting Procedures...................................................................... 388

Troubleshooting Common Connectivity Scenarios .................................... 396
Troubleshooting Intranetworking Infrastructure .......................................... 400
Troubleshooting Configuration Issues ....................................................... 404
Troubleshooting Internetworking Infrastructure .......................................... 409
Troubleshooting Services .......................................................................... 412
417

419

Page vii
2013 gtslearning

About This Course

About This Course

Who Should Follow This Course?
This course is designed for new or intending network support technicians
wishing to qualify with CompTIA Network+ Certification. It is also suitable for
experienced technicians who require an industry-backed credential that
validates their skills and knowledge.

al

Ev

The CompTIA Network+ certification ensures that the successful candidate

has the important knowledge and skills necessary to manage, maintain,
troubleshoot, install, operate and configure basic network infrastructure,
describe networking technologies, basic design principles, and adhere to
wiring standards and use testing tools.

ua

CompTIA website

What are the Course Prerequisites?

tio

You should have the following skills and experience prior to attending the
course:
Taken and passed both CompTIA A+ Certification exams or have
equivalent knowledge and experience.

Six months to one year of post A+ Certification support experience.

Experience of supporting end-users and PC-based systems.

Course Outcomes

se

Optionally, you can take a prerequisites test to check that you have the
knowledge required to study this course at the gtslearning Freestyle site
accompanying this study guide (see below for details on registering).

This practical "hands-on" course will teach you the fundamental principles of
installing and supporting networks. On course completion, you will be able to:

2013 gtslearning

y
nl

Page viii

Describe the features of different network protocols and products for LANs,
WANs, and wireless networks.

Understand the functions and features of TCP/IP addressing and protocols.

Identify threats to network resources and appropriate security

countermeasures.

Install and configure network cabling and appliances.

Manage, monitor, and troubleshoot networks.

About This Course

How Certification Helps Your Career

The main aim of this course is to help to prepare you for CompTIA's Network+
Certification Essentials exam (exam code N10-005).
Certification proves you have the knowledge and skill to solve business
problems in virtually any business environment. Certifications are highly valued
credentials that qualify you for jobs, increased compensation, and promotion.

tio

ua

al

Ev
Benefits of certification

se

The CompTIA Network+ credential proves knowledge of networking features

and functions and is the leading vendor-neutral certification for networking
professionals. Worldwide, more than 325,000 individuals are CompTIA
Network+ certified and 21% of IT staff within a random sampling of US
organizations within a cross section of industry verticals hold Network+
Certification. Network+ is mandated or recommended by organizations such as
Apple, Cisco, HP, Ricoh, the U.S. State Department, and U.S. government
contractors such as EDS, General Dynamics, and Northrop Grumman.

CompTIA Career Pathway

y
nl

Indeed, CompTIA Network+ is the first step in starting a networking career, and
is recognized by Microsoft as part of their MS program. Other corporations,
such as Novell, Cisco and HP also recognize CompTIA Network+ as part of
their certification tracks.

Completing this course will help you to pursue a career in network support, in
job roles such as network administrator, network technician, network installer,
help desk technician and IT cable installer.

CompTIA offers a number of credentials that form a foundation for your career
in technology and allow you to pursue specific areas of concentration.
Depending on the path you choose to take, CompTIA certifications help you
build upon your skills and knowledge, supporting learning throughout your
entire career.

Page ix
2013 gtslearning

About This Course

Study of the course can also help to prepare you for vendor-specific technical
support qualifications and act as groundwork for more advanced training.
Other qualifications available include:
Cisco Certified Network Associate (CCNA) - a foundation-level
certification of competency in Cisco networking appliance installation and
configuration.

Microsoft Certified Solutions Expert (MCSE) - Windows-specific

qualifications covering support and design of client and server
infrastructure, as well as other Microsoft technologies.

tio

ua

al

Ev

se

U
Corporations such as Novell, Cisco, and HP also recognize CompTIA
Network+ as part of their certification tracks.

Help Desk Support Analyst - The Help Desk Analyst certification series,
administered by the Help Desk Institute (www.thinkhdi.com), certifies
learners' customer service and Help Desk management skills. Various
levels of certification are available, including Customer Support Specialist,
Help Desk Analyst and Help Desk Manager.

y
nl

Page x
2013 gtslearning

About This Course

About the Course Material

The course material has been prepared as an aid for your use throughout the
training course. You may keep this manual for your own reference after the
course is finished. We hope you will find the course material useful for future
reference.

Ev

The course comes in two parts. This "Study Notes" volume contains the main
text of the course for you to refer to in class and to review at home as you
prepare for the exam. The course text is divided into several modules, each
covering a different subject area. Each module is split into a series of units
containing related topics for study. Each unit has a set of review questions
designed to test your knowledge of the topics covered in the unit.

al

At the back of the "Study Notes" volume there is an index to help you look up
key terms and concepts from the course.

tio

ua

The accompanying "Labs and References" book contains a list of the CompTIA
certification objectives (and where in the study notes you can find useful
material to prepare for each objective), tips for taking the CompTIA exams, the
practical labs for you to complete in class, answers to the end of unit review
questions, and a glossary of terms and concepts used in computer support.

If you are viewing this course as an ebook, the "Labs and

References" volume is located after the index - use the bookmarks
panel to navigate between sections.

Integrated Video Training from Professor Messer

se

Professor Messer has long been a web hero for CompTIA certification
students. With professionally-produced lessons covering the full exam
objectives and online forums, Professor Messer is a trusted online source for
exam information. Professor Messer uses gtslearning's CompTIA certification
courseware to develop and record his popular video training sessions. Now
you can easily follow along with his video presentations using the links
provided in this course book. You can use the links in three ways:

y
nl

2) If you have a QR code scanner, point your camera at the

code to open it in your phone or tablet's browser.

1) If you have an ebook, just click the link to open the video
in your browser.

3) If you have a printed book but no scanner, enter gtsgo.to/ followed by

the code printed under the QR graphic into your browser. For example, to
access the code shown above and open gtslearning's home page, enter
gtsgo.to/pk28w.

We do endeavor to keep the video links up-to-date, but if you come

across a broken link, please email the link code (for example
"pk28w") to support@gtslearning.com and we will update it.

Page xi
2013 gtslearning

About This Course

Course Conventions and Icons

The following conventions have been used in this course. These are especially
useful for following the practical lab exercises.
Bullet and number lists - steps for you to follow in the course of completing
a task or hands-on exercise and review questions are indicated by
numbered bullet points. Other bullet points indicate learning objectives and
feature lists.

File and command selection - in the labs, files, applets, dialogs and other
information that is displayed on the screen by the computer is shown in
sans serif bold. For example: Click OK, Select Control Panel, and so on.

Sequences of commands - in the labs, a sequence of steps to follow to

open a file or activate a command are shown in bold with arrows. For
example, if you need to access the system properties in Windows, this
would be shown in the text by: Start > Control Panel > System.

ua

al

Ev

Commands - commands or information that you must enter using the

keyboard are shown in Courier New Bold. For example: Type
webadmin@somewhere.com. Courier New Bold-Italic represents some
sort of variable, such as your student number. For example, if your student
number is "5", you would follow the instruction ping 10.0.0.x by
entering ping 10.0.0.5.

Using the mouse - when instructed to click, use the main mouse button;
when instructed to alt-click, use the secondary button (that is, the button on
the right-hand side of the mouse, assuming right-handed use). Sometimes
you need to use both the keyboard and the mouse - for example,
Ctrl+click means hold down the Ctrl key and click the main mouse
button.

tio

Icon

se

The following symbols are used to indicate different features in the course
book:
Meaning

A tip or warning about a feature or topic.

y
nl

A reference to another unit, where more information

on a topic can be found.
A link to a Professor Messer video presentation.
Click or use a QR scanner to open the link or enter
gtsgo.to/ followed by the code printed under the
QR graphic into your browser.
Review questions to help test what you have
learned.
A hands-on exercise for you to practice skills
learned during the lesson.
Page xii
2013 gtslearning

About This Course

Freestyle Support Site

gtslearning's Freestyle support site hosts study resources such as a
prerequisites test and practice exam.

ua

al

Ev
Get tests and practice exams to accompany the course at gtslearning's Freestyle site

tio

1) Ask your training provider for the course enrollment key:

________________________
2) Visit the Freestyle site (gtsgo.to/oup4x) and click the Create new account
button.

n
se

U
y
nl

O
Creating an account

3) Complete the sign-up process. You will need to validate the account using
your email address.
4) When you have validated your account, open gtsgo.to/nu4g8 and log in if
necessary.
5) Enter your enrollment key to get access to the course resources.

Page xiii
2013 gtslearning

About This Course

Content Seal of Quality

This courseware bears the seal of CompTIA Official Approved Quality
Content. This seal signifies this content covers 100% of the exam objectives
and implements important instructional design principles. CompTIA
recommends multiple learning tools to help increase coverage of the learning
objectives. The contents of this training material were created for the CompTIA
Network+ Certification Essentials exam (exam code: N10-005) covering
CompTIA certification exam objectives that were current as of December
2011.

al

Ev
tio

ua

It is CompTIA's policy to update the exam regularly with new test

items to deter fraud and for compliance with ISO standards. The
exam objectives may therefore describe the current "Edition" of the
exam with a date different to that above. Please note that this
training material remains valid for the stated exam code, regardless
of the exam edition. For more information, please check the FAQs
on CompTIA's website (support.comptia.org).

Four Steps to Getting Certified

se

This training material can help you prepare for and pass a related CompTIA
certification exam or exams. In order to achieve CompTIA certification, you
must register for and pass a CompTIA certification exam or exams. In order to
become CompTIA certified, you must:
1) Review the certification objectives at
certification.comptia.org/Training/testingcenters/examobjectives.aspx to
make sure you know what is covered in the exam.

y
nl

2) After you have studied for the certification, take a free assessment and
sample test from CompTIA at
certification.comptia.org/Training/testingcenters/samplequestions.aspx to
get an idea what type of questions might be on the exam. You can also use
gtslearning's free practice tests on Freestyle (gtsgo.to/nu4g8).
3) Purchase an exam voucher on the CompTIA Marketplace, which is located
at www.comptiastore.com.

