CCNA-1. Chapter 9. Ethernet

Ethernet Data Link sublayers:

• Logical Link Control (LLC)
  
  • connection to upper layers
  • frames the network layer packet
  • identifies network layer protocol
  • independen of physical enviroment
• Media Access Control (MAC)
  
  • Data Encapsulation
    
    • Frame delimiting
      
      • identify a group of bits that make up a frame
      • synchronization between the transmitting and receiving nodes
    • Addressing (header contains physical address (48bit MAC address))
    • Error detection (trailer with a cyclic redundancy check (CRC))
  • Media Access Control
    
    • controls the placement and removal of frames from the media
    • initiation of frame transmission
    • recovery from transmission failure due to collisions

Ethernet logical topology - multi-access bus (see CCNA-1. Chapter7. Data link OSI level) Ethernet frame size 64 bytes - 1518 (1522 - 802.3ac) bytes. Ethernet framing types:

• Ethernet (IEEE 802.3) Length field: equal to or greater than 0x0600 hexadecimal or 1536 decimal

• Ethernet II (DIX Ethernet standard) Type field: equal or less than 0x05DC hexadecimal or 1500 decimal

MAC address types:

• Unicast (destination MAC address)
• Broadcast (FF-FF-FF-FF-FF-FF)
• Multicast (01-00-5E-XX-XX-XX) XX-XX-XX converted to hex lower 23 bits of the IP multicast group address. The remaining bit in the MAC address is always a "0".

Purpose of inventing hubs (multi-port repeaters):

• enable more nodes to connect to the shared media
• migration from physical bus to physical star topology
• increased network reliability by allowing any single cable to fail without disrupting the entire network

Communication types:

• Synchronous (Ethernet >100Mbs) Timing not required. Preamble and Start Frame Delimiter (SFD) - only for compatibility.
• Asynchronous (Ethernet <10Mbs) Use the timing information to synchronize the receive circuit to the incoming data.

Ethernet LAN switches basic operations:

• Learning (source MAC address based)
• Aging (time stamped entries)
• Flooding (not in the MAC table - switch sends the frame to all ports except port frame arrived)
• Selective Forwarding (forward to the corresponding port based on MAC table)
• Filtering (not forward frame to port it arrived, drop a corrupt frame(fails a CRC check), port security)

ARP table is stored in the RAM



Proxy ARP (Router map MAC address of the gateway to any IP addresses not on the local network). Usage:

• Older implementation of IPv4 (ARP always sends requests for the destination)
• Improper mask configured (host believes that it is directly connected to the same network)
• Static routing with only exit interface configured on broadcast and NMBA networks

Use static ARP to prevent ARP spoofing (ARP poisoning)

CCNA-1. Chapter 8. OSI Physical Layer

Physical layer elements:

• The physical media and associated connectors
• A representation of bits on the media
• Encoding of data and control information
• Transmitter and receiver circuitry on the network devices

Functions of the Physical layer:

• The physical components
• Data encoding (bits -> predefined code. Distinguish data bits from control bits, media error detection, beginning and end of a frame)
• Signaling (method of representing the bits)

Signaling Methods:

• Amplitude
  
  • Non-return to zero (NRZ) (low voltage - logical 0, high voltage - logical 1)
    
    • 
      simple
    • 
      inefficient bandwidth use
    • 
      susceptible to electromagnetic interference
    • 
      boundaries between individual bits can be lost when long strings of 1s or 0s are transmitted
    • 
      not have a transition to use in resynchronizing bit times
• Frequency
• Phase
  
  • Manchester Encoding ( low voltage ->high voltage = logical 1, high voltage -> low voltage = logical 0)
    
    • Used by 10BaseT Ethernet
    • 
      simple
    • 
      have a transition to use in resynchronizing bit times
    • 
      can be used only on slow speed links

Encoding methods:

• Signal Patterns (start of frame, end of frame, and frame contents. Patterns decoded into bits and are interpreted as codes)
• Code Groups (data bits divided to patterns and transmitted as set of code grops(symbols). 4B/5B (100BASE-T) 4D-PAM5 (1000BASE-T); 8B/10B (1000BASE-SX and 1000BASE-LX)
  
  • 
    Reduce bit level error (create more frequent transitions to solve timing synchronization problems)
  • 
    Limit the effective energy transmitted into the media  (long series of 1s changed to another code)
  • 
    Help to distinguish data bits from control bits. 3 Types of symbols used:
    
    • Data symbols - Symbols that represent the data of the frame.
    • Control symbols - Special codes injected by the Physical layer used to control transmission.
    • Invalid symbols - Patterns not allowed on the media. The receipt of an invalid symbol indicates a frame error.
  • 
    Better media error detection (Invalid symbols)
  • 
    Overhead in the form of extra bits to transmit

Data transfer can be measured in:

• Bandwidth (theoretical tecnological network performance)
• Throughput (actual network performance)
• Goodput (throughput minus traffic overhead for establishing sessions, acknowledgements, and encapsulation)

Interferience:

• cooper cables
  
  • fluorescent lights
  • motor venicles
• wireless
  
  • cordless phones
  • some types of fluorescent lights,
  • microwave ovens

Time definitions:

• Bit time (amount of time 1 bit occupies the media)
  
  • 10-Mbps Ethernet - 100 nanoseconds(nS) to transmit a bit
  • 100 Mbps Ethernet - 10 nS to transmit a bit
  • 1 Gbps Ethernet - 1 nS to transmit a bit
  • 10 Gbps Ethernet - 0,1 nS to transmit a bit
• Slot time (maximum theoretical time from first bit sent to time jam signal returned to sender)
-device must learn about the collision before it finishes sending the smallest Ethernet frame size (64byte)
-ensures that if a collision is going to occur, it will be detected within the first 512 bits (4096 for Gigabit Ethernet)
-sets maximum network diameter 2500 meters for CSMA\CD to handle errors and avoid late collisions.
Slot time values:
• 
  
  • 10-Mbps Ethernet - 512 bit time
  • 100 Mbps Ethernet - 512 bit time
  • 1 Gbps Ethernet - 4096 bit time
  • 10 Gbps Ethernet - not applicable
• Interframe spacing (from last bit of one frame to the first bit of next frame)
  
  • 10-Mbps Ethernet - 96 bit time (9.6 nS)
  • 100 Mbps Ethernet - 96 bit time (0,96 nS)
  • 1 Gbps Ethernet - 96 bit time (0,096 nS)
  • 10 Gbps Ethernet - 96 bit time (0,0096 nS)
• Latency (amount of time it takes for data to be sent from sender to reciever)
• Propagation delay (length of cable that signal propagates in 1 nanosecond)
  
  • UTP cable - 20.3 centimeters (8 inches) per nanosecond

Number of bit times to reach the destination = Cable length \ (Cable propagation delay * Bit time)



                                                                Physical media (Ethernet)











Coaxial cable Ethernet:

• 10BASE5 (Thicknet), used a thick coaxial
• 10BASE2 (Thinnet), used a thin coaxial cable that was smaller in diameter and more flexible.

Twisted pair features:

• The twisting cancel interference from external sources (makes common interference on both wires)
• The twisting cancel interference from internal sources - crosstalk (opposite direction causes magnetic field cancellation)
• Different pairs of wires use a different number of twists per meter (protect the cable from crosstalk between pairs)

Utp cable types:  

• Ethernet Straight-through (1+,2-(orange):transmit; 3+,6-(green):recieve)
• Ethernet Crossover
• Rollover 

Coaxial cable usage:

• Carries radio frequency (RF) energy between the antennas and the radio equipment.
• Transporting high radio frequency signals (cable television signals). In hybrid fiber coax (HFC) used only as last mile.
• 
  Ethernet installations - was totally replaced by UTP as a standart

                                                      

Fiber optic:

• Core (glass or optic fiber)
• Cladding (prevent light loss from the fiber)
• Buffer
• Aramid Yarn
• Jacket (polymer)

Fiber optic cables types:

• Single-mode
  
  • Small core (8-10 micron)
  • Less dispersion
  • Distance - up to 100 km (62,14 mi)
  • Uses lasers as the light source often within campus backbones for distance of several thousand meters
• Multimode (cheaper)
  
  • Larger core (50/62.5 microns)
  • Allows greater dispersion (modal dispersion) and therefore, loss of signal
  • Distance - up to ~2km (6560 ft)
  • Uses LEDs as the light source often within LANs or distances of a couple hundred meters within a campus network

Optical Time Domain Reflectometer (OTDR) - device injects a test pulse of light into the cable and measures back scatter and time reflection of light,l calculate the approximate distance at which faults are detected along the length of the cable.

CCNA-1. Chapter 7. Data link OSI level.

Data Link layer performs two basic services:

• Allows the upper layers to access different media (framing)
• Controls how data is placed onto the media and is received (media access control, error detection)

Data Link Sublayers:

• Logical Link Control (LLC):
  
  • Identify Network layer protocol
  • Frames the network layer packet
• Media Access Control (MAC):
  
  • Provides Data Link layer addressing
  • Delimiting of data according to the physical requirements (start and end of frame)
  • Regulating the placement of data frames onto the media

Network topology types:

• Physical topology  (representation of how the media is used to interconnect the devices)
• Logical topology (independent of physical layout. Define how connection between the nodes appears to the Data Link layer. LLC (Frame Type) and MAC method are choosed based on Logical topology, may differ from physical topology)

Data Link layer protocols specify the media access control methods. Media access control methods (define the processes of access the network media and transmiting frames) depend on:

