CISSP
Network Review
� Basic Concepts– IP Addresses (IP
V4)
IP Addresses
IP version 4
32 bit longs made up of 4 -8 bit numbers( Called OCTETS) between
0 and 255
[Link] Your workstation
[Link] Broadcast
IP addresses are assigned by classes.
Class A IP address is one that begins with 0.__.__.__ up to
126.__.__.__ These can have approximately 16 million hosts.
Class B Are from 128.0.__.__ to 191.255.__.__ and can have 65,000
hosts
Class C are from 192.0.0._ to 223.255.255._ and can have 127
hosts
Class D are from 224-247 These are reserved for multicasting.
Class E 248-255 Reserved for experimental use.
More Details
[Link]
[Link]
� Basic Concepts – MAC Address
• 6 byte (48 bit) hexadecimal number uniquely identifies NIC
• 1st 3 bytes identify the vendor
• Not routable
• NICs use a MAC address to filter irrelevant packets
• When a packet is received, the NIC verifies that the
destination MAC address matches the MAC address of the
network card or is a broadcast MAC address
• This process offloads analyzing packets from IP to NIC thus
Reduces CPU utilization on the computer
� Basic Concepts What is a packet?
On the Internet, the network breaks an e-mail
message into parts of a certain size in bytes. These are
the packets. Each packet carries the information that
will help it get to its destination -- the sender's IP
address, the intended receiver's IP address, something
that tells the network how many packets this e-mail
message has been broken into and the number of this
particular packet. The packets carry the data in the
protocols that the Internet uses: Transmission Control
Protocol/Internet Protocol (TCP/IP). Each packet
contains part of the body of your message. A typical
packet contains perhaps 1,000 or 1,500 bytes.
�Packet Structure -TCP Headers
�Packet Structure - IP Headers
�Packet Structure - Ethernet Header
� Basic Concepts - Network
Hardware
Network Interface Card: - A Network Interface Card, often abbreviated as NIC, is an expansion
board you insert into a computer so the computer can be connected to a network. A NIC handles
many things
Signal encoding and decoding
Data buffering and transmission
Media Access Control
Data Encapsulation: building the frame around the data.
Hub: - A hub is used to connect computers on an Ethernet network.
An active hub behaves like a repeater.
A switching hub is another word for a switch.
An intelligent hub supports protocols such as SNMP and allows admin functions.
Repeater: - Boosts signals in order to allow a signal to travel farther and prevent attenuation.
Attenuation is the degradation of a signal as it travels farther from its origination. Repeaters do not
filter packets and will forward broadcasts. Both segments must use the same access method,
which means that you can't connect a token ring segment to an Ethernet segment. Repeaters can
connect different cable types. Repeaters work at the physical layer of the OSI model.
Amplifier Repeaters amplify all incoming signal
Signal – regenerating repeaters (also called an intelligent repeater) reads the signal and creates an exact
duplicate.
� Basic Concepts - Network
Hardware (cont.)
Switch - A switch prevents traffic jams by ensuring that data
goes straight from its origin to its proper destination, with no
wandering in between. Switches remember the address of
every node on the network, and anticipate where data needs
to go. It only operates with the computers on the same LAN.
It cannot send data out to the internet, or across a WAN.
These functions require a router.
Note: Layer Three switches used to be called brouters, but
this term is seldom used anymore
Switches can significantly reduce network traffic.
� Basic Concepts – Hardware/
Gateway
• Gateway - Often used as a connection to a
mainframe or the internet. Gateways enable
communications between different protocols,
data types and environments. This is achieved
via protocol conversion, whereby the gateway
strips the protocol stack off of the packet and
adds the appropriate stack for the other side.
� Basic Concepts –
Hardware/Routers
Router - A router is similar to a switch, but it can also connect different logical
networks or subnets and enable traffic that is destined for the networks on
the other side of the router to pass through. Routers can connect networks
that use dissimilar protocols. Routers also typically provide improved
security functions over a switch. Unroutable protocols can't be forwarded.
Routers work at the network layer of the OSI model.