4) Select a certification exam provider and schedule a time to take your exam.
You can find exam providers at
certification.comptia.org/Training/testingcenters.aspx

Page xiv
2013 gtslearning

Visit CompTIA online - www.comptia.org to learn more about getting CompTIA

certified. Contact CompTIA - call 866-835-8020 ext. 5 or email
questions@comptia.org.

Module 1 / Network Media and Devices

Network Media and Devices

The following CompTIA Network+ domain objectives and examples are

covered in this module:
CompTIA Network+ Certification Domain Areas

Weighting
21%

2.0 Network Installation and Configuration

23%

3.0 Network Media and Topologies

17%

4.0 Network Management

20%

5.0 Network Security

19%

al

Ev

1.0 Network Technologies

Domain Objectives/Examples
1.1 Compare the layers of the OSI and TCP/IP models.
OSI model (Layer 1 - Physical, Layer 2 - Data link, Layer 3 Network, Layer 4 - Transport, Layer 5 - Session, Layer 6 Presentation, Layer 7 - Application) TCP/IP model
(Network Interface / Link Layer, Internet Layer, Transport
Layer, Application Layer
1.2 Classify how applications, devices, and protocols
relate to the OSI model layers.
MAC address IP address EUI-64 Frames Packets
Switch Router Multilayer switch Hub Encryption
devices Cable NIC Bridge
1.6 Explain the function of common networking
protocols.
TCP/IP suite
3.5 Describe different network topologies.
Point to point Point to multipoint Ring Star Mesh Bus
Peer-to-peer Client-server Hybrid
Unit 1.2 3.1 Categorize standard media types and associated
Cabling and properties.
Connectors Fiber (Multimode, Single mode) Copper (UTP, STP, CAT3,
CAT5, CAT5e, CAT6, CAT6a, Coaxial) Media converters
(Single mode fiber to Ethernet, Multimode fiber to Ethernet,
Fiber to Coaxial, Single mode to multimode fiber) Distance
limitations and speed limitations
3.2 Categorize standard connector types based on
network media.
Fiber (ST, SC, LC, MT-RJ) Copper (RJ-45, RJ-11, BNC, Fconnector, DB-9 [RS-232])

tio

ua

Refer To
Unit 1.1
Topologies
and the OSI
Model

se

y
nl

O
Page 1
2013 gtslearning

Module 1 / Unit 4

Module 1 / Unit 4

Bridges and Switches

Objectives
On completion of this unit, you will be able to:
Install and configure intranetworking components:

Hubs

Bridges

al

Ev

Switches

Describe the purposes and functions of VLANs.

Understand the use of STP to prevent switching loops.

tio

ua

Hubs and Bridges

Hubs and bridges are no longer widely deployed as standalone appliances but
as their role has been taken on by more advanced devices (such as Ethernet
switches) it is important to understand what basic functions they provide.

se

Hubs

Hubs are the central point of connection for Ethernet segments configured in a
star topology. Hubs act like a repeater so that every segment receives signals
sent from any other segment. Hubs are also known as multiport repeaters (or
concentrators). They work at the Physical layer of the OSI model.

All the ports on a hub are in the same collision domain.

y
nl

Fast Ethernet is restricted to using two hubs within a single network

but this restriction does not apply to a switched network. Gigabit
and 10G Ethernet require the use of switches.

Page 70
2013 gtslearning

Bridges and Switches

Bridges
A bridge is a device that provides communications between two or more
segments. Workstations on one segment are able to communicate with those
on another segment via the bridge. Like a repeater, a bridge extends the
maximum distance of network, but it may also be used to segment the network
and reduce traffic.

Ev

A bridge can be used to divide an overloaded network into separate segments.

Each of the segments experiences far lower traffic loads since the bridge only
passes signals from one segment to another if appropriate. Intrasegment
traffic (traffic between devices on the same segment) remains within this
segment and cannot affect the other segments.

ua

al

A bridge works most efficiently if the amount of intersegment traffic (traffic

between devices on different segments) is kept low.

Features of Bridges

tio

A network designer should try to follow the 80:20 rule, which states
that a well-designed network will keep 80% of traffic local (on the
same segment), with only the remaining 20% of traffic needing to
pass to another segment. They need to ensure clients (resource
users) and their associated servers (resource providers) are placed
on the same segment whenever possible.

The main features of a bridge are as follows:

Bridges work at the data link layer since they need to understand the MAC
addresses within frames.

Most bridges are only able to link segments of the same type (for example,
Ethernet to Ethernet).

Bridges can be used to link different cable types (such as coax and twisted
pair).

se

Segments on either side of a bridge are in separate collision domains.

y
nl

Segments on either side of a bridge are in the same broadcast domain

(packets that are destined for all hosts on the network).

Page 71
2013 gtslearning

Module 1 / Unit 4

Bridge Operation
A bridge works in the following manner.
1) Computer A sends a signal to computer D. Note that the frame contains a
source hardware address of MA and a destination hardware address of MD.
2) The bridge listens to all traffic on all attached segments (this is known as
promiscuous mode) and consequently it receives the signal at port 1.

Ev

3) The bridge reads the destination in the frame and, using its port address
table, determines the port to which the network card with hardware address
MD is attached. The bridge is able to locate the hardware address MD in its
port:MAC address table and transmits the signal out of port 2 only.

tio

ua

al

4) If no record of the hardware address exists or the frame is a broadcast or

multicast, then the bridge forwards the frame to all segments except for the
source segment (acting like a hub).

se

U
Bridge operation

y
nl

An Ethernet bridge builds the port address table in memory. When the bridge
is initialized, the bridging table is empty but information is constantly added as
the bridge listens to the connected segments. The bridge can enter a particular
hardware address against a port number in the bridging table by examining the
source hardware address on frames and noting the port that received the
frame. Entries are flushed out of the table after a period to ensure the
information remains current.

Page 72
2013 gtslearning

Bridges and Switches

Switches
Ethernet networks implemented with a bus or hubs rely on a contention-based
technology for accessing the network. Devices can only transmit on the
network when it is free. These opportunities become less frequent as more
devices are added to the network and the probability of collisions increases.

Ev

HP ProCurve 24-port switch

al

ua

These problems can be overcome by moving from this "shared Ethernet"

system to "switched Ethernet". This move involves the replacement of hubs
and bridges with switches. Switches have now almost completely replaced
legacy devices such as hubs and bridges. The use of switches is mandatory
for Gigabit Ethernet and Ethernet 10G.

tio

Switch Operation

An Ethernet (or LAN) switch performs the same sort of function as a bridge but
can provide many more ports (bridges only came with up to 4 ports). Each port
is a separate collision domain. In effect, the switch establishes a point-topoint link between any two network nodes. This is referred to as
microsegmentation. The basic mode of operation for a switch is referred to
as "store and forward". This works as follows:

1) Computer A transmits a frame intended for Computer B.

se

2) The switch receives the frame into a port buffer and obtains the destination
MAC address from the Ethernet frame. The port buffer holds frames until
they can be processed. The switch can also perform error checking on the
frame using the CRC.

3) The switch uses its MAC address table to look up the port connected to the
destination MAC address.

y
nl

4) The switch uses its high speed backplane to send the frame out on port 3
for computer B to receive (creating a temporary virtual circuit).
5) None of the other connected devices (such as, computer C) see any
activity on the network while this process takes place. Therefore, these
other devices are able to transmit and receive at the same time.

Page 73
2013 gtslearning

Module 1 / Unit 4

tio

ua

al

Ev
Switch operation

A switched network means that each port is in a separate collision domain.

Collisions can only occur if the port is operating in half duplex mode (if a legacy
network card is attached to it for instance) and even then collisions only affect
the segment between the port and that adapter; they do not slow down the
whole network.

se

As with a bridge though, traffic on all switch ports is in the same broadcast
domain, unless the switch is configured to use VLANs (see below).

y
nl

Building the MAC Address Table

There are many types of switches other than Ethernet switches (or
"basic switches"). Some are used to implement WANs (ATM and
SONET switching for instance) and some are used to forward
traffic at OSI layers 3 and above. The functions of these "multilayer
switches" are covered in Unit 5.4.

If a MAC address cannot be found in the MAC address table then the switch
acts like a hub and transmits the frame out of all the ports (except for the
incoming port). This is referred to as flooding. The switch builds the MAC
address table by analyzing incoming frames for a source MAC address. It can
then add a MAC address entry against the particular port number.
Entries remain in the MAC address table for a period before being flushed.
This ensures problems are not encountered when network cards (MAC
addresses) are changed.
Page 74
2013 gtslearning

The address table is implemented as Content Addressable Memory (CAM),

a special type of memory optimized for searching rather than random access.

Bridges and Switches

Switch Models

tio

ua

al

Ev

Switches from different vendors come in a variety of different ranges to support

various sizes of network. While a basic model might feature 12-48 ports and
little scope for expansion29, advanced switches support interconnections via
high speed backplanes and expandable capacity through plug-in modules plus
power supply redundancy, management consoles, and media converters for
fiber optic connectivity.

se

U
y
nl

HP ProCurve modular switch

The market is dominated by Cisco's Catalyst series (over 70% of sales by port)
but other notable vendors include HP (ProCurve), Nortel, Foundry, and 3Com.

29

Standalone switches can be connected together using uplink ports but this solution does not
scale well. The uplink port may run at the same speed as the standard ports or there may be an
option to use fiber optic (GBIC / SFP) connections.

Page 75
2013 gtslearning

Module 1 / Unit 4

Configuring a Switch
Some switches do not offer any configuration options or interface. These are
known as unmanaged switches. You just have to plug them in and they
operate automatically. These switches are usually inexpensive and are
intended only for home or small office use.

Filtering and QoS are covered in more detail in Unit 5.4.

al

Ev

Managed switches often support more complex functions, including

configuring VLANs, port authentication, load balancing, Quality of Service
(QoS), and traffic shaping, and filtering.

ua

These functions can be accessed via the switch's management interface. A

switch may support the following interfaces:
Console port - this requires connecting a terminal (a laptop for instance) to
the switch via a separate physical interface.

Management port - this means configuring an IP address on the switch to

use for management functions and connecting to it via one of the normal
Ethernet ports. Most switches support a browser-based interface as well as
a Command Line Interface (CLI).

SNMP - this enables the switch to be administered using network

management software.

tio

Autonegotiation

se

A switch may also support autoconfiguration using a DHCP server to obtain

addressing information and a TFTP server to obtain a configuration file.

y
nl

Switches normally support a range of Ethernet standards so that older and

newer network adapters can all be connected to the same network. In most
cases, the port on the switch is set to autonegotiate speed and full or half
duplex operation but a static configuration can be applied manually if
necessary.

See the section on Troubleshooting in Unit 5.5 for more information

about solving problems with switch port configurations.

Page 76
2013 gtslearning

Bridges and Switches

ua

al

Ev
Configuring port settings on a Dell switch

tio

Diagnostics

Most managed switches will provide diagnostic information through the

management interface.

se

U
y
nl

O
Diagnostic information on a Netgear switch

Depending on the model of switch, this may be as simple as numbers of

packets into and out of each port, along with numbers of errors, or may include
information such as graphs of throughput against time, or a breakdown of error
statistics by type.

Page 77
2013 gtslearning

Module 1 / Unit 4

MAC Address Filtering

Ev

MAC filtering means specifying which MAC addresses are allowed to connect
to a particular port. This can be done by specifying a list of valid MAC
addresses but this "static" method is difficult to keep up-to-date and relatively
error-prone. Some switch models allow you to specify a maximum number of
permitted addresses and automatically learn a set number of valid MAC
addresses. For example, if port security is enabled with a maximum of two
MAC addresses, the switch will record the first two MACs to connect to that
port but then drop any traffic from machines with different network adapter IDs
that try to connect.

al

Port Mirroring

tio

ua

Unlike a hub, a switch forwards unicast traffic only to the specific port
connected to the intended host. This prevents sniffing of unicast traffic by hosts
attached to the same switch. There are circumstances in which capturing and
analyzing network traffic is legitimate activity however and port mirroring
provides the facility to do this. Port mirroring30 copies all packets sent to one or
more source ports to a mirror (or destination) port.

se

U
O

Configuring port mirroring on a Dell switch

y
nl

The mirror port would be used by management or monitoring software (such

as a Network Analyzer or Intrusion Detection System [IDS]). Either ingress or
egress traffic or both can be captured. Optionally, in order to avoid overloading
the monitoring system, packets may be filtered based on criteria such as layer
3 or 4 protocols.

Page 78
2013 gtslearning

30

On a Cisco switch, this is referred to as a Switched Port Analyzer (SPAN).

Bridges and Switches

Port mirroring demands a lot of processing and can lead to the

switch hardware becoming overloaded and consequently crashing.
If possible, trial any security solution that requires port mirroring
under typical loads before deploying it on a production network.

Power over Ethernet (PoE)

Ev

Power over Ethernet (PoE) or Power over LAN is a means of supplying

electrical power from a switch port over ordinary data cabling to a connected
powered device, such as a VoIP handset or wireless access point.

al

PoE is defined in two IEEE standards:

802.3af - powered devices can draw up to about 13W over the link31.

802.3at (PoE+) - powered devices can draw up to about 25 W32.

ua

PoE switches are referred to as Power Sourcing Equipment (PSE)33.

tio

Power can either be supplied over pairs 1/2 and 3/6 (referred to as Mode A or
"phantom power" as these are the ones also used for data in 10/100BASE) or
over 4/5 and 7/8 (Mode B). Gigabit Ethernet only uses the former method.

se

When a device is connected to a port on a PoE switch, the switch goes

through a detection phase to determine whether the device is PoE-enabled. If
not, it does not supply power over the port and therefore does not damage
non-PoE devices. If so, it determines the device's power consumption and sets
the supply voltage level appropriately.
Powering these devices through a switch is more efficient than using a wallsocket AC adapter for each appliance. It also allows network management
software to control the devices and apply schemes, such as making unused
devices go into sleep states and power capping.

y
nl

31

Power is supplied as 350mA@48V and limited to 15.4W but the voltage drop over the maximum
100 feet of cable results in usable power of around 13W.
32 Various proprietary schemes were used between the ratification of 802.3af and 802.3at.
33
If an existing switch does not support PoE, a device called a power injector can be used.

Page 79
2013 gtslearning

Module 1 / Unit 4

Virtual LANs (VLAN)

Virtual LAN simply means that through the use of switching technologies,
different groups of computers on the same cabling can appear to be in different
LANs, creating two or more VLANs. Conversely, hosts on different local
networks but connected via a WAN can be configured to be on the same
VLAN.

al

Ev

One benefit of VLANs is traffic management. Bridge devices only forward

traffic when needed, with the exception of broadcasts and multicasts. Routers
don't forward broadcasts and multicasts34. Both types of device can be used
for joining remote networks together and then also be used to manage the flow
of network traffic.

ua

A VLAN is described as a separate broadcast domain. A busy segment can be

broken into two distinct groups, each chatting amongst themselves. The
separation of these groups into separate VLANs will minimize the impact of
each groups' traffic on the other group.

tio

For example, ports 1 through 10 and 11 through 20 could be configured as two

separate VLANs, typically each with their own subnet address. Communication
between the groups of ports would be as if the traffic were being routed35.

se

U
Subnets and routing are covered in Module 2.

34

Page 80
2013 gtslearning

y
nl

VLAN

As a rule-of-thumb anyway; as mentioned elsewhere, some IPv4 routers do support multicast

but they would be deployed with the intention of doing so. IPv6 routers must support multicast but
broadcast traffic is eliminated completely. Under IPv6, VLANs will be deployed for security rather
than performance.
35 Port-based switching is the simplest means of configuring a VLAN (static VLANs). Others
(dynamic VLANs) include using the host's MAC address, protocol type, IP address, or even
authentication credentials.

From a security point-of-view, each VLAN can represent a separate security

zone. These zones would typically be configured to protect the integrity and
confidentiality of different departments within the organization. If something like
a virus or worm were introduced in one VLAN, it should not be able to spread
to other VLANs36.

Bridges and Switches

tio

ua

al

Ev
Configuring VLANs on a Dell switch using the web management interface

As well as representing organizational departments and/or overcoming

physical barriers between different locations, it is common practice to isolate
server-to-server traffic from client-server traffic and to isolate administration /
management traffic (channels used for inbound management of appliances
and servers). Another standard configuration option is to create a "null" VLAN
that is non-routable to the rest of the network. This VLAN is used for any ports
that do not have authorized connected equipment.

se

VLANs are defined by the IEEE 802.1Q standard. Cisco's proprietary InterSwitch Link (ISL) was once also widely used.

Construction of an 802.1Q Ethernet frame

y
nl

Under 802.1Q, traffic is identified by a VLAN tag inserted in the Ethernet frame
between the Source Address and Ethertype fields. The tag contains
information about the VLAN ID (from 1 to 4094) and priority (used for Quality of
Service [QoS] functions). The Ethertype value is set to identify the frame as
802.1Q.

Page 81
36

Malware can "hop" between VLANs if it is able to exploit some configuration weakness.

2013 gtslearning

Module 1 / Unit 4

VLAN Trunking Protocol

On a large network, one switch will not provide enough ports for all the hosts
that need to be connected to the network. This means that multiple switches
must be interconnected to build the network fabric. Multiple switches may also
be deployed to provide redundant links. The interconnections between
switches are referred to as trunks.

al

Ev

When VLANs are also configured on the switches, trunking means that a
VLAN can be configured across more than one switch device without having to
manually configure the VLANs on each device. The protocol governing this
data exchange would either be Cisco's VLAN Trunking Protocol (VTP) or
Generic Attribute Registration Protocol (GARP) VLAN Registration
Protocol (GVRP).

tio

ua

Under VTP, switches can be grouped into management domains, identified

by a domain name. Within these groups, switches are assigned the roles of
either VTP server or VTP client. Modifications to the VLAN topology of the
network can be made on any switch that has been assigned the VLAN server
role and these changes are replicated to all switches in the management
domain. In a small network with only a few switches, all switches may be
configured as VTP servers. However, in a large network it is more efficient to
limit the number of switches assigned this role.

Pruning refers to removing broadcasts related to particular VLANs from a

trunk to preserve bandwidth. If a particular VLAN is not associated with a given
trunk link, pruning it from the trunk reduces the amount of broadcast traffic
passing over the link.

se

Spanning Tree Protocol (STP)

y
nl

In a network with multiple bridges (implemented these days as switches and

routers), there may be more than one path for a frame to take to its intended
destination. As a layer 2 protocol, Ethernet has no concept of Time To Live.
Therefore, layer 2 broadcast traffic could continue to loop through the network
indefinitely. This situation is prevented using the Spanning Tree Protocol
(STP), defined in the 802.1D MAC Bridges standard. This is a means for the
bridges to organize themselves into a hierarchy. The bridge at the top of the
hierarchy is the root bridge. This can be selected automatically by the protocol
but the administrator can pre-determine metrics to make the choice of one
bridge over another more likely (unless the designated bridge happens to be
offline).
Each bridge then determines the path to the root bridge by exchanging
information with other bridges (Bridge Protocol Data Units [BPDU]).

Page 82
2013 gtslearning

Within each segment, each bridge then determines the bridge closest to the
root bridge and uses that bridge to forward frames to the root. It then blocks
ports connected to other non-forwarding bridges. Subsequently, bridges
exchange Topology Change Notifications if devices are added or removed,
enabling them to change the status of forwarding / blocked ports appropriately.

Bridges and Switches

The following table shows the different states that a port can be in:
State

Forwards
Frames?

Learns
MACs?

Notes

Ev

No

No

Drops all frames other than

BPDUs.

