CompTIA Network N10 006 Instructor Sample
CompTIA Network N10 006 Instructor Sample
CompTIA Network N10 006 Instructor Sample
se m
y
es xa
www.gtslearning.com
M eE
nl
or ic
ss c t
fe ra
ro + P
s P ng
CompTIA Network+
de ini
clu ra
In o T
INSTRUCTOR EDITION
de
O
Vi
N10-006
U
n
tio
ua
al
Ev
Ev
al
ua
tio
n
U
se
O
nl
CompTIA Network+ Certification
Support Skills (Exam N10-006)
Instructor Edition
Study Notes
y
This courseware is copyrighted © 2015 gtslearning. Product images are the copyright of the vendor
ua
or manufacturer named in the caption and used by permission. No part of this courseware or any
training material supplied by the publisher to accompany the courseware may be copied,
photocopied, reproduced, or re-used in any form or by any means without permission in writing
from the publisher. Violation of these laws will lead to prosecution.
tio
All trademarks, service marks, products, or services are trademarks or registered trademarks of
their respective holders and are acknowledged by the publisher.
LIMITATION OF LIABILITY
n
Every effort has been made to ensure complete and accurate information concerning the material
presented in this course. Neither the publisher nor its agents can be held legally responsible for any
mistakes in printing or for faulty instructions contained within this course. The publisher appreciates
U
receiving notice of any errors or misprints.
Information in this course is subject to change without notice. Companies, names, and data used in
se
examples herein are fictitious unless otherwise noted.
Where the course and all materials supplied for training are designed to familiarize the user with the
operation of software programs and computer devices, the publisher urges the user to review the
manuals provided by the product vendor regarding specific questions as to operation.
O
There are no warranties, expressed or implied, including warranties of merchantability or fitness for
a particular purpose, made with respect to the materials or any information provided herein. Neither
the author nor publisher shall be liable for any direct, indirect, special, incidental, or consequential
nl
damages arising out of the use or the inability to use the contents of this course.
y
Warning All gtslearning products are supplied on the basis of a single copy of a course per
student. Additional resources that may be made available from gtslearning may only be used in
conjunction with courses sold by gtslearning. No material changes to these resources are
permitted without express written permission from gtslearning. These resources may not be used
in conjunction with content from any other supplier.
If you suspect that this course has been copied or distributed illegally,
please telephone or email gtslearning.
Table of Contents
Table of Contents
Course Introduction i
Module 1 / Unit 1
al
Topologies and the OSI Model 3
Module 1 / Unit 2
n
Ethernet 25
Module 1 / Unit 3
O
Hubs, Bridges, and Switches 46
Module 1 / Unit 4
Infrastructure and Design 63
Module 1 / Summary
Topologies and Infrastructure 79
Module 2 / Unit 1
Ev
Internet Protocol 83
Module 2 / Unit 3
n
DHCP and APIPA 106
Module 2 / Unit 4
se
IPv6 Addressing 114
Module 2 / Unit 5
Routing 125
nl
Module 2 / Summary
Addressing and Routing 145
Page iv
© 2015 gtslearning
Table of Contents
Module 3 / Troubleshooting and Management 147
Module 3 / Unit 1
Transport Protocols 149
Module 3 / Unit 2
Ev
Name Resolution 156
Module 3 / Unit 3
ua
Troubleshooting 166
Module 3 / Unit 4
Applications and Services 186
U
Module 3 / Unit 6
Cloud and Virtualization 223
Page v
Virtualization Technologies ........................................................................ 223 © 2015 gtslearning
Table of Contents
Storage Area Networks.............................................................................. 227
Cloud Computing ....................................................................................... 231
Module 3 / Summary
Troubleshooting and Management 235
Module 4 / Unit 1
Ev
Network Sites 240
Module 4 / Unit 2
Installing Cable 263
tio
Twisted Pair Cable (UTP / STP / ScTP) ..................................................... 263
Twisted Pair Connectors............................................................................ 266
Wiring Tools and Techniques .................................................................... 268
Cable Testing and Troubleshooting ........................................................... 270
Other Copper Cable Types ........................................................................ 274
n
Fiber Optic Cable and Connectors ............................................................. 276
Media Converters ...................................................................................... 279
Troubleshooting Fiber Cable Issues .......................................................... 280
U
Module 4 / Unit 3
Installing Wireless Networks 284
se
Module 4 / Unit 4
WAN Technologies 301
nl
Module 4 / Unit 5
Remote Access 320
Module 4 / Summary
Installation 339
Module 5 / Unit 1
Vulnerabilities and Threats 343
Module 5 / Unit 2
Security Appliances 365
tio
Module 5 / Unit 3
se
Authentication 390
Module 5 / Summary
Security 445
Ev
Glossary 459
ua
Index 483
tio
n
U
se
O
nl
y
Page viii
© 2015 gtslearning
About This Course
About This Course
This course is intended for those wishing to qualify with CompTIA Network+
Certification. Network+ is foundation-level certification designed for IT
professionals with 1 year's experience whose job role is focused on network
administration.
The CompTIA Network+ certification will certify that the successful candidate
has the knowledge and skills required to troubleshoot, configure, and
Ev
manage common network wireless and wired devices, establish basic
network design and connectivity, understand and maintain network
documentation, identify network limitations and weaknesses, and implement
network security, standards, and protocols. The candidate will have a basic
understanding of emerging technologies including unified communications,
al
mobile, cloud, and virtualization technologies.
.
Page ix
© 2015 gtslearning
About This Course
Course Outcomes
This course will teach you the fundamental principles of installing, configuring,
and troubleshooting network technologies and help you to progress a career in
network administration. It will prepare you to take the CompTIA Network+
exam by providing 100% coverage of the objectives and content examples
listed on the syllabus. Study of the course can act as groundwork for more
advanced training. On course completion, you will be able to:
■ Describe the features of different network protocols and products for LANs,
WANs, and wireless networks.
Ev
CompTIA offers a number of credentials that form a foundation for your career
in technology and allow you to pursue specific areas of concentration.
Depending on the path you choose to take, CompTIA certifications help you
build upon your skills and knowledge, supporting learning throughout your
entire career.
Ev
Study of the course can also help to prepare you for vendor-specific technical
support qualifications and act as groundwork for more advanced training.
Other qualifications available include:
al
■ Cisco Certified Network Associate (CCNA) - a foundation-level
certification of competency in Cisco networking appliance installation and
configuration. Visit gtsgo.to/svg8p for more information.
ua
■ Help Desk Support Analyst - The Help Desk Analyst certification series,
administered by the Help Desk Institute (www.thinkhdi.com), certifies
learners' customer service and Help Desk management skills. Various
levels of certification are available, including Customer Support Specialist,
Help Desk Analyst, and Help Desk Manager.