• Media sharing (If and how the nodes share the media)
  
  • Shared media methods types:
    
    • Controlled (Deterministic) No collisions, Device wait for turn . MAC methods:
      
      • 
        Token passing. Recieve-> wait for token-> transmit (FDDI, Token Ring)
    • Contention-based (Non-deterministic) Collisions, Transmit at any time. Use Carrier Sense Multiple Access (CSMA) MAC methods for contention resolving:
      
      • 
        CSMA\CD - Collision Detection. Monitor media-> transmit the data (Ethernet
        
        • Carrier Sense (detects a signal on shared media)
        • Jam Signal (notify the other devices of a collision (32 bit))
        • Backoff algoritm (stop transmitting for a random time)
      • 
        CSMA\CA - Collision Avoidance. Monitor media-> send a notification-> transmit the data (Wireless LAN)
  • Non-Shared media (require little or no control placing frames onto the media, simpler rules and procedures for MAC)
• Logical Topology .
  
  • Point-to-point:
    
    • 
      Half-duplex (devices cannot simultaneously ransmit and receive on the media)
    • 
      Full-duplex (evices can transmit and receive on the media at the same time)
  • Multi-Access (Bus) :
    
    • All the nodes receive all the frames transmitted by any node in segment
    • Node determine if a frame is to be accepted by examining MAC address.
  • Ring

                                                                                       FRAME Field types:

• Frame Start (the beginning of the frame)
• Addressing (source and destination address)
• Type/Length (upper layer protocol or possibly length of frame)
• Control (Flow control services)
  
  • Priority/Quality of Service field - Indicates a particular type of communication service for processing
  • Logical connection control field - Used to establish a logical connection between nodes
  • Physical link control field - Used to establish the media link
  • Flow control field - Used to start and stop traffic over the media
  • Congestion control field - Indicates congestion in the media
• Data (Network layer packet)
• Error detection
• Frame Stop (end of the frame)

Ethernet frame:

PPP frame:

Wireless 802.11 frame:

 

• Protocol Version field - Version of 802.11 frame in use
• Type and Subtype fields - Identifies one of three functions and sub functions: control, data, and management
• To DS field - Set to 1 in data frames destined for the distribution system (devices in the wireless structure)
• From DS field - Set to 1 in data frames exiting the distribution system
• More Fragments field - Set to 1 for frames that have another fragment
• Retry field - Set to 1 if the frame is a retransmission of an earlier frame
• Power Management field - Set to 1 to indicate that a node will be in power-save mode
• More Data field - Set to 1 to indicate to a node in power-save mode that more frames are buffered for that node
• Wired Equivalent Privacy (WEP) field - Set to 1 if the frame contains WEP encrypted information for security
• Order field - Set to 1 in a data type frame that uses Strictly Ordered service class (does not need reordering)
• Duration/ID field - Depending on the type of frame, represents either the time, in microseconds, required to transmit the frame or an association identity (AID) for the station that transmitted the frame
• Destination Address (DA) field - MAC address of the final destination node in the network
• Source Address (SA) field - MAC address of the node the initiated the frame
• Receiver Address (RA) field - MAC address that identifies the device that is the immediate recipient of the frame
• Transmitter Address (TA) field - MAC address that identifies the wireless device that transmitted the frame
• Sequence Number field - Indicates the sequence number assigned to the frame; retransmitted duplicate numbers
• Fragment Number field - Indicates the number for each fragment of a frame
• Frame Body field - Contains the information being transported; for data frames, typically an IP packet
• FCS field - Contains a 32-bit cyclic redundancy check (CRC) of the frame

Upper layer standards and organizations:

• Internet Engineering Task Force (IETF) in RFCs.

Data link layer standards and organizations:

• International Organization for Standardization (ISO)
  
  • 
    HDLC (High Level Data Link Control)
• Institute of Electrical and Electronics Engineers (IEEE)
  
  • 802.1
    
    • 802.1x (port-based Network Access Control (PNAC))
  • 
    802.2 (LLC)
  • 
    802.3 (Ethernet)
    
    • 802.3ac (VLAN support added by extended maximum frame size 1518->1522 bytes)
    • 802.3ae (10Gb/s Ethernet)
  • 
    802.5 (Token Ring)
  • 
    802.11 (Wireless LAN or WLAN) - WiFi
    
    • 
      802.11a - 5 GHz frequency,speed of up to 54 Mbps.
      
      • 
        smaller coverage area
      • 
        less effective at penetrating building structures.
      • 
        not interoperable with the 802.11b and 802.11g standards
    • 
      802.11b - 2.4 GHz frequency, speed of up to 11 Mbps.
      
      • 
        longer range
      • 
        better able to penetrate building structures
      • 
        slow speed
    • 
      802.11g - 2.4 GHz frequency, speeds of up to 54 Mbps.
      
      • 
        interoperable with the 802.11b
    • 
      802.11n - 2.4 Ghz or 5 GHz. speed 100 Mbps to 210 Mbps, distance up to 70 meters.
  • 
    802.15 (Wireless Personal Area Network or WPAN) - Bluetooth (1 to 100 meters)
  • 
    802.16 (Worldwide Interoperability for Microwave Access or WiMAX) - point-to-multipoint topology  broadband access.
• American National Standards Institute (ANSI)
  
  • 
    Q922 (Frame Relay Standard)
  • 
    Q921 (ISDN Data Link Standard)
  • 
    HDLC (High Level Data Link Control)
• International Telecommunication Union (ITU)
  
  • 
    3T9.5 (MAC protocol of token ring)
  • 
    ADCCP (Advanced Data Communications Control Protocol ) functionally equivalent to HDLC

Physical layer standards (physical, electrical, mechanical properties of the media and connectors, encoding and control information techniques) and organizations:

• The International Organization for Standardization (ISO)
  
  • ISO 8877(RJ-45 connector)
• The Institute of Electrical and Electronics Engineers (IEEE) (cooper cabling categories)
• The American National Standards Institute (ANSI)
• The International Telecommunication Union (ITU)
• The Electronics Industry Alliance/Telecommunications Industry Association (EIA/TIA)
  
  • EIA-TIA 568a (wire color to pinouts)
  • EIA-TIA 568b (wire color to pinouts)
  • EIA-TIA 606A (labeling and administration)
• National telecommunications authorities such as the Federal Communication Commission (FCC) in the USA.

CCNA-1. Chapter6. Aderssing the IPv4 network.

Types of IPv4 network addresses:

• Network address - The address by which we refer to the network
• Broadcast address - A special address used to send data to all hosts in the network
• Host addresses - The addresses assigned to the end devices in the network

In an IPv4 network, the hosts can communicate one of three different ways:

• Unicast - the process of sending a packet from one host to an individual host
• Broadcast - the process of sending a packet from one host to all hosts in the network
  
  • Types:
    
    • Directed broadcast (to all hosts on a non-local network. by default Routers do not forward)
    • Limited broadcast.(to the hosts on the local network. Routers do not forward)
• Multicast - the process of sending a packet from one host to a selected group of hosts

IPv4 network specific address types:

• Limited broadcast.(255.255.255.255.) to the hosts on the local network
• Experimental Addresses (240.0.0.0-255.255.255.254) reserved for future use (RFC 3330). Cannot be used.
• Multicast adresses (224.0.0.0 - 239.255.255.255)
  
  • Multicast reserved link local addresses (224.0.0.0-224.0.0.255) . Multicast groups on a local network. (TTL)=1         224.0.0.10 - EIGRP
• Multicast globally scoped addresses (224.0.1.0-238.255.255.255) Multicast across the Internet.                                     224.0.1.1 - NTP

• Private Addresses (10.0.0.0-10.255.255.255;172.16.0.0-172.31.255.255;192.168.0.0-192.168.255.255) Not routed in Internet
• Default Route ( 0.0.0.0) a "catch all" route. The use of this address also reserves 0.0.0.0-0.255.255.255)
• Loopback (127.0.0.1) directs traffic to localhost. The use of this address also reserves 127.0.0.0-127.255.255.255)
• Link-local addresses (169.254.0.0-169.254.255.255) automatically assigned if no IP configuration is available.
• TEST-NET Addresses (192.0.2.0-192.0.2.255) for teaching and learning purposes. Can be used. Not routed in Internet.

Global IP address redistributors:

• Internet Assigned Numbers Authority (IANA) (http://www.iana.net) manages multicast addresses and the IPv6 addresses
• IPv4 address space allocate Regional Internet Registries (RIRs):
  
  • AfriNIC (African Network Information Centre) - Africa Region http://www.afrinic.net
  • APNIC (Asia Pacific Network Information Centre) - Asia/Pacific Region http://www.apnic.net
  • ARIN (American Registry for Internet Numbers) - North America Region http://www.arin.net
  • LACNIC (Regional Latin-American and Caribbean IP Address Registry) - Latin America and some Caribbean Islands http://www.lacnic.net
  • RIPE NCC (Reseaux IP Europeans) - Europe, the Middle East, and Central Asia http://www.ripe.net

IPv6 features:

• Improved packet handling
• Increased scalability and longevity
• QoS mechanisms
• Integrated security

IPv6 offers:

• 128-bit hierarchical addressing - to expand addressing capabilities
• Header format simplification - to improve packet handling
• Improved support for extensions and options - for increased scalability/longevity and improved packet handling
• Flow labeling capability - as QoS mechanisms
• Authentication and privacy capabilities - to integrate security

Formula for calculating subnets: 2^n where n = the number of bits borrowed



Formula for calculating the number of hosts: 2^n - 2 where n = the number of bits left for hosts.