Listening

No

No

Port is listening for BPDUs to

detect loops.

Learning

No

Yes

The port discovers the topology

of the network and builds the
MAC address table.

ua

al

Blocking

Forwarding Yes

Yes

The port works as normal.

Disabled

No

The port has been disabled by

the administrator.

No

tio

When all ports on all bridges are in forwarding or blocking states, the network
is converged. When the network is not converged, no communications can
take place. Under the original 802.1D standard, this made the network
unavailable for extended periods (10s of seconds) during configuration
changes. STP is now more likely to be implemented as 802.1D-2004 / 802.1w
or Rapid STP (RSTP). The rapid version creates outages of a few seconds or
less. In RSTP, the blocking, listening, and disabled states are aggregated into
a discarding state.

se

Where VLANs are implemented, a modified version of STP must be used. If a

trunk port to multiple VLANs were to be blocked, all the VLANs on that trunk
would be denied access to the rest of the network. Some means must be
established to disable links on a per-VLAN basis. Originally, this was
accomplished using Cisco's Per-VLAN STP Protocol (PVST) but is now
implemented using Multiple Spanning Trees Protocol (MSTP), defined in
802.1Q.

y
nl

O
Page 83
2013 gtslearning

Module 1 / Unit 4

Review Questions / Module 1 / Unit 4 / Intranetwork Devices

Answer the following questions. The correct answers are in the accompanying
"Labs and References" manual.
1) True or false? A bridge does not forward broadcast or multicast traffic.
False.

Ev

2) How does a switch keep track of the hardware addresses of hosts

connected to its ports?
It uses a table stored in Content Addressable Memory (CAM).

ua

al

3) What is PoE?
Power over Ethernet - an IEEE specification for delivering power to
devices from switch ports over network cabling.

tio

4) The accounting department is flooding the network with a high volume of

broadcast traffic, causing the entire network to slow down. What could you
install to isolate that department?
VLAN (switch) or router.

5) What is the function of STP?

Spanning Tree Protocol prevents switching loops (where broadcast
traffic is continually looped around a switched network with
redundant links between switches).

se

6) What methods can be used to allocate a particular host to a VLAN?

The simplest is by connection port but this can also be configured by
MAC address, IP address, or user authentication.

y
nl

Page 84
2013 gtslearning

Index

Index
Where a term or phrase is abbreviated, the abbreviation is the form listed in
the index. Note that index references are made to the nearest main heading for
the topic in which the term appears.
Application Layer
Gateway ..................... 264

1000BASE ................... 56

Application Virtualization
................................... 356

Ev

1
100BASE ..................... 55
10BASE ....................... 54
10GBASE ............. 57, 196
110 Block ................... 335

Broadcast..............51, 106
Broadcast Domain .71, 80,
108
Broadcast Storm .........411

ARIN ............................. 29

Brute Force Attack ......240

ARP (Protocol) ............. 60

Buffer Overflows .........245

arp (tool) ....................... 62

Bus Topology ................10

Asset Management..... 321

Butt Set .......................347

al

568A / 568B ............... 340

ATM ............................ 198

ua

Asymmetric Encryption
................................... 283

802 Standards .............. 45

AAA Server ................ 288

ACL ............................ 255
ACR ........................... 398
Address Class .............. 92

Administrative Distance
................................... 139
ADSL.......................... 204
Agent.......................... 380

Analog .......................... 47
Analysis Engine.......... 274

ANSI............................. 35
ANSI/TIA/EIA 568 35, 328
Antenna Types ........... 299
Anti-replay .................. 230
Anti-spam ................... 270
Anti-Virus Software .... 235
Anycast ...................... 127
APIPA .................. 94, 118
Application Hardening 250
Application Layer.... 24, 28

Autonegotiation ...... 55, 76

Cable Modem .............209

AWG ............................. 33

Cable Placement ........336

Cable Service Providers

....................................205

Backbone ......... 5, 10, 332

Bad Cable................... 398

Bad Wiring .................. 397

Cable Tester .......344, 346

Cable Types..................32
Cabling....................19, 32

Bandwidth..................... 48

Caching Engine ..........268

Bandwidth Shaper ...... 366

Bare Metal Hypervisor 353
Baseband ..................... 48
Baseline.............. 320, 374
Beacon ....................... 306
Behavior-based Detection
................................... 275
BERT .......................... 346
BGP ............................ 138
Binary ......................... 123
Binary/Decimal
Conversion ................... 91
Bleed .......................... 402
BNC .............................. 36
Bonding ........................ 51
BOOTP ....................... 115
Botnet ......................... 241
Bounce ....................... 402
BPDU ........................... 82
Bridge ............. 21, 71, 401
Broadband .................... 48
Broadband over Powerline
................................... 206

Callback ......................221
CAM ..............................74
CAN ................................4
CARP ..........................370

Cat 3/5/5e/6/6A .............35

CATV ..........................205

Cellular Radio .............311

CENELEC ...................328
Central Office ..............190

CERT ..........................236
Certificate Authority.....284

y
nl

Anomaly-based Detection
................................... 275

Cable Length ..............348

All-in-One Security
Appliance ................... 273

Cable Management ....322

se

Administration .... 322, 334

Authentication .... 230, 279,

282, 309

Addressing .... 60, 91, 110,

112, 115, 123

Cable Certifier .............346

Access Point ........ 21, 304

CA ...............................284

Attenuation ........... 49, 398

tio

Attacker ...................... 236

Change Management .320

Channel ..............297, 304

Channel Bonding ........298

CHAP ..........................289
CIDR ...........................112
Circuit Switching .187, 192

Circuit-Level Firewall...264
Class (IP Addressing) ...92
Classful Addressing ....106
Client...............................7
Client-to-Site VPN .......215
Cloud ..........................190

Page 419
2013 gtslearning

Index

Cloud Computing ........ 359

DOCSIS ..................... 205

Coax Cable ................... 36

Documentation ........... 321

Collision Domain ..... 50, 71

DoS ............................ 241

False Positive ............. 274

Dotted Decimal Notation

..................................... 91

Fast Ethernet ................ 55

Compatibility ....... 304, 305

Downtime ................... 368

Fault Tolerance .......... 368

Compatibility
Requirements ............. 350

DRDoS ....................... 242

F-connector .................. 36

DSL .................... 203, 208

Fiber Optic Cable ......... 38

Confidentiality ............. 229

DSSS ......................... 297

Firewall ....... 256, 262, 265

Configuration
Management ............... 319

DSx ............................ 192

Firmware .................... 250

Connectivity Software . 382

Dumpster Diving. 230, 231

Flood Guard ............... 264

Duplex .......................... 51

Flow Control ................. 22

Collisions .................... 400

Communication ........... 251

Ev

Connectors . 34, 36, 37, 40

Console Cable .............. 37
Content Inspection ...... 270

al

Content Switch............ 371

Contention .................... 49

ua
CRC ........................ 20, 53

Cross-connect ............ 333

Crossover Cable ......... 341

Duplicate IP Address.. 405

Footprinting ................ 237

Fox and Hound ........... 345

DWDM ....................... 195

FQDN ......................... 162

Dynamic DNS ............ 168

Fragmentation .............. 22
Frame ..................... 20, 52

Frame Relay ............... 197

EAP ............................ 291

EAPoL ................ 292, 293

CSMA ........................... 49
CSU/DSU ................... 343

Data De-duplication .... 356

Data Link Layer............. 20

Full Duplex ................... 51

dB Loss....................... 398
Deep Packet Inspection
.................................... 273
Default Gateway ........... 99
Default Ports ............... 157
Demarc ............... 334, 342

EIGRP ........................ 136

Gain ............................ 299

Elasticity ..................... 359

GBIC..................... 43, 402

Email .......................... 178

General Log................ 377

EMI............... 32, 399, 402

Gigabit Ethernet ........... 56

Device Types .............. 349

DHCP . 116, 118, 412, 413
Diagram ...................... 322
Dial-up ........................ 200
DiffServ ....................... 365
dig ............................... 169
Digital............................ 47
Digital Certificate......... 284
Distance........ 49, 300, 398
Distance Vector .......... 133
Distribution Frame ...... 335
DMZ ............................ 256
DNAT .......................... 261
DNS .... 164, 166, 412, 414

Encoding ...................... 48

Encryption .................. 281

Half Duplex ................... 51

Encryption Devices ...... 24

Hashing ...................... 282

Endpoint Security ....... 292

Health Monitor ............ 373

Enterprise WAN ......... 187

Entrance Facilities ...... 334

Heuristics.................... 275

Environment Limitations
................................... 350

HFC ...................... 36, 205

Environmental Factors 402

Environmental Monitor 347

Hexadecimal............... 123

Equipment Limitations 349

Equipment Room ....... 333
Escalation .................. 393
ESP ............................ 217
ESSID ........................ 300
Ethernet ................. 46, 52
EUI-64 ............ 21, 58, 125
Event Log ................... 377
Evil Twin ..................... 310
Exchange ................... 190
Exploit ................ 243, 245
Extranet...................... 255

Hierarchical Topology ... 16

High Availability .......... 368
High Bandwidth
Applications ................ 363

y
nl

Diagnostics ................... 77

Encapsulation .............. 17

Device Placement ....... 311

2013 gtslearning

Education ................... 251

EGP ........................... 138

se

DDoS .......................... 241

Page 420

Echo ........................... 399

Datagram ...................... 90

FTP .................... 176, 384

FTTx ........................... 205

E-carrier ..................... 193

Frequency .. 296, 297, 402

FTP Bounce ............... 237

Eavesdropping ........... 239

tio

Crosstalk............... 33, 398

Fast Link Pulse ............. 55

DVB-S ........................ 313

Convergence .............. 132

CPE ............................ 190

History Log ................. 377

Hoaxes ....................... 230
Honeypot .................... 277
Horizontal Cabling ...... 331
Host ................................ 4
Host ID ................... 91, 92
Host Name ................. 161
HOSTS ....................... 163
Hotfix .......................... 250
HSPA+ ....................... 313
HTTP .......................... 173

tio

ua

al

Ev
se

U
y
nl

O
CompTIA Network+ Certification
Support Skills (Exam N10-005)
Labs and References
G523eng ver073

Acknowledgements
Course Developer............................................................ gtslearning
Editor ....................................................................... James Pengelly
This courseware is owned, published, and distributed by
gtslearning, the world's only specialist supplier of CompTIA
learning solutions.

www.gtslearning.com

+44 (0)20 7887 7999 +44 (0)20 7887 7988

Unit 127, Hill House, 210 Upper Richmond Road,
London SW15 6NP, UK

al

Ev

sales@gtslearning.com

COPYRIGHT

ua

This courseware is copyrighted 2013 gtslearning. Product images are the copyright of the
vendor or manufacturer named in the caption and used by permission. No part of this courseware
or any training material supplied by the publisher to accompany the courseware may be copied,
photocopied, reproduced, or re-used in any form or by any means without permission in writing

tio

from the publisher. Violation of these laws will lead to prosecution.