Page xi
© 2015 gtslearning
About This Course
About the Course Material
The CompTIA Network+ exam contains questions based on objectives and
example content listed in the exam blueprint, published by CompTIA. The
Your instructor edition objectives are divided into five domains, as listed below:
is identical to the
student edition, except
that there are notes to CompTIA Network+ Certification Domain Areas Weighting
help you deliver the
course in the margins. 1.0 Network Architecture 22%
2.0 Network Operations 20%
Note that answers to
3.0 Network Security 18%
Ev
the review questions
are also located in the 4.0 Troubleshooting 24%
"Notes" area of the
"Review" slide for each 5.0 Industry Standards, Practice, and Network Theory 16%
unit.
This course is divided into five modules, each covering a different subject
al
area. Each module is organized into several units, containing related topics for
study.
ua
■ Module 1 / Topologies and Infrastructure
■ Module 5 / Security
n
The modules in the course do not correspond directly to domains in the exam.
Doing so would involve quite a lot of jumping around between different
U
technologies. Instead, we try to cover topics in the most straightforward order
for candidates at a foundation level to understand, starting with an overview of
threats and attacks and proceeding to examine vulnerabilities and controls in
se
different environments. Each module starts with a list of the CompTIA domain
objectives and content examples that will be covered in each unit.
On the Freestyle course support website, you can find Pre- and Post-
assessment tests for each unit. These are designed to identify how much you
O
know about the topics covered in a unit before you study it and how much
knowledge you have retained after completing a unit. You can use these tests
in conjunction with your training provider to identify which units to focus on or
nl
to help you plan a self-study program.
y
There are notes on registering for the course support site and
planning a self-study program later in this section.
Page xii
© 2015 gtslearning
About This Course
At the back of the book there is an index to help you look up key terms and
concepts from the course and a glossary of terms and concepts used.
If you are studying with a training provider, you may also receive a "Labs" book
containing the practical labs for you to complete in class.
Icon Meaning
al
A tip or warning about a feature or topic.
ua
A reference to another unit, where more information
on a topic can be found.
Each of the "TV static" icons above and in the rest of the book represents a
y
Professor Messer video. The icons are called QR codes. They enable you to
scan the link using a smartphone or tablet equipped with a camera. You can
use the links in three ways:
1) If you have an ebook, just click the link to open the video in your browser.
2) If you have a QR code reader, open the app and point your camera at the
icon to open the video in your phone or tablet's browser. Page xiii
© 2015 gtslearning
About This Course
3) If you have a printed book but no reader, enter gtsgo.to/ followed by the
code printed under the QR graphic into your browser. For example, to
access the code shown above, enter gtsgo.to/dlbrs) in your browser.
When you have completed your first read through, you should make a study
nl
plan. We've put a sample study plan on the course website, but you'll need to
adjust it to account for:
y
■ How much you know about network technologies already.
■ How much time you have to study each day or each week.
Page xiv
© 2015 gtslearning
About This Course
In your study plan, you'll identify how much time you want to spend on each
unit and when you're going to sit down and do that study. We recommend that
you study no more than one or two units per day. Studying a unit means
reading it closely, making notes about things that come to mind as you read,
using the glossary to look up terms you do not understand, then using the
review questions on the course website to test and reinforce what you have
learned.
Only you can decide how long you need to study for in total. Network+
Certification is supposed to represent the knowledge and skills of someone
with 9-12 months of practical network administrative experience. If you cannot
Ev
get that experience, you will need to do a corresponding amount of study to
make up. We have included practice tests for the course; these should give
Students can self-
you a good idea of whether you are ready to attempt the exams. register on the site
using these
You also need to think about where you are going to study. You need to find
al
instructions. When
somewhere comfortable and where you are not subject to interruptions or they enroll they will be
distractions. You will also need a computer or tablet with an internet placed in a pool with
other retail customers.
connection for the review and practical activities.
ua
You will need to validate the account using your email address. When you
have validated your account, open gtsgo.to/u7tlw and log in if necessary.
Page xv
© 2015 gtslearning
About This Course
Preparing for the Exams
When you've completed reading the units in detail, you can start to prepare for
the exam. The "Taking the Exams" chapter and the support website contain
tips on booking the test, the format of the exam, and what to expect.
Ev
al
ua
Get tests and practice exams to accompany the course at gtslearning's Freestyle site
tio
The contents of this training material were created for the CompTIA
Network+ Certification N10-006 exam covering the 2015 Edition exam
nl
objectives and content examples. CompTIA has not reviewed or approved the
accuracy of the contents of this training material and specifically disclaims any
warranties of merchantability or fitness for a particular purpose. CompTIA
y
makes no guarantee concerning the success of persons using any such
"Authorized" or other training material in order to prepare for any CompTIA
certification exam.
Page xvi
© 2015 gtslearning
About This Course
CAQC logo
Page xvii
© 2015 gtslearning
About This Course
Four Steps to Getting Certified
This training material can help you prepare for and pass a related CompTIA
certification exam or exams. In order to achieve CompTIA certification, you
must register for and pass a CompTIA certification exam or exams. In order to
become CompTIA certified, you must:
2) After you have studied for the certification, take a free assessment and
Ev
sample test from CompTIA at gtsgo.to/mmbfu to get an idea what type of
questions might be on the exam. You can also use gtslearning's free
practice tests on Freestyle (gtsgo.to/u7tlw).
4) Select a certification exam provider and schedule a time to take your exam.
You can find exam providers at gtsgo.to/4tij2.
tio
Visit CompTIA online - www.comptia.org - to learn more about getting
CompTIA certified. Contact CompTIA - call 866-835-8020 ext. 5 or email
[email protected].
n
U
se
O
nl
y
Page xviii
© 2015 gtslearning
Module 1 / Topologies and
Topologies and
Infrastructure
Infrastructure
Delivery Tips
The following CompTIA Network+ domain objectives and examples are
Use the Freestyle
covered in this module:
course website to
download resources to
CompTIA Network+ Certification Domain Areas Weighting help to setup and run
this course. Refer to the
1.0 Network Architecture 22%
Ev
sign-up instructions in
2.0 Network Operations 20% the prelims section.
Page 1
Module 1 / Unit 1
Refer To Domain Objectives/Examples
Unit 1.3 / 1.1 Explain the functions and applications of various
Hubs, network devices
Bridges, and Switch • Hub
Switches 2.6 Given a scenario, configure a switch using proper
features
VLAN (Native VLAN / Default VLAN, VTP) • Spanning tree
[802.1D] / Rapid spanning tree [802.1w] (Flooding,
Forwarding / blocking, Filtering) • Interface configuration
(Trunking / 802.1Q, Tag vs untag VLANs, Port bonding
[LACP], Port mirroring [local vs remote], Speed and
Ev
duplexing, IP address assignment, VLAN assignment) •
Default gateway • PoE and PoE+ (802.3af, 802.3at) •
Switch management (User / passwords, AAA configuration,
Console, Virtual terminals, In-band / Out-of-band
management) • Managed vs unmanaged
al
Unit 1.4 / 1.7 Differentiate between network infrastructure
Infrastructure implementations
and SCADA / ICS (ICS server, DCS / closed network, Remote
ua
Segmentation terminal unit, Programmable logic controller)
1.12 Given a set of requirements, implement a basic
network
List of requirements • Device types / requirements •
Environment limitations • Equipment limitations •
tio
Compatibility requirements • Wired / wireless considerations
• Security considerations
5.4 Given a scenario, deploy the appropriate wired
connectivity standard
n
Ethernet standards (IEEE 1905.1-2013 [Ethernet over
HDMI, Ethernet over Powerline])
U
se
O
nl
y
Page 2
© 2015 gtslearning
Module 1 / Unit 2
Ethernet
Ethernet
Objectives
On completion of this unit, you will be able to:
Page 25
Module 1 / Unit 2
■ Amplitude - the height or power of the wave. As a wave travels, its energy
dissipates and the amplitude of the wave attenuates. As the amplitude
diminishes, it becomes more susceptible to noise and reception problems
(interference).
Copper Cable
n
Copper cable is used to carry electromagnetic radiation in the MHz frequency
ranges over electrical conductors. As the waves are low frequency, they
require relatively little power to propagate. The drawback is that relatively little
U
bandwidth is available in this part of the spectrum.
se
Fiber Optic Cable
Fiber optic cable carries very high frequency radiation (THz) in the visible light
part of the spectrum. Much higher bandwidths are available but more power is
required to transmit signals over long distances.
O
Wireless Radio
nl
Radio Frequencies (RF) can propagate through the air between sending and
receiving antennas. The use of the radio spectrum is regulated by national
y
governments and (to some extent) standardized internationally by the
International Telecommunications Union (ITU). Use of many frequency
bands requires a license from the relevant government agency.
Page 26
© 2015 gtslearning
Ethernet
Distance
Each type of media can consistently support a given data rate only over a
defined distance. Some media support higher data rates over longer distances
than others. Attenuation and noise affect the maximum supported distance of This is best explained
by the "party"
a particular media type. metaphor.
■ Attenuation is the progressive loss of signal strength, measured in If you want to tell
decibels (dB). It has different causes depending on the type of media but someone something
generally speaking attenuation is increased by using faster signaling and and they are across
the room from you,
by poor quality media.
Ev
you have to speak
more loudly to make
■ Noise is anything that gets transmitted within or close to the media that them hear you than
isn't the intended signal. This serves to make the signal itself difficult to you would if they were
distinguish. This causes errors in data, forcing it to be retransmitted. nearby (attenuation).
al
If there are other
people in the room and
they are talking too,
Signaling
ua
you have to speak
even louder to make
yourself heard (noise).
Analog and digital are two formats for both circuits and signals. For example,
You will find that you
it is possible that a digital signal could be carried over an analog circuit or a
tio
frequently have to
digital circuit could carry an analog signal. That said, modern networks now repeat what you say to
predominantly use digital circuits and signaling. make yourself
understood (data loss).
n
Analog Modulation
Analog modulation is characterized by a continually changing wave. When
used to convey digital signals, the wave is sampled to identify the signal but
U
this sampling process is easily subject to interference. It is also difficult to
boost an analog signal, as amplifying it will also amplify any interference
se
affecting it.
O
nl
y
When an analog input (such as voice) needs to be converted to digital (1s and
0s), the input is sampled to derive a discrete value. When sampling like this,
you have to balance quality with available bandwidth. For example,
telecommunications links are based on 64 Kbps channels because that is the
bandwidth requirement for carrying digitized voice calls. This is worked out as
Ev
a result of the following calculation, derived from the Nyquist theorem that the
sampling rate must be twice the signal bandwidth.
The bit rate is the amount of information that can be transmitted over the wave,
measured in bits per second (bps), or some multiple thereof.
al
Switched Networks
y
Contention-based access methods do not scale to large numbers of nodes
within the same collision domain. This problem is overcome by using switches
as intranetworking devices. A switch establishes a "temporary circuit" between
two nodes that are exchanging messages. Using a switch means that each
switch port is in a separate collision domain. This means that collisions can
only occur if the device attached to the port is operating in half duplex mode
and that the collisions affect only that port.
Page 30
© 2015 gtslearning
Ethernet
Half Duplex and Full Duplex
Older hub-based networks operate half duplex transmissions. This means
that a device (node) can transmit or receive, but cannot do both at the same
time. Newer network devices, such as switches, allow for full duplex Note that a full duplex
link is a point-to-point
transmissions, where a device can transmit and receive simultaneously. link and so collisions
cannot occur.
See Unit 2.2 and Unit 2.5 for more information on IP and routing
and Unit 1.3 for topics on bridges and switches.
O
nl
y
Page 31
Module 1 / Unit 2
Ethernet Frames
Many technologies have been developed to enable LANs using different media
and media access methods and subsequently fallen by the wayside. Ethernet
is the "last man standing". Ethernet supports a variety of media options and is
based upon inexpensive equipment. It was created in the 1960s at the
University of Hawaii for its ALOHA network and was first used commercially by
DEC, Intel, and Xerox (DIX) in the late 1970s. It was standardized by IEEE as
802.3 (gtsgo.to/cto60) in 1983.
Ev
Make sure students
are familiar with Ethernet has a logical bus topology but is usually wired in a physical star
framing and know the
capabilities, media, topology, baseband signaling, and the CSMA/CD method for media access
and installation control.
practices of the
al
various standards. The basic format of an Ethernet frame is as follows:
Get students
comfortable with the
ua
idea that addressing
takes place at multiple Construction of an Ethernet frame
levels of the OSI
model, with Data Link
(MAC) and Network Preamble
tio
(IP) being the most
important.
The preamble is used for clock synchronization. It consists of 8 bytes of
alternating 1s and 0s with two consecutive 1s at the end. This is not technically
considered to be part of the frame.
n
Addressing
U
The destination and source address fields contain the MAC addresses of the
receiving and sending nodes. Ethernet network adapters have a unique
se
hardware or physical address known as the Media Access Control (MAC)
address. A MAC address consists of 48 binary digits (6 bytes).
However, most Ethernet products follow the original DIX specification (referred
y
to as Type II frames) and use the field to indicate the type of network layer
protocol contained in the frame (IP or IPX for instance). These Ethertypes are
values of 1536 or greater (anything less than that is interpreted as the data
length). For example, IPv4 is coded as the hex value 0800 (or 2048 in decimal)
while IPv6 is 86DD.
Page 32
© 2015 gtslearning
Ethernet
802.3 Ethernet frames use a Logical Link Control (LLC) header to identify
the protocol type. It can be further extended with a Subnetwork Access
Protocol (SNAP) field to specify proprietary protocols. These headers take up
part of the space normally reserved for data (reducing it to up to 1492 bytes).
Consequently these frame types are not widely used.
The maximum size of any type of Ethernet frame is normally 1518 bytes
Ev
(excluding the preamble). However, the 802.3ac standard specifies use of a 4-
byte tag inserted between the source address and length fields designed to
identify the VLAN to which the frame belongs, making the maximum allowable
frame size 1522 bytes.
al
ua
Construction of an 802.1ac (VLAN) Ethernet frame
Some Gigabit Ethernet products support jumbo frames with much larger
MTUs. Such products are not standardized however making interoperability
between different vendors problematic.
n
Page 33
Module 1 / Unit 2
Legacy Ethernet Standards
Thinnet was often used with 10BASE-5 (Thicknet). Thicknet uses a different
grade of coax and supports longer segment lengths (up to 500m) and more
y
nodes per segment. Consequently, in a typical installation, up to 3 Thinnet
segments (with computers attached as nodes) could be linked (via devices
called repeaters) using up to 2 Thicknet segments. These limitations were
described as the 5-4-3 rule. The overall cable length for all segments cannot
exceed 925m.
