Term | Definition |
CSMA/CD | Listen before send, listen while I send, probablistic |
CSMA/CA | Detect collision and resend packets, probabilistic |
10BaseT | Standard that uses UTP cable, RJ-45 connectors, transfers up to 10Mbps. Economical / easy to install. Max 330 ft |
10Base2 | Standard that uses Coaxial / BNC connectors, up to 10Mbps. Max 610.5 ft |
10Base5 | Original Ethernet using coaxial cable |
100BaseTX | Standard that uses UTP cable, RJ-45 connectors, transfers up to 100Mbps |
100BaseFX | IEEE spec for fiber, up to 100 Mbps |
802.3 / Ethernet | Access method used to connect computers, uses physical cables. Link / physical layer protocol |
1000BaseCX | IEEE spec for gigabit Ethernet for short-haul copper twinax |
1000BaseLX | IEEE spec for gigabit Ethernet HDX/FDX fiber at 850nm wavelength |
1000BaseSX | IEEE spec for gigabit Ethernet HDX/FDX fiber at 1300nm wavelength |
802.x | Generic designation for IEEE subcommittees responsible for developing specifications for LANs and MANs |
IEEE | Institute of Electrical and Electronics Engineers |
802.3ae | Defines a version of Ethernet with a nominal data rate of 10Gbps |
802.3af | Defines a spec for PoE supporting up to 13.5 watts |
802.11x (a/b/d/g/n/ac) | IEEE subcommittees responsible for WLAN technologies |
802.11a | 5.75 Ghz, up to 54Mbps, realistically 20-25Mbps. 150ft. 4, 8, or more channels depending on the country. 40mW, 2.5in band width. 23 channels (12 non-overlapping) |
802.11b | 2.4Ghz, max 11Mbps, usually 4-6Mbps. 250ft. Interferes with Bluetooth, cordless phones, microwaves, TVs... 3 non-overlapping channels
Channels 1, 6, 11 in US 1, 7 13 in EUR 100mW |
802.11e | QoS support for LAN applications |
Guided media | Signal is contained within the cable |
Unguided media | Wireless |
UTP | Unshielded twisted pair, inexpensive, easy to install
Hard to splice, limited distance, affected by EMI |
STP | Shielded twisted pair |
Baseband | 1 signal over the cable (ethernet) |
Broadband | Uses multiplexing to have multiple signals over 1 line (cell phone - internet, voice, gps) |
Multimode (fiber) | Short to medium distance, 10-1000Mb ethernet over 62.5 micron fiber, uses LEDs |
Single mode fiber | Long haul comms. (EX. SONET for voice / data transport at speeds up to 140Gbps (on each pair), 10Gb Ethernet, 9 micron core, uses lasers. |
Fiber Optics (FO) | High-speed, no EMI, can multiplex many channels over 1 cable. No sparks / danger of electrical shock, signal loss much less than metallic media
Expensive, difficult to splice |
Attenuation | Break up of signal over distance |
Optical power meter | Used to optimize alignment for Maximum Link Robustness, shows signal strength in dBs (decibles) |
Copper | Inexpensive, ubiquitous, High-speed
Baseband, attenuation, EMI, electrical hazard |
Coaxial | High-speed, broadband, inexpensive
EMI, attenuation, electrical hazard |
Microwave | Up to 45Mbps, cost effective, easy to install / implement licensed freq
Limited to LoS, interference from other radio waves, adversely affected by weather |
Satellite Comms | High transmission rates, simultaneous comms to Earth stations, cost is not distant dependent.
Propagation delay .5 to .7 sec, sensitive to sunspots and weather, vulnerable to eavesdropping / interception, interference from microwave, realigning |
asynch | Asynchronous protocol, data link protocol
1 char / 8-bits at a time |
bisynch | binary synchronous protocol, data link protocol
1 block (size dependent on media) at a time |
protocol | rules which govern the way in which computing/network devices communicate |
duplicity / duplex | simplex - one way communications (listen only / send only)
half-duplex - listen or receive but not both at the same time
full-duplex - listen and receive at the same time |
SDLC | Synchronous Data Link Control |
HDLC | High Level Data Link Control
Can send 1-128 frames at the same time, full duplex
base of all protocols |
block size | high failure rate = more retransmissions = small blocks (unreliable media)
low failure rate = less retransmissions = large blocks (reliable media) |
MTU | Maximum Transmission Unit (max frame size)
1500 MTU = 1500 bytes frame size |
Data Link Protocol main function | Synchronization
Framing
Control
Error Correction |
EBCDIC | 2^8 ability to represent more special chars than ASCII |
Parity bit | Used for error checking, odd or even / 0 or 1 depending on if bits sent add up to an even or odd number. 8th bit in the byte |
CRC | Cyclic Redundancy Check - algorithm for error checking, generates checksum for compare by receiving machine. If receiving machine's checksum doesn't match, it sends a NACK |
NAK | Negative ACK |
Maxout | Maximum outstanding frames, max amount of frames in limbo (can be transmitted before ACK is received), unreliable media = set high maxout to get as much across as possible at a time (for synch at endpoint), reliable / fast = low maxout, not overwhelm endp |
Piggybacking ACKs | Send 1 ACK for multiple frames at a time |
Synchronization (data link) | maintain synch of frames between sending and receiving |
framing (data link) | mark beginning and end of each transmission frame |
control (data link) | sending station capable of identifying receiving station |
error detection (data link) | error detection and recovery |
802.3 af / at | PoE spec from IEEE |
LAN | privately owned
geographically limited
shared media |
*SAN | Storage Area Network [EMC] for backing up servers / datacenters without introducing a lot of traffic on the regular LAN |
*LLC | Logical Link Control Protocol - error detection, framing of low level metadata, interface to higher layer protocols. |
MAC | Media Access Control, hardware addressing. Assembly of data into a frame with address and error detection fields. Controlled by IEEE |
Token Ring | Token is passed around, everyone guaranteed access to the network |
Bus | Topology, all connect to an ethernet turnk |
Token Bus | 1 cable, multiple NICs, uses Token protocol / access method. Generally used in robotics. |
Access method | CSMA/CD (probablistic) CSMA/CA Token (deterministic), separate from the topology |
Star topology | Advantages: centralized control, network management visibility, easier to troubleshoot
Disadvantages: Expensive investment in a cable, single point of failure |
Ethernet maximum frame size | 1500, set MTU to 1376-1380 to provide room for encryption bits. If not, frames will be larger than 1500 bytes and will fragment, causing higher overhead. |
Ethernet MAC Address Frame Formats v Ethernet DIX v2 format | See slides TYPE v LENGTH |
Broadcast | Frames go to everyone [printer, network discovery, arp, collision announcement] |
Multicast | Sent to specific hosts that are subscribed to receive |
Unicast | Frame goes to a single MAC address |
802.11g/b | 2.4GHz, up to 54Mbps, 3 non-overlapping channels. 100mW, 6 inches (band width), 150ft diameter cell size |
OFDM | Orthogonal Frequency-Division Multiplexing modulation |
CCK | Complementary Code Keying modulation |
PBCC | Packet Binary Convolutional Coding modulation |
802.11i | WLAN security standard, describes encryption transmission of data between a and b WLANs. TKIP, AES, channel selection, roaming, transmit power control |
802.11k | Improve traffic distribution, checks if AP w/ strongest signal is at capacity and connects to another AP if so. |
802.11n | a/g compatible, 2.4 or 5.75 GHz, multiple-input multiple-output, error detection and correction. Spacial multiplexing - 2 Transmit & 1 Receive antenna |
MIMO | Multiple Input Multiple Output, Spatial multiplexing |
802.15 | Standard for WPANs, .1 is based on the Bluetooth spec, .2 working on interference in the 2.4GHz band, .3 wants up to 55Mbps up to 10m, .4 ZIGBEE |