ICMP messages that may be sent include:

• Host confirmation (ICMP Echo Request - ICMP Echo Reply)
• Unreachable Destination or Service
  
  • Unreachable codes are:
  0 = net unreachable (no route in routing table)
  1 = host unreachable (route exist but host unreachable)
  2 = protocol unreachable (host recieved packet but upper protocol is not avaliable)
  3 = port unreachable (host recieved packet but service daemon is not avaliable)
  
  

• Time exceeded  (ICMP Time Exceeded) TTL field of the packet has expired
• Route redirection (ICMP Redirect) If the next hop is attached to the same interface as client - notify to use another gateway
• Source quench (ICMP Source Quench) router reply if it dosnt have enough buffer space to receive incoming packets

CCNA-1. Chapter5. OSI Network layer.

Network layer basic processes:

• Addressing (when address is added to a device, the device is then referred to as a host)
• Encapsulation (add among other information, the address of the host to which it is being sent)
• Routing (As the packet is forwarded, the Transport layer PDU, remain intact until the destination host is reached).
• Decapsulation (If  packet was addressed to this device the packet is decapsulated by the Network layer to Lv4)

Protocols implemented at the Network layer include:

• Internet Protocol version 4 (IPv4)
• Internet Protocol version 6 (IPv6)
• Novell Internetwork Packet Exchange (IPX)
• AppleTalk
• Connectionless Network Service (CLNS/DECNet)

Pv4 basic characteristics:

• Connectionless -  sending a packet without notifying the recipient.
• Best Effort (unreliable) - No overhead but no guarantee packet delivery.
• Media Independent - Operates independently of the medium carrying the data. BUT considers 1major characteristic of the media - MTU. Intermediary device need to fragment packet.when forwarding from one media to a media with a smaller MTU.

Maximum Transmission Unit (MTU) - the maximum size of PDU that each medium can transport

Fragmentation - spliting up a packet.

                                                                     IP packet

Fields:

• Version - Contains the IP version number (4).
• Header Length (IHL) - size of the packet header.
• Type-of-Service (ToS) (used to determine the priority of each packet. This field is Quality-of-Service (QoS) value)
• Packet Length - full packet size (header+data) in bytes.
• Identification - This field is primarily used for uniquely identifying fragments of an original IP packet.
• Flag (MF-fragmented and it is not the last fragment , DF-fragmentation of packet NOT permitted, need to fragment - discard)
  
  • Unfragmented packet (MF = 0, Fragment offset =0)
  • Last fragment of packet (MF = 0,Fragment offset = non-zero value)
  • Not last fragment of packet (MF=1, Fragment offset = non-zero value)
• Fragment Offset (if fragmentation occurs used with MF flag to identify the order of fragments at the destination)
• Time-to-Live (TTL) (-1 each time the packet is processed by a router, prevents packets forward indefinitely in routing loop)
• Protocol (upper-layer protocol: 01- ICMP, 06 - TCP, 17- UDP, 88- EIGRP)
• Header Checksum - used for error checking of packet header.
• IP Source Address (Enables the destination host to respond if required)
• IP Destination Address (Enables routers at each hop to forward the packet towards the destination)
• Options - provide additional services (rarely used).
• Padding - additional field is used if packet is less than minimum packet size.

Networks can be divided based on:

• Geographic location (each building or each floor of a multi-level building. Network management and operation.)
• Purpose (balance number of hosts on a network with the amount of traffic generated by the users. Traffic ballance)
• Ownership (boundary for security enforcement and management of each network. Network security management)

Reasons to divide large networks :

• Improving Performance (reduce broadcasts, prevents volumes of traffic to overwhelm bandwidth and routing capability)
• Security issues (access to and from resources outside each network can be prohibited, allowed, or monitored)
• Address Management (reduces the unnecessary overhead of all hosts needing to know all addresses, only gateway)

Routes in a routing table have three main features:

• Destination network
• Next-hop
• Metric (is used to decide which route appears on the routing table If there are two or more routes to destination)

When forwarding a packet, the router always select the most specific route!


Dynamic routing protocols - easy to manage, overhead that consumes network bandwidth, high router cpu processing.

CCNA-1. Chapter4. OSI Transport layer.

The Transport layer primary responsibilities:

• Tracking the individual communication between applications on the source and destination hosts
• Segmenting data and managing each piece
• Reassembling the segments into streams of application data
• Identifying the different applications

Some protocols at the Transport layer provide additional functions:

• Connection-oriented conversations (data for a communication between the two applications can be closely managed)
• Reliable delivery (source device retransmit any data that is lost)
• Ordered data reconstruction (ensure that segments are reassembled into the proper order)
• Flow control (sending application reduce the rate of data flow)

UDP (RFC 768) transport protocol that provide low overhead (8 bytes )data delivery. PDU - datagram. Datagrams sent "best effort"  
 Applications that use UDP:

• Domain Name System (DNS)
• Video Streaming
• Voice over IP (VoIP)

TCP (RFC 793) incurs additional overhead (20 bytes), same order delivery, reliable delivery, and flow control. PDU - segment.  
TCP segment fields values:

• Source port - TCP session on a device that opened connection - normally a random value above 1023
• Destination port - Identifies upper layer protocol or apptlication on remote site
• Sequence number - Specifies the number of the last octet (byte) in a segment (+1 for each byte of data sent from the client)
• Acknowledgement Number - Specifies the next octet expected by reciever (equal to the received sequence value plus 1)
• Header Length - specifies the length of segment header in bytes
• Reserved - set to 0
• Code bits - used in session management and in treatment of segments.
  
  • URG - Urgent pointer field significant
  • ACK - Acknowledgement field significant
  • PSH - Push function
  • RST - Reset the connection
  • SYN - Synchronize sequence numbers
  • FIN - No more data from sender
• Window - how many bytes must be recieved before sending acknowlegement (determined during the session startup)
• Checksum - used for error checking of header and data
• Urgent - onty used with an URG (Urgent) code bit
• Options - Optional information

Applications that use TCP:

• Web Browsers
• E-mail
• File Transfers

Socket - combination of the Transport layer port number and the Network layer IP address. Types of port numbers (Port numbers are assigned by The Internet Assigned Numbers Authority (IANA)).:

• Well Known Ports (0 to 1023) - these numbers are reserved for services and applications.
  
  • TCP: FTP-21 SMTP-25 Telnet-23 HTTP-80 POP3-110, IRC(Internet Relay Chat)-194, HTTPS-443
  • UDP:  RIP - 520 TFTP- 69, DHCP- 67
  • TCP\UDP: DNS - 53, SNMP - 161, AOL Instant manager,IRC - 531
• Registered Ports (1024 to 49151) - assigned to user processes or applications. May be used dynamically as source port.
  
  • TCP: MSN Messenger-1863 Cisco SCCP(VoIP)-2000 Alternate HTTP-8008 Alternate HTTP-8080
  • UDP: RADIUS Authentication Protocol - 1812, RTP(Voice and video transport protocol) - 5004, SIP(Voip) - 5060
  • TCP\UDP: MS SQL - 1433, WAP(MMS) - 2948
• Dynamic or Private Ports (49152 to 65535) -known as Ephemeral Ports, assigned dynamically as source port.

TCP connection establishment (the three way hanshake):

• Establishes that the destination device is present on the network: client sends an initial sequence value (ISN) (SYN=1)
• Verifies active destination service and if  destination port number accept requests: reciever send acknowledgement value plus its own synchronizing sequence value (SYN=1, ACK=1)
• Informs that client intends to establish a communication session: client responds with an acknowledgement value  (ACK=1)

TCP connection termination:

• When the client has no more data to send in the stream, it sends a segment with the FIN flag set. (FIN=1)
• The server sends an ACK to acknowledge the receipt of the FIN to terminate the session from client to server. (ACK=1)
• The server sends a FIN to the client, to terminate the server to client session. (FIN=1)
• The client responds with an ACK to acknowledge the FIN from the server. (ACK=1)

Security can be added to the data network by:

• Denying the establishment of TCP sessions
• Only allowing sessions to be established for specific services
• Only allowing traffic as a part of already established sessions

Selective Acknowledgements - an optional feature. If both hosts support Selective Acknowledgements, destination acknowledge bytes in discontinuous segments (less than window size) and the host would only need to retransmit the missing data. TCP flow conrol mechanisms (RFC 2581):

• Delay of retransmiting if the acknowledge not recieved (if network is congested - acknowledge can be not lost but delayed)
• Reducing Window Size - require that received segments be acknowledged more frequently.

TCP connection states:

• LISTEN - The local connection is waiting for a connection request from any remote device.
• ESTABLISHED The connection is open, data may be exchanged through the connection.
• TIME-WAIT The local connection is waiting a default period of time after sending a connection termination request before closing the connection. This is a normal condition, and will normally last between 30 - 120 seconds.
• CLOSE-WAIT The connection is closed, but is waiting for a termination request from the local user.
• SYN-SENT The local connection is waiting for a response after sending a connection request.
• SYN_RECEIVED The local connection is waiting for a confirming connection request acknowledgment.

CCNA-1. Chapter3. Application layer functionality and protocols

Executable program components:

• application (provide people with a way to create messages)
• service (establish an interface to the network, can support  multiple protocols, may use different protocols in 1 program)
• protocol (provide the rules and formats/types of messages that govern how data is directed, treated, structured)

Application layer protocols specify:

• The processes that occur at end of the communication: what has to happen to the data and how the PDU is to be structured.
• The types of messages: requests, acknowledgements, data messages, status messages and error messages.
• The syntax of the message: this gives the expected order of information (fields) in a message.
• The meaning of the fields within specific message types has to constant so the services can correctly act.
• The message dialogs: which messages elicit which responses so the correct services are invoked and the data transfer occurs.

Types of applications:

• 
   network aware (implement the application layer protocols and are able to communicate directly with the lower layers)
  
  • Example: Web browsers, e-mail client
• not network aware (need the assistance of application layer services (alg.exe and etc.) to use network resources)
  
  • Example: File transfer, network printer spooling

Network architecture models:

• Client/Server model
• Peer-to-Peer Model  (computers in network  share resources  without dedicated server. In large P2P hard to enforce security)

DNS server record types:

• A - an end device address
• NS - an authoritative name server
• CNAME - the canonical name (or Fully Qualified Domain Name) for an alias; used when multiple services have the single network address but each service has its own entry in DNS
• MX - mail exchange record; maps a domain name to a list of mail exchange servers for that domain

Authoritative DNS server - server has resource records that correspond to its level in the domain hierarchy. DNS resolve process: Client-LocalDNS-RootDNS-regionalDNS(.com;.ru)-lowerlevelDNS Common HTTP message types:

• GET (request for data, respond - HTTP/1.1 200 OK, and a requested file, an error message, or some other information)
• POST (includes the data in the message sent to the server)
• PUT (uploads resources or content to the web server)

E-mail processes:

• Mail User Agent (MUA) - allows messages to be sent and places received messages into the client's mailbox
• Mail Transfer Agent (MTA) - forward e-mail. If a recipient mailbox on the local server -to the MDA if not - to another MTA
• Mail Delivery Agent (MDA) - receives mail, places to mailboxes, resolve virus scanning, spam filtering, return-receipt handling.

E-mail protocol types,, functions, commands:

• Simple Mail Transfer Protocol (SMTP) TCP 25. Message formats, command strings used to send e-mail from client or server.
  
  • Functions:
    
    • session initiation
    • mail transaction
    • forwarding mail
    • verifying mailbox names
    • expanding mailing lists
    • opening and closing exchanges.
  • Commands:
    
    • HELO - identifies the SMTP client process to the SMTP server process
    • EHLO - Is a newer version of HELO, which includes services extensions
    • MAIL FROM - Identifies the sender
    • RCPT TO - Identifies the recipient
    • DATA - Identifies the body of the message
• Post Office Protocol (POP) TCP 110. Used to receive e-mail messages from an e-mail server.
• Internet Message Access Protocol (IMAP). TCP 143. Allows a central server to provide remote access to e-mail messages
• Propriatary protocols (IBM's Lotus Notes, Novell's Groupwise, or Microsoft's Exchange have their own internal e-mail format)

File Transfer Protocol (FTP) - allow download (pull) or upload (push) file between a client and a server. FTP requires two connections:

• Connection to the server on TCP port 21. Control traffic, consisting of client commands and server replies.
• Connection to the server over TCP port 20. Actual file transfer, created every time there is a file transferred.

DHCP messages:

• DHCP DISCOVER (broadcast to identify any available DHCP servers on the network)
• DHCP OFFER, (server reply  with an assigned IP address, subnet mask, DNS server, default gateway, duration of the lease)
• DHCP REQUEST (broadcast packet that identifies DHCP server if >1, can request an address that previously been allocated)
• DHCP ACK (acknowledges IP address client requested or offered by the server, is still valid and the lease is finalized)
• DHCP NAK (Offer is no longer valid if a time-out or another client allocating the lease. Selection process must begin again)

Server Message Block (SMB)-client/server file sharing request-response protocol. Provide access to server resources as if they local. SMB messages functions:

• Start, authenticate, and terminate sessions
• Control file and printer access
• Allow an application to send or receive messages to or from another device

Telnet provides a standard method of emulating text-based terminal devices over the data network. provides access to the server command line interface (CLI).Connection using Telnet is called a Virtual Terminal (VTY) session. Telnet command first byte - Interpret as Command (IAC) character. IAC defines the next byte as a command rather than text. Telnet protocol commands include:

• Are You There (AYT) - Lets the user request that something appear on the terminal screen to indicate that the VTY session is active.
• Erase Line (EL) - Deletes all text from the current line.
• Interrupt Process (IP) - Suspends, interrupts, aborts, or terminates the process to which the Virtual Terminal is connected. For example, if a user started a program on the Telnet server via the VTY, he or she could send an IP command to stop the program.