• Static
– Mostly replaced by dynamic
– Manual configuration
– Manual updates
– Can’t compensate for changing environments
• Dynamic
– Use an Interior Gateway Protocol (IGP) to communicate with each other
• Default gateways
� Basic Concepts –
Hardware/Bridges
Bridge – Divides a network in order to reduce traffic problems. A bridge can also connect unlike network segments (ie. token
ring and ethernet). Bridges create routing tables based on the source address. If the bridge can't find the source address it
will forward the packets to all segments. Bridging methods:
◦ Transparent – connects networks of the same type also called learning
◦ Source-Route – used with token rings
◦ Translational – connects different types of networks also called heterogeneous
◦ Encapsulating
• Packages frames of one format into the format of another
• Faster than translation
[Link]
Bridges and switches work at the Data Link layer of the OSI model, making them "Layer Two" devices. Both read MAC addresses
to create a MAC address table, which allows the switches to help send frames to their proper destination. You see very few
bridges in today's networks, especially with the advent of Layer Three switches.
• Two common bridge routing algorithms
– Spanning tree - Where two bridges are used to interconnect the same two computer network segments, spanning tree
is a protocol that allows the bridges to exchange information so that only one of them will handle a given message that
is being sent between two computers within the network.
– Source routing -allows a sender of a packet to partially or completely specify the route the packet takes through the
network. In contrast, in non-source routing protocols, routers in the network determine the path based on the packet's
destination.
• More depth on routing algorithms [Link]
.
Bridges work at the Data Link Layer of the OSI model
� Network Utilities
•IPConfig
•Ping
•Tracert
•Netstat
•Nslookup
•Arp ping (NOT a default utility)
• Arp
• Route –displays and modifies entries in local IP table
[Link]
• Nbtstat –trouble shooting Netbios names)
DIG (Domain Information Groper) UNIX only
Mtr –combines ping and tracert
netsh
net
� OSI Model
Application Layer: This layer interfaces directly to and performs
common application services for the application processes.
Presentation Layer: The Presentation layer relieves the
Application layer of concern regarding syntactical differences in data
representation within the end-user systems.-POP, SMTP, DNS, FTP,
Telnet
Session Layer: The Session layer provides the mechanism for
managing the dialogue between end-user application processes.-
NetBIOS
Transport Layer: This layer provides end to end communication
control.-TCP
Network Layer: This layer routes the information in the network.-IP,
ARP, ICMP
Data Link-This layer describes the logical organization of data bits
transmitted on a particular medium. It is also divided into two sub
layers: the Media Access Control layer (MAC) and the Logical Link
Control layer (LLC).-SLIP, PPP
Physical
This layer describes the physical properties of the various
communications media, as well as the electrical properties and
� IP Addresses and Subnet Masks
• The subnet mask is a 32 bit number that is
assigned to each host to divide the 32 bit binary
IP address into network and node portions.
• The first number of a subnet mask must be 255
the remaining 3 numbers can be 255, 254,
252,248, 240, 224.
• To apply a subnet mask you convert both IP and
subnet to binary and Binary AND The two.
� IP Subnetting Continued
• Each device that connects to the network must
have a unique IP address.
• Each subnet must have its own unique network
ID
• All devices on a given subnet must have the same
subnet mask.
• RFC 1918 defines the non-routable private IP
address ranges:
– [Link] to [Link]
– [Link] to [Link]
– [Link] to [Link]
� CIDR
• Classless Inter-Domain Routing (CIDR)
• Implemented in 1993
• Alleviates problem of too few addresses
• Allows you to use variable-length subnet
masking (VLSM) to create addresses beyond
IPv4 classes
• Group addresses together in CIDR blocks
� CIDR address
• Written in the standard 4-part dotted decimal
• Followed by /N
– N is a number from 0 to 32
– N is the prefix length
• Prefix is the number of bits (starting at the left
of the address) that make up the shared initial
bits
� APIPA
• Private IP Addressing (APIPA)
• [Link] network
• Windows OSes, Windows Server 2000 forward, autogenerate APIPA
addresses
• Client systems that are configured for automatic IP address
assignment / dynamic IP assignment will attempt to use DHCP to
make a request for an IP address lease for a given network. When
the DHCP server is unavailable the service on the client will
automatically configure the system with an APIPA IP address in the
[Link] through [Link] address range with a subnet
mask of [Link].