All trademarks, service marks, products, or services are trademarks or registered trademarks of
their respective holders and are acknowledged by the publisher.
LIMITATION OF LIABILITY

Every effort has been made to ensure complete and accurate information concerning the material
presented in this course. Neither the publisher nor its agents can be held legally responsible for

any mistakes in printing or for faulty instructions contained within this course. The publisher
appreciates receiving notice of any errors or misprints.

se

Information in this course is subject to change without notice. Companies, names, and data used
in examples herein are fictitious unless otherwise noted.

Where the course and all materials supplied for training are designed to familiarize the user with
the operation of software programs and computer devices, the publisher urges the user to review
the manuals provided by the product vendor regarding specific questions as to operation.

There are no warranties, expressed or implied, including warranties of merchantability or fitness

for a particular purpose, made with respect to the materials or any information provided herein.
Neither the author nor publisher shall be liable for any direct, indirect, special, incidental, or

y
nl

consequential damages arising out of the use or the inability to use the contents of this course.

Warning

All gtslearning products are supplied on the basis of a single copy of a course per

student. Additional resources that may be made available from gtslearning may only be used in
conjunction with courses sold by gtslearning. No material changes to these resources are

permitted without express written permission from gtslearning. These resources may not be used
in conjunction with content from any other supplier.
If you suspect that this course has been copied or distributed illegally,
please telephone or email gtslearning.

Table of Contents

Table of Contents
CompTIA Network+ Exam Objectives

Ev

Domain 1.0 Network Technologies ................................................................ 1

Domain 2.0 Network Installation and Configuration ....................................... 3
Domain 3.0 Network Media and Topologies .................................................. 4
Domain 4.0 Network Management ................................................................ 5
Domain 5.0 Network Security ........................................................................ 6

Exam Tips

Labs

ua

al

Registering for the Test ................................................................................. 7

Taking the Test.............................................................................................. 7
After the Test ................................................................................................. 8
Retaking the Test .......................................................................................... 8
9

tio

Answers to Review Questions

134

Module 1 / Network Media and Devices..................................................... 134

Module 2 / Addressing and Routing ........................................................... 137
Module 3 / Network Applications................................................................ 141
Module 4 / Network Security ...................................................................... 144
Module 5 / Management, Monitoring, Troubleshooting .............................. 147
153

se

Glossary

y
nl

O
Page iii
2013 gtslearning

n
tio
ua

al
Ev

se
U

y
nl
O

CompTIA Network+ Exam

Objectives

CompTIA Network+ Exam Objectives

The material in this course will help you to learn and practice the CompTIA
Network+ Certification Examination Objectives (Exam Code: N10-005 /
Release Date: December 2011).

Ev

It is CompTIA's policy to update the exam regularly with new test

items to deter fraud. The exam objectives may therefore describe
the current "Edition" of the exam with a date different to that of the
objectives. Please note that this training material remains valid for
the dated objectives, regardless of the exam edition.

al

CompTIA Network+ Certification Domain Areas

Weighting

1.0 Network Technologies

21%

2.0 Network Installation and Configuration

23%

ua

3.0 Network Media and Topologies

17%

4.0 Network Management

20%

5.0 Network Security

19%

tio

The following tables list where the domain objectives of the exam are covered
in this course.

Domain 1.0 Network Technologies

Unit
Unit 1.1
Topologies and
the OSI Model

se

Domain Objectives/Examples
1.1 Compare the layers of the OSI and TCP/IP
models.
OSI model: (Layer 1 Physical, Layer 2 Data link,
Layer 3 Network, Layer 4 Transport, Layer 5
Session, Layer 6 Presentation, Layer 7 Application)
TCP/IP model (Network Interface / Link Layer,
Internet Layer, Transport Layer, Application Layer
1.2 Classify how applications, devices, and
protocols relate to the OSI model layers.
MAC address IP address EUI-64 Frames Packets
Switch Router Multilayer switch Hub Encryption
devices Cable NIC Bridge
1.3 Explain the purpose and properties of IP
addressing.
MAC address format
IPv4 vs. IPv6 (formatting)

y
nl

IPv4 vs. IPv6 (formatting)

Classes of addresses (A, B, C and D, Public vs.

Private) Classless (CIDR) Subnetting Multicast vs.
Unicast vs. Broadcast
APIPA

Unit 1.1
Topologies and
the OSI Model

Unit 1.3 Ethernet

Unit 2.1 Internet

Protocol
Unit 2.2
Addressing
Schemes
Unit 2.3 DHCP,
APIPA, and NTP
Unit 2.4 IPv6

Page 1
2013 gtslearning

CompTIA Network+ Exam

Objectives

ua

al

Ev

Domain Objectives/Examples
1.4 Explain the purpose and properties of routing
and switching.
Broadcast domain vs. collision domain
Spanning Tree Protocol VLAN (802.1q) Port
mirroring
EIGRP OSPF RIP Link state vs. distance vector vs.
hybrid Static vs. dynamic Routing metrics (Hop
counts, MTU, Bandwidth, Costs, Latency) Next hop
IGP vs. EGP Routing tables Convergence (steady
state)
1.5 Identify common TCP and UDP default ports.
SMTP 25 HTTP 80 HTTPS 443 FTP 20, 21
TELNET 23 IMAP4 143 RDP 3389 SSH
22 DNS 53 DHCP 67, 68
1.6 Explain the function of common networking
protocols.
TCP/IP suite
ARP
ICMP
DHCP NTP

tio

IGMP
TCP UDP
DNS

Unit 1.4 Bridges

and Switches
Unit 2.5 Routing

Unit 3.1 Transport

Protocols
Unit 1.1
Topologies and
the OSI Model
Unit 1.3 Ethernet
Unit 2.1 Internet
Protocol
Unit 2.3 DHCP,
APIPA, and NTP
Unit 2.5 Routing
Unit 3.1 Transport
Protocols
Unit 3.2 Name
Resolution
Unit 3.3 Internet
Applications
Unit 5.4
Monitoring and
Management
Tools
Unit 3.2 Name
Resolution

se

FTP TFTP HTTPS HTTP TLS SIP (VoIP) RTP

(VoIP) POP3 IMAP4 SMTP
SSH Telnet SNMP2/3

Unit
Unit 1.3 Ethernet

Unit 5.5 Network

Troubleshooting

Page 2
2013 gtslearning

y
nl

1.7 Summarize DNS concepts and its components.

DNS servers DNS records (A, MX, AAAA, CNAME,
PTR) Dynamic DNS
1.8 Given a scenario, implement the following
network troubleshooting methodology:
Identify the problem (Information gathering, Identify
symptoms, Question users, Determine if anything has
changed) Establish a theory of probable cause
(Question the obvious) Test the theory to determine
cause (Once theory is confirmed determine next steps
to resolve problem, If theory is not confirmed, reestablish new theory or escalate) Establish a plan of
action to resolve the problem and identify potential
effects Implement the solution or escalate as
necessary Verify full system functionality and if
applicable implement preventive measures Document
findings, actions and outcomes
1.9 Identify virtual network components.
Virtual switches Virtual desktops Virtual servers
Virtual PBX Onsite vs. offsite Network as a Service
(NaaS)

Unit 5.3 Deploying

Virtual Networks

CompTIA Network+ Exam

Objectives

Domain 2.0 Network Installation and Configuration

Ev

Domain Objectives/Examples
2.1 Given a scenario, install and configure routers
and switches.
VLAN (trunking) Managed vs. unmanaged Interface
configurations (Full duplex, Half duplex, Port speeds,
MAC filtering) PoE Diagnostics VTP configuration
Port mirroring
Routing tables Interface configurations (IP
addressing)
NAT PAT Traffic filtering
QoS

al

Unit 2.5 Routing

Unit 4.2 Security
Appliances
Unit 5.4 Monitoring
and Management
Tools
Unit 4.4 Installing
Wireless
Networks
Unit 2.3 DHCP,
APIPA, and NTP
Unit 5.5 Network
Troubleshooting

tio

ua

2.2 Given a scenario, install and configure a

wireless network.
WAP placement Antenna types Interference
Frequencies Channels Wireless standards SSID
(enable/disable) Compatibility (802.11 a/b/g/n)
2.3 Explain the purpose and properties of DHCP.
Static vs. dynamic IP addressing Reservations
Scopes Leases Options (DNS servers, suffixes)
2.4 Given a scenario, troubleshoot common
wireless problems.
Interference Signal strength Configurations
Incompatibilities Incorrect channel Latency
Encryption type Bounce SSID mismatch Incorrect
switch placement
2.5 Given a scenario, troubleshoot common router
and switch problems.
Switching loop Bad cables/improper cable types Port
configuration VLAN assignment Mismatched
MTU/MUT black hole Power failure Bad/missing
routes Bad modules (SFPs, GBICs) Wrong subnet
mask Wrong gateway Duplicate IP address Wrong
DNS
2.6 Given a set of requirements, plan and
implement a basic SOHO network.
List of requirements Cable length Device
types/requirements Environment limitations
Equipment limitations Compatibility requirements

Unit
Unit 1.4 Bridges
and Switches

se

Unit 5.5 Network

Troubleshooting

y
nl

Unit 5.2 Installing

Wired Networks

Page 3
2013 gtslearning

CompTIA Network+ Exam

Objectives

Domain 3.0 Network Media and Topologies

Ev

Domain Objectives/Examples
3.1 Categorize standard media types and
associated properties.
Fiber (Multimode, Single mode) Copper (UTP, STP,
CAT3, CAT5, CAT5e, CAT6, CAT6a, Coaxial) Media
converters (Single mode fiber to Ethernet, Multimode
fiber to Ethernet, Fiber to Coaxial, Single mode to
multimode fiber) Distance limitations and speed
limitations
Copper (Patch panel, 110 block [T568A, T568B])
Broadband over Powerline

Unit 5.2 Installing

Wired Networks
Unit 3.4 WAN
Technologies
Unit 5.2 Installing
Wired Networks
Unit 1.2 Cabling
and Connectors
Unit 4.4 Installing
Wireless
Networks
Unit 3.4 WAN
Technologies

tio

ua

al

Copper (Crossover, T1 Crossover, Straight-through)

Plenum vs. non-plenum
3.2 Categorize standard connector types based on
network media.
Fiber (ST, SC, LC, MTRJ) Copper (RJ-45, RJ-11,
BNC, F-connector, DB-9 [RS-232])
3.3 Compare and contrast different wireless
standards.
802.11 a/b/g/n standards (Distance, Speed, Latency,
Frequency, Channels, MIMO, Channel bonding)
3.4 Categorize WAN technology types and
properties.
Types (T1/E1, T3/E3, DS3, OCx, SONET, SDH,
DWDM, Satellite, ISDN, Cable, DSL, Fiber, Dialup,
PON, Frame Relay, ATM) Properties (Circuit switch,
Packet switch, Speed, Transmission media, Distance)
Types (Cellular, WiMAX, LTE, HSPA+)

Unit
Unit 1.2 Cabling
and Connectors

se

Unit 4.4 Installing

Wireless
Networks
Unit 1.1
Topologies and
the OSI Model
Unit 3.4 WAN
Technologies
Unit 5.2 Installing
Wired Networks

3.5 Describe different network topologies.

Point to point Point to multipoint Ring Star Mesh
Bus Peer-to-peer Client-server Hybrid
MPLS

Page 4
2013 gtslearning

y
nl

3.6 Given a scenario, troubleshoot common

physical connectivity problems.
Cable problems (Open, Short, Split cables, Tx/Rx
reversed, Cable placement)
Cable problems (Bad connectors, Bad wiring, dB loss,
TX/RX reversed, Cable placement)
3.7 Compare and contrast different LAN
technologies.
Types (Ethernet, 10BaseT, 100BaseT, 1000BaseT,
100BaseTX, 100BaseFX, 1000BaseX, 10GBaseSR,
10GBaseLR, 10GBaseER, 10GBaseSW, 10GBaseLW,
10GBaseEW, 10GBaseT) Properties (CSMA/CD,
CSMA/CA, Broadcast, Collision, Bonding, Speed,
Distance)
3.8 Identify components of wiring distribution.
IDF MDF Demarc Demarc extension Smart jack
CSU/DSU

Unit 5.5 Network

Troubleshooting
Unit 1.3 Ethernet

Unit 5.2 Installing

Wired Networks

CompTIA Network+ Exam

Objectives

Domain 4.0 Network Management

Domain Objectives/Examples
4.1 Explain the purpose and features of various
network appliances.
VPN concentrator
Proxy server Content filter
Load balancer

Ev

tio

ua

al

4.2 Given a scenario, use appropriate hardware

tools to troubleshoot connectivity issues.
Cable tester Cable certifier Crimper Butt set
Toner probe Punch down tool Protocol Analyzer
Loop back plug TDR OTDR Multimeter
Environmental monitor
4.3 Given a scenario, use appropriate software
tools to troubleshoot connectivity issues.
Protocol Analyzer arp
ping ipconfig/ifconfig
tracert/traceroute route
netstat
dig nslookup nbtstat

Connectivity software

Unit
Unit 3.5 Remote
Access
Unit 4.2 Security
Appliances
Unit 5.4
Monitoring and
Management
Tools
Unit 5.2 Installing
Wired Networks

Unit 1.3 Ethernet

Unit 2.1 Internet

Protocol
Unit 2.5 Routing
Unit 3.1 Transport
Protocols
Unit 3.2 Name
Resolution
Unit 5.4 Monitoring
and Management
Tools
Unit 1.3 Ethernet

se

4.4 Given a scenario, use the appropriate network

monitoring resource to analyze traffic.
Traffic analysis Network sniffer
SNMP SNMPv2 SNMPv3 Syslog System logs
History logs General logs

y
nl

4.5 Describe the purpose of configuration

management documentation.
Wire schemes Network maps Documentation
Cable management Asset management Baselines
Change management
4.6 Explain different methods and rationales for
network performance optimization.
Methods (QoS, Traffic shaping, Load balancing, High
availability, Caching engines, Fault tolerance, CARP)
Reasons (Latency sensitivity, High bandwidth
applications [VoIP, video applications, unified
communications], Uptime)

Unit 5.4
Monitoring and
Management
Tools
Unit 5.1
Configuration
Management
Unit 5.4
Monitoring and
Management
Tools

Page 5
2013 gtslearning

CompTIA Network+ Exam

Objectives

Domain 5.0 Network Security

al

Ev

Domain Objectives/Examples
5.1 Given a scenario, implement appropriate
wireless security measures.
Encryption protocols (WEP, WPA, WPA2, WPA
Enterprise) MAC address filtering Device placement
Signal strength
5.2 Explain the methods of network access
security.
Tunneling and encryption (SSL VPN, VPN, L2TP,
PPTP, IPsec, ISAKMP, TLS, TLS1.2, Site-to-site and
client-to-site) Remote access (RAS, PPPoE, PPP)
ACL (IP filtering, Port filtering)
ACL (MAC filtering)
Remote access (RDP, ICA, SSH)

ua

tio

5.3 Explain methods of user authentication.

PKI Kerberos AAA (RADIUS, TACACS+) Network
Access Control (802.1X, Posture assessment) CHAP
MS-CHAP EAP Two-factor authentication
Multifactor authentication Single sign-on
5.4 Explain common threats, vulnerabilities, and
mitigation techniques.
Attacks (DoS, DDoS, Man in the middle, Social
engineering, Virus, Worms, Buffer overflow, Packet
sniffing, FTP bounce, Smurf) Mitigation techniques
(Training and awareness, Patch management, Policies
and procedures, Incident response)
Wireless (War driving, War chalking, WEP cracking,
WPA cracking, Evil twin, Rogue access point)

Unit
Unit 4.4 Installing
Wireless
Networks
Unit 3.5 Remote
Access

Unit 4.2 Security

Appliances
Unit 4.3
Authentication
Unit 5.4
Monitoring and
Management
Tools
Unit 4.3
Authentication

Unit 4.1 Security

Fundamentals

se

Unit 4.4 Installing

Wireless
Networks
Unit 4.2 Security
Appliances

5.5 Given a scenario, install and configure a basic

firewall.
Types (Software and hardware firewalls) Port security
Stateful inspection vs. packet filtering Firewall rules
(Block/allow, Implicit deny, ACL) NAT/PAT DMZ
5.6 Categorize different types of network security
appliances and methods.
IDS and IPS (Behavior based, Signature based,
Network based, Host based) Vulnerability scanners
(NESSUS, NMAP) Methods (Honeypots, Honeynets)

2013 gtslearning

y
nl

Page 6

Unit 4.2 Security

Appliances

Exam Tips

Exam Tips
Use the following notes to prepare for and book the CompTIA certification
exam. Remember that you can use the practice exam available with this
course at gtslearning's Freestyle site (you will also need an enrollment key
from your training provider).

Registering for the Test

Ev

CompTIA Certification exams are delivered exclusively by Pearson VUE. You

can locate a test center using the link on CompTIA's website
certification.comptia.org/Training/testingcenters.aspx

al

Arrive at the test center at least 15-30 minutes before the test is scheduled
(check your booking confirmation for details).

The test center administrator will demonstrate how to use the computerbased test system.

You must have two forms of ID - one with picture, both with signature,
preferably with your private address (driving license, passport, and so on).

Books, calculators, laptops, PDAs, or other reference materials are not

allowed.

Pens, pencils, and paper are not required! You must not attempt to write
down questions or remove anything from the exam room.

It is CompTIA's policy to make reasonable accommodations for individuals

with disabilities.

tio

ua

se

Taking the Test

CompTIA have prepared a Candidate Experience video (gtsgo.to/hofvx).

Watch this to help to familiarize yourself with the exam format and types of
questions.
There are 100 questions which must be answered in 90 minutes. The
passing score is 720 on a scale of 100-900.

Read each question and its option answers carefully. Don't rush through
the exam as you'll probably have more time at the end than you expect.

At the other end of the scale, don't get "stuck" on a question and start to
panic. You can mark questions for review and come back to them.

As the exam tests your ability to recall facts and to apply them sensibly in a
troubleshooting scenario, there will be questions where you cannot recall
the correct answer from memory. Adopt the following strategy for dealing
with these questions:

y
nl

Page 7
2013 gtslearning

Exam Tips

Narrow your choices down by eliminating obviously wrong answers.

Don't guess too soon! You must select not only a correct answer, but
the best answer. It is therefore important that you read all of the options
and not stop when you find an option that is correct. It may be
impractical compared to another answer.

Utilize information and insights that you've acquired in working through

the entire test to go back and answer earlier items that you weren't sure
of.

Think your answer is wrong - should change it? Studies indicate that
when students change their answers they usually change them to the
wrong answer. If you were fairly certain you were correct the first time,
leave the answer as it is.

al

Ev

tio

ua

As well as multiple-choice questions, there will be a number of

performance-based items. Performance-based items require you to
perform a task or solve a problem in simulated IT environments. Use your
experience of completing the labs in this course to help you complete the
performance-based items successfully. Make sure you read the item
scenario carefully and check your submission.
Don't leave any questions unanswered! If you really don't know the answer,
just guess.