Gnutella P2P protocol defines five different packet types:

• ping - for device discovery
• pong - as a reply to a ping
• query - for file location
• query hit - as a reply to a query
• push - as a download request

CCNA-1. Chapter2. Communicating over network

Communication methods common elements:

• sender
• reciever
• channel

Communication types:

• traditional computer data
• interactive voice
• video
• entertainment products

Segmentation (brake communication in to pieces)

• multiplexing (separate conversations can be transmitted together)
• increase the reliability of network communications
• added complexity

Local Area Network (LAN) - individual network usually administered by a single organization, spans a single geographical area, providing services and applications to people within a common organizational structure(business, campus, region). Wide Area Networks (WANs) - networks that connect LANs in geographically separated locations. Networking protocol suites (group of protocols that work cooperatively) describe:

• The format or structure of the message
• The method by which networking devices share information about pathways with other networks
• How and when error and system messages are passed between devices
• The setup and termination of data transfer sessions

Layered model:

• Assists in protocol design
• Fosters competition because products from different vendors can work together.
• Prevents technology or capability changes in one layer from affecting other layers above and below.
• Provides a common language to describe networking functions and capabilities.

Standards organizations that ratify networking protocols:

• Institute of Electrical and Electronics Engineers (IEEE)
• Internet Engineering Task Force (IETF)

Requests for Comments (RFCs) - publicly-available set of documents that contain specification of data communications protocols, resources that describe the use of the protocols, contain technical and organizational documents about the Internet, including the technical specifications and policy documents produced by the Internet Engineering Task Force (IETF). Protocol Data Unit (PDU) (the form that a piece of data takes at any layer) types:

• Data (The general term for the PDU used at the Application layer)
• Segment  (Transport Layer PDU)
• Packet (Internetwork Layer PDU)
• Frame (Network Access Layer PDU)
• Bits (PDU used when physically transmitting data over the medium)

TCP\IP model:

• Applicaton (represent data, encoding, diallog control)
• Transport (support communication of diverce devices across diverce networks)
• Internet (determine the best path through the network)
• Network Access (controls the hardware devices and media that make up the network)

OSI model (describes encoding, formatting, segmenting, encapsulating data for transmission over the network):

• Application (means for end-to-end connectivity between individuals)
  
  • Functions: Provide interfaces between applications
  • Protocols: DNS, HTTP, SMTP, Telnet, FTP, SMB
• Presentation (representation of data between the Application layers, standartization of data formats between systems)
  
  • Functions: Data coding and conversion for destination application interpretation, (de)compression, (de)encryption.
  • Protocols: QuickTime, MPEG, GIF, JPEG, TIFF.
• Session (provide services for Presentation of managing data exchange and diallogue organization)
  
  • Functions: Initiate dialogs, keep them active, restart idle\disrupted sessions
  • Protocols:NetBIOS
• Transport (manages the data transport between the processes running on each end host)
  
  • Functions: Conversation Multiplexing, segment/reassemble data, error recovery.
  • Protocols:TCP, UDP
• Network (specify the packet structure and processing used to carry the data from one host to another host.)
  
  • Functions: Address and route messages through an internetwork
  • Protocols: IP, IPX, AppleTalk
• Data Link (methods of exchanging data frames)
  
  • Function: Framing, MAC(data processing based on physical requirements, physical addressing), Error Detection
  • Protocols: Ethernet, PPP, HLDC, Frame Relay, ATM, GPRS
• Physical (mechanical, electrical,functional and procedural means to activate/maintain/deactivate physical connections)
  
  • Function: The physical components, Data encoding, Signaling
  • Protocols: Ethernet, Bluetooth, WiFI

CCNA-1. Chapter1. Living in a network centric world

Internet provides new forms of communications:

• Instant Messaging (Developed from Internet Relay Chat (IRC) services. Features: file transfer, voice, video communication, received immediately.
• Weblogs (blogs) (Communicate thoughts to a global audience without technical knowledge of web design)
• Wikis Wikis (Groups of people can edit and view together. businesses use wikis as their internal collaboration tool.
• Podcasting

Networks must meet four basic characteristics:

• Fault tolerance,
• Scalability,
• Quality of service (to overcome congestions)
• Security (avoid unauthorized disclosure,theft, modification, Denial of Service of information)

Types of networks architecture

• Circuit Switched Connection-oriented Networks(message consistency,can be charged by time,no fault tolerance ,hard scalability)
• Packet-switched Connectionless Networks(fault tolerance, scalability)

Data network consists of:

• Devices
• Medium
• The digital messages
• Rules (protocols)

Components of network architecture:

• Programmed services and protocols that move messages across the netwok
• Technologies that support network communications

Network – interconnected devices capable of carrying many different types of communications.
Intranets - private networks in use by just one company, enable businesses to communicate and perform transactions among global employee and branch locations (used by employees)  
Extranets(extended internetworks) - part of intranet that provide suppliers, vendors, and customers limited access to corporate data to check order status, inventory, and parts lists. (used by customers)
Internetwork - interconnection of 2 or more networks  
Internet - most well-known publicly accessible internetwork belonging to Internet Service Providers (ISPs), uses IP protocol.