Guided v Unguided media | Wireless v Cables |
EIA/TIA Standards | Ethernet wire color codes T568A and B for CAT .5 |
UTP CAT 3 | 100 Ohm, UL Level III |
UTP CAT 4 | 100 Ohm Low Loss UL Level IV |
UTP CAT 5 / 6 | 100 Ohm Extended Frequency UL Level V |
Solid CAT 5 v Stranded CAT 5 | Solid = rigid = long distance, Stranded = flexible = patch cable
10 to 100 Mbps Ethernet, up to 100MHz |
CAT5e | Up to 1000Mbps, suitable for Gig. Ethernet, less near-end crosstalk |
NEXT | Near End Crosstalk |
CAT 6 | Incorporates a longitudinal separator that isolates each pair from the others. Supports 10Gb Ethernet, up to 250MHz |
Plenum | Cabling rated for use in air ducts that does not emit toxic fumes when melted |
Geosynchronous orbit | turns at same orbit as Earth, 22,500 miles up, requires 3 to 4 degree space between geosync. satellites to prevent interference. Must be realigned every month. |
Transponder | Core of satellite transmission system, usually 24-48 transponder spaces for sending and receiving data, each divided into subchannels. Receives weak signal from Earth, amplifies it, changes freq, and retransmits. Send and receive on different freqs. |
Footprint | Area of the earth where the signal may be received, several hundred to thousand km. Narrower footprints = stronger signal. Ku-band satellites tend to be narrower than C-band |
Modulo | Number of frames that can be outstanding before sender must wait for an ACK from receiving stations |
Wireless - RF / Infrared | Speed, cost effective, easy to install /implement
Distance / cell size, interference, transmission insecure |
Free Space Optics (FSO) + | Beams only a few m in diameter at a km, close spacing of links w/o interference, secure, efficient energy, more than 8km possible
Rapid installation w/o construction, direct connection to end user, bypasses building owner, no interference, unlicensed |
FSO - | Environmental factors, need clear and calculated LoS |
Multiplexing | In telecommunications and computer networks, multiplexing (sometimes contracted to muxing) is a method by which multiple analog message signals or digital data streams are combined into one signal over a shared medium. |
Analog | Waves, continuous |
Digital | Discrete, 1s and 0s |
TDM | Time Division Multiplexing, each device has a time slot to send, if it has nothing to send it's wasted bandwidth. Aggregate line speed has to be at least equal to aggregate of all connecting line speeds |
STDM | Statistical Time Division Multiplexing, aggregate line speed is less than aggregate speeds of each line that connects to it. |
MUX | Multiplexer |
Polling | Asks every device if they have something to send, one at a time. |
DWDM | Dense Wave Division Multiplexing - separate the signal using prisms, OC-192 can support 40Gb. 1,000 different colors over 1 line at the same time, each color has a 40Gb link |
Contention methods | Allow sharing of media, CSMA/CD or CA, polling, token passing |
Token passing | Talking stick method, free or taken tokens, devices can fill free tokens with what they want to send and pass it on, deterministic |
NIC | Addressing, translates from network (serial) to CPU (parallel) and back |
Intelligent wire hubs | Port is occupied or busy / transmits data |
ARIN | American Registry for Internet Numbers (ARIN) - allocated IP addresses |
IANA | The Internet Assigned Numbers Authority (IANA) is responsible for the global coordination of the DNS Root, IP addressing, and other Internet protocol resources. |
ICANN | The Internet Corporation for Assigned Names and Numbers (ICANN /ˈaɪkæn/ eye-kan) is a nonprofit organization that is responsible for coordinating the maintenance and methodologies of several databases... |
DIX | Digital Intel Xerox, proprietary Ethernet |
Licensed Freq | Leased from the FCC |
IP Address v4 | Dotted decimal system, 32 bits, 4 octets |
Class A | 1.0.0.0 - 127.0.0.0 |
Class B | 128.0.0.0 - 191.0.0.0 |
Class C | 192.0.0.0 - 223.0.0.0 |
IETF | Internet Engineering Task Force - implement new protocols / modifications |
RFC 1917 / 1918 | Introduced ability to have public / private IP ranges |
Class D | 224.0.0.0 - 239.0.0.0 |
Class E | 240.0.0.0 - 255.255.255.254 |
IP packet | [version][IHL][Type-of-service][Total length]
... |
Subnet mask | 255 determines network portion of ip address, rest is host portion |
Analog | has inherent noise, when re-amplified, noise is also re-amplified. Digital will always have more throughput. |
Hub | Fastest, nothing to process, just re-broadcast.
Layer 1 device
1 collision domain |
Flooding | How routing device build ARP / bridge tables for routing between network initially |
Bridge | connect layer 2 networks together, forwards, not routes
Forwards all frames based on learned topology
Can propagate broadcast storms |
Switch | connect layer 2 devices together
CAM table (instead of bridge table) |
Spanning Tree Protocol | Block loops in bridged / switched networks, useful on intermediate nodes - devices that pass traffic |
Root bridge | determined by lowest MAC address (or configurable), put it in the middle of topology in order for low amount of recalculating paths |
Layer 2 v Layer 3 broadcast storm | Affects everyone v Affects local |
Adjacenty | Router next to you |
Route table | Only network addresses to port numbers, number of route tables = number of interfaces x number of supported protocols (AppleTalk, DECnet, Novel...) |
ARP table | Only IP (host) addresses to MAC Addresses |
RIP Routing Information Protocol | Distance vector, based on vectors (number of hops) between routes. |
(E)IGRP (Enhanced) Interior Gateway Routing Protocol | Two routers within an autonomous system are called interior |
Autonomous system (AS) | All devices under a single administrative control |
IGP Interior Gateway Protocol | used for routing within networks within an AS |
OSPF | Open Shortest Path First |
BGP Peering Point (NAP) | Where all internet peering connects, what ISPs use to talk to other ISPs |
Routing algorithm metrics | bandwidth
delay
smallest MTU (Max size transmission unit)
reliability
load
hops
cost (of a hop) |
Router Redundancy | Clients with Host Router Discovery Protocol enabled will choose the best gateway / whichever one is up or best based on metric |
Static routes | For routers that do not speak common protocols |
Asymmetrical routing | Can be horrible slow, mismatch between speeds can kill connections |
BGP routing | used for exterior routing |
Default paths | Hosts have default gateways
Routers have default networks |
Distance vector v hop count v link state | table (updates every 30 sec) v decrementing hops v up / down
Convergence (link recovery) is faster with link state change |
latency | any kind of delay |
jitter | variation in latency |
components of response time (server / client) | processor, utilization, network interface (speed / drivers), RAM, protocol |
(network) autodiscovery | generally not a good idea in huge environments, operates with broadcast, can disable a network |
2.4GHz channels | 1, 6, 11 to avoid co-channel interference |
WPAN - Wireless Personal Area Networks | Ex. Nike shoes sensor communicated with a Fitbit |
Different wireless protocols at the physical layer for signal | FHSS, DSSS, HR DSSS, OFDM, MIMO, OFDM |
WLAN Service Set | Logical grouping of devices |
SSID - Service Set Identifier | Network ID |
IBSS - Independent Basic Service Set | adhoc (No AP), does have SSID, must be configured |
BSS | Requires AP (only one) |
ESS (Extended) | Multiple APs, same SSID - 1 subnet, roaming layer 2 |
Co-Channel Interference | Interference on overlapping channels |
802.11 Beacon | clients send probe request frame on every channel it an see containing info about the client station |
Lower freq = longer dist | 2.4 has longer distance |
WLAN Controller (LWAPP AP) | Dynamic APs, expand and contract cell size based on ambient RF. Controller view channel and power of each AP connected to it and looks at what signals each AP sees from the other APs. Adjusts power and cell size for efficiency |
DHCP Option 43 | Used by WLAN Controllers to configure connected APs (like DHCP) such as power and channel per AP |
Power level | how far you can transmit v. interference introduced |
Antennas | Coverage pattern / coverage distance. Omni - generates circular pattern, has 'doughnut effect' of being too close / in the eye of the signal. |
5.75 GHz | 12 channels, smaller channel size |
Channel Bonding | Combining channels as pairs, combining their sub-frequencies, for faster speeds (more bandwidth), can only combine adjacent frequencies, in patterns, keep adjacent frequencies in non-adjacent cells |
AIT | Automation Identification Technologies (umbrella of RFID), bar codes, matrix codes |
RFID | Use RF to transmit data, improve error recovery, increase velocity, reduce process errors. Push data to data warehouse for central access and management. Logistics, tracking, identification |
Backscatter (passive) | RF pattern that emanates from a chip |
Active RFID | Have a battery, 300ft range, 802.11 has a MAC address, great for triangulation - tracking things not near readers. Could be used to track legitimate (tagged) versus rogue (untagged) devices |
Passive RFID | 900MHz, 3m range, powered by RF from reader |
EPC tag | Can be read by anyone, can read / generate any frequency. Different countries operate RFID at different freq. so EPC reader is essential |
Enterprise WLAN AP | Can double as a RFID reader |
RSSI | Relative Signal Strength Indicator |
TDO | Time Difference of Arrival |
Exciter | Foreces tags in a specific range to chirp (their MAC), location reported. Helps save battery life by activating RFID when needed. |
SNMP pt 1 | an IP standard for managing devices on TCP/IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers etc. |
SNMP pt 2 | is used in net. mgmt systems (NMS) to monitor devices for conditions that require admin attention, it consists of a set of standards for network management, including an application layer protocol, a database schema and a set of data objects (MIBs) |
SNMP pt 3 | An SNMP managed network consists of three key components: managed devices, agents, and network-management systems (NMSs). |
Managed device | A managed device is a network node that contains an SNMP agent and resides on a managed network. Managed devices collect and store management information and make this information available to NMSs using SNMP. |
MIB | A Management Information Base (MIB) is a collection of information that is organized hierarchically. MIBs are accessed using a network-management protocol such as SNMP. They are comprised of managed objects and are identified by object identifiers. |
Managed object | A managed object (sometimes called a MIB object, an object, or a MIB) is one of any number of specific characteristics of a managed device. Managed objects are comprised of one or more object instances, which are essentially variables. |
Managed objects pt 2 | Two types of managed objects exist: scalar and tabular. Scalar objects define a single object instance. Tabular objects define multiple related object instances that are grouped together in MIB tables. |
Managed device commands | Managed devices are monitored and controlled using four basic SNMP commands: read, write, trap, and traversal operations. |
spectrum analyzer | Analyzing freqs that others are using, signal strengths. |
Distributed application troubleshooting | tracert, ping, spectrum analysis / wireless survey, protocol sniffers |
Switch | Each port is it's own collision domain, devices still listen for uni, multi, and broadcast traffic. Bridge table full of MAC addresses to port mappings, bridge / switch topology. No ACL for performance on layer 2. |
FastForward | Low latency, no error checking - fast! |
FragmentFree | low latency, checks for colisions |
Store and Forward | High latency, full error checking |
VLAN Identification Using IEEE 802.1Q | Unique ID in the header of each frame for what VLAN the frame belongs to |
LAN Switch & troubleshooting | Hard to t-shoot between VLANS, can only see traffic on own VLAN |
Port mirroring | Configure the switch to monitor all ports, span all ports - good for IDS, good for network visibility, good for attackers |
Blocking v non-blocking LAN switches | Blocking - all interfaces are 1GB but backplane speed is 1.5GB. Not giving wire speed for every port as advertised. |
VLAN | Broadcast domain |
QoS Traffic types | Best effort traffic - text, graphics = bursty, intolerant of errors
Interactive
Real Time
Prioritize UDP(real time services) over TCP |
802.1X | Uses X.509 certificates to assign users to VLANs that they are assigned to originally, prevents users from plugging into the wrong VLAN |
VLAN tag | number in MAC frame that distinguishes what VLAN a frame belongs to, headers added to MAC frame that identify what VLAN traffic is coming from / going to |
VLAN trunk | Connects network devices, allows multiple VLANS to connect. |
Use of MIB | Collect information on AP connections, etc. |
QoS | Allows for prioritization of traffic to avoid latency situations |
AS in routing protocols | -under single admin control, everyone chooses the same AS number and can exchange route info within their AS |
AAAA Net Security Policy | Access, Authentication, Authorization, Audit: control physical access, knowing you are who I think you are, limiting access to specific resources, maintaining logs of unauthorized access attempts. |
Session persistance | Session doesn't timeout |
Why are networks important to security | All security devices collect, monitor, analyze, or block network traffic |
Encryption != Secure connection | What about data sent that is malicious and encrypted |
LAN MAC layer protocols | == frames, layer 2 |
Flooding in transparent learning bridge | First time building bridge table, flood traffic out every interface to construct table by noting where responses come from and on what ports |
IP aggregation - variable lane subnet masking (advanced subnetting) | For backbone / links - use small subnet designations for links and large subnets for nodes. Aggregation = combine subnets to make one big one. |
Link state | metrics can be hops, utilization, bandwidth, etc. up to 7 etrics |
Spanning tree | eliminates redundant links between layer 2 devices (loops) |
CDN (akami) | Caches stuff locally at all ISPs for speedy retrieval of content |
Local and global load balancer | Multiple instances of the same application running (locally at the same datacenter) or replicated at another datacenter somewhere else (for redundancy / content delivery) |
Net Mgmt System | NMS collects data from the agent by collecting the MIB |
MIB | database of info on networked devices |
Aggressive roaming v non-agressive | Limited RF v a lot of RF |
Security perimiter | All devices that do analysis, collection, etc. |
X.509 certificates | Digital certificates used for MFA to access a network |