� IPv6
• Internet Protocol version 6 (IPv6)
• Uses 128-bit addresses
• Provides 2128 addresses
• Eight 4 character hexadecimal fields
• Write as eight groups of four numbers in hexadecimal
notation separated by colons
– Replace group of all zeros by two colons
– Only one :: can be used per address
– Can drop leading zeros in a field
– All fields require at least one number, except for the :: notation
� IPv6 - Continued
IP V 6 utilizes a 128 bit address (instead of 32)
and utilizes a hex numbering method in order
to avoid long addresses such as
[Link].[Link].[Link].122.111.
201.5. The hex address format will appear in
the form of 3FFE:B00:800:2::C for example.
� IPv6 - Continued
• Network portion indicated by a slash followed by the
number of bits in the address that are assigned to
the network portion
– /48
– /64
• Loopback address is a localhost address
• IPv6 loopback address can be written as ::/128
• fe80::/10 is equivalent to the IPv4 [Link]
� IPv6 - Continued
• Link/Machine-local
– IPv6 version of IPv4’s APIPA
– Self-assigned using Neighbor Discovery process
– Starts with fe80::
• Site/Network-local
– IPv6 version of IPv4 private address
– Begins with FE
– C to F for the third hex digit—FEC, FED, FEE, or FEF
� IPv6 - Continued
• Network devices autoconfigure when
connected to a routed IPv6 network
• Process
1. Performs stateless address autoconfiguration
2. Sends link-local multicast router solicitation
request for configuration parameters
3. Router responds with a router advertisement
packet containing network configuration
parameters flags
� IPv6 – Continued – Router Flags
• Managed Address Configuration Flag (M flag)
– When set to 1, device should use DHCPv6 to
obtain a stateful IPv6 address
• Other Stateful Configuration Flag
(O flag)
– When set to 1, device should use DHCPv6 to
obtain other TCP/IP configuration settings
� IPv6 – Continued – Router Flags
• M flag is 0 and O flag is 1
– Device should use its stateless autoconfiguration IPv6
address
– Device should retrieve other configuration parameters
from the DHCPv6 server
– DHCPv6 stateless addressing
• M flag 1 and O flag is 0
– Device should obtain an IPv6 address from a DHCPv6 server
– Doesn’t obtain other TCP/IP configuration parameters
– Combination is rarely used
� Videos
• Intro to IP V 6
[Link]
2DI0
� Security Protocols
• 22 SSH
• 23 Telnet
• 88 Kerberos Authentication
• 137,138,139 NETBIOS
• 161 and 162 are SNMP
• 223 Certificate Distribution Center
• 443 HTTP –HTTP over SSL/TLS
• 464 Kerberos Change/Set Password
• 465 SMTP secure
• 500 ISKAMP IKE (Internet Key Exchange)
• 543 Kerberos login
• 544 Kerberos remote shell
• 636 ldap protocol over TLS/SSL
• 749 Kerberos admin
� Ports to Know
20 & 21- FTP (File Transfer Protocol) For transferring files between computers. Port 20
is for data 21 for control
22 – SSH & secure FTP
23-Telnet Used to remotely log on to a system. You can then use a command prompt
or shell to execute commands on that system. Popular with network administrators.
25 SMTP (Simple Mail Transfer Protocol) Send email.
43-WhoIS A command that queries a target IP address for information.
53- DNS (Domain Name Service) Translates URL’s into Web Addresses
69 - TFTP
80-HTTP (Hyper Text Transfer Protocol) Display web pages
88- Kerberos Authentication
109- POP 2
110-POP3 (Post Office Protocol Version 3)Retrieve email.
137-138, 139 NetBIOS
161 – SNMP (and 162)
179 - BGP
194-IRC (Internet Relay Chat)Chat Rooms
220 – IMAP
389 LDAP
443 – HTTPS
445 – Active Directory, SMB
464 – Kerberos change password
465- SMTP over SSL
636 – LDAPS (SSL or TLS)
ICMP (Internet Control Message Protocol)These are simply packets that contain error
message, informational messages, and control messages no specific port