10BASE-2 would not be deployed on new networks but you may be called
upon to maintain it in legacy installations.
Page 34
© 2015 gtslearning
Ethernet
10BASE-T
10BASE-T network systems use 4-pair unshielded or shielded twisted-pair
copper wire cabling. A pair consists of two insulated wires wrapped around one
another. One pair is used to transmit (Tx), one pair to receive (Rx), while the In fact, 10BASE-T is
pretty much obsolete
other two pairs reduce crosstalk and interference. 10BASE-T networks are but it is still present in
physically wired as a star. The link between the port on the host and the port the objectives.
on the hub or switch is a single segment. The logical topology is a bus:
■ When a hub is used the transmission media are shared between all nodes
as all communications are repeated to each port on the hub (point-to-
Ev
multipoint).
10BASE-T Specification
tio
Maximum segment cable length 100m (328 feet)
Minimum cable length 0.5m (1.5 feet)
Maximum segments 1024
n
Maximum hubs between nodes 4
10BASE-T would not be deployed on new networks but you may be called
U
upon to maintain it in legacy installations.
Most of the LANs the
students will encounter
se
Fast Ethernet will be Fast Ethernet or
Gigabit Ethernet (or
possibly 10G if they
When it came to update the original Ethernet standard, the IEEE 802.3
stay in the profession
committee decided on an approach that ensured backward compatibility. Its long enough).
discussions resulted in the IEEE 802.3u specification, which is known as Fast
O
Ethernet. Fast Ethernet is based on the same CSMA/CD protocols that define Most LANs will be a
traditional Ethernet but reduces the duration of time each bit is transmitted by a mix of UTP-based
horizontal links and
factor of ten by using higher frequency signaling and improved encoding fiber optic backbones.
nl
methods. This raises the bit rate from 10 Mbps to 100 Mbps. Data can move
between Ethernet and Fast Ethernet devices without requiring protocol Stress that no one is
translation, as Fast Ethernet maintains the old error control functions, frame going to be building a
y
format, and length. Fast Ethernet can use twisted pair or fiber optic cable. network based on
hubs anymore but that
they do remain a
Specification Cable Maximum Distance popular topic for exam
questions.
100BASE-TX Cat 5 UTP (using 2 100m (328 feet)
pairs) or STP
100BASE-FX MMF (62.5/125) / 400m (1312 feet) / half-duplex
1300nm 2000m (6562 feet) / full duplex
Page 35
Module 1 / Unit 2
Fast Ethernet allows only one or two hubs, though this does not apply if the
hubs are stacked using a proprietary backplane (the stack counts as one
device). The standards documentation also defines two classes of hubs; Class
I hubs are used to connect different media (twisted-pair and fiber optic for
instance) and only one device per network is allowed if this type of hub is used.
Ev
In most modern networks however the restriction is overcome by using
switches in place of hubs.
Fast Ethernet would not be deployed on new networks but you may be called
upon to maintain it in legacy installations.
n
While the standards listed previously are obsolete, the subsequent versions of
Ethernet remain very much in use.
se
Each Ethernet network interface has a unique hardware address known as the
Media Access Control (MAC) address. This may also be referred to as the
Ev
This is addressing at
the data link layer.
Ethernet Address (EA) or (in IEEE terminology) the Extended Unique Identifier
Make sure students (EUI). The IEEE deprecates use of the term "MAC address" as interfaces are
are familiar with the increasingly likely not to be tied to a particular hardware adapter
format of MACs and
al
the process of ARP.
MAC Address Format
Don't worry too much
about exactly what
ua
layer in OSI ARP A MAC address typically consists of 48 binary digits (6 bytes). The format of
counts as - it's unlikely the number differs depending on the system architecture. An Ethernet card
to be tested as an address is often displayed as 12 digits of hexadecimal with colon or hyphen
exam question in the separators or no separators at all (for example, 00:60:8c:12:3a:bc or
same way something
00608c123abc).
tio
like a switch, IP, or
TCP are.
Captured Ethernet frame showing the resolved OUI and I/G and U/L bits in the destination
(broadcast) and source addresses
Page 38
© 2015 gtslearning
Ethernet
An organization can decide to use locally administered addresses in place of
the manufacturers' universal coding systems. This can be used to make MACs
meaningful in terms of location on the network but adds a significant
administrative overhead. A locally administered address is defined by changing
the U/L bit from 0 to 1. The rest of the address is configured using the card
driver or network management software. It becomes the network
administrator's responsibility to ensure that all devices are configured with a
unique MAC.
The I/G bit of an Ethernet MAC address determines whether the frame is
addressed to an individual node (0) or a group (1). The latter is used for
Ev
multicast transmissions. A MAC address consisting entirely of 1s is the
broadcast address and received by all nodes within the same broadcast
domain.
al
2) If not present in cache, ARP builds a request, which is then broadcast onto
the network.
y
3) The broadcast is processed by all the hosts on the local network but unless
the request contains its own IP address, most hosts ignore the request.
4) If the target host recognizes its own address, it updates its cache with the
MAC address of the source host. It then replies to the source host.
5) The source host receives the reply, updates its cache table, and
Page 40 communication is established.
© 2015 gtslearning
Ethernet
2) If the mapping for the gateway address is not located, then an ARP request
se
is broadcast for the default gateway's IP address (but NOT the IP address
of the remote destination host).
3) Hopefully, the router will respond to the request by returning its hardware
address. The sending host then sends the packet to the default gateway to
O
deliver to the remote network and the destination host.
Page 41
Module 1 / Unit 2
ARP Cache
ARP broadcasts can generate considerable traffic on a network, which can
reduce performance. To optimize this process, the results of an ARP broadcast
are held in a cache initially. If the entry is used within the timeout period, the
entry is held in the cache for a few minutes before it is deleted.
The timeout for the ARP cache varies by operating system and
version and can often be configured manually.
Ev
Demonstrate each
utility in turn. Explain
Entries in the ARP cache are automatically timed out in case a hardware
the output from each
and be sure that the address changes (for example, if a network card is replaced).
students understand
which program to use The cache is an area reserved in memory that contains the IP address and the
al
when. associated hardware address. Before an ARP broadcast is performed, the
cache is always checked for the correct MAC address. Broadcasting is
ARP itself is also an
exam content reduced further as the host receiving an ARP request always extracts the IP
ua
example. Ensure address and hardware address of the source host and places this information
students can in its ARP cache before transmitting an ARP reply.
distinguish the protocol
from the utility and the
arp utility from the arp
arp
tio
ping utility.
The arp utility can be used to perform a number of functions related to the
ARP cache.
n
■ arp -a (or arp -g) views the ARP cache contents; use with IPAddress to
view the ARP cache for the specified interface only.
U
■ arp -s IPAddress MACAddress adds an entry to the ARP cache.
Under Windows, MACAddress needs to be entered using hyphens
between each hex byte.
se
■ arp -d * deletes all entries in the ARP cache; can also be used with
IPAddress to delete one entry only.
O
The above illustrates some uses of the command under Windows.
Syntax for Linux and UNIX is often different. Check the help for the
utility on the system you are using to learn about switches and
nl
arguments available.
y
Page 42
© 2015 gtslearning
Ethernet
MAC Address Lookup Table
A MAC Address Lookup Table (or OUI Lookup Table) enables you to
identify the manufacturer or a network adapter from the OUI value coded in its
MAC address.
Ev
al
ua
tio
Finding the network adapter vendor from a MAC address using Wireshark's OUI Lookup Tool
n
U
Protocol Analyzers
se
A protocol analyzer (or packet sniffer or network analyzer) performs frame
capture and analysis. The analyzer can be implemented on special hardware
(as part of a cable tester for instance) or installed as software on a PC host. Students will use
There isn't really much of a distinction between a packet sniffer and protocol Wireshark during the
analyzer. You can think of a packet sniffer as something that only captures labs.
O
frames (without doing any decoding, filtering, or analysis) but almost all the
tools available have some sort of analysis functionality built-in, making the
terms pretty much interchangeable.
nl
The capabilities of different products vary widely, but in general terms protocol
analyzers can perform the following functions:
■ Identify the most active computers on the network, which aids in balancing
traffic on networks.
■ Isolate computers producing erroneous packets and rectify the problem. Page 43
Module 1 / Unit 2
■ Filter traffic and capture packets meeting certain criteria (capturing traffic to
and from a particular device for instance).
■ Generate frames and transmit them onto the network to test network
devices and cabling.
Ev
■ Monitor bandwidth utilization by hosts, applications, and protocols.
■ Trigger alarms when certain network conditions fall outside "normal levels".
al
ua
tio
n
U
While this approach works for a hub, where all traffic is repeated on every port,
on a switched network, the switch makes decisions about which port to forward
y
traffic to, based on the destination address and what it knows about the
machines connected to each port. This means that to capture unicast traffic
intended for other hosts, the sniffer needs to be connected to a suitably
configured spanning port (mirrored port).
1) What is attenuation?
4) Why might the baud rate be different from the bit rate?
al
5) With CSMA/CD, what will happen if a computer has data to transmit and Run labs 1-3 after
there is already data on the cable? completing the review
questions with the
ua
6) What is an MTU? students.
11) If a mapping for a local host is not found in a source host ARP cache, how
U
does the source host send an ARP request?
13) True or false? The arp utility allows you to discover another host's MAC
address.
O
14) On a switched network, what configuration changes must be made to allow
a host to sniff unicast traffic from all hosts connected to a switch?
nl
y
Page 45
Module 1 / Summary
Topologies and
Infrastructure
■ Transmission media and network physical and data link technologies can
n
be distinguished by a number of factors, including modulation scheme,
bandwidth, media type, and access control method.
Page 79
Taking the Exams
The objectives and content examples are covered in units in the course as
n
listed in the table below. You can also use the index at the back of the book to
look up specific content examples:
U
Domain Objectives/Examples Refer To
1.1 Explain the functions and applications of various Unit 1.3 / Hubs,
network devices Bridges, and Switches
se
Switch • Hub
Router Unit 2.5 / Routing
Multilayer switch • Load balancer • Packet shaper Unit 3.4 / Applications
and Services
Access point (wireless / wired) Unit 4.3 / Installing
Wireless Networks
O
Analog modem • VPN concentrator Unit 4.5 / Remote
Access
Firewall • HIDS • IDS/IPS • Content filter Unit 5.2 / Security
nl
Appliances
1.2 Compare and contrast the use of networking Unit 3.4 / Applications
services and applications and Services
Web services • Unified voice services
y
Network controllers Unit 3.6 / Cloud and
Virtualization
VPN • Site to site / host to site / host to host • Protocols Unit 4.5 / Remote
(IPsec, GRE, SSL VPN, PPP/PPTP) • RAS Access
TACACS / RADIUS Unit 5.3 /
Authentication
Page 447
Taking the Exams
Domain Objectives/Examples Refer To
1.3 Install and configure the following networking Unit 2.3 / DHCP and
services / applications APIPA
DHCP (Static vs dynamic IP addressing, Reservations,
Scopes, Leases, Options [DNS servers, suffixes], IP
helper / DHCP relay)
DNS (DNS servers, DNS records [A, MX, AAAA, CNAME, Unit 3.2 / Name
PTR], Dynamic DNS) Resolution
Proxy / reverse proxy • NAT (PAT, SNAT, DNAT) • Port Unit 5.2 / Security
forwarding Appliances
1.4 Explain the characteristics and benefits of various Unit 4.4 / WAN
WAN technologies Technologies
Ev
Fiber (SONET, DWDM, CWDM) • Frame relay • Satellite •
Broadband cable • DSL/ADSL • ISDN • ATM • MPLS •
GSM/CDMA (LTE/4G, HSPA+, 3G, EDGE) • Dial-up •
WiMAX • Metro-Ethernet • Leased lines (T1, T3, E1, E3,
OC-3, OC-12) • Circuit switch vs packet switch
al
PPP / Multilink PPP Unit 4.5 / Remote
Access
1.5 Install and properly terminate various cable types Unit 4.2 / Installing
Cable
ua
and connectors using appropriate tools
Copper connectors (RJ-11, RJ-45, RJ-48C, DB9 / RS-
232, DB25, UTP coupler, BNC coupler, BNC, F-
connector, 110 block, 66 block) • Copper cables (Shielded
vs unshielded, CAT3, CAT5, CAT5e, CAT6, CAT6a, PVC
vs plenum, RG-59, RG-6, Straight-through vs crossover
tio
vs rollover) • Fiber connectors (ST, SC, LC, MTRJ, FC,
Fiber coupler) • Fiber cables (Single mode, Multimode,
APC vs UPC) • Media converters (Single mode fiber to
Ethernet, Multimode fiber to Ethernet, Fiber to coaxial,
Single mode to multimode fiber) • Tools (Cable crimpers,
n
Punch down tool, Wire strippers, Snips, OTDR, Cable
certifier)
1.6 Differentiate between common network topologies Unit 1.1 / Topologies
Mesh (Partial, Full) • Bus • Ring • Star • Hybrid • Point-to- and the OSI Model
U
point • Point-to-multipoint • Client-server • Peer-to-peer
1.7 Differentiate between network infrastructure Unit 1.1 / Topologies
implementations and the OSI Model
se
WAN • MAN • LAN • WLAN (Hotspot) • PAN (Bluetooth,
IR, NFC)
SCADA / ICS (ICS server, DCS / closed network, Remote Unit 1.4 / Infrastructure
terminal unit, Programmable logic controller) and Segmentation
Medianets (VTC, ISDN, IP/SIP) Unit 3.4 / Applications
and Services
O
1.8 Given a scenario, implement and configure the Unit 1.2 / Ethernet
appropriate addressing schema
MAC addressing • Broadcast domains vs collision
nl
domains
IPv4 (Address structure) Unit 2.1 / Internet
Protocol
IPv4 (Subnetting, Classful A, B, C, D, Classless) • Private Unit 2.2 / IPv4
y
vs public • Multicast • Unicast • Broadcast Addressing
IPv4 (APIPA) Unit 2.3 / DHCP and
APIPA
IPv6 (Autoconfiguration, EUI 64, DHCP6, Link-local, Unit 2.4 / IPv6
Address structure, Address compression, Tunneling 6to4, Addressing
4to6, Teredo, Miredo)
NAT/PAT Unit 5.2 / Security
Appliances
Page 448
Glossary
Glossary
10xBASE The glossary
The Ethernet-type networks can be subdivided into several types of network. The IEEE 802.3
references almost all
standard uses the following notation to indicate Ethernet type: x-BASE-y, where "x" indicates the
data rate (in Mbps), "BASE" denotes that baseband transmission is used and "y" either describes
the terms used in the
the maximum media distance or the cable type. More recent standards define gigabit (1000BASE- exam syllabus and
Y) and 10 Gigabit (10GBASE-Y) speeds. acronyms list and the
study notes.
110 Block
Punch-down cross-connect format offering high density (supporting up to 300 pairs). 110 wiring
blocks are used for various applications. The 110 IDC format is used in most patch panels and
Students should find it
Ev
wall jacks. a useful revision tool
when they are
25-pair / 100-pair preparing for the
Data cabling has four pairs within a single jacket. Telephone cabling often uses bundles of color- exam.
coded 25-pair cables. These are generally unsuitable for data applications because of excessive
crosstalk.
al
568A / 568B
Termination standards defined in the ANSI / TIA / EIA 568 Commercial Building
Telecommunications Standards. 568A is mandated by the US government and for US residential
wiring but the only commercial rule is not to mix the two on the same network. Wiring a cable with
ua
both 568A and 568B termination creates a crossover cable.
66 Block
Punch-down cross-connect used to terminate telephone wiring. Each 66 block can terminate a
single 25-pair cable.
tio
802 Protocols
The 802 standards, published by the LAN / MAN Standards Committee of the Institute of Electrical
and Electronics Engineers (IEEE), define technologies working at the physical and data link layers
of the OSI model. These layers are subdivided into two sub-layers. The Logical Link Control (LLC)
sub-layer is used with other 802 protocols, such as 802.3 and 802.11, which are conceived as
operating at a Media Access Control (MAC) sub-layer and the physical (PHY) layer.
n
802.1X
Port authentication framework that requires the device to authenticate before it is granted access
to the network. 802.1X defines how devices should provide support for Extensible Authentication
Protocol (EAP).
U
Access Point
See: Wireless Access Point.
se
ACL (Access Control List)
A list configured on a resource (such as file system object) or appliance (firewall or switch) that
determines access / deny access rules. Filtering is often performed on the basis of MAC or IP
address.
ADSL
See: DSL.
O
Antenna
Different types of antenna can be used to focus a signal to a particular point or more widely
(omnidirectional). Many wireless devices use a simple rod-type antenna.
nl
API (Application Programming Interface)
A library of programming utilities used, for example, to enable software developers to access
functions of the TCP/IP network stack under a particular operating system.
y
APIPA (Automatic Private IP Addressing)
APIPA was developed as a means for clients configured to obtain an address automatically that
could not contact a DHCP server to communicate on the local subnet. The host randomly selects
an address from the range 169.254.1.0 - 169.254.254.255. This is also called a link-local address.
Application Layer
OSI model layer providing support to applications requiring network services (file transfer, printing,
email, databases, and so on).
ARP (Address Resolution Protocol)
When two systems communicate using TCP/IP, an IP address is used to identify the destination
machine. The IP address must be mapped to an interface (the NIC's MAC address). ARP
performs the task of resolving an IP address to a hardware address. arp is also a utility used to
manage the ARP cache. Page 459
Glossary
arp ping / arping
This is a version of ping used to test connectivity to a host. It uses ARP rather than ICMP and so
cannot be blocked.
ATM (Asynchronous Transfer Mode)
ATM is an advanced implementation of packet switching that provides a high-speed transport
mechanism for all types of data including voice and video. ATM divides information into 53-byte
cells containing 48 bytes of data and 5 bytes of header data. The small size of the cells and their
fixed length mean delays can be predictable so that time-sensitive data is readily accommodated.
Attenuation
Degradation of a signal as it travels over media. This determines the maximum distance for a
particular media type at a given bit rate.
Authentication
Identifying a user on a network. Authentication allows the network administrator to control access
Ev
to the network and (with some sort of rights system [authorization]) to particular resources on the
network (directories, printers, configuration, and so on). Standard authentication consists of a user
name and password (a logon). Secure authentication requires that transmission of the logon be
encrypted.
Autonomous System (AS)
al
See: BGP.
Backbone
A backbone is a fast link that connects the various segments of a network.
ua
Backup
Recovery of data can be provided through the use of a backup system. Most backup systems
provide support for tape devices. This provides a reasonably reliable and quick mechanism for
copying critical data. Backups take place under a schedule of tape rotation, which allows for
optimum efficiency of backup and restore operations and for storage of media offsite.
tio
Bandwidth
Bandwidth is the range of frequencies supported by a particular media type and more generally
the maximum data rate supported by a link.
Bandwidth Shaper
See: Traffic Shaping.
n
Baseband
Baseband transmission uses the complete bandwidth of the media as a single transmission path.
LAN signaling normally uses this transmission method and it is also more reliable than the
broadband method.
U
Baseline
The point from which something varies. A configuration baseline is the original or recommended
settings for a device while a performance baseline is the originally measured throughput.
se
Beacon
A special management frame broadcast by the AP to advertise the WLAN.
BGP (Border Gateway Protocol)
BGP is designed to be used between routing domains, or Autonomous Systems (AS), and as such
is used as the routing protocol on the Internet, primarily between ISPs. Autonomous systems are
O
designed to hide the complexity of private networks from the public Internet. Border (or edge)
routers for each AS exchange only as much route information as is required to access other
autonomous systems, rather than hosts within each AS. Autonomous System Numbers (ASN) are
allocated to ISPs by IANA via the various regional registries.
nl
Bluetooth
Short range (up to 32 feet or 10m) radio technology providing connectivity for mobile devices such
as PDAs or XDAs (generally to synchronize email and contact data with a PC). It also provides
connectivity for wireless devices generally (printer, mouse, keyboard, and so on).
y
BNC (British Naval Connector/Bayonet-Neill-Concelman) Connectors
These are twist and lock connectors that are used with coax cabling.
Bonding
Using multiple network adapters for a single link for fault tolerance and load balancing. For
Ethernet, this type of "adapter teaming" is defined in 802.3ad. 802.11n and 802.11g Wi-Fi
channels can also be bonded to improve bandwidth.
BOOTP (Bootstrap Protocol)
TCP/IP protocol enabling a host to acquire IP configuration information from a server or download
a configuration program using TFTP. BOOTP is an earlier, simpler form of DHCP and also works
over UDP port 67. Unlike DHCP, the configuration settings for each host must be manually
Page 460 configured on the server.
Index
Index
Where a term or phrase is abbreviated, the acronym is the form listed in the
index. Note that index references are made to the nearest main heading for the
topic in which the term appears.
This courseware is copyrighted © 2015 gtslearning. Product images are the copyright of the vendor
ua
or manufacturer named in the caption and used by permission. No part of this courseware or any
training material supplied by the publisher to accompany the courseware may be copied,
photocopied, reproduced, or re-used in any form or by any means without permission in writing
from the publisher. Violation of these laws will lead to prosecution.
tio
All trademarks, service marks, products, or services are trademarks or registered trademarks of
their respective holders and are acknowledged by the publisher.
LIMITATION OF LIABILITY
n
Every effort has been made to ensure complete and accurate information concerning the material
presented in this course. Neither the publisher nor its agents can be held legally responsible for any
mistakes in printing or for faulty instructions contained within this course. The publisher appreciates
U
receiving notice of any errors or misprints.
Information in this course is subject to change without notice. Companies, names, and data used in
se
examples herein are fictitious unless otherwise noted.
Where the course and all materials supplied for training are designed to familiarize the user with the
operation of software programs and computer devices, the publisher urges the user to review the
manuals provided by the product vendor regarding specific questions as to operation.
O
There are no warranties, expressed or implied, including warranties of merchantability or fitness for
a particular purpose, made with respect to the materials or any information provided herein. Neither
the author nor publisher shall be liable for any direct, indirect, special, incidental, or consequential
nl
damages arising out of the use or the inability to use the contents of this course.
y
Warning All gtslearning products are supplied on the basis of a single copy of a course per
student. Additional resources that may be made available from gtslearning may only be used in
conjunction with courses sold by gtslearning. No material changes to these resources are
permitted without express written permission from gtslearning. These resources may not be used
in conjunction with content from any other supplier.
If you suspect that this course has been copied or distributed illegally,
please telephone or email gtslearning.
Table of Contents
Table of Contents
Introduction ................................................................................................... 1
Page iii
© 2015 gtslearning
y
nl
O
se
U
n
tio
ua
al
Ev
Introduction
Introduction
The following conventions have been used in the course practical lab
exercises.
■ Bullet and number lists - steps for you to follow in the course of completing
a task or hands-on exercise.
Ev
■ File and command selection - files, applets, dialogs and other information
that is displayed on the screen by the computer is shown in sans serif bold.
For example: Click OK, Select Control Panel, and so on.
Page 1
© 2015 gtslearning
Lab 1 / Configuring a
Network Adapter
This lab is performed In this lab you will use Device Manager to discover what properties and
on the HOST PC. If configurable settings your network adapter has.
the OS is other than
Windows 8, steps may 1) On the HOST PC, alt-click the Start button and select Device Manager.
vary slightly. The
options available may The list of installed devices appears.
Ev
also depend on the
network adapter driver.
2) Click the arrow symbol beside Network adapters to expand the Network
Adapter Subtree.
____________________________________________________________
ua
4) Alt-click your network card and select Properties.
5) Click the Driver tab and record the following information (you may need to
use the Driver Details button too):
tio
Provider: _________________________________
Version: __________________________________
n
Date: ____________________________________
7) Look for the link speed and duplex configuration option - what is it set to?
____________________________________________________________
O
8) Does the adapter support advanced features, such as WoL ("wake up") or
ToE (offload)?
nl
____________________________________________________________
y
9) Click Cancel to the Properties dialog.
The adapter list should refresh to show a number of other adapters, mostly
used for remote tunneling protocols (WAN Miniport) or IPv6 tunneling
(ISATAP).
1) On the HOST PC, press Start then type Hyper-V Manager then press
Enter.
Ev
The Hyper-V Manager console is loaded. This shows the VMs available to
you. Selecting a VM displays more information about it.
al
ua
tio
n
U
se
Hyper-V console
Page 3
© 2015 gtslearning
Lab 2 / Using Hyper-V
LAMP is also an Ubuntu Linux server, configured as a web server
(installed with the OS and applications Linux, Apache [web server],
MySQL [database], and PHP [programming]).
This dialog allows you to configure the VM's hardware. Some settings can
only be changed when the VM is powered off; others you can change from
the VM's window menu when it is running.
These nodes allow you to add hard drives to the VM and to use disc
nl
images (ISOs) in the optical drive (or share the HOST's drive).
4) Click the DVD Drive node, then on the opposite pane select Image file and
click Browse. Locate the Windows 8 ISO image in c:\GTSLABS and click
y
Open.
Page 4
© 2015 gtslearning
Lab 2 / Using Hyper-V
Ev
al
ua
tio
n
Configuring network options
This page allows you to choose which network switch the adapter is
connected to. In these labs, the switches will be configured so that each
U
VM can "see" only other VMs installed on the host but not the host itself or
the physical network. The VMs can be put on separate internal networks by
giving the networks names, much like a Virtual LAN (VLAN). The CLIENT
se
VM is on a network named "Private Network".
You can also "install" additional adapters in a VM. This is an option we will
use later in the labs.
O
6) Click OK.
A checkpoint is an image of the VM's disk at a particular point. You can use
checkpoints to discard the changes in a particular lab or reset the lab if you
y
need to attempt it again from the start.
8) Double-click the CLIENT VM to connect to it. A new window will open. Click
the Start button to boot the VM.
Page 5
© 2015 gtslearning
Lab 2 / Using Hyper-V
When the VM has booted, you may be asked to choose a desktop size. If
so, choose a setting that is smaller than your host desktop resolution, so
that the entire VM desktop will be easily visible.
11) On the VM window, click the File > Settings menu. You can configure
some settings here (though you cannot change the installed hardware
ua
without shutting down the VM).
12) On the VM window, click the Media > DVD Drive menu. You can select a
different ISO or choose the host drive here (or just eject the current image).
tio
13) In the CLIENT VM, alt-click the Start button and select Shut down or sign
out > Shut down.
During the labs you will use the Ubuntu Server Linux distribution. This is
n
operated at a command prompt with no GUI.
14) Double-click the LAMP VM to open its console then click the Start button to
U
boot it. When the computer has booted, a "lamp login" prompt will be
displayed.
se
15) Type administrator and press Enter.
You do not have to enter the password every time you use sudo.
The password gets cached for a few minutes.
Page 6
© 2015 gtslearning
Lab 3 / ARP and Packet
Analysis
Windows network
tio
2) When the GATEWAY VM has booted, log on with the user name
se
Administrator and the password Pa$$w0rd. At log on, Server
Manager will be started. Wait for this to initialize before proceeding.
3) Press Start, type cmd, then press Enter to load the Command Prompt.
O
4) Enter arp -a.
This displays the ARP cache table. The only entries should be for the
network broadcast address (10.1.0.255) used to address every machine on
nl
the local network and multicast addresses (starting 224) used by Windows'
network discovery protocols.
y
Remember that the VM is set to use the Windows VMs' local network and
there are no other machines on that network yet so it is not surprising that
there are no host addresses yet.
2) When the program has loaded, click the Capture Options button in
the toolbar.
Ev
al
ua
tio
n
3) Ensure that the adapter is set to "Ethernet" (this is the virtual adapter driver
used by VM), that the "Capture filter" box is empty, and that Use
se
promiscuous mode on all interfaces is checked.
4) Click Start.
5) Switch to the Hyper-V Manager console on the HOST, start the SERVER
O
VM, then open a console for it.
6) Switch back to the GATEWAY VM console and watch the packet capture
window while the SERVER VM boots. Maximize the window and adjust the
nl
size of the panes so that you can view the frames clearly.
y
7) Click the AutoScroll button to turn off autoscrolling then scroll to the
top of the capture.
One of the most useful options in packet analysis software is the one to
filter by different criteria. You may have noticed in the Capture Options
dialog that there was a capture filter option (to only record packets that
match the filter in the first place).
Page 8
© 2015 gtslearning
Lab 3 / ARP and Packet
You can also apply filters to the captured data. You can construct complex Analysis
filter criteria by building an expression or by alt-clicking in the frame
analysis pane.
8) Select the first ARP frame in the top pane, then in the middle pane, alt-click
Address Resolution Protocol and select Apply as Filter > Selected.
Ev
al
ua
tio
n
Applying a filter
The frames panel now shows only ARP traffic. Note the filter expression
"arp" has been added to the filter panel and that the panel is highlighted
U
green to show that a filter is in effect.
se
You should now be able to see the results of an ARP session. The
SERVER machine is checking whether anyone owns its IP address
(10.1.0.1); there is no reply to this broadcast, as SERVER owns the IP
address 10.1.0.1
O
9) Click each ARP frame in the top pane and expand the frame analysis in the
y
second pane.
Note that the frame (data link layer) simply contains source and destination
MAC addresses (note that some frames use the broadcast address) and a
protocol type field (ARP) plus a checksum (part of the trailer, which also
ensures that the frame is at least the minimum length). Note that Wireshark
decodes the OUI and that you can expand the MAC fields to decode the
multicast/broadcast bit and locally administered bit.
Page 9
© 2015 gtslearning
Lab 3 / ARP and Packet
Analysis The ARP headers (layer 2.5 or 3-ish) contain similar information plus the
sender and target IP addresses. ARP is a very simple protocol. IP and
higher level packets often contain many more headers.
Also note the bottom frame. This contains the raw data in hexadecimal
format (the computers receive it as a series of 1s and 0s. When you select
information in pane 2, the relevant hex digits are selected here (and vice
versa).
10) In the filter bar, click the Clear button then turn autoscrolling back on.
Ev
11) When SERVER has finished booting, enter the password Pa$$w0rd to log
on as CLASSROOM\Administrator.
12) Open File Explorer and enter \\10.1.0.254\admin$ in the address bar.
al
13) When the server share has opened, switch back to the GATEWAY VM and
click Stop to halt packet capture.
ua
The captured frames are displayed.
14) Look for a second ARP session as SERVER resolves the IP address
10.1.0.254 to a MAC address.
tio
15) Click one of the SMB2 frames - note that additional layers of protocols are
shown in the frame analysis pane. SMB (the protocol used for file sharing
on Windows networks) makes more use of the upper network layers than
n
ARP (IP for logical addressing at the network layer, TCP at the transport
layer, NetBIOS at the session layer, and SMB (version 2) itself to exchange
the application data).
U
16) Press the Start button to start another packet capture with the current
options set. When you are prompted to save the packet capture, click
se
CLIENT uses DHCP
so broadcasts to Continue without Saving.
discover an address,
which SERVER 17) Boot the CLIENT VM. What do you notice that is different about the packet
responds to (note that
capture?
the DHCP used by
CLIENT is different to
O
the DHCPv6 protocol ____________________________________________________________
that VMs are using to
autoconfigure their ____________________________________________________________
nl
IPv6 link-local
adapters). ____________________________________________________________
18) Analyze the ARP traffic and fill in the MAC addresses for all the computers
y
Note that there are
in the network diagram at the start of the lab.
much easier ways to
discover a
workstation's MAC 19) Stop the packet capture.
address but the point
here is to ensure the
students can decode
the source and
destination fields.
Page 10
© 2015 gtslearning
Lab 3 / ARP and Packet
Exercise 3: ARP Problems Analysis
In this exercise, you will investigate some of the problems that can be caused
by an incorrect MAC address.
As a first step, you will disable IPv6 on the GATEWAY VM so that it can only
contact SERVER using IPv4.
1) On the GATEWAY VM, alt-click the Network Status icon in the notification
area and select Open Network and Sharing Center.
This page gives you an overview of the network and file sharing / firewall
Ev
settings.
4) Switch back to the command prompt and repeat the arp -a command
tio
(you can press the Up arrow key to select from previously issued
commands).
10) In the command prompt, check the ARP cache and note the result below:
y
There will be an entry
____________________________________________________________ for 10.1.0.1 - SERVER
- along with its MAC
11) Enter the following command: address.
Note the error. The latest versions of Windows prevent use of the arp tool
to change hardware addresses on the local subnet. You can however use
Page 11
a netsh command to do the same thing.
© 2015 gtslearning
Lab 3 / ARP and Packet
Analysis 12) At the command prompt, run the following command (ignore the line
The server cannot be break):
found.
netsh interface ipv4 add neighbors Ethernet 10.1.0.1
GATEWAY is aa-bb-cc-dd-ee-ff
convinced it knows the
MAC address of 13) Open Explorer and enter \\SERVER\admin$ in the address bar. What
10.1.0.1 and cannot happens?
figure out why it is not
getting a response.
Note that GATEWAY ____________________________________________________________
is still receiving ARP
packets from 10.1.0.1, 14) Try \\10.1.0.1\admin$ in the address bar - does this work?
Ev
which is SERVER
wondering why ____________________________________________________________
GATEWAY has
"disappeared". 15) What do you notice about the captured frames?
al
Using the IP address
rather than the ____________________________________________________________
machine name has no
effect because ARP is 16) View the ARP cache again. What do you notice about the entry?
ua
a more fundamental
type of addressing ____________________________________________________________
than either.
17) Enter the command netsh interface ip delete arpcache then try
to connect to \\SERVER\admin$ again. Observe the packet capture as
tio
The entry type is
"Static". you do so. What happens and why?
____________________________________________________________
n
ARP fires up again
because the cache
table has been cleared Exercise 4: Closing the Lab
of the incorrect static
At the end of this lab, we will discard any changes that might have been made
U
mapping and normal to
and fro to either VM.
communications are
restored.
se
1) On each VM's console window, click the Revert button in the toolbar.
Page 12
© 2015 gtslearning