The exam may contain "unscored" questions, which may even be outside
the exam objectives. These questions do not count towards your score.

After the Test

A score report will be generated and a copy printed for you by the test
administrator. The score report will show whether you have passed or
failed and your score in each section. Make sure you retain the report!

5 days after passing the exam, go to www.comptia.org/careerid and create

an account (or log on to an existing account) using the information in your
score report. You can use this site to order your certificate and ID card.

If 6 weeks have passed after ordering your certificate and you haven't
received it, contact questions@comptia.org

se

y
nl

Retaking the Test

If you do fail the certification test at the first attempt, then you can retake it at
your convenience. However, should you fail the test at the second, third, or
subsequent try, you will not be able to resit the exam for at least 30 days after
your last attempt. Study your score report to see which areas of the exam you
were weak on.

Page 8
2013 gtslearning

Labs

Labs

Lab 1 / Matching Components to the OSI Model

Application

Presentation

Session

Transport

Network

Data link

Physical

tio

ua

al

Ev

In this exercise you will work either in groups or as a class to match the
following list of network components and descriptions to the correct layer of the
OSI model.

Component or Description

Layer
4

Bit transmission and encoding

Acknowledgement messages and sequence numbers

Bridges

Cable

se

Breaks messages from the session layer into packet

format

Compression

Converts incoming 1s and 0s to frames

Converts outgoing packets to frames

Database services

Directory services

Encryption

Ensuring reliable data delivery

File Transfer

y
nl

Character set conversion

Page 9
2013 gtslearning

Labs

Component or Description

Layer
3

Network interface hardware

Network medium

Physical network topologies

Routers

Switching

Uses the logical network address to identify the

destination network

Wireless Access Point

tio

ua

al

Ev

Moving data to a specific network location

se

U
y
nl

Page 10
2013 gtslearning

Labs

Lab 2 / Configuring a Network Adapter

In this lab you will use Device Manager to discover what properties and
configurable settings your network adapter has.
1) From the Start Menu, alt-click Computer, and select Manage.

Ev

2) Click Device Manager.

The list of installed devices appears.

al

3) Click the arrow symbol beside Network adapters to expand the Network
Adapter Subtree.
4) What is the name of your network card?

ua

__________________________________________________
5) Alt-click your network card and select Properties.

tio

6) Click the Driver tab and record the following information (you may need to
use the Driver Details button too):
Provider: _________________________________

Version: __________________________________

Date: ____________________________________

File path: _________________________________

se

7) Look at the configuration options on the Advanced tab. Is there an option

to define a locally administered address?
__________________________________________________

8) Look for the link speed and duplex configuration option - what is it set to?
__________________________________________________

y
nl

9) Does the adapter support advanced features, such as WoL ("wake up") or
ToE (offload)?
__________________________________________________
10) Click Cancel to the Properties dialog.
11) Select View > Show hidden devices.

Page 11
2013 gtslearning

Labs

The adapter list should refresh to show a number of other adapters, mostly
used for remote tunneling protocols (WAN Miniport) or IPv6 tunneling
(ISATAP).
12) Close Device Manager.

tio

ua

al

Ev
se

U
y
nl

Page 12
2013 gtslearning

Labs

Lab 3 / Using VirtualBox

Many of the rest of the practical labs in this course use a host virtualization
product called VirtualBox. In this lab, you will learn how to configure the Virtual
Machines (VM) and about the VMs that you will use.

Ev

1) On the HOST PC, double-click the Oracle VM VirtualBox icon on the

Desktop.
The VirtualBox console is loaded. This shows the VMs available to you.
Selecting a VM displays more information about it.

tio

ua

al
se

U
You have 5 VMs:

y
nl

VirtualBox console

CLIENT is a Windows XP SP3 workstation, configured as a domain

client.

SERVER is a Windows Server 2008 R2 Enterprise server configured as

a domain controller.

GATEWAY is a Windows Server 2008 R2 Enterprise server that you

will configure as a router for the Windows network.

ROUTER is a Linux server (running the Ubuntu distribution of Linux).

Page 13
2013 gtslearning

Labs

LAMP is also an Ubuntu Linux server, configured as a web server

(installed with the OS and applications Linux, Apache [web server],
MySQL [database], and PHP [programming]).

2) Select the CLIENT VM then click the Settings button.

This dialog allows you to configure the VM's hardware. Some settings can
only be changed when the VM is powered off; others you can change from
the VM's window menu when it is running.

Ev

3) Adjust any "System" or "Display" settings if suggested by your instructor.

4) Click the Storage tab.

tio

ua

al
se

U
Configuring VM storage options

This tab allows you to add hard drives to the VM and to use disc images
(ISOs) in the optical drive (or share the HOST's drive).

6) Click the Network tab.

Page 14
2013 gtslearning

y
nl

5) Click the CD icon and browse for the ISO file for "Windows XP
Professional".

Labs

ua

al

Ev
Configuring network options

tio

We will use two network modes in the labs:

Selecting Internal network means that the VM can "see" only other
VMs installed on the host. The VirtualBox software creates a switch (or
a hub) for the VMs to connect to. The VMs can be put on separate
networks by giving the networks names, much like a Virtual LAN
(VLAN). The CLIENT VM is on a network named "lan".

Selecting Bridged network means that the VMs can communicate on

the same network that the host PC is connected to.

se

You can also "install" additional adapters in a VM. This is an option we will
use later in the labs.
7) Click OK.

8) With the CLIENT VM still selected, click the Snapshots button.

y
nl

A snapshot is an image of the VM's disk at a particular point. You can use
snapshots to discard the changes in a particular lab.

Page 15
2013 gtslearning

Labs

Ev

Configuring snapshots

al

9) Double-click the CLIENT VM to start it. A new window will open.

ua

10) When the VM has booted, press Right-Ctrl+Delete to log on.

tio

The Right-Ctrl key is the equivalent of pressing Ctrl+Alt on the

HOST. If the mouse pointer gets "stuck" in a VM window, press RightCtrl to release it.

11) The user name should be Administrator already.

12) Enter the password Pa$$w0rd.

n
U

That's a zero between the "w" and the "r".

se

The same user name and password combo is used to log on to all the
other VMs.
13) On the VM window, click the Machine menu. You can configure some
settings here (though you cannot change the installed hardware without
shutting down the VM).

14) Select Start > Shut Down. Confirm by clicking OK.

y
nl

15) In the VirtualBox Manager, alt-click the Initial Config snapshot and select
Restore Snapshot.
16) Uncheck Create a snapshot of the current machine and click Restore.
During the labs you will use the Ubuntu Server Linux distribution. This is
operated at a command prompt with no GUI.

17) Double-click the LAMP VM. When the computer has booted, a "lamp login"
prompt will be displayed.

Page 16
2013 gtslearning

Labs

18) Type administrator and press Enter.

Remember that all commands in Linux are case-sensitive. The

Linux VMs do not have VM additions installed - remember that to
release the mouse cursor from the window you need to press
Right-Ctrl.
19) Type Pa$$w0rd and press Enter.

Ev

To run system-level commands in this distribution of Linux, you have to

precede them with the sudo command to obtain elevated (root) privileges.
Shutting down the machine is an example of a system-level command.

al

20) Type sudo shutdown -h now and press Enter.

21) Type Pa$$w0rd and press Enter.

ua

You do not have to enter the password every time you use sudo.
The password gets cached for a few minutes.

tio

22) When the VM has shut down, restore its Initial Config snapshot.

se

U
y
nl

O
Page 17
2013 gtslearning

Labs

Lab 4 / ARP and Packet Analysis

In these exercises, you will investigate ARP and the use of the Wireshark
protocol analyzer to capture and inspect network traffic.
SERVER
IP: 10.1.0.1 /24
MAC: _____________

Ev

CLIENT
IP: 10.1.0.__ /24
MAC: _____________

1
SWITCH
"LAN"

ua

al
1
2

tio

GATEWAY
IP: 10.1.0.254 /24
MAC: _____________

Windows network

Exercise 1: Investigating the ARP Cache Table

1) Start the GATEWAY VM.

se

The ARP cache table contains entries for hosts that have been contacted
recently (the cache is cleared every few minutes). This reduces the frequency
of ARP broadcasts.

2) When the VM has booted, press Right-Ctrl+Delete to log on (User:

Administrator / Password: Pa$$w0rd).
3) From the Start Menu, select Command Prompt then enter arp -a.

y
nl

This displays the ARP cache table. The only entries should be for the
network broadcast address (10.1.0.255) used to address every machine on
the local network and multicast addresses (starting 224) used by Windows'
network discovery protocols.
Remember that the VM is set to use the Windows VMs' local network and
there are no other machines on that network yet so it is not surprising that
there are no host addresses yet.

Page 18
2013 gtslearning

Labs

Exercise 2: Using Wireshark to Capture Packets

Wireshark is an example of a protocol analyzer. It allows you to view the
contents of packets being sent to and from the local machine (and, in some
circumstances, other machines).
1) Double-click the Wireshark icon

on the Desktop.
in

tio

ua

al

Ev

2) When the program has loaded, click the Capture Options button
the toolbar.

se

U
Wireshark capture options

3) Ensure that the adapter is set to the Intel PRO/1000 (this is the virtual
adapter driver used by VM) and that Capture packets in promiscuous
mode is checked.

y
nl

5) Switch to the VM Console and start the SERVER VM.

4) Click Start.

6) Watch the packet capture window while the SERVER VM boots. You won't
see any activity at first but eventually you should see some ARP activity
followed by various different types of frames.
7) Click the AutoScroll button to turn off autoscrolling then scroll to the top of
the capture.

Page 19
2013 gtslearning

Labs

You should be able to see quite clearly the results of two ARP sessions.

The first is the SERVER machine checking whether anyone owns its IP
address (10.1.0.1); there is no reply to this broadcast, as SERVER
owns the IP address 10.1.0.1

If another machine did own 10.1.0.1, SERVER would detect a

duplicate IP address and prompt the user to change the
configuration.
The second (starting at frame 53 in the capture below) is the SERVER
machine looking for the MAC address of GATEWAY (10.1.0.254); as
GATEWAY recognizes that IP address as its own, it responds with its
MAC address

tio

ua

al

Ev

se

U
O

Results of packet capture

y
nl

8) Click each ARP frame in the top pane and expand the frame analysis in the
second pane.
Note that the frame (data link layer) simply contains source and destination
MAC addresses (note that some frames use the broadcast address) and a
protocol type field (ARP) plus a checksum (part of the trailer, which also
ensures that the frame is at least the minimum length). Note that Wireshark
decodes the OUI and that you can expand the MAC fields to decode the
multicast/broadcast bit and locally administered bit.
The ARP headers (layer 2.5 or 3-ish) contain similar information plus the
sender and target IP addresses. ARP is a very simple protocol. IP and
higher level packets often contain many more headers.
Page 20
2013 gtslearning

Labs

Also note the bottom frame. This contains the raw data in hexadecimal
format (the computers receive it as a series of 1s and 0s. When you select
information in pane 2, the relevant hex digits are selected here (and vice
versa).
9) Turn autoscrolling back on.
10) When SERVER has finished booting, press Right-Ctrl+Delete to open
the log on dialog.

Ev

11) Enter the password Pa$$w0rd to log on

12) Open Windows Explorer and enter \\10.1.0.254\admin$ in the
address bar.

al

13) When the server share has opened, switch back to SERVER and click
Stop

to halt packet capture.

ua

The captured frames are displayed.

tio

14) Click one of the SMB frames - note that additional layers of protocols are
shown in the frame analysis pane. SMB (the protocol used for file sharing
on Windows networks) makes more use of the upper network layers than
ARP (IP for logical addressing at the network layer, TCP at the transport
layer, NetBIOS at the session layer, and SMB itself to exchange the
application data).

One of the most useful options in packet analysis software is the one to
filter by different criteria. You may have noticed in the Capture Options
dialog that there was a capture filter option (to only record packets that
match the filter in the first place).

se

You can also apply filters to the captured data. You can construct complex
filter criteria by building an expression or by alt-clicking in the frame
analysis pane.
15) Select the first ARP frame and in the second pane, alt-click Address
Resolution Protocol then select Apply as Filter > Selected.

16) Click Clear to remove the filter.

y
nl

The frames panel now shows only ARP traffic. Note the filter expression
"arp" has been added to the filter panel and that the panel is highlighted
green to show that a filter is in effect.

Page 21
2013 gtslearning

Labs

ua

al

Ev
Applying a filter

tio

17) Start another packet capture. When you are prompted to save the packet
capture, click Continue without Saving.

18) Boot the CLIENT VM. What do you notice that is different about the packet
capture?

se

CLIENT uses DHCP so the lease process can be observed. Also,

CLIENT's boot process does not generate IPv6 traffic (note that the
DHCP used by CLIENT is different to the DHCPv6 protocol that
SERVER and GATEWAY are using to autoconfigure their link-local
adapters.
19) Analyze the ARP traffic and fill in the MAC addresses for all the computers
and the final octet of CLIENT's IP address in the network diagram at the
start of the lab.

20) Close Wireshark. When you are prompted to save the packet capture, click
Quit without Saving.

y
nl

Exercise 3: ARP Problems

In this exercise, you will investigate some of the problems that can be caused
by an incorrect MAC address.

1) Still on the GATEWAY VM, switch back to the command prompt and repeat
the arp -a command (you can press the Up arrow key to select from
previously issued commands).
2) Are there any entries? How do you explain this?
Page 22
2013 gtslearning

__________________________________________________

Labs

3) Switch to the CLIENT VM and log on.

4) Open Wireshark and start a new capture.
5) Open Explorer and enter \\SERVER\admin$ in the address bar. You
should be able to see the folders in the administrative share.
6) Close the Explorer window.

Ev

7) From the Start menu, select Run then type cmd and press Enter to open
a command prompt.
8) In the command prompt, check the ARP cache and note the result below:
__________________________________________________

al

9) Enter the following command:

arp -s 10.1.0.1 aa-bb-cc-dd-ee-ff

ua

10) Open Explorer and enter \\SERVER\admin$ in the address bar. What
happens?

tio

__________________________________________________
11) Try \\10.1.0.1\admin$ in the address bar - does this work?

__________________________________________________
12) What do you notice about the captured frames?

__________________________________________________
13) View the ARP cache again. What do you notice about the entry?

se

__________________________________________________

14) Enter the command arp -d then try to connect to \\SERVER\admin$

again. Observe the packet capture as you do so. What happens and why?

__________________________________________________

y
nl
Page 23
2013 gtslearning

Labs

Exercise 4: Closing the Lab

At the end of this lab, we will discard any changes that might have been made
to either VM.
1) Click the Close button on the CLIENT VM window.
2) In the dialog displayed, select Power off the machine and check the
Restore current snapshot 'Initial Config' box.
3) Click OK.

Ev

4) Repeat to close the SERVER and GATEWAY VMs and restore their
snapshots.

tio

ua

al
se

U
y
nl

Page 24
2013 gtslearning

Glossary

Glossary
10xBASE
The Ethernet-type networks can be subdivided into several types of network. The IEEE
802.3 standard uses the following notation to indicate Ethernet type: x-BASE-y, where
"x" indicates the data rate (in Mbps), "BASE" denotes that baseband transmission is
used and "y" either describes the maximum media distance or the cable type. More
recent standards define gigabit (1000BASE-Y) and 10 Gigabit (10GBASE-Y) speeds.

Ev

110 Block
Punch-down cross-connect format offering high density (supporting up to 300 pairs). 110
wiring blocks are used for various applications. The 110 IDC format is used in most
patch panels and wall jacks.

al

25-pair / 100-pair
Data cabling has four pairs within a single jacket. Telephone cabling often uses bundles
of color-coded 25-pair cables. These are generally unsuitable for data applications
because of excessive crosstalk.

tio

ua

568A / 568B
Termination standards defined in the ANSI / TIA / EIA 568 Commercial Building
Telecommunications Standards. 568A is mandated by the US government and for US
residential wiring but the only commercial rule is not to mix the two on the same network.
Wiring a cable with both 568A and 568B termination creates a crossover cable.
66 Block
Punch-down cross-connect used to terminate telephone wiring. Each 66 block can
terminate a single 25-pair cable.

802 Protocols
The 802 standards, published by the LAN / MAN Standards Committee of the Institute of
Electrical and Electronics Engineers (IEEE), define technologies working at the physical
and data link layers of the OSI model. These layers are subdivided into two sub-layers.
The Logical Link Control (LLC) sub-layer is used with other 802 protocols, such as 802.3
and 802.11, which are conceived as operating at a Media Access Control (MAC) sublayer and the physical (PHY) layer.

se

802.1X
Port authentication framework that requires the device to authenticate before it is
granted access to the network. 802.1X defines how devices should provide support for
Extensible Authentication Protocol (EAP).

Access Point
See: Wireless Access Point.

ADSL
See: DSL.

y
nl

ACL (Access Control List)

A list configured on a resource (such as file system object) or appliance (firewall or
switch) that determines access / deny access rules. Filtering is often performed on the
basis of MAC or IP address.

Antenna
Different types of antenna can be used to focus a signal to a particular point or more
widely (omnidirectional). Many wireless devices use a simple rod-type antenna.

API (Application Programming Interface)

A library of programming utilities used, for example, to enable software developers to
access functions of the TCP/IP network stack under a particular operating system.
Page 153
2013 gtslearning

Glossary

APIPA (Automatic Private IP Addressing)

APIPA was developed as a means for clients configured to obtain an address
automatically that could not contact a DHCP server to communicate on the local subnet.
The host randomly selects an address from the range 169.254.1.0 - 169.254.254.255.
This is also called a link-local address.
Application Layer
OSI model layer providing support to applications requiring network services (file
transfer, printing, email, databases, and so on).

Ev

ARP (Address Resolution Protocol)

When two systems communicate using TCP/IP, an IP address is used to identify the
destination machine. The IP address must be mapped to an interface (the NIC's MAC
address). ARP performs the task of resolving an IP address to a hardware address. arp
is also a utility used to manage the ARP cache.

al

arp ping / arping

This is a version of ping used to test connectivity to a host. It uses ARP rather than
ICMP and so cannot be blocked.

tio

ua

ATM (Asynchronous Transfer Mode)

ATM is an advanced implementation of packet switching that provides a high-speed
transport mechanism for all types of data including voice and video. ATM divides
information into 53-byte cells containing 48 bytes of data and 5 bytes of header data.
The small size of the cells and their fixed length mean delays can be predictable so that
time-sensitive data is readily accommodated.
Attenuation
Degradation of a signal as it travels over media. This determines the maximum distance
for a particular media type at a given bit rate.

Authentication
Identifying a user on a network. Authentication allows the network administrator to
control access to the network and (with some sort of rights system [authorization]) to
particular resources on the network (directories, printers, configuration, and so on).
Standard authentication consists of a user name and password (a logon). Secure
authentication requires that transmission of the logon be encrypted.

se

Autonomous System (AS)

See: BGP.

Backbone
A backbone is a fast link that connects the various segments of a network.

y
nl

Backup
Recovery of data can be provided through the use of a backup system. Most backup
systems provide support for tape devices. This provides a reasonably reliable and quick
mechanism for copying critical data. Backups take place under a schedule of tape
rotation, which allows for optimum efficiency of backup and restore operations and for
storage of media offsite.
Bandwidth
Bandwidth is the range of frequencies supported by a particular media type and more
generally the maximum data rate supported by a link.
Bandwidth Shaper
See: Traffic Shaping.

Baseband
Baseband transmission uses the complete bandwidth of the media as a single
transmission path. LAN signaling normally uses this transmission method and it is also
more reliable than the broadband method.
Page 154
2013 gtslearning