Basic Networking Trendmicro

Basic Networking
Trend Micro
Basic Networking
Course
Student Textbook
Information in this document is subject to change without notice, The names of companies, products, people,
characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual,
company, product, or event, unless otherwise noted. Complying with all applicable copyright laws is the
responsibility of the user.
Copyright 2005 Trend Micro Incorporated. All rights reserved.

No part of this publication may be reproduced, photocopied, stored in a retrieval system, or transmitted without the
express prior written consent of Trend Micro Incorporated.
All other brand and product names are trademarks or registered trademarks of their respective companies or
organizations.
Program Manager: Remo Mattei
Editorial: Tom Brandon, Remo Mattei
Writer: Germelyn (Peaches) Pira
Released: June 30, 2005
Basic Networking
Table of Contents
Basic Networking................................................................................................ 5
Course Goal.................................................................................................................. 5
Course Objectives......................................................................................................... 5
Chapter 1: Basic Network Concepts ............................................................... 10

Introduction ................................................................................................................. 21
The Advantages (Benefits) of Networking .................................................................. 21
The Disadvantages (Costs) of Networking ................................................................. 23
Basic Network Components........................................................................................ 24
Types of Network Categories...................................................................................... 28
Network Architecture................................................................................................... 33
Network Topology ....................................................................................................... 35
Chapter 2: Basic Network Topologies ............................................................ 39

Introduction ................................................................................................................. 51
Understanding Physical and Logical Topology ........................................................... 51
Basic Network Topologies .......................................................................................... 52
Types of Networks - LANs, WANs, and Others .......................................................... 59
Chapter 3: Basic Network Cabling .................................................................. 63

Introduction ................................................................................................................. 74
Twisted-Pair Cable...................................................................................................... 74
UTP Cable Grades...................................................................................................... 77
Fiber Optic Cable ........................................................................................................ 79
Understanding Attenuation and Crosstalk .................................................................. 82
A General Guide on Cable Installation........................................................................ 87
Chapter 4: LAN Architecture............................................................................ 90

Introduction ............................................................................................................... 102
LAN Media Access Methods..................................................................................... 102
LAN Transmission Methods...................................................................................... 104
LAN Devices ............................................................................................................. 106
Ethernet Network ...................................................................................................... 107
Chapter 5: Network Connectivity Devices .................................................... 115

Introduction ............................................................................................................... 132
Connection Devices in Networking ........................................................................... 132
Hubs.......................................................................................................................... 133
Repeaters ................................................................................................................. 134
Bridges...................................................................................................................... 134
Switches.................................................................................................................... 135
Routers ..................................................................................................................... 136
Brouters .................................................................................................................... 139
Gateways .................................................................................................................. 140
Overview of Wide Area Network (WAN) ................................................................... 146
Chapter 6: The OSI Model .............................................................................. 151

Introduction ............................................................................................................... 156
The OSI Networking Model....................................................................................... 156
Communication Protocols ......................................................................................... 158
The Application Layer ............................................................................................... 159

The Presentation Layer............................................................................................. 161
The Session Layer .................................................................................................... 163
The Transport Layer ................................................................................................. 164
The Network Layer.................................................................................................... 165
The Data Link Layer.................................................................................................. 167
The Physical Layer ................................................................................................... 169
Chapter 7: TCP/IP Protocol Suite .................................................................. 175

Introduction ............................................................................................................... 196
The Characteristics of the TCP/IP Protocol Suite ..................................................... 197
Resolving MAC Address in TCP/IP Protocol ............................................................ 198
Components of the TCP/IP Protocol Suite................................................................ 199
The Internet Protocol (IP).......................................................................................... 200
Transmission Control Protocol (TCP) ....................................................................... 207
User Datagram Protocol (UDP) ................................................................................ 208
Function of Dynamic Host Configuration Protocol (DHCP)....................................... 209
Implementing NetBIOS Name Resolution................................................................. 211
Function of Windows Internet Name Service (WINS) ............................................... 215
Function of Domain Name System (DNS) ................................................................ 216
WINS and DNS Integration in Name Resolution....................................................... 220
TCP/IP Utilities and Services .................................................................................... 220
The TCP/IP Request for Comments (RFCs)............................................................. 223
Chapter 8: Network Troubleshooting and Monitoring ................................. 228

Introduction ............................................................................................................... 235
Network Connectivity Problems ................................................................................ 235
Network Troubleshooting Framework ....................................................................... 236
Network Troubleshooting Strategy............................................................................ 237
Commonly Used Troubleshooting Tools................................................................... 242
Effective Network Management ................................................................................ 248
Recommendation for Effective Network Troubleshooting ......................................... 249
Prevention Tips ......................................................................................................... 258
Tips for Solving Problems ......................................................................................... 260
Appendix A: Answers to Review Questions................................................. 262

Endnotes ......................................................................................................... 269
Basic Networking
Basic Networking
Course Goal
Upon completion of this course, students will be able to
Understand the fundamentals of networking
Define the different components that comprise a simple network
Know how to perform basic troubleshooting on a network
Course Objectives
After taking this course, you should be able to
Define what is networking and how does it work
Discuss the components in a network and their functions
Learn how to monitor and perform basic troubleshooting steps on a network
Knowledge
Understand the fundamentals of a basic network
Discuss the components of networking
Setup a simple network
Perform basic network troubleshooting
Skills
How to Use This Material

This course is designed to teach the basic concepts of networking. To help you understand
how a network works, this course is based on a learning model comprised of the following:
Chapters
Each chapter focuses on different components of a network. Each chapter discusses
important concepts and terms used for networking it outlines.
2005 Trend Micro Incorporated
Trend Micro Basic Networking Student Textbook
Chapter Objectives
Every chapter starts with a list of objectives so that you can see how the chapter fits into
your overall course goal. After reading the chapter, you should be able to fulfill the chapter
objectives.
Introduction
Each chapter has a short introduction that follows the chapter objectives. The introduction
provides information that will act as a foundation for the rest of the chapter. Sometimes the
introduction will contain new information, and sometimes the introduction will be a brief
review of a concept you might have learned in a previous chapter.
Summary
Every chapter ends with a summary, outlining the important information explained in the
chapter.
Basic Networking
Basic Networking
Notes
Course Goals
Understand the fundamentals of networking
Define the different components that comprise a
simple network
Know how to perform basic troubleshooting on
a network
Copyright 2005 - Trend Micro Inc.
Notes
Basic Networking
Course Objectives Knowledge - Skills

Objectives
Define what is networking and how does it work
Discuss the components in a network and their
functions
Learn how to monitor and perform basic
troubleshooting steps on a network
Knowledge
Understand the fundamentals of a basic network
Discuss the components of networking
Skills
Setup a simple network
Perform basic network monitoring and troubleshooting
Notes
Chapter 1: Basic Network Concepts

Chapter Objectives
After completing this chapter, you should be able to
10
Understand basic networking concepts
Identify the advantages and disadvantages of networking
Describe the advantages of a peer-to-peer network.
Describe the advantages of a server-based network.
Define network architecture
Define network topology
Identify the basic networking components
The Advantages (Benefits) of Networking

The Disadvantages (Costs) of Networking
Basic Network Components
Types of Network Categories
Network Architecture
Network Topology
Notes
11
Chapter 1 - Objectives
Understand the basic networking concepts
Describe the advantages of a peer-to-peer
network.
Describe the advantages of a server-based
network.
Define network architecture
Define network topology
Identify the basic networking components
Identify the advantages and disadvantages of
networking
Notes
12
Basic Networking Components

Servers
Basic Networking
Dedicated
Back-up
Clients
Network Cables
Network Interface Card
(NIC)
Media Access Control
(MAC)
Connectivity Devices
Network Operating
System
Notes
13

P2P Networking
Can act both as client and server, also known as peers
Also called workgroup
Advantages:
Computers are located
at users' desks
Users act as their own
administrators and plan
their own security
Computers in the
network are connected
by a simple, easily
visible cabling system
Notes
14

Server-Based Networking
Dedicated servers for file and print servers, application
servers, mail servers, fax servers, communication servers,
and even directory services servers.
Advantages:
Provides access to
many files and printers
One administrator who
oversee network
security
Regular / set scheduled
data backups
Supports many users
Notes
15
Provides framework and technology
foundation for designing, building and
managing a communication network
defines the structure of the network, including
hardware, software and layout
Notes
16
Open System Interconnection (OSI) Model
10
Notes
17
IEEE 802 Standards
IEEE 802.1 Higher layer LAN protocols
IEEE 802.2 Logical link control
IEEE 802.3 Ethernet
IEEE 802.5 Token Ring
IEEE 802.11 Wireless LAN
IEEE 802.12 demand priority
IEEE 802.15 Wireless PAN
IEEE 802.16 Broadband wireless access
IEEE 802.17 Resilient packet ring
IEEE 802.18 Radio Regulatory TAG
IEEE 802.19 Coexistence TAG
IEEE 802.20 Mobile Broadband Wireless Access
IEEE 802.21 Media Independent Handoff
IEEE 802.22 Wireless Regional Area Network

11
Notes
18
Network Topology
Its the layout of a network, can be physical or logical.
Bus Topology, Ring Topology and Star Topology
The choice of network topology will be
influenced by some considerations
including:
Centralization
Cost
Maintenance and troubleshooting
Scalability
Security
Speed
Stability
Distances
Single point of failure
12
Notes
19
Advantages & Disadvantages of Networking

Benefits
Connectivity and
Communication
Data Sharing
Hardware Sharing
Internet Access
Internet Access Sharing
Cost
Data Security and Management Network Hardware,
Software and Setup Costs
Performance Enhancement and
Balancing
Undesirable Sharing
Entertainment
Illegal or Undesirable
Behavior
Data Security Concerns
13
Notes
20
Introduction
Networks can be described as devices that are connected together using a network interface
card and network operating system, to allow them to exchange information. Many people
find networking difficult to learn because it can be a very complicated subject. One of the
main reasons why it seems complex is that networks consist of a number of hardware
devices and software elements, each with its own function dependent on one or the other.
While a network user may only perceive that he or she is using one computer application
(like a Web browser) and one piece of hardware (cable connector), these are only parts of a
much larger puzzle. In order for even the simplest task to be accomplished on a network,
dozens of different components must cooperate, passing control information and data to
accomplish the overall goal of network communication.
The best way to understand any complex system is to break it down into pieces and then
analyze what they do and how they interact. The most logical approach to do this is to
divide the overall set of functions into modular components, each of which is responsible
for a particular function. We also need to identify the interface that connects these
components and describe how they fit together. By simplifying the approach, we can begin
to eliminate the complexity of understanding networking.
A network has two main characteristics:
Interconnectivity
Interconnectivity describes anything that is tied together through many intersection

points (such as a grid). Computer networks work like a freeway system where roads
intersect, but instead of relying on a patchwork of roads, computer networks depend
upon a patchwork of wires.
The capability to facilitate communication
In networks, machines 'talk' to one another by packaging data into small units and by
sending these units across the network. Network communications use protocols. A
protocol is a set of rules that govern communications. Protocols detail what language
the computers are speaking when they talk over a network. If two computers are going
to communicate, they both must use the same protocol.
The first chapter provides a quick overview of basic networking concepts and its
components. It is also targeted to familiarize the students on general network terms and
their usages.
The Advantages (Benefits) of Networking

The phrase, The whole is greater than the sum of its parts, effectively describes
networking and explains why it has become so popular. A network is not just a number of
computers with wires or cables running between them. Properly implemented, a network is
a system that provides it users with unique capabilities, above and beyond what the
individual machines and their software applications can provide.
21
Most of the benefits of networking can be divided into two generic categories: connectivity
and sharing. Networks allow computers, and hence their users, to be connected together.
They also allow for the easy sharing of information and resources, and cooperation between
the devices in other ways. Since modern business depends so much on the intelligent flow
and management of information, suffice to say that networking is indeed, so valuable.
In no particular order, here are some of the specific advantages generally associated with
networking:
Connectivity and Communication: Networks connect computers and the users of
those computers. Individuals within a building or work group can be connected into
local area networks (LANs); LANs in distant locations can be interconnected into larger
wide area networks (WANs). Once connected, it is possible for network users to
communicate with each other using technologies like e-mail or instant messaging. This
makes the transmission of business (or non-business) information easier, faster, more
efficient and less expensive than it would be without the network.
Data Sharing: One of the most important uses of networking is to allow the sharing of
data. Before networking became a norm in the business world, an accounting employee
who wanted to prepare a report for her manager would have to produce it on her PC, put
it on a floppy disk, and then walk it over to the manager, who would transfer the data to
her PC's hard disk. (This sort of shoe-based network had been sometimes
sarcastically referred to as sneakernet.)
Networking allows thousands of employees to share data much more easily and quickly
than this. More so, it makes possible applications that rely on the ability of many people
to access and share the same data, such as databases, group software development, and
much more. Intranets and extranets can be used to distribute corporate information
between sites and to business partners. The term intranet refers to an internal network
that uses TCP/IP technologies like the Internet does.
The term Internet refers to the global internetwork of Transmission Control
Protocol / Internet Protocol (TCP/IP) networks we all know and use.
Hardware Sharing: Networks facilitate the sharing of hardware devices. For example,
instead of giving each of 10 employees in a department an expensive color printer (or
resorting to the sneakernet again), one printer can be placed on the network for
everyone to share.
Internet Access: The Internet is in itself, an enormous network, so whenever you
access the Internet, you are using a network. The significance of the Internet on modern
society is hard to exaggerate, especially for those of us in technical fields.
Internet Access Sharing: Small computer networks allow multiple users to share a
single Internet connection. Special hardware devices allow the bandwidth of the
connection to be easily allocated to various individuals as they need it, and permit an
organization to purchase one high-speed connection instead of many slower ones.
Data Security and Management: In a business environment, a network allows the
administrators to more effectively manage the company's critical data. Instead of having
this data spread over dozens or even hundreds of small computers in a haphazard
fashion as some of their users usually create it, data can be centralized on shared
22
servers. This makes it easy for everyone to find the data, makes it possible for the
administrators to ensure that the data is regularly backed up, and also allows for the
implementation of security measures to control who can read or change various pieces
of critical information.
Performance Enhancement and Balancing: Under some circumstances, a network
can be used to enhance the overall performance of some applications by distributing the
computation tasks to various computers on the network.
Entertainment: Networks facilitate many types of games and entertainment. The
Internet offers many sources of entertainment, of course. In addition, many multi-player
games exist that operate over a local area network. Many home networks are set up for
this reason, and gaming across wide area networks (including the Internet) has also
become quite popular. Of course, if you are running a business and have easily-amused
employees, you might insist that this is really a disadvantage of networking and not an
advantage!
The Disadvantages (Costs) of Networking

Networking has a few drawbacks that balance against its many positive aspects. Setting up a
network has costs in hardware, software, maintenance and administration. It is also
necessary to manage a network to keep it running smoothly, and to address possible misuse
or abuse. Data security also becomes a much bigger concern when computers are connected
together.
Network Hardware, Software and Setup Costs: Setting up a network requires an
investment in hardware and software, as well as funds for planning, designing and
implementing the network. For a home with a small network of two or three PCs, this is
relatively inexpensive, possibly amounting to less than a hundred dollars with today's
low prices for network hardware, and operating systems already designed for networks.
For a large company, your cost can easily run into tens of thousands of dollarsor
more.
Hardware and Software Management and Administration Costs: All
implementations, ongoing maintenance and management of the network require the
care and attention of an IT professional. In a smaller organization that already has a
system administrator, a network may fall within this person's job responsibilities, but it
will take time away from other tasks. In more substantial organizations, you need to
hire a network administrator, and in large companies, you may need an entire
department.
Undesirable Sharing: While networking allows user to share useful information easily,
it also allows the sharing of undesirable data (whether done unconsciously or not). One
significant consequence to this has to do with spreading Malware, which easily spread
over networks and the Internet. Mitigating these effects costs more time, money and
administrative effort.
Illegal or Undesirable Behavior: Similarly, networking facilitates useful connectivity
and ease of communication, but it also brings difficulties along with it. Typical
problems include abuse of company resources, distractions that reduce productivity,
downloading of illegal or illicit materials, and even software piracy. In larger
23
organizations, these issues must be managed through explicit policies and monitoring,
which again, further increases management costs.
Data Security Concerns: If a network is implemented properly, it is possible to greatly
improve the security of important data. In contrast, a poorly-secured network puts
critical data at risk, exposing it to the potential problems associated with hackers,
unauthorized access and even sabotage.
Basic Network Components

The basic network components are the physical hardware to be used such as computers,
connectivity devices that connect the hardware, the communication media used to transfer
the data and the software that will support the applications on the computers.
Networking hardware includes all computers, peripherals, interface cards and other
equipment needed to perform data-processing and communications within the network.
Figure 1-1 Common network elements
When a company buys office supplies such as papers, ribbons, toner, or other consumables
for only one, two, or maybe three printers for the entire office, the costs are dramatically
lower than the costs for supplying printers at every workstation. Networks also allow more
space to store files. Client computers are not always able to handle the overhead involved in
storing large files like a database, for example, because they are already heavily involved in
the day-to-day work activities of the users. Because servers in a network can be dedicated
to only certain functions, a server can be allocated to store all the larger files that users
access everyday, freeing up disk space on the clients. Similarly, users can access an
applications that allow multiple users to use it in a single installation (this is called a site
license). If the server is capable of handling the overhead required by an application, then it
can reside on the server and be used by workstations through a network connection.
24
Servers
A server may come in many shapes and sizes. It is a machine that provides a service.
Servers are a core component of the network, providing a link to the services or resources
necessary to perform any task. The link it provides could be to a resource existing on the
server itself or a resource on a client computer. The server is the leader of the pack
offering distinctions to the client computers regarding where to go to get what they need.
Servers offer networks to the capability of centralizing the control of resources and can thus
reduce administrative difficulties. They can be used to distribute processes for balancing
the load on the computers and can thus reduce administrative difficulties. They can also
offer departmentalizing of files for improved readability. That way, if one server goes
down, then not all of the files are lost.
Servers perform several tasks. For example, servers that provide files to the user on the
network are called file servers. Likewise, servers that host printing services for users are
called print servers. There are other tasks as well, such as remote access services (also
known as RAS), administration, mail and so on. Servers can be multi-purpose or singlepurpose. If they are multi-purpose, they can be, for example, both a file server and a print
server at the same time. If the server is a single-purpose server, it is a file server only or
print server only.
In Windows NT-based systems, Remote Access Service or RAS is a built-in feature
that enables users to log into an NT-based LAN using a modem, X.25 connection or
WAN link. It works with several major network protocols, including TCP/IP, IPX, and
Netbeui.
A server is dedicated for network services. When a server encounters a system downtime, a
backup server is necessary to keep the services running.
These are the two types of servers in a network:
Dedicated Servers. These are assigned to provide specific applications or services

for the network, and nothing else. Since a dedicated server specializes in only a
few tasks, it requires fewer resources from the computer that is hosting it.
Backup Servers. These are assigned to provide one or more network services or
local access such as the DHCP (Dynamic Host Configuration Protocol) or DNS
(Domain Name System) server. A backup server is expected to be slightly more
flexible in its day-to-day use than a dedicated server. It can be used not only to
direct network traffic and perform administrative actions, but often to serve as front
end for the administrator to work with other applications or services. The backup
server can act as a workstation as well as a server.
Clients
In network terms, workstations are also known as clients. These are the computers that the
users on a network use to perform their tasks such as word processing, database design,
graphic design, email, and other office or personal tasks.
To make a workstation into a client computer, you must install a network interface card
(NIC), a special expansion card that allows the PC to talk on a network. You must connect
25
it to a cabling system that connects to another computer to talk to the servers. Once all this
has been accomplished, the computer will be on the network.
Workstations can range from a diskless computer system, a remote computer that has no
hard drive, floppy, CD-ROM or permanent storage media of any sort, to a desktop system.
As clients, they are allowed to communicate with the servers in the network in order to use
the networks resources.
To the client, the server may be just another drive letter. However, because it is a network
environment, the client is able to use the server as a doorway to more storage or more
applications, or though which it may communicate with other computers or other networks.
To a user, being on a network changes a few things:
Store more information and data on other computers on the network.
Share and receive information from other users, or even collaborate on the same
document.
Use programs that would be too large for their computer to use by itself because of
the memory it requires to run it.
Network Cables
When the data is passed from one computer to another, it must find its way into the medium
that is used to physically transfer data from computer to computer. In traditional networks,
this medium is cable. In todays networks, Wireless technology allows data to be passed
through the air. The cable you choose, however, must support both the network architecture
and topology.
Cable is the medium through which information usually moves from one network device to
another. There are several types of cable which are commonly used with networks. In some
cases, a network will utilize only one type of cable, other networks will use a variety of
cable types. The type of cable chosen for a network is related to the network's topology
(layout), protocol, and size.
When choosing network cable, some of the factors such as characteristic impedance, noise,
cost, expandability, location of your computers and speed.
The Media Access Methods, also known as cable access methods, define how you put the
data on the cable. These define a set of rules for how computers put data on and retrieve it
from a network cable.
To know more about media access methods, specifically in a
local area network, go to Chapter 4, LAN Architecture.
Media Access Control (MAC)

The Media Access Control (MAC) is used to identify each component in your network.
You will find this MAC number on any adapter card, switcher, Wireless Access Point,
or modem - any addressable component of any network. This is a twelve-digit number
in which each digit is hexadecimal; that is, the digit can be any value form 0 to F. For
example, Dell Ethernet card made by 3Com has a MAC address 0050045B3CB1. The
first half of this address represents the manufacturer, and the second half is a unit from
26
that manufacturer. The numbers are never duplicated. This system permits a given
manufacturer to make 16 million devices with unique numbers.
The MAC address is often called the physical address of your system. It is
actually burned into the device. You can override it with software; but this is not
advisable because doing so can cause problems on the network if you duplicate
an existing MAC.
Each time you log onto the Internet, your IP may have changed but your physical
address doesn't unless you change your hardware. This physical address is broadcast
into the Internet. Your host can track that. If someone manages to come into your
wireless network at 2 a.m. and do a little spamming off your IP; their MAC address gets
sent into the host for tracking where the spam came from.
Network Interface Cards

The network interface card (NIC), also known a network adapter, provides the physical
interface between computer and cabling. This comes in different shapes and sizes. It
prepares data, sends data, and controls the flow of data. It can also receive and translate
data into bytes for the CPU (central processing unit) to understand. It communicates at the
Physical layer of the OSI model.
Here are the following functions of NIC:
Receives the data packet from the Network Layer
Attaches source address (MAC) to the data packet
Attaches source address (MAC) of the destination device to the data packet
Converts data in to packets suitable for the particular network (Ethernet, Token
Ring, FDDI)
Converts packets in to electrical, light or radio signals
Provides the physical connection to the media
Connectivity Devices
Network connectivity devices such as hubs, or repeaters, are simple devices that
interconnect groups of users. For instance, hubs forward any data packets including e-mail,
word-processing documents, spreadsheets, graphics, print requests that they receive over
one port from one workstation to all their remaining ports. All users connected to a single
hub or stack of connected hubs are in the same "segment," sharing the hub bandwidth or
data-carrying capacity. As more users are added to a segment, they compete for a finite
amount of bandwidth devoted to that segment.
To know more about network connectivity devices, go to Chapter
5, Network Connectivity Devices.
27
Network Operating Systems

A Network Operating System (NOS) controls the interaction between all the machines on
the network. The network operating system is responsible for controlling the way
information is sent over the network medium and handles the way data from one machine is
packaged and send to another. The NOS also has to handle what happens when two or more
machines try to send at the same time.
Local area networks that have a single server with many clients connected to it who
put the NOS on the server. The main part of the NOS sits on the server, while the
smaller client software packages are loaded onto each client.
With larger networks that don't use a single server, such as a network running
TCP/IP, the NOS may be part of each machine's software.
Network operating systems (NOS) typically are used to run computers that act as servers.
They provide the capabilities required for network operation. These are also designed for
client computers and provide functions so the distinction between network operating
systems and stand alone operating systems is not always obvious.
NOS ties together all of the computers and peripherals in the network
Coordinates the functions of all computers and peripherals such as file and print
sharing; allows backing up of data
Provides security for and access to data and peripherals in a network such as
account administration for users.
A network operating system includes versions of Windows NT, Windows XP, Windows
2000/2003 Server, Novell Netware, Linux, Unix and others.
In general, all networks have certain components, functions, and features in common:
Shared data - Files provided to clients by servers across the network.
Shared printers and other peripherals - Additional resources provided by servers.
Resources - Any service or device made available for use by members of the
network.
A Local Resource is any peripheral (optical drive, printer, scanner, modem, and so
on) that is attached to your machine. Since the machine doesn't have to go on the
network to get to the device, it is called a local device or a local resource.
A Remote Resource is any device that must be reached through the network. Any
devices attached to a server, are remote resources.

Network categories are peer-to-peer network and server-based network. The distinction
between these two types is important because each type has different capabilities. The type
of network you choose to implement will depend on factors such as the:
28
Size of the organization
Level of security required
Type of business
Level of administrative support available
Amount of network traffic
Needs of the network users
Network budget
Peer-to-peer (P2P) network

In a peer-to-peer network, various computers on the network can act both as clients (also
known as workstations; computers that request and use the service) and servers (the
computers providing the service. There are no dedicated servers, and there is no hierarchy
among the computers.
P2P networks are also called workgroups. The term "workgroup" implies a small group of
people. There are typically 10 or fewer computers in a peer-to-peer network. For instance,
many Microsoft Windows based computers will allow file and print sharing. These
computers can act both as a client and a server and are also referred to as peers. Nearly all
NOS installed in computers come with the ability to act as some kind of a server to share
resources. You can setup different computers to allow others to use its peripherals such as
printers or CDROM drives, allow others to read or write to its hard disk allowing sharing of
files, while other computers may allow access to its Internet connection.
P2P networks are relatively simple. Because each computer functions as a client and a
server, there is no need for a powerful central server or for the other components required
for a high-capacity network. P2P networks can be less expensive than server-based
networks since P2P networking is already built into many operating systems. In those cases,
no additional software is required to set it up. The networking software does not require the
same standard of performance and level of security as the networking software designed for
dedicated servers.
Dedicated servers function only as servers and not as clients or
workstations.
In typical networking environments, a P2P implementation offers the following advantages:
Computers are located at users' desks
Users act as their own administrators and plan their own security
Computers in the network are connected by a simple, easily visible cabling system
P2P networks are good choices for environments in the following instances:
Where there are 10 users or fewer
Where users share resources, such as files and printers, but no specialized servers
exist
29
Where network security is not an issue and the organization and the network will
experience only limited growth within the foreseeable future.
Although a peer-to-peer network might meet the needs of small organizations, it is not
appropriate for all environments.
The rest of this section describes some of the considerations a network planner needs to
address before choosing which type of network to implement including administration,
resource-sharing, server requirements, security and training.
Network administration includes the task of managing users and security, making
resources available, maintaining applications and data, and installing and upgrading
application and operating system software. In a typical peer-to-peer network, no
system manager oversees administration for the entire network. Instead, individual
users administer their own computers.
On resource-sharing, all users can share any of their resources in any manner they
choose. These resources include data in shared directories, printers, and so on.
On server requirements, each computer must use a large percentage of its resources
to support the user at the computer (known as the local user). Also, to use additional
resources such as hard-disk space and memory, to support the user's accessing
resources on the network, known as the remote user. While a server-based network
relieves the local user of these demands, it requires at least one powerful, dedicated
server to meet the demands of all the clients on the network.
Network security (that is, making computers and data stored on them safe from
harm or unauthorized access) consists of setting a password on a resource, such as a
directory, that is shared on the network. All P2P network users set their own
security, and shared resources can exist on any computer rather than on a
centralized server only; consequently, centralized control is very difficult to
maintain. This lack of control has a big impact on network security because some
users may not implement any security measures at all. If security is an issue, a
server-based network might be a better choice.
Lastly, because every computer in a peer-to-peer environment can act as both a
server and a client, users need training before they are able to function properly as
both users and administrators of their computers.
30
Figure 1-2 Illustration of a peer-to-peer network
Server-based networking
In an environment with more than 10 users, a peer-to-peer networkwith computers acting
as both servers and clientswill probably not be adequate. Therefore, most networks have
dedicated servers. A dedicated server is one that functions only as a server and is not used
as a client or workstation. Servers are described as "dedicated" because they are not
themselves clients, and because they are optimized to service requests from network clients
quickly and to ensure the security of files and directories. Server-based networks have
become the standard models for networking.
The number of connected computers and the physical distance and traffic between them
grows as networks increase in size. Because of this, more than one server is usually needed.
Spreading the networking tasks among several servers ensures that each task will be
performed as efficiently as possible.
Servers must perform varied and complex tasks. Servers for large networks have become
specialized to accommodate the expanding needs of users.
Examples of different types of servers included on many large networks are file and print
servers, application servers, mail servers, fax servers, communication servers, and even
directory services servers.
31
Figure 1-3 shows an example of a server-based networking using a star topology
File and print servers manage user access and use of file and printer resources. To give an
example, when you are running a word-processing application, the word-processing
application runs on your computer. The word-processing document stored on the file and
print server is loaded into your computer's memory so that you can edit or use it locally. In
other words, file and print servers are used for file and data storage.
Application servers make the server side of client/server applications, as well as the data,
available to clients. In fact, servers store vast amounts of data that is organized to make it
easy to retrieve. Thus, an application server differs from a file and print server. With a file
and print server, the data or file is downloaded to the computer making the request. With an
application server, the database stays on the server and only the results of a request are
downloaded to the computer making the request.
A client application running locally accesses the data on the application server, can be
another example. You might search the employee database for all employees who were
born in November. Instead of the entire database, and only the result of your query is
downloaded from the server onto your local computer.
Mail servers operate like application servers in that there are a separate server and client
applications, with data selectively downloaded from the server to the client. Fax servers
manage fax traffic into and out of the network by sharing one or more fax modem boards.
Communications servers handle data flow and e-mail messages between the servers' own
networks and other networks, mainframe computers, or remote users who dial in to the
servers over modems and telephone lines.
Directory services servers enable users to locate, store, and secure information on the
network. For example, some server software combines computers into logical groupings
(called domains) that allow any user on the network to be given access to any resource on
the network.
32
Planning for specialized servers becomes important with an expanded network. The planner
must take into account any anticipated network growth so that network use will not be
disrupted if the role of a specific server needs to be changed.
In order to plan an effective network, a planner must understand the role of software in a
server-based Environment.
A network server and its operating system work together as a unit. No matter how powerful
or advanced a server might be, it is useless without an operating system that can take
advantage of its physical resources. Advanced server operating systems, such as those from
Microsoft and Novell, are designed to take advantage of the most advanced server
hardware.
Although a server-based network it is more complex to install, configure, and manage, it
has many advantages over a simple peer-to-peer network including sharing of resources,
management of network security, redundancy systems and large user-support.
A server is designed to provide access to many files and printers while maintaining
performance and security for the user. Server-based data sharing can be centrally
administered and controlled. Because these shared resources are centrally located,
they are easier to find and support than resources on individual computers.
One administrator who sets the policy and applies it to every user on the network.
This is often the primary reason for choosing a server-based approach to
networking.
Backups can be scheduled several times a day or once a week depending on the
importance and value of the data. Server backups can be scheduled to occur
automatically, according to a predetermined schedule, even if the servers are
located on different parts of the network.
Through the use of backup methods known as redundancy systems, the data on any
server can be duplicated and kept online. Even if harm comes to the primary data
storage area, a backup copy of the data can be used to restore the data.
Another advantage is that, a server-based network can support a large number of

users. This type of network would be impossible to manage as a peer-to-peer
network, but current monitoring and network-management utilities make it possible
to operate a server-based network for large numbers of users.
A network architecture is a blueprint of the complete computer communication network,
which provides a framework and technology foundation for designing, building and
managing a communication network. It defines the structure of the network, including
hardware, software and layout. We differentiate architecture by the hardware and software
required to maintain optimum performance levels.
There are so many existing types of network architecture. The most basic of these is the
Local-Area Network (LANs). This is a network that connects computers together that are
relatively close to each othergenerally, within the same room or building. The vast
majority of regular LANs connect using cables, so the term LAN by itself usually implies
33
a wired LAN, but not always. There are many different types of LANs Ethernets being the
most common for PCs.
A proprietary network architectures used in the networking industry is the OSI (Open
Systems Interconnection) model defined by the International Organization for
Standardization.
The OSI Model was designed to promote interoperability by creating guideline for network
data transmission between computers that have different hardware vendors, software,
operating systems, and protocols. A protocol suite is most easily defined as a set of rules
used to determine how computers communicate with each other. The OSI model is used to
describe what tasks a protocol suite performs as you explore how data moves across a
network. Although not all protocols map directly according to what the model provides,
there are enough similarities that can be used to examine how these protocols function.
The OSI model consists of seven layers. Each layer performs a special function and then
passes on the result to another layer. When a sending node is transmitting a data, it formats
a network request and then passes the request to the network protocol at the top layer, the
Application layer. The protocol that runs at this layer performs an operation on the request
and then passes it to the next, lower layer. Each layer of protocols below the Application
layers perform it own calculation and appends its own information to the data sent from the
layer above it. At the receiving station, the process happens in reverse.
To know more information about the OSI model, go to Chapter 6
The IEEE Standard

This is a standard developed by the Institute of Electrical and Electronics Engineers (IEEE),
a nonprofit, technical professional association based in the United States that develops,
among other things, data communication standards. It consists of committees that are
responsible for developing drafts that are passed on to the ANSI (American National
Standards Institute) for approval and standardization within the United States. The IEEE
also forwards the drafts to the ISO.
The IEEE is composed of working groups that are involved in standards development in a
number of areas, including aerospace electronics, circuits, communications,
instrumentation, electrical code, nuclear engineering, power electronics,
telecommunications, and vehicular technology, among many others. An information
technology (IT) section includes working groups for bus architectures, local and
metropolitan area networks, software engineering, storage systems, and testing
technologies, among others.
One of these groups is the LAN/MAN Standards Committee (LMSC), which develops LAN
(local area network) and MAN (metropolitan area network) standards, mainly for the lowest
two layers in the OSI reference model. LMSC is also called the IEEE Project 802, so the
standards it develops are referenced as IEEE 802 standards. In general, IEEE 802 standards
define physical network interfaces such as network interface cards, bridges, routers,
connectors, cables, and all the signaling and access methods associated with physical
network connections.
34
Types of IEEE 802 Networking Standards

One of the major components of the Data Link Layer in the OSI Model is the result of
IEEE 802 networking standards. The following are some of the more common IEEE
802 Standards used in networking industries:
IEEE 802.1 Higher layer LAN protocols
IEEE 802.2 Logical link control
IEEE 802.3 Ethernet
IEEE 802.5 Token Ring
IEEE 802.11 Wireless LAN
IEEE 802.12 demand priority
IEEE 802.15 Wireless PAN
IEEE 802.16 Broadband wireless access
IEEE 802.17 Resilient packet ring
IEEE 802.18 Radio Regulatory TAG
IEEE 802.19 Coexistence TAG
IEEE 802.20 Mobile Broadband Wireless Access
IEEE 802.21 Media Independent Handoff
IEEE 802.22 Wireless Regional Area Network
Network Topology
Once you choose the type of network to use, choose the manner in which your network will
be wired. A topology is a way of laying out the network. Topologies can be either
physical or logical. Physical topologies describe how the cables are run. Logical
topologies describe how the network messages travel. The choice of network topology will
be influenced by some considerations including:
Centralization
Cost
Maintenance and troubleshooting
Scalability
Security
Speed
Stability
Distances
Single point of failure - a physical or logical location (a server, switch, router, etc)
where one or more network devices are connected. When this connection fails, one
or more workstations will not be able to transmit data.
The basic network topologies that will be discussed in this courseware are the Bus
Topology, Ring Topology and Star Topology.
35
Each of these types and their characteristics will be discussed in Chapter 2

Basic Network Topologies.
36
Chapter 1 Summary and Review Questions

At a high level, networks are advantageous because they allow computers and people to be
connected together, so they can share resources. Some of the specific benefits of networking
include communication, data sharing, Internet access, data security and management,
application performance enhancement, and entertainment.
Networks are classified into two principal groups based on how they share information:
peer-to-peer networks and server-based networks. In a peer-to-peer network, all computers
are equal. They can either share their resources or use resources on other computers. In a
server-based network, one or more computers act as servers and provide the resources to the
network. The other computers are the clients and use the resources provided by the server.
Review Questions
1. Networking hardware includes all computers, peripherals, interface cards and other
equipment needed. These hardware are needed to
a) To perform data-processing and communications within the network
b) To facilitate many types of games and entertainment
c) To provide a framework and technology foundation for designing, building and
d) None of the above.
2. This hardware component provides a link to the services or resources necessary to
perform any task.
a) Printer
b) Server
c) Client
3. What is the purpose of network architecture?
a) To provide access to many files and printers while maintaining performance
and security for the user
b) To provide a framework and technology foundation for designing, building and
c) To enable users to locate, store, and secure information on the network
d) To allow users to share any of their resources in any manner they choose
4. An advantage in networking that allows the administrators to more effectively manage
the company's critical data is advantage on
a) Hardware and Software Management and Administration Costs
b) Network Hardware, Software and Setup Costs
c) Data Security and Management
5. It is a physical or logical location (a server, switch, router, etc) where one or more
network devices are connected
37
a) Single point of failure

b) Peer-to-peer network
c) Server-based environment
d) Network implementation
38
Chapter 2: Basic Network Topologies

Chapter Objectives
Understand what network topology is
Identify the basic network topologies, their characteristics, advantages and

disadvantages
Identify types of area networks (LAN, WAN, and other types)
39
Identify the basic network topologies, their
characteristics, advantages and
disadvantages
Identify types of area networks (LAN, WAN,
and other types)
14
Notes
40
Identify the basic network topologies, their
characteristics, advantages and disadvantages
Identify types of area networks (LAN, WAN, and
other types)
15
Notes
41
What is Network Topology?

the specific physical, logical, or virtual,
arrangement of the network components and
devices (nodes).
it is determined only by the configuration of
connections between nodes.
Distances between nodes, physical
interconnections, transmission rates, and/or
signal types affect how data will be
communicated in a network.
16
Notes
42
Basic Network Topologies
17
Notes
43
Bus Topology
All nodes (file server, workstations, and peripherals) on the LAN

are connected by one linear cable, which is called the shared
medium. It uses a common single cable, which is the backbone
and it functions as a shared communication medium that
devices attach or tap into with an interface connector.
A backbone is a part of a network that acts
as the primary path for traffic that is most
often sourced from, and destined for, other
networks. It is a set of nodes and links
connected
18
Notes
44
Bus Topology
Every node on this cable segment sees

transmissions from every other station
on the same segment.
At each end of the bus there is a
terminator, which absorbs any signal,
removing it from the bus and the
transmitting node cannot send the
packet anymore.
This medium cable apparently is the
single point of failure.
19
Notes
45
Star Topology
It uses a switch
All peripheral nodes may
communicate with all others by
transmitting to, and receiving
from, the central node only.
It generally requires more cable

(but a failure in any star network cable will
only take down one computer's network
access and not the entire LAN)
If the switch - the entire network

also fails
20
Notes
46
Ring Topology
The ring topology connects all PCs

in the network in a loop, running
double cables between each node in
order to maintain network integrity.
Every network node has two branches

connected to it and form a ring. If one
of the nodes on the ring fails than the
ring is broken and cannot work.
21
Notes
47
Hybrid Topology
a combination of any two or more network
topologies.
where two basic network topologies, when
connected together, can still retain the basic
network character
22
Notes
48
Types of Networks - LANs, WANs, and Others
A Local Area Network (LAN)

connects network devices over a
relatively short distance.
A Wide Area Network (WAN)

spans a large physical distance.
A WAN spans across the
countries.
23
Notes
49
Area Networks
Metropolitan Area Network
(MAN)
Storage Area Network (SAN)
System Area Network (SAN)
Server Area Network (SAN)
Small Area Network (SAN)
Personal Area Network (PAN)
Desk Area Network (DAN)
Controller Area Network (CAN)
Cluster Area Network (CAN)
Wireless Local Area Network
(WLAN)
WLAN
SAN
PAN
24
Notes
50
Introduction
Network Topology is the specific physical, logical, or virtual, arrangement of the network
components and devices (nodes). It is determined only by the configuration of connections
between nodes. Distances between nodes, physical interconnections, transmission rates,
and/or signal types affect how data will be communicated in a network.
A node is any device on a network (server, workstation, printer, scanner, or any other
kind of peripheral) that is accessed directly by the network. A node has a unique
name or IP address so the rest of the network can identify it.
This chapter will discuss the forms and different types of topologies and their
characteristics.
Understanding Physical and Logical Topology

The physical topology of a network refers to the configuration of cables, computers, and
other peripherals. Physical topology should not be confused with logical topology which is
the method used to pass information between workstations. In the OSI Model, this is
included in the Physical Layer.
To know more about the Physical Layer, go to Chapter 6 The
OSI Reference Model.
The topology you choose for your network influences and is influenced by several factors:
Office layout
Type of cable used
Cost of installation
Troubleshooting techniques
First, look at how your office is arranged. People who are setting up only a few computers
in a single room will have less difficult challenges that than those with many computers
distributed throughout several floors of a building.
Second, to a significant degree, the physical topology you choose for your network
determines what kind of cable you will get for it and vice versa. CAT 5 (Category 5) cable
is commonly used in networks. Some people use the Fiber Optic cable.
To know more about network cables, go to Chapter 3
51
Third, all physical topologies are not equal in terms of cost. Some of the cost will be
affected by the complexity of the topology you choose and more important, how hard it is to
make the topology fit your space. The bus topology, for example, is simple when done in a
small area but could be complicated to cable if you attempt to run it through a multi-floor
network.
Finally, troubleshooting techniques and requirements are determined to some degree by the
physical topology you use. For example, some topologies have built-in physical redundancy
to prevent breaks in the cable from interrupting communications. Other topologies isolate
each cable in the network so that a single break will not bring everything down.
Basic Network Topologies

Each physical topology has its own characteristics, as well as the advantages and
disadvantages when used in a network. However, keep in mind that the physical topology
does not a direct bearing on the logical topology. Logical, or electrical topologies describes
the way in which a network transmits information from one node to the next node, not the
way your network looks.
Bus Topology
All nodes (file server, workstations, and peripherals) on the LAN are connected by one
linear cable, which is called the shared medium. It uses a common single cable, which is the
backbone and it functions as a shared communication medium that devices attach or tap
into with an interface connector. A device wanting to communicate with another device on
the network sends a broadcast message onto the wire that all other devices see, but only the
intended recipient actually accepts and processes the message.
Figure 2.1 Bus Topology - all nodes on the LAN are connected by one linear
cable.
A backbone is a part of a network that acts as the primary path for traffic that is
most often sourced from, and destined for, other networks. It is a set of nodes
and links connected together comprising a network, or the upper layer protocols
used in a network.
52
Characteristics of Bus Topology
Every node on this cable segment sees transmissions from every other station on the same
segment. At each end of the bus there is a terminator, which absorbs any signal so it does
not reflect back across the bus. This medium cable apparently is the single point of failure.
In a bus topology, signals are broadcasted to all stations. Each computer checks the address
on the signal (data frame) as it passes along the bus. If the signals address matches that of
the computer, the computer processes the signal. If the address doesnt match, the computer
takes no action and the signal travels on down the bus.
Figure 2.2 shows terminator at the end of the bus
Only one computer can talk on a network at a time. A media access method called
CSMA/CD Carrier Sense Multiple Access with Collision Detection (CSMA/CD) is used to
handle the collisions that occur when two signals are placed on the wire at the same time.
To know more about Carrier Sense Multiple Access with Collision
Detection (CSMA/CD), go to Chapter 4, LAN Architecture
Each time a node on the network has data for another node, the sending node broadcasts the
data to the entire network. The various nodes hear it and look to see if the data is for them.
If so, they keep the data.
Every Ethernet card has a unique 48-bit address (its own 24-bit and another 24bit specified by the company), known as a MAC address. Each piece of data that
travels the network is directed to the address of the card in the node that should
receive the data.
53
A good example to show how this topology works would be the old telephone party lines
where a number of persons share a telephone number. Each person sharing the telephone is
assigned a distinctive ring to determine who was receiving a call. If your code was, say
three rings, and you heard the telephone ring three quick rings, you could pick it up and
know it was for you. On the other hand, if you heard two long and one short, youd know
that the call was for your next door neighbor and youll ignore it. In all cases, everyone
sharing the telephone heard the rings, but only one person who was supposed to receive it
the call, responded to it.
On a bus network, every workstation can send out information in a package called a packet.
It contains the source and the destination address in addition to the data.
Data transmitted on a network of any type, must conform to the strict format, called the
Data Logical Link Layer Frame format, which the network type uses for arranging data. For
instance, Ethernet packets in a 100Mpbs network can be no longer than 1518 bytes, just to
ensure that a single workstation doesnt hog the network too long. In a Gigabit network this
number has been increased to 9000 bytes. Therefore, the 9000 bytes was large enough to
carry an 8 KB application datagram (e.g. NFS) plus packet header overhead)
Before a workstation broadcasts to the network, it listens to determine if another machine is
using the network. If the coast is clear, then it broadcasts. The bus topology is passive. In
other words, the computers on the bus simply listen for a signal; they are not responsible
for moving the signal along.
The biggest problem with the broadcast method of network transmittal is distance. If the
distance between two computers on the same network (for example, Node A and Node B) is
too great, they may not hear each other on the line. If that happens, then Node A cannot tell
whether Node B is transmitting or not. Thinking that the line is not in use, Node A may
then begin its transmittal when Node B is already transmitting data. If the two nodes
transmit at the same time, an event called packet collision occurs, causing a frequency
ripple on the cable. The first node to detect this increased frequency ripple will send out a
high-frequency signal that will cancel out all the other signals. This signal tells all nodes
that a collision has occurred and that all nodes in the network should stop sending packets.
At this point, each node waits a random amount of time, and then tries broadcasting again.
They will do this up to 16 times before giving up.
Ethernet is probably the best known example of a logical bus network; its the most popular
LAN type. Early Ethernet systems used the bus topology with coaxial cable, a type of
network that is rarely seen today. Ethernet bus topologies are relatively easy to install and
don't require much cabling compared to the alternatives. 10Base-2 ("ThinNet") and 10Base5 ("ThickNet") both were popular Ethernet cabling options years ago. However, bus
networks work best with a limited number of devices. If more than a few dozen computers
are added to a bus, performance problems will likely result. In addition, if the backbone
cable fails, the entire network effectively becomes unusable.
Advantages of a Bus Topology
54
Easy to implement and extend
Well suited for temporary networks that must be set up in a hurry
Typically the least cheapest topology to implement
Failure of one station does not affect others. (However, if one machine fails, the
packet will not pass!)
Disadvantages of a Bus Topology
Difficult to administer/troubleshoot
Limited cable length and number of stations
For 10Base2
maximum number of network segments = 5
maximum network segment length = 607 feet (185 meters)
maximum total network cable length = 3035 feet (925 meters)
maximum number of stations on a network segment = 30
minimum distance between T connectors (computers) = 1.5 feet

(0.5 meters)
A cable break can fail the entire network; no redundancy; no backbone function
Maintenance costs may be higher in the long run
Performance degrades as additional computers are added
Star Topology
While the bus topology has the computers in a network logically connected directly to each
other, the star topology uses a switch (in the past, this was called a hub; a switch is also
known as a repeater), which rebroadcasts all transmissions received from any peripheral
node to all peripheral nodes on the network, including the originating node. All peripheral
nodes may thus communicate with all others by transmitting to, and receiving from, the
central node only. Most LANs installed today use the star topology. The main advantage of
the star network is that each computer has its own dedicated connection to the hub. If a
single cable or connector should fail, only one computer is affected.
Switches will be discussed in Chapter 5 Network Connectivity Device.
55
Figure 2.3 Star Topology - all nodes on the LAN are connected to a switch (also
called a repeater)
Characteristics of Star Topology
In the star topology, each server and workstation plugs into a central hub that provides
connections to all other devices connected to the switch. This means that each connection is
independent of all other connections; a break in workstation As cable will not affect
workstation Bs connection. It also means that the network is relatively easy to cable
because each workstation and server is no more than the maximum cable length from the
switch. Devices typically connect to the switch with Unshielded Twisted Pair (UTP)
Ethernet.
To know more about the UTP cable, go to Chapter 3 Basic Network
Cabling.
Advantages of a Star Topology
Easy to install and wire.
No disruptions to the network then connecting or removing devices.
Easy to isolate problems because the hub can be a bottleneck and single
point of failure.
Disadvantages of a Star Topology
56
Requires more cable length than a bus linear topology.
If the hub or concentrator fails, all nodes attached are disabled.
More expensive than bus topologies because of the cost of the switch.
The Ring Topology

The ring topology, used by Token ring and Fiber Distributed Data Interface (FDDI)
networks, every workstation must repeat what it hears from the previous station, making a
kind of bucket brigade of data. The computer that transmits data is also responsible for
removing it from the network after it has traversed the entire ring. When a piece of data gets
back to the originators, it stops. An entire file cant be transmitted in one packet, so its
pieces will be transmitted in succession.
Every network node has two branches connected to it and form a ring. If one of the nodes
on the ring fails than the ring is broken and cannot work. As far as signal transmissions are
concerned, a ring network is like a bus in that each computer is logically connected to the
next. The difference is that in a ring network the two ends are connected instead of being
terminated. This enables a signal originating on one computer to travel around the ring to all
of the other computers and eventually back to its point of origin. The most important thing
to understand about the ring topology, however, is that it is strictly a logical construction,
not a physical one. Or, to be more precise, the ring exists in the wiring of the network, but
not in the cabling.
Characteristics of a Ring Topology
The ring topology connects all PCs in the network in a loop, running double cables between
each node in order to maintain network integrity. In a ring network, every device has
exactly two neighbors for communication purposes. All messages travel through a ring in
the same direction (effectively either "clockwise" or "counterclockwise"). A failure in any
cable or device breaks the loop and can take down the entire network.
This setup has no start and no end. All computers are connected with a cable that loops
around. Signals travel in one direction on a ring while they are passed from one computer to
another and each computer checks a packet for its destination and passes it on as a repeater
would.
Figure 2.3 Ring Topology all nodes are connected in a loop.
57
The heart of the ring logical topology is the token packet. To avoid packet collisions, the
ring topologies ensure that only one workstation can send information across the network at
any given time. Only the node that has control of the token packet can send information
across the network.
When a workstation is done with the token packet, it releases it to whatever station is next
in line. If nobody grabs it, the workstation releases it a second time. If nobody responds to
it the second time, then the workstation sends out a general query, know as a solicit
successor frame. This frame goes out over the network asking, Whos supposed to get the
next token?. If a workstation responds, the sending workstation addresses the token to that
workstation and passes the token. Because no single node can transmit for longer than it
takes for a piece of data to make a complete circuit of the network, no PC has to wait more
than once circuits worth of information before getting a chance to transmit.
In the ring topology, the data is not broadcasted on the network but passed from node to
node. Thus, timing is very important to make sure that the frames passed on the network are
receiving properly. The token is responsible for maintaining the timing. Given the tokens
importance in keeping order on a network using the ring logical topology, one computer is
dedicated to token management. This computer, called the token master or active monitor,
detects lost tokens, monitors frame transmissions, and creates new tokens when necessary.
The active monitor also maintains a regular clock tick on the network that keeps all other
nodes synchronized.
Advantages of a Ring Topology
No collisions
Easier to fault find
No terminators required
Disadvantages of a Ring Topology
Requires more cable than a bus
A break in the ring will bring it down
Not as common as the bus less devices available
Hybrid Topologies
A hybrid topology is a combination of any two or more network topologies.
58
Instances can occur where two basic network topologies, when connected together,
can still retain the basic network character, and therefore not be a hybrid network.
For example, a tree network connected to a tree network is still a tree network.
Therefore, a hybrid network accrues only when two basic networks are connected
and the resulting network topology fails to meet one of the basic topology
definitions. For example, two star networks connected together exhibit hybrid
network topologies.
A hybrid topology always accrues when two different basic network topologies are
connected.
Types of Networks - LANs, WANs, and Others

LANs and WANs were the original flavors of network design. The concept of describing
the network types as "area" is applicable because a key distinction between a LAN and a
WAN involves the physical distance that the network spans. A third category, the MAN,
also fit into this scheme as it is also centered on a distance-based concept.
As technology improved, new types of networks appeared on the scene. These types
became also known as various types of "area networks" for consistency's sake, although
distance no longer proved to be a useful differentiator.
For historical reasons, the industry refers to nearly every type of network as an "Area
Network." The most commonly-discussed categories of computer networks also include the
following
Metropolitan Area Network (MAN)
Storage Area Network (SAN)
System Area Network (SAN)
Server Area Network (SAN)
Small Area Network (SAN)
Personal Area Network (PAN)
Desk Area Network (DAN)
Controller Area Network (CAN)
Cluster Area Network (CAN)
Wireless Local Area Network (WLAN)
LAN Basics
A LAN connects network devices over a relatively short distance. A networked office
building, school, or home usually contains a single LAN, though sometimes one
building will contain a few small LANs, and occasionally a LAN will span a group of
nearby buildings. Besides operating in a limited space, LANs include several other
distinctive features. LANs are typically owned, controlled, and managed by a single
person or organization. They also use certain specific connectivity technologies,
primarily Ethernet.
WAN Basics
A Wide Area Network (WAN) spans a large physical distance. A WAN spans across
the countries. Geographically, it is a dispersed collection of LANs. A network device
59
called a router connects LANs to a WAN. In an Internet Protocol (IP) networking, the
router maintains both a LAN address (an IP address) and a WAN address.
WANs differ from LANs in that, like the Internet, most WANs are not owned by any
one organization but rather exist under collective or distributed ownership and
management. WANs use advance networking technologies for connectivity like ATM
(Asynchronous Transfer Mode), for instance.
LANs and WANs at Home

Network users at home with cable modem (connects a home computer - or network of
home computers - to residential cable TV service) or DSL (Digital Subscriber Line,
Digital Subscriber Loop, xDSL) service use the concept of LANs and WANs. A
cable/DSL router join the home LAN to the WAN link maintained by one's Internet
Service Provider (ISP) The ISP provides a WAN IP address used by the router, and all
of the computers on the home network use private LAN addresses. On a home network,
like many LANs, all computers can communicate directly with each other, but they
must go through a central gateway (an internetworking system, a system that joins two
networks together) location to reach devices outside of their local area.
MAN, SAN, PAN, DAN, and CAN

A Metropolitan Area Network (MAN) connects an area larger than a LAN but smaller
than a WAN, such as a city, with dedicated or high-performance hardware.
Figure 2.4 Illustration of MAN
A Storage Area Network connects servers to data storage devices through Fiber
Channel technology, which handles high-performance disk storage for applications on
many corporate networks.
A System Area Network connects high-performance computers with high-speed
connections in a cluster configuration or also known as Network of Workstations
(NOW). A cluster integrates the resources of two or more computing devices (that
could otherwise function separately) together for some common purpose.
60

In networking, the term topology refers to the layout of the network, especially the locations
of the computers and how the cable is run between them. A topology is can be physical,
logical or both. Each topology has its own strength and weaknesses.
Review Questions
1. The specific physical, logical, or virtual, arrangement of the network components and
devices
a) Network Topology
b) Ring Topology
c) Bus Topology
d) Star Topology
2. A backbone is best described as
a) A cable break that can fail the entire network
b) A set of nodes and links connected together comprising a network, or the upper
layer protocols used in a network
c) The most important thing to understand about the bus topology
3. The Data Logical Link Layer Frame format
a) Transmits the data in the network
b) listens to determine if another machine is using the network
c) repeats what it hears from the previous station
d) describes the format on how data is transmitted on any type of network
4. In this type of topology, the data is not broadcasted on the network but passed from
node to node
a) Network Topology
b) Ring Topology
c) Bus Topology
d) Star Topology
5. In this type of topology, each server and workstation plugs into a central hub that
provides connections to all other devices connected to the switch.
a) Network Topology
b) Ring Topology
c) Bus Topology
d) Star Topology
61
62
Chapter 3: Basic Network Cabling

Chapter Objectives
Identify the primary cable types used for Ethernet networking
Know the characteristics of the Twisted-Pair cable
Distinguish between shielded (STP) and unshielded (UTP) twisted pair cable
Know the characteristics of the Fiber Optic cables
Identify the advantages and disadvantages of each cable type
Know the RJ-45 connector
Know the characteristics of a CAT 5
Know the maximum cable lengths (feet and meters)
Know what a terminator is and the common problems associated with it
Know what attenuation and crosstalk, the problems associated with them,
and the ways to prevent them
Apply general cabling installation guides
63
Twisted-Pair Cable
UTP Cable Grades
Fiber Optic Cable
Understanding Attenuation and Crosstalk
A General Guide on Cable Installation
25
Notes
64
Identify the primary cable types used for Ethernet
networking
Know the characteristics of the Twisted-Pair cable
Distinguish between shielded (STP) and unshielded
(UTP) twisted pair cable
Know the characteristics of the Fiber Optic cables
Identify the advantages and disadvantages of each
cable type
Know the RJ-45 connector
Know the characteristics of a CAT 5
Know the maximum cable lengths (feet and meters)
Know what a terminator is and the common
problems associated with it
Know what attenuation and crosstalk, the
problems associated with them, and the ways to
prevent them
Apply general cabling installation guides
26
Notes
65
Types of Network Cable

Unshielded Twisted-pair cable
(UTP)
Features of UTP cable:

Speed and throughput10 to
1000 Mbp
Average cost per node Least
expensive
Media and connector size
Small
Max cable length 100 m
(short)
Twisted-pair Ethernet cable
Max of 1,024 attached
workstations
Max of 4 repeaters between
communicating workstations
Max segment length of 328 feet
(100 meters)
27
Notes
66

Shielded Twisted-pair cable
(STP)
Features of UTP cable:
Speed and throughput10
to 1000 Mbps
Average cost per node
Least expensive
Media and connector size
Small
Max cable length100 m
(short)
28
Notes
67
RJ-45 Connector
29
Notes
68
Notes
69

Fiber Optic Cable
Features of fiber optic cables:

Speed and throughputMore
than 1 Gbps (Gigabit per second)
Average cost per node
Expensive
Media and connector sizeSmall
Max cable lengthMore than 10
km for single mode; up to 2 km
for multimode
31
Notes
70

Terms in high-performance cabling:
Length
Wire Map
Return Loss
DC Loop Resistance
Attenuation
NEXT (Near End Cross Talk)
PSNEXT (Power Sum Near-End Cross Talk)
FEXT, ELFEXT and PSELFEXT
Delay
Delay Skew
32
Notes
71
NEXT, PSNEXT, PSEFLEXT
33
Notes
72

1. Always use more cable than you need.
Leave plenty of slack.
2. Test every part of a network as you
install it. Even if it is brand new, it may
have problems that will be difficult to
isolate later.
3. Stay at least 3 feet away from
fluorescent light boxes and other
sources of electrical interference.
4. If it is necessary to run cable across
the floor, cover the cable with cable
protectors.
5. Label both ends of each cable.
6. Use cable ties (not tape) to keep
cables in the same location together.
34
Notes
73
Introduction
There are three types of cable that can be used in structured Ethernet cabling design,
Unshielded Twisted-Pair (UTP), Shielded Twisted-Pair (STP) which are both types of
Twisted-Pair cable, and Fiber Optic cable.
UTP is the most widely used cable and is used as the primary media for floor distribution. A
UTP backbone is often installed for voice services. STP is used in applications where noise
is deemed to be a problem. When installed correctly it can allow the use of structured
cabling where previously the environment was too harsh. Fiber optic cable is
predominantly used as a backbone media for data services, its high speed and bandwidth
being ideal for this purpose.
Twisted-Pair Cable
Twisted-pair cable is a type of cabling that is used for telephone communications and most
modern Ethernet networks. A pair of wires forms a circuit that can transmit data. The pairs
are twisted to provide protection against crosstalk, the noise generated by adjacent pairs.
When electrical current flows through a wire, it creates a small, circular magnetic field
around the wire. When two wires in an electrical circuit are placed close together, their
magnetic fields are the exact opposite of each other. Thus, the two magnetic fields cancel
each other out. They also cancel out any outside magnetic fields. Twisting the wires can
enhance this cancellation effect. Using cancellation together with twisting the wires, cable
designers can effectively provide self-shielding for wire pairs within the network media.
Unshielded Twisted Pair (UTP) Cable

Unshielded twisted pair (UTP) is generally used to connect the computers to the
switches. It is the most popular and is generally the best option for home or small
organization networks primarily due to its low cost.
Figure 3-1 Anatomy of a UTP cable
74
The quality of UTP may vary from telephone-grade wire to extremely high-speed cable.
UTP contains 8 wires or 4 pair of either 22- or 24-gauge copper wire inside the jacket.
100 meter maximum length. 4-100 Mbps speed. Each of the eight individual copper
wires in UTP cable is covered by an insulating material. The wires in each pair are
twisted around each other.
UTP cable relies solely on the cancellation effect produced by the twisted wire pairs to
limit signal degradation caused by electromagnetic interference (EMI) and radio
frequency interference (RFI). To further reduce crosstalk between the pairs in UTP
cable, the number of twists in the wire pairs varies. The tighter the twisting, the higher
the supported transmission rate and the greater the cost is per foot.
Advantages and Disadvantages of the UTP Cabling
UTP cable offers many advantages. Because UTP has an external diameter of
approximately 0.43 cm (0.17 inches), its small size can be advantageous during
installation. Because it has such a small external diameter, UTP does not fill up wiring
ducts as rapidly as other types of cable. This can be an extremely important factor to
consider, particularly when installing a network in an older building. UTP cable is easy
to install and is less expensive than other types of networking media. In fact, UTP costs
less per meter than any other type of LAN cabling. And because UTP can be used with
most of the major networking architectures, it continues to grow in popularity.
However, the UTP cable is more prone to electrical noise and interference than other
types of networking media, and the distance between signal boosts is shorter for UTP
than it is for coaxial and fiber-optic cables, which means that UTP may be susceptible
to radio and electrical frequency interference.
The following summarizes the features of UTP cable:
Speed and throughput10 to 1000 Mbp
Average cost per node Least expensive
Media and connector size Small
Maximum cable length 100 m (short)
Twisted-pair Ethernet cable has the following specifications:
a maximum of 1,024 attached workstations;
a maximum of 4 repeaters between communicating workstations; and
a maximum segment length of 328 feet (100 meters).
Shielded Twisted Pair (STP) Cable

Shielded twisted-pair (STP) cable combines the techniques of shielding, cancellation,
and wire twisting. Each pair of wires is wrapped in a metallic foil (see Figure 3-2). The
four pairs of wires then are wrapped in an overall metallic braid or foil, usually 150ohm cable. It is suitable for environments with electrical interference; however, the
extra shielding can make the cables quite bulky. The maximum length is 100 meters
75
and operates on 16-155 Mbps speed. It has a lower electrical interference than UTP and
it more expensive.
As specified for use in Ethernet network installations, STP reduces electrical noise both
within the cable (pair-to-pair coupling, or crosstalk) and from outside the cable (EMI
and RFI). STP usually is installed with STP data connector, which is created especially
for the STP cable.
Figure 3-2 Anatomy of a STP cable

Advantages and Disadvantages of STP Cabling
The STP cabling supports a wide range of systems and protocols. It is easier to relocate
devices. STP can offer a high level of protection with out significant additional cost.
The installation of STP cable does minimize the sensitivity to routing (Proximity to
EMI sources) but adds complexity in terms of the quality of connections and grounding.
The following summarizes the features of UTP cable:
Speed and throughput10 to 1000 Mbps
Average cost per nodeLeast expensive
Maximum cable length100 m (short)
RJ-45: The Twisted Pair Connector

The standard connector for twisted pair cabling is an RJ-45 connector. It connects each
computer on the network to a central hub, which makes up a star topology. This is a
plastic connector that looks like a large telephone-style connector. A slot allows the RJ45 to be inserted only one way. RJ stands for Registered Jack, implying that the
connector follows a standard borrowed from the telephone industry. This standard
designates which wire goes with each pin inside the connector.
76
Figure 3-3 Standard RJ45 wiring
Figure 3-4 Plug and socket wiring details
10/100 Ethernet cables have 8 wires, of witch 4 are used for data. The other wires are
twisted around the data lines for electrical stability and resistance to electrical
interference. The cables end in RJ-45 connectors that resemble large telephone line
connectors.
Two kinds of wiring schemes are available for Ethernet cables. Patch cables and
crossover cables. Crossover cables are special because with a single cable, two
computers can be directly connected together without a hub or switch. If a cable does
not say crossover, it is a standard patch cable. If you are connecting computers to a
switch, you need patch cables.
UTP Cable Grades

UTP cable comes in a variety of different grades, called "categories" by the Electronics
Industry Association (EIA) and the Telecommunications Industry Association (TIA) or
better known as EIA/TIA.
77
Category
Maximum Data
Rate
Usual Application
CAT 1
Less than 1
Mbps
Analog voice (POTS)

Integrated Services Digital Network Basic
Rate Interface in ISDN
Doorbell wiring
CAT 2
4 Mbps
Mainly used in the IBM Cabling System for

token ring networks
CAT 3
16 Mbps
Voice and data on 10BASE-T Ethernet
CAT 4
20 Mbps
Used in 16 Mbps Token Ring

Otherwise not used much
100 Mbps
100 Mbps TPDDI (100BASE-T or Fast

Ethernet)
CAT 5
100 Mbps
CAT 5E
CAT 6
1000 Mbps (4
pair)
200-250 MHz
100 Mbps TPDDI (100BASE-T or Fast

Ethernet)
155 Mbps ATM (no longer supported)
Gigabit Ethernet
Super-fast Broadband Applications
Table 3-1 of Cable Grades or Categories 1
The two most significant UTP grades for LAN use are Category 3 and Category 5. Category
3 cable was designed for voice-grade telephone networks and eventually came to be used
for Ethernet. Category 3 cable is sufficient for 10 Mbps Ethernet networks (where it is
called 10BaseT), but it is generally not used for Fast Ethernet (except under certain
conditions).
There have been many kinds of Ethernet, but the most popular is 10/100Mbps running over
copper twisted pair wires. 100Mbps Ethernet is also called 100baseT and Fast Ethernet. If
you have an existing Category 3 cable installation, you can use it to build a standard
Ethernet network, but virtually all new UTP cable installations today use at least Category 5
78
cable. The most common are CAT5, CAT5e and CAT6. CAT5 is good for most purposes
and can transfer data at 100Mbps. CAT5e is rated for 200Mbps and CAT6 is rated for
gigabit Ethernet.
Characteristics of Category 5
CAT5 is an Ethernet cable standard defined by the EIA/TIA. CAT5 is the 5th generation of
twisted pair Ethernet cabling and the most popular of all twisted pair cables in use today.
CAT5 cable contains four pairs of copper wire. CAT5 supports Fast (100 Mbps) Ethernet
and comparable alternatives such as ATM. As with all other types of twisted pair EIA/TIA
cabling, CAT5 cable runs are limited to a maximum recommended run rate of 100m (328
feet).
Although CAT5 cable usually contains four pairs of copper wire, Fast Ethernet
communications only utilize two pairs. A new specification for CAT5 cable, CAT5
enhanced (CAT5e), supports short-run Gigabit Ethernet (1000 Mbps) networking by
utilizing all four wire pairs and is backward-compatible with ordinary CAT5.
Twisted pair cable like CAT5 comes in two main varieties, solid and stranded. Solid CAT5
cable supports longer runs and works best in fixed wiring configurations like office
buildings. Stranded CAT5 cable, on the other hand, is more pliable and better suited for
shorter-distance, movable cabling such as on-the-fly patch cabling.
Though newer cable technologies like CAT6 and CAT7 are being developed, CAT5 cable
remains the popular choice, because it is both affordable and plenty fast enough for today's
LANs.
Fiber Optic Cable

Fiber optic cable is a completely different type of network medium. Instead of carrying
signals over copper conductors in the form of electrical voltages, fiber optic cables transmit
pulses of light over a glass or plastic conductor Fiber optic cabling consists of a center glass
core surrounded by several layers of protective materials. It transmits light rather than
electronic signals eliminating the problem of electrical interference. Around the cladding is
a plastic spacer layer, a protective layer of woven Kevlar fibers, and an outer sheath. This
makes it ideal for certain environments that contain a large amount of electrical
interference. It has also made it the standard for connecting networks between buildings,
due to its immunity to the effects of moisture and lighting.
79
Figure 3-5 shows an anatomy of a Fiber Optic cable
Fiber optic cable has the ability to transmit signals over much longer distances than coaxial
and twisted pair. It also has the capability to carry information at vastly greater speeds. This
capacity broadens communication possibilities to include services such as video
conferencing and interactive services. The 10BaseF refers to the specifications for fiber
optic cable carrying Ethernet signals. The maximum segment length is 2000 meters.
Advantages and Disadvantages of Fiber Optic Cabling
Fiber optic cable is completely resistant to the electromagnetic interference that so

easily affects copper-based cables. Fiber optic cables are also much less subject to
attenuation than are copper cables. Attenuation is the tendency of a signal to weaken as
it travels over a cable. The longer the cable, the weaker the signal gets. When data is
transmitted through a cable, the signal weakens and this is due to the size and grade of
the copper being used, the insulation materials and other design factors. On copper
cables, signals weaken to the point of unreadability after 100 to 500 meters (depending
on the type of cable). Some fiber optic cables, by contrast, can span distances up to 120
kilometers without excessive signal degradation. This makes fiber optic the medium of
choice for installations that span long distances or that connect buildings on a campus.
Fiber optic cable is also inherently more secure than copper, because it is not possible to
tap into a fiber optic link without affecting the normal communication over that link.
The characteristics of the different transport media have a significant impact on the
speed of data transfer. Fiber optic cable is a networking medium capable of conducting
modulated light transmissions. It is not susceptible to EMI, and it is capable of higher
data rates than any of the other types of networking media discussed in this chapter.
Fiber optic cable does not carry electrical impulses as other forms of networking media
that use copper wire do. Instead, signals that represent bits are converted into beams of
light.
Compared to other networking media, it is more expensive and it is more difficult to
install and modify.
The following summarizes the features of fiber optic cables:
80
Speed and throughputMore than 1 Gbps (Gigabit per second)
Average cost per nodeExpensive
Maximum cable lengthMore than 10 km for single mode; up to 2 km for

multimode
Fiber Optic Connector

The most common connector used with fiber optic cable is an ST connector. It is barrel
shaped, similar to a BNC (Bayonet Neill Concelman) male and female connector. A
newer connector, the SC, is becoming more popular. It has a squared face and is easier
to connect in a confined space.
BNC -is usually used for thinnet coaxial cable. A terminator is a resistor
attached to the end of the cable. Its purpose is to prevent signal
reflections, effectively making the cable "look" infinitely long to the signals
being sent across it.
Fiber-optic connectors come in single-mode and multimode varieties. The greatest

difference between single-mode connectors and multimode connectors is the precision
in the manufacturing process. The hole in the single-mode connector is slightly smaller
than in the multimode connector. This ensures tighter tolerances in the assembly of the
connector. The tighter tolerances make field assembly slightly more difficult.
A number of different types of fiber-optic connectors are used in the communications
industry. The following list briefly describes two of the commonly used connectors:
SC fiber optic type connectors feature a push-pull, connect and disconnect

method. To make a connection, the connector is simply pushed into the
receptacle. To disconnect, the connector is simply pulled out.
Figure 3-6 Multimode SC Connector on 3mm Jacketed Fiber
ST fiber optic connector is a bayonet type of connector. It is fully inserted into

the receptacle and is then twisted in a clockwise direction to lock it into place.
81
Figure 3-7 Multimode ST Connector on 3mm Jacketed Fiber

Cable
Type
Maximum
Segment
Length
Speed
Cost
Advantages
Disadvantages
UTP
100 m
10 Mbps to
1000 Mbps
Least
expensive
Easy to install;
widely available and
widely used
Susceptible to
interference; can
cover only a
limited distance
STP
100 m
10 Mbps to
100 Mbps
More
expensive
than UTP
Reduced crosstalk;
more resistant to
EMI than Thinnet or
UTP
Difficult to work
with; can cover
only a limited
distance
FiberOptic
10 km and
farther
(single-mode)
100 Mbps to
100 Gbps
(single mode)
Expensive
Difficult to
terminate
2 km and
farther
(multimode)
100 Mbps to
9.92 Gbps
(multimode)
Cannot be tapped,
so security is better;
can be used over
great distances; is
not susceptible to
EMI; has a higher
data rate than
coaxial and twistedpair cable
Table 3-2 Cable Type Comparison 2

So what causes the signal to attenuate, and where does the crosstalk come from? Below are
of some of the terms used in high performance cable testing, and a description of what they
mean.
Length
The length of a cable is one of the more obvious causes of attenuation because the longer it
is, the more resistance it has, and therefore less of the signal will get through. To measure
the length, a cable tester uses Time Domain Reflectometry (TDR). A pulse is sent down the
cable and when it reaches the far end it reflects back, by measuring the time it takes to
travel down the cable and back again, the tester can determine how long the cable is. To do
this, the tester also needs to know how fast the pulsed signal is traveling. This is called the
Nominal Velocity of Propagation (NVP) and is expressed as a percentage of the speed of
light. The NVP is usually somewhere between 60% and 90% of the speed of light, with
most Cat 5E cables being around 70%. Due to the twists in the cable, the measured length
will be greater than the physical length, so if a run looks like it might be over 80m it would
be wise to check it before it is tied up and terminated.
Wire Map
82
This test is to ensure that the two ends have been terminated pin for pin, i.e. that pin 1 at the
patch panel goes to pin 1 at the outlet, pin 2 goes to pin 2 etc. etc. The wire map also checks
for continuity, shorts, crossed pairs, reversed pairs and split pairs. A Split pair is probably
the only thing that requires an explanation here, as they are undetectable with a simple
continuity tester, this is because pin for pin they seem to be correct. A basic in cabling
indicates that balanced line operation requires that the signal is transmitted over a pair of
wires that are twisted together. With a 'split pair', the signal would be split between two
different pairs.
Figure 3-8 shows a diagram of cable wires
Return Loss
When a cable is manufactured there are slight imperfections in the copper. These
imperfections all contribute to the Structural Return Loss (SRL) measurement because each
one causes impedance mismatch which adds to the cables attenuation.
83
DC loop resistance
This is simply the resistance between the two conductors of a twisted pair which is looped
back at the far end. The primary purpose of this test is to make sure that there are no high
resistance connections in the link.
Attenuation
This is the decrease in signal strength (expressed as negative dB) from one end of a cable to
the other. The main causes of attenuation are impedance, temperature, skin effect and
dielectric loss. Impedance is the combination of resistance, inductance and capacitance in a
cable, and it is measured in Ohms and opposes the flow of current. Skin effect is
phenomena, which happens at high frequencies where the signal tries to escape from the
confines of the copper and into the air. The signal travels along the outer 'skin' of the copper
which effectively reduces the cross sectional area of the cable and therefore increases its
resistance.
NEXT (Near End Cross Talk)

NEXT occurs because alternating current flow produces an electromagnetic field around the
cable, this field then induces a current flow in adjacent cables. The strength of this field
increases with the frequency of the signal, and because the speed of data transmissions is
ever increasing, NEXT is a big problem.
The name 'Cross Talk' comes from the telecommunications industry, you may have heard a
faint conversation in the background while on the phone yourself, this is caused by the
electromagnetic effect between adjacent telephone wires. In the transmission of data, cross
talk is at its highest level in the RJ45 connection as it enters the cable, or at the 'Near End'.
The term 'Near End' is slightly confusing because data can travel in both directions, and the
NEXT test is carried out in both directions automatically by the tester, so the NEXT result
is relative to the end of the cable that it was carried out on.
The twists in a cable help to cancel out the effects of NEXT and the more twists there are,
the better the cancellation, however, the twists also increase attenuation, so there is a trade
off between NEXT cancellation and attenuation. The twist rates in data cables are optimized
for the best overall performance, the twist rates are also varied for each pair within the cable
to help combat crosstalk.
84
Figure 3-9 shows a diagram of how NEXT occurs
PSNEXT (Power Sum Near-End Cross Talk)

PSNEXT is actually just a calculation. When a tester carries out the NEXT test it measures
the cross talk on each pair as affected by each of the other three pairs individually, PSNEXT
is simply the addition of the three NEXT results for each pair. So this is the combined effect
that a pair would be subject to when used in a network that supports a four pair
transmissions method, e.g. Gigabit Ethernet.
Figure 3-10 shows a diagram of adding the three NEXT results for each pair
FEXT, ELFEXT and PSELFEXT

Basically, Far End Cross Talk (FEXT) is like NEXT but it is measured at the far end (well
that seems logical!). However, on its own FEXT doesn't mean much because the length of
the cable determines how much the signal is attenuated before it can affect the pairs at the
far end. To compensate for this, and to provide a more meaningful result, the attenuation is
subtracted from the FEXT test and the result is then called Equal Level Far End Cross Talk
85
(ELFEXT). Moreover, no test parameter these days would be complete without adding the
results together for each pair and calling it a Power Sum measurement, so now we have
Power Sum Equal Level Far End Cross Talk or PSELFEXT for short.
Figure 3-11 shows a diagram of FEXT
Figure 3-12 shows a diagram of PSELFEXT
Delay
This is the propagation delay or the time it takes for the signal to travel from one end of the
cable to the other, it is not very important on its own because it value is directly
proportional to the length of the cable. What is important is the relationship between the
delays on each of the four pairs.
Delay Skew
Delay Skew is the difference between the fastest and slowest pairs. Some networks use a
four pair transmission method, this means that the signal is split into four, sent down the
86
four pairs in the cable and re-combined at the far end. It is essential that the signals reach
the far end at near enough the same time, otherwise the signal will not be re-combined
correctly.

When running cable, it is best to follow a few simple rules:
1. Always use more cable than you need. Leave plenty of slack.
2. Test every part of a network as you install it. Even if it is brand new, it may have
problems that will be difficult to isolate later.
3. Stay at least 3 feet away from fluorescent light boxes and other sources of electrical
interference.
4. If it is necessary to run cable across the floor, cover the cable with cable protectors.
5. Label both ends of each cable.
6. Use cable ties (not tape) to keep cables in the same location together.
Although the maximum cable length for a Cat 5e/6/7 system is often reported to be 100m,
this length is inclusive of patch and drop leads. Cable testers however, when set to perform
a 'Basic Link' test, take this into account and you will find that the maximum length is set to
either 90m or 94m depending on the standard you are testing to. Also, because the length is
measured with a Cable Analyzer it is not the physical length of the run but the copper length
that is measured. The copper length is longer due to the twists in the cable pairs, so if a run
looks like it might be over 85m it would be wise to check it before it is tied up and
terminated.
Each outlet cable should be run directly back to the patch cabinet, that is one cable per
outlet. A transition point or connection box is allowed if necessary, but in practice this can
be more trouble than its worth.
Care should be taken when pulling cables in to ensure that they are not kinked or nicked.
Cable routes should be planned to avoid fluorescent light fittings and power cables
(exceptions can be made in the case of optical fiber). They should not be run in the same
conduit as power, or the same channel of a trunk system, and where they are run parallel to
power they must be at least 60mm apart (BS7671-92 IEEE 16th Edition wiring regulation
standard) . Crossing power cables is allowed but it must be at right angles, and some form
of bridge should be used.
A means of supporting the cables should be installed such as cable tray, catenary wire or
cable tie fixings, tying cables to ceiling hangers is not permitted. Cables should be tied at a
minimum of 500mm intervals on horizontal runs and more frequently on vertical runs, with
no more than 48 cables in a loom. Cable ties should only be finger tight to avoid crushing
the cables as this could affect the cables performance characteristics. Do not use cable tie
guns or staple guns.
87
Cable trays should be used under false floors, otherwise, a suitable method of keeping the
cable off the floor slab should be employed. This is because the lime in the concrete
apparently reacts with the cables sheathing, and over time could damage the cable. I
personally think the cable will have outlived its usefulness long before this could have any
affect on the cables performance.
Care should be taken when pulling cables into trunking to avoid damage due to snagging.
Trunking partitions should be used to separate the data cables from power, and bridges
should be used where data cables have to cross the mains.
When terminating patch panels, cable looms should not exceed 48 cables. Each cable loom
should then be tied in a tidy manner to a cable tray fitted the full length of the cabinet.
All terminating should be carried out according to the manufacturers instructions and
guidelines, and the standards for generic cabling systems. The cable sheath should be
stripped back no more than 13mm from the point of termination and the twist rates should
be maintained.
Cable ties MUST be fitted to the individual RJ45 modules in the patch panels and outlets to
support each cable.
When terminating outlets, care must be taken to avoid damaging the copper cores when
stripping back the outer sheathing.
Excessive amounts of cable should not be left in the outlet backbox. Care should be taken
when attaching the outlet faceplate not to kink, trap or strain the cable.
Cable tray should be fitted in cabinets housing structured cabling to keep cable looms
secure and tidy, and to provide room for any additional cabling.
All cabinets must be earthed to the 16th edition IEEE wiring regulations (British
regulations). Where shielded cable is used the earth should be clean and where two cabinets
are linked with a copper backbone (shielded or unshielded) a minimum of 10mm earth wire
should also be installed to cross bond the cabinets. 3
88

In Ethernet networks, there are three types of cable that can be used to design a structured
cabling design namely Unshielded Twisted-Pair (UTP), Shielded Twisted-Pair (STP) which
are both types of Twisted-Pair cable, and Fiber Optic cable.
Review Questions
1. The cable that is easy to install and is less expensive than other types of networking
media.
a) UTP
b) STP
c) Fiber Optic
2. This cable combined the techniques of shielding, cancellation, and wire twisting
a) UTP
b) STP
c) Fiber Optic
3. Attenuation is the tendency of a signal to weaken as it travels over a cable. This cable is
less subject to experiencing attenuation.
a) UTP
b) STP
c) Fiber Optic
89
Chapter 4: LAN Architecture

Chapter Objectives
90
Understand LAN protocols
Understand the media access methods
Know the different transmission methods
Identify the major LAN devices
Know what Ethernet Network is
Know what the 5-4-3 rule is and how it is applied
Know the characteristics of a 10BaseT
Know what Ethernet Frame Types mean
LAN Media Access Methods

LAN Transmission Methods
LAN Devices
Ethernet Network
35
Notes
91
Understand LAN protocols

Understand the media access methods
Know the different transmission methods
Identify the major LAN devices
Know what Ethernet Network is
Know what the 5-4-3 rule is and how it is
applied
Know the characteristics of a 10BaseT
Know what Ethernet Frame Types mean
36
Notes
92
LAN Architecture
Network architecture refers to the structure
or layout of the hardware and software and
it includes the cable access method
(transmission), topology, and lower level
protocols.
The Local Area Network (LAN) is by far the
most common type of network.
37
Notes
93

Carrier Sense Multiple Access with Collision Detection (CSMA/CD)
used by Ethernet; devices contend for the network media.
When a device has data to send, it first listens to see if any
other device is currently using the network. If not, it starts
sending its data. After finishing its transmission, it listens
again to see if a collision occurred.
38
Notes
94
LAN Media Access Method - Collision

A collision occurs when two devices send data
simultaneously. When a collision happens, each device waits
a random length of time before resending its data.
39
Notes
95

Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA)
This method is cheaper to implement, since collision
detection circuitry is not required; however, it imposes more
delay and can slow network throughput.
40
Notes
96

Token Passing
This is a media that uses a special packet called a token. A
token is a special control frame on token ring, token bus,
and FDDI (Fiber Distributed Data Interface) networks that
determines which stations can transmit data on a shared
network.
41
Notes
97

In a unicast transmission, a single
packet is sent from the source to a
destination on a network by using
the network address IP address.
A multicast transmission consists of

a single data packet that is copied
and sent to a specific subset of
nodes on the network.
42
Notes
98

A broadcast transmission consists of a single data packet that is
copied and sent to all nodes on the network.
A broadcast storm occurs when a host
system responds to a packet that is
continuously circulating on the network
or attempts to respond to a system that
never replies.
Typically, request or response packets
are continuously generated to correct
the situation, often making matters
worse.
As the number of packets on the
network increases, congestion occurs
that can reduce network performance or
cripple it.
43
Notes
99
LAN Devices
Devices commonly used in LANs include repeaters,
hubs, LAN extenders, bridges, LAN switches.
44
Notes
100
Ethernet Network
Describe Ethernet Network

Identify Ethernet connection standards
Characteristics of Ethernet 10Base-T
Limitations of Ethernet
Understanding the 5-4-3 Rule
Ethernet Frame Types
45
Notes
101
Introduction
Network architecture refers to the structure or layout of the hardware and software and it
includes the cable access method (transmission), topology, and lower level protocols.
The Local Area Network (LAN) is by far the most common type of network. The 3 most
common types of LAN architectures are Ethernet, Token Ring and ArcNet (Attached
Resource Computing Network), which are sometimes referred to as "lower-level protocols"
because they represent the specifications for the IEE802 model which encompasses the
Physical (1st) and Data link (2nd) layers of the OSI model. However, the major LAN
architecture in use today is Ethernet.
This chapter will introduce the LAN protocols, topologies, various media-access methods,
transmission methods, and devices used in a local-area network (LAN) and will primarily
focus on the Ethernet.

Local area networks are typically shared by a number of attached systems, and only one
system at a time may use the network cable to transmit data. An access method defines how
a system gains access to a shared network in a cooperative way so its transmissions do not
interfere with the transmissions of other systems. Simultaneous access to the cable is either
prevented by using a token-passing method or controlled with a carrier sensing and collision
detection method.
The primary access methods are listed below. All Ethernet networks use the first access
method, CSMA/CD. The last is used by first Token Ring networks, which is not commonly
used in modern networks.
Carrier Sense Multiple Access with Collision Detection (CSMA/CD)

In networks using CSMA/CD technology such as Ethernet, network devices contend for
the network media. When a device has data to send, it first listens to see if any other
device is currently using the network. If not, it starts sending its data. After finishing its
transmission, it listens again to see if a collision occurred. A collision occurs when two
devices send data simultaneously. When a collision happens, each device waits a
random length of time before resending its data. In most cases, a collision will not occur
again between the two devices. Because of this type of network contention, the busier a
network becomes, the more collisions occur. This is why performance of Ethernet
degrades rapidly as the number of devices on a single network increases.
Contention
Contention is the most popular media access control used on LANs. This control
enables any station to immediately access the media if it is not in use. To accomplish
this, all stations sense or listen to the media using the receive channel. If no data
102
communication is sensed, the station can transmit a packet. If two stations listen at
exactly the same time, both will send packets. This situation results in a packet
collision. A collision renders the data packets unusable.
Contention Characteristics
Contention media access control has the following characteristics.
Software is simple with little overhead.
When a device transmits, the device temporarily has total control of the media
until the transmission is complete.
Contention is not probabilistic. Access times cannot be predicted.
Priorities cannot be assigned to give certain devices quicker access to the

media.
More collisions will result from adding more devices to the network.
For CSMA/CD networks, switches segment the network into multiple collision
domains. This reduces the number of devices per network segment that must contend
for the media. By creating smaller collision domains, the performance of a network can
be increased significantly without requiring addressing changes.
Normally CSMA/CD networks are half-duplex, meaning that while a device sends
information, it cannot receive at the time. While that device is talking, it is incapable of
also listening for other traffic. This is much like a walkie-talkie. When one person
wants to talk, he presses the transmit button and begins speaking. While he is talking,
no one else on the same frequency can talk. When the sending person is finished, he
releases the transmit button and the frequency is available to others.
When switches are introduced, full-duplex operation is possible. Full-duplex works
much like a telephoneyou can listen as well as talk at the same time. When a network
device is attached directly to the port of a network switch, the two devices may be
capable of operating in full-duplex mode. In full-duplex mode, performance can be
increased, but not quite as much as some like to claim. A 100-Mbps Ethernet segment is
capable of transmitting 200 Mbps of data, but only 100 Mbps can travel in one direction
at a time. Because most data connections are asymmetric (with more data traveling in
one direction than the other), the gain is not as great as many claim. However, fullduplex operation does increase the throughput of most applications because the network
media is no longer shared. Two devices on a full-duplex connection can send data as
soon as it is ready.
Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA)

This access method is a variation on the CSMA/CD method. Nodes estimate when a
collision might occur and avoid transmission during that period. This method is cheaper
to implement, since collision detection circuitry is not required; however, it imposes
more delay and can slow network throughput.
103
Token Passing
This is a media that uses a special packet called a token. A token is a special control
frame on token ring, token bus, and FDDI (Fiber Distributed Data Interface) networks
that determines which stations can transmit data on a shared network. The node that has
the token can transmit. Unlike contention-based networks, such as Ethernet,
workstations on token-based networks do not compete for access to the network. Only
the station that obtains the token can transmit. Other stations wait for the token rather
than try to access the network on their own. On Ethernet networks, "collisions" occur
when two or more workstations attempt to access the network at the same time. They
must back off and try again later, which reduces performance, especially as the number
of workstations attached to a network segment increases.

How do computers communicate? What are the methods of transmitting data in the
network? LAN data transmissions fall into three classifications: unicast, multicast, and
broadcast.
In each type of transmission, a single packet is sent to one or more nodes.
In a unicast transmission, a single packet is sent from the source to a destination on a
network by using the network address (Internet Protocol or IP address). First, the source
node addresses the packet by using the address of the destination node. The package is then
sent onto the network, and finally, the network passes the packet to its destination.
Figure 4-1 Unicast Network
A multicast transmission consists of a single data packet that is copied and sent to a specific
subset of nodes on the network. First, the source node addresses the packet by using a
multicast address. For example, the TCP/IP suite uses 175.123.167.198 to 239.255.255.255.
The packet is then sent into the network, which makes copies of the packet and sends a
copy to each node that is part of the multicast address.
104
Figure 4-2 Multicast Network
Figure 4-3 Broadcast Network
A broadcast transmission consists of a single data packet that is copied and sent to all nodes
on the network. In these types of transmissions, the source node addresses the packet by
using the broadcast address. The packet is then sent on to the network, which makes copies
of the packet and sends a copy to every node on the network.
Multimedia broadcast traffic is a much more bandwidth-intensive broadcast traffic type.
Unlike a data broadcast, it is typically several megabits in size; therefore, it can quickly
consume network and bandwidth resources. Broadcast-based protocols are not preferred
because every network device on the network must expend CPU cycles to process each data
frame and packet to determine if that device is the intended recipient. Data broadcasts are
105
necessary in a LAN environment, but they have minimal impact because the data broadcast
frames that are traversing the network are typically small.
A broadcast storm occurs when a host system responds to a packet that is
continuously circulating on the network or attempts to respond to a system that
never replies. Typically, request or response packets are continuously generated
to correct the situation, often making matters worse. As the number of packets on
the network increases, congestion occurs that can reduce network performance
or cripple it.
Generally, multicasting is the act of transmitting a message to a select group of recipients.

This is in contrast to the concept of a broadcast, where traffic is sent to every host on the
network, or a unicast, where the connection is a one-to-one relationship, and there is only
one recipient of the data. Think about sending an email message. If you send an email
message to your manager, it is an example of a unicast message. If you send an email
message to every user on the system, it is a broadcast. Send an email message to a mailing
list, and you have sent a multicast message, which falls between the previous two.
Teleconferencing and videoconferencing use the concept of multicasting, as does broadcast
audio, where the connection is one to a selected group. At this time, only a few applications
take advantage of this feature, but with the growing popularity of multicast applications,
you may see more multicast applications in the future. WINS is one that you can keep on
the list, but only for small networks.
LAN Devices
Devices commonly used in LANs include repeaters, hubs, LAN extenders, bridges, LAN
switches.
A repeater is a physical layer device used to interconnect the media segments of an
extended network. A repeater essentially enables a series of cable segments to be treated as
a single cable. Repeaters receive signals from one network segment and amplify, retime,
and retransmit those signals to another network segment. These actions prevent signal
deterioration caused by long cable lengths and large numbers of connected devices.
Repeaters are incapable of performing complex filtering and other traffic processing. In
addition, all electrical signals, including electrical disturbances and other errors, are
repeated and amplified. The total number of repeaters and network segments that can be
connected is limited due to timing and other issues. The illustration below shows a repeater
connecting two network segments.
106
Figure 4-4 A repeater connecting two network segments
A hub is a physical layer device that connects multiple user stations, each via a dedicated
cable. Electrical interconnections are established inside the hub. Hubs are used to create a
physical star network while maintaining the logical bus or ring configuration of the LAN. In
some respects, a hub functions as a multi-port repeater.
A LAN extender is a remote-access multilayer switch that connects to a host router. LAN
extenders forward traffic from all the standard network layer protocols (such as IP) and
filter traffic based on the MAC address or network layer protocol type. LAN extenders scale
well because the host router filters out unwanted broadcasts and multicasts. However, LAN
extenders are not capable of segmenting traffic or creating security firewalls.
Figure 4-5 Multiple LAN extenders can connect to the host router through a WAN
Ethernet Network
Ethernet is a shared LAN technology that was developed in the early 1970s by some of the
same pioneers who were working on the development of the Internet. The basic design
consists of a shared transmission medium in the form of a coaxial cable or a multi-port hub.
If the medium used is a cable, workstations (nodes) are tapped into the cable along its path
through a room or building. If a hub is used, workstations connect to the hub via twisted-
107
pair cables in a star-like configuration. Since the communication medium is shared, nodes
must listen to make sure the cable is not in use before transmitting. This works well for
small LANs, but the sharing scheme runs into problems as networks grow.
The Ethernet protocol is by far the most widely used in LAN technology because its
protocol has the following characteristics:
Is easy to understand, implement, manage, and maintain
Allows low-cost network implementations
Provides extensive topological flexibility for network installation
Guarantees successful interconnection and operation of standards-compliant products,

regardless of manufacturer
Ethernet connection standards

A variety of standards define the types of cable and connectors to be used, which in turn
define the distances between computers that can be supported. ESTA's 'Recommended
Practice for Ethernet Cabling Systems in Entertainment Lighting Applications' specifies
10Base2, 10Base-T and 10Base-FL (Fiber Optic) cable.
108
Ethernet 10Base2 uses thinnet and coaxial cables. A daisy chain can be
created by using a T-connector on each computers. It network interface card (NIC) and
a BNC 50-ohm terminator at both ends of the chain. Each segment (from one end to the
other of the chain or the point to point connection) can be up to 185 meters (600 feet).
Up to 30 connections can be supported, one ground per segment; a minimum of 1.5 feet
(.5 meters) between T-connectors; and a maximum of 1,818 feet (555 meters) per trunk
segment.
10BASE2 uses thin Ethernet cable. Thin coax cable, or Thin Ethernet,
implemented with T-connectors and terminators, such as RG-58 and A/U or C/U, have
the following specifications: a 50-ohm terminator on each end of the cable; a maximum
length of 1,000 feet (185 meters) per segment; a maximum of 30 devices per segment; a
network board using the internal transceiver; a maximum of 3 segments with attached
devices (populated segments); one ground per segment; a minimum of 1.5 feet (.5
meters) between T-connectors; a maximum of 1,818 feet (555 meters) per trunk
segment; and a maximum of 30 connections per segment.
Ethernet 100Base-T also uses twisted-pair wiring. The typical bit-rate of this
system is 100Mbit/s.
Specification
Cable Type
Maximum
length
10BaseT
Unshielded
Twisted Pair
100 meters
10Base2
Thin Coaxial
185 meters
10Base5
Thick Coaxial
500 meters
10BaseF
Fiber Optic
2000 meters
100BaseT
Unshielded
Twisted Pair
100 meters
Figure 4-6 Ethernet Cable Summary

Fast Ethernet Physical Specifications
100BASE-TX specification uses two pairs of Category 5 UTP or Category 1 STP

cabling at a 100 Mbps data transmission speed. Each segment can be up to 100
meters long.
100BASE-T4 specification uses four pairs of Category 3, 4, or 5 UTP cabling at a

100 Mbps data transmission speed with standard RJ-45 connectors. Each segment
can be up to 100 meters long.
100BASE-FX specification uses two-strand 62.5/125 micron multi- or singlemode fiber media. Half-duplex, multi-mode fiber media has a maximum segment
length of 412 meters. Full-duplex, single-mode fiber media has a maximum
segment length of 10,000 meters.
Characteristics of Ethernet 10Base-T

10Base-T's biggest advantage is a star, or distributed, topology, which allows for
clusters of workstations in departments or other areas. It is easy to build a hierarchical
wiring system. Even though cable segment distances are shorter, the hierarchical
topology provides a cabling scheme that makes up for this deficiency.
In a basic 10Base-T network, workstations are attached to a central hub or switch that
acts as a repeater. When a signal from a workstation arrives, the hub broadcasts it on all
output lines. You can attach hubs to other hubs in a hierarchical configuration.
109
Workstations are attached to the hub with a UTP (unshielded twisted-pair) cable that
cannot exceed 100 meters (328 feet).
10Base-T connections use Category 5, which provides for future growth into faster
transmission technologies such as 100Base-T or 1000Base-T.
Below is a basic specifications list of the 10Base-T network.
The maximum number of nodes per segment is 1,024, not counting repeaters.
Use Category 3, 4, or 5 unshielded twisted-pair cable.
Use RJ-45 jacks at the end of cables. Pins 1 and 2 are "transmit" and pins 3 and 6
are "receive."
The distance from a station to a hub cannot exceed 100 meters (328 feet).
Up to 12 repeater hubs can be attached to a central hub to expand the number of

network stations, but the number of repeaters cannot exceed 4 between any two
end nodes.
A bridge may be used to extend some of these limitations. Divide large networks
with routers as discussed earlier.
Limitations of Ethernet
There are practical limits to the size of our Ethernet network. A primary concern is the
length of the shared cable.
Electrical signals propagate along a cable very quickly, but they weaken as they travel,
and electrical interference from neighboring devices (fluorescent lights, for example)
can scramble the signal. A network cable must be short enough that devices at opposite
ends can receive each other's signals clearly and with minimal delay. This places a
distance limitation on the maximum separation between two devices on an Ethernet
network.
Additionally, since in CSMA/CD only a single device can transmit at a given time,
there are practical limits to the number of devices that can coexist in a single network.
Ethernet networks face congestion problems as they increased in size. If a large number
of stations connected to the same segment and each generated a sizable amount of
traffic, many stations may attempt to transmit whenever there was an opportunity.
Under these circumstances, collisions would become more frequent and could begin to
choke out successful transmissions, which could take inordinately large amounts of
time to complete. One way to reduce congestion would be to split a single segment into
multiple segments, thus creating multiple collision domains. This solution creates a
different problem, as now these now separate segments are not able to share
information with each other.
To alleviate these problems, Ethernet networks implemented bridges. Bridges connect
two or more network segments, increasing the network diameter as a repeater does, but
bridges also help regulate traffic. They can send and receive transmissions just like any
other node, but they do not function similar to a normal node. The bridge does not
110
originate any traffic of its own; like a repeater, it only echoes what it hears from other
stations.
Understanding the 5-4-3 Rule

When setting up a tree topology using Ethernet protocol, consider the 5-4-3 rule. One
aspect of the Ethernet protocol requires that a signal sent out on the network cable reach
every part of the network within a specified length of time. Each repeater that a signal
goes through adds a small amount of time. This leads to the rule that between any two
nodes on the network, there can only be a maximum of 5 segments, connected through 4
repeaters. In addition, only 3 of the segments may be populated (trunk) segments if they
are made of coaxial cable. A populated segment means that one or more nodes are
attached to it.
However, this rule does not apply to other network protocols or Ethernet networks
where all fiber optic cabling or a combination of a fiber backbone with UTP cabling is
used. If there is a combination of fiber optic backbone and UTP cabling, the rule is
simply translated to 7-6-5 rule.
Ethernet Frame Types

In Novell LAN environment, there are a variety of Ethernet Frame Types that may be
observed, depending upon the version of NetWare, and the applications employed.
Figure 4-7 Ethernet Frame Types
Ethernet 802.2 is one of them. This frame includes fields from 802.3 and 802.2 (Logical
Link Control) and can support the Novell IPX/SPX (Internetwork Packet
Exchange/Sequenced Packet Exchange) and FTAM (File Transfer, Access, and
Management) protocols. The frame parameters are identical to those listed above,
except that the first three bytes of the data field are used to indicate 802.2 header
Logical Link Control (LLC) information.
Preamble
:
Destination Address :
Source Address
:
Length Field
:
Data Field
:
Pad Characters
:
Frame Check Sequence:
8 bytes
6 bytes
6 bytes
2 bytes
Between 46 and 1500 bytes (including LLC)
Variable, stuffs data field up to 46 bytes
4 bytes
111
Min Frame Length

Max Frame Length
: 64 bytes
: 1518 bytes (not including Preamble)
The LLC field consists of:

Destination Service Access Point (DSAP): 1 byte (NetWare 0xE0)
Source Service Access Point (SSAP)
: 1 byte (NetWare 0xE0)
Control Field
: 1 byte (NetWare 0x03)
NetWare IPX/SPX packets will assign a hexadecimal value of E0 to the DSAP

and SSAP fields and a hexadecimal value of 03 to the Control field. The "03"
Control value indicates an unnumbered 802.2 layer.
112

The Local Area Network (LAN) is by far the most common type of network. CSMA/CD
technology is an access method used by the Ethernet network to gain access to a shared
network. For CSMA/CD networks, switches segment the network into multiple collision
domains. This reduces the number of devices per network segment that must contend for the
media.
LAN data transmissions fall into three classifications: unicast, multicast, and broadcast.
In each type of transmission, a single packet is sent to one or more nodes. The devices
commonly used to transmit data in LANs include repeaters, hubs, extenders, bridges, and
switches.
The 5-4-3 rule indicates a rule between any two nodes on the network - there can only be a
maximum of 5 segments, connected through 4 repeaters. In addition, only 3 of the segments
may be populated (trunk) segments if they are made of coaxial cable.
Review Questions
1. The network devices contend for the network media in the CSMA/CD method. This
means that
a) Nodes estimate when a collision might occur and avoid transmission during that
period.
b) When a device has data to send, it first listens to see if any other device is currently
using the network
c) The source node addresses the packet by using the broadcast address
d) The source node addresses the packet by using a multicast address
2. LAN extenders forward traffic from all the standard network layer protocols (such as
IP) and filter traffic based on
a) Packet
b) MAC address
c) Electrical connections
d) Cabling scheme
3. Why did Ethernet networks implement bridges?
a) To build a hierarchical wiring systems
b) To solve congestion problems due to increase of devices in the network
c) To combine fiber optic backbone and UTP cabling
d) To send a single packet to one or more nodes
4. An Ethernet connection standard that relies on twisted pair wiring (shielded or
unshielded) to connect computers.
a) Ethernet 10Base2
113
b) Ethernet 10Base-T
c) Ethernet100Base-T
5. In the 5-4-3 rule, which statement is true?
a) Between any two nodes on the network, there can only be a maximum of 5
segments, connected through 4 repeaters, 3 of the segments may be populated
(trunk) segments if they are made of coaxial cable.
b) Between any two nodes on the network, there can only be a maximum of 5
repeaters, connected through 4 segments, 3 of the segments may be populated
(trunk) segments if they are made of twisted-pair cable.
c) Between any two nodes on the network, there can only be a maximum of 5
114
Chapter 5: Network Connectivity Devices
Chapter 5: Network Connectivity

Devices
Chapter Objectives
Know what a WAN is
Know what a hub is and how it functions
Know what a repeater is and how it functions
Know the capabilities and limitations of a repeater
Know the capabilities and limitations of a bridge
Know the capabilities and limitations of a router
Know the capabilities and limitations of a brouter
Know the capabilities and limitations of a gateway
Know the types of gateways
Know what a broadcast storm is, how it is caused, and how it can be prevented
Know how packets are routed across a network
Know what an Ethernet switch is and how it functions
Identify the appropriate device to connect two networks
Know what a routing table is and how it is used
Distinguish between dynamic and static routing
Distinguish between RIP, RIP2 and OSPF
115
Connection Devices in Networking

Hubs
Repeaters
Bridges
Switches
Routers
Brouters
Gateways
Routing Protocol
Overview of Wide Area Network (WAN)
46
Notes
116
Know what a WAN is

Know what a hub is and how it functions
Know what a repeater is and how it functions
Know the capabilities and limitations of a repeater
Know the capabilities and limitations of a bridge
Know the capabilities and limitations of a router
Know the capabilities and limitations of a brouter
Know the capabilities and limitations of a gateway
Know the types of gateways
Know what a broadcast storm is, how it is caused, and how it can
be prevented
Know how packets are routed across a network
Know what an Ethernet switch is and how it functions
Identify the appropriate device to connect two networks
Know what a routing table is and how it is used
Distinguish between dynamic and static routing
Distinguish between RIP, RIP2 and OSPF
47
Notes
117
Network Connectivity Devices
Hubs
Repeaters
Switches
Bridges
Routers
Brouters
Gateways
48
Notes
118
Hubs
Hubs are devices used to link
several computers together.
Most often used in 10BaseT
Ethernet networks.
Multi-port repeaters. They repeat
any signal that comes in on one
port and copy it to all the other
ports (a process also called
broadcasting).
Hubs, like switches, allow
multiple nodes (computers,
servers and printers) to share the
same wired or wireless
connection.
49
Notes
119
Repeaters
Electrically amplifies the signal it
receives and rebroadcasts it
Can be separate devices or they
can be incorporated into a switch
therefore allowing connection of
segment of the same network even
if they use different media
Used to extend the network when
the total length of your network
cable exceeds the standards set for
the type of cable being used
50
Notes
120
Bridges
Allow you to segment a large network into two smaller, more efficient
networks while retaining the same broadcast domain
Extend a single LAN to greater distances by bridging two distant LANs
with bridges joined by fiber-optic cable
Monitor the information traffic on both sides of the network
Can inspect each message and, if necessary, broadcast it on the other
side of the network
51
Notes
121
Switches
Provide a central connection
point for cables from
workstations, servers, and
peripherals
Most switches are active - they
electrically amplify the signal as it
moves from one device to another
More expensive than a hub or
bridge and the configuration of
additional functions can be very
complex.
Switch is a faster, simpler device
than a router, but can incorporate
some of the router's functions.
Analyze the network to better
route the data
52
Notes
122
Routers
Can connect different network segments, if they are in the
same building or even on the opposite side of the globe.
Capable of translating the data information from one network
to another; it is similar to a superintelligent bridge.
Can also direct traffic to prevent head-on collisions
Can sense the traffic in entire network to determine which
sections are busiest and choose the shortest path
53
Notes
123
Brouters
A hybrid device that merges bridging and routing technology.
A network bridge and a router combined in a single product.
A bridge that can bridge multiple protocols and provide routing for
some of those protocols.
54
Notes
124
Gateways
A gateway forwards data between IP

networks.
A machine that acts as an interface
between a small network and a
much larger one, such as a LAN
connecting to the Internet.
In the early days of the Internet,
routers were called gateways.
It is usually called the default
gateway, meaning that it is the
primary path to other networks.
55
Notes
125
Routing Table
A database which keeps track of the routes to networks and
the associated costs is called a routing table. It consists of
destinations, routes, and next hops. These entries define a
route to a destination network.
56
Notes
126
Dynamic Route: Routed versus Routing
57
Notes
127
Multiprotocol Routing
58
Notes
128
IP Routing Configuration Tasks
59
Notes
129
Typical broadband communication systems

60
Notes
130
Keys To Remember
Repeaters, bridges, routers and gateways all extend and
segment networks. The difference between these devices lies
in the different degrees of data discrimination and handling
capability.
Repeater: Regenerates signals to span longer segments
of network. Does not alter data.
Bridge: Links two subnets (networks) that use the same
media and protocol. May control data traffic and speed.
Router: Allows the interconnection of two or more
physically distinct networks and have advanced
intelligence enabling it to determine the most efficient
method of delivering data.
Gateways: Designed to connect radically different
networks.
61
Notes
131
Introduction
Network cables link computers to computers. Most cable types allow networks to be
hundreds of feet long. But what if your network needs to be bigger than that? What if your
requirement is to connect a LAN to other LANs? What if the architecture youre using for
your network is limiting the growth of your network along with the growth of your
company? The answer to this is found in a special class of networking devices known as
connectivity devices. These devices allow communications to break the boundaries of local
networks and allow your computers to talk to wide area networks such as other computers
in the next building, city or country.
Connection Devices in Networking

There are several categories of connectivity devices that will be discussed later in this
chapter:
Hubs
Repeaters
Switches
Bridges
Routers
Brouters
Gateways
These connectivity devices have made it possible to lengthen the distance of the network to
almost unlimited distances.
Figure 5-1 Illustration of a networking hardware connected together.
132
Hubs
Hubs are devices used to link several computers together. They are used most often in
10BaseT Ethernet networks. They are also very simple devices. In fact, they are just multiport repeaters. They repeat any signal that comes in on one port and copy it to all the other
ports (a process also called broadcasting).
There are two types of hubs: active and passive. Passive hubs simply connect all ports
together electrically and are usually not powered. Active hubs use electronics to amplify
and clean up the signal before it is broadcast to the other ports. In the category of active
hubs, there is also a class called "intelligent" hubs, which are hubs that can be remotely
managed on the network.
Up until a few years ago, hubs were considered fairly sophisticated devices that could
provide an adequate network infrastructure for most small and medium-sized organizations.
But bandwidth-hungry electronic business applications, powerful desktop PCs, heightened
security concerns, wireless and converged technologies and 24x7 operations have forever
changed the demands on the network. Today, organizations of all sizes must build switching
technology into their LAN infrastructures in order to get the performance, capacity and
intelligent services that they need. Hubs, like switches, allow multiple nodes (computers,
servers and printers) to share the same wired or wireless connection. However, even the
simplest switch is more sophisticated than a hub because it forwards data packets only to
the appropriate port for the intended recipient based on information in each packet. It
extends the collision domain, cannot filter information, therefore passing the packets to all
connected segments.
Figure 5-2 Network computers connected to the Internet through a network hub
133
Repeaters
Since a signal loses strength as it passes along a cable, it is often necessary to boost the
signal with a device called a repeater. The repeater electrically amplifies the signal it
receives and rebroadcasts it. Repeaters can be separate devices or they can be incorporated
into a switch, therefore allowing connection of segment of the same network, even if they
use different media. They are used to extend the network when the total length of your
network cable exceeds the standards set for the type of cable being used.
A good example of the use of repeaters would be in a local area network using a star
topology with unshielded twisted-pair cabling. The length limit for unshielded twisted-pair
cable is 100 meters. The most common configuration is for each workstation to be
connected by twisted-pair cable to a multi-port active concentrator. The concentrator
amplifies all the signals that pass through it allowing for the total length of cable on the
network to exceed the 100 meter limit.
Figure 5-3 Repeaters boost the signal in the network
Bridges
A bridge is a device that allows you to segment a large network into two smaller, more
efficient networks while retaining the same broadcast domain. It also extends a single LAN
to greater distances by bridging two distant LANs with bridges joined by fiber-optic cable.
A bridge monitors the information traffic on both sides of the network so that it can pass
packets of information to the correct location. It can provide a barrier that keeps electrical
or other problems on one segment from propagating to the other segment. Most bridges can
134
"listen" to the network and automatically figure out the address of each computer on both
sides of the bridge. The bridge can inspect each message and, if necessary, broadcast it on
the other side of the network. It isolates each LAN from the collisions that occur on other
LANs. Thus, it creates separate collision domains.
In the past, the bridge was a small box with several LAN connectors or a server with several
network interface cards. Today, bridges are more likely to appear in the form of switching
devices, which are technically multi-port bridges. Each port provides a separate LAN
connection that is bridged to the other ports.
Figure 5-4 Wireless is also used as access point
Switches
A switch is a device that provides a central connection point for cables from workstations,
servers, and peripherals. In a star topology, twisted-pair wire is run from each workstation
to a central switch. Most switches are active, that is they electrically amplify the signal as it
moves from one device to another. Switches no longer broadcast network packets as hubs
did in the past, they memorize addressing of computers and send the information to the
correct location directly. However, switches are more expensive than a hub or bridge and
the configuration of additional functions can be very complex.
A switch selects a path or circuit for sending a unit of data to its next destination. In general,
a switch is a faster, simpler device than a router, but can incorporate some of the router's
functions. The basic switch simply selects the next path the data needs to go without
analyzing the entire path. This ability allows switches to disallow some signals from
continuing on the network. This can help reduce collisions, and increase network
performance. Some switches act at Level 3, sometimes called IP Switches or Layer 3
Switches.
These switches perform many of the functions of a router. They can analyze the network to
better route the data. These switches can also be used to break up segments. By assigning
different ports to different segments, the switch can route data to the correct segment.
The advantages of using a switch includes the capability to limit the collision domain, can
extend network distances, it uses MAC address to filter traffic, eases congestion, can
connect different types of media, and some can connect differing architectures.
135
On the other hand, a switch cannot filter broadcast packets. It is more expensive than a
repeater but slower than a repeater. This is primarily due to additional processing of packets
within the same broadcast domain.
A switch is like an advanced bridge. It separates network lines and helps reduce the number
of collisions. Instead of having two networks connected through a bridge, you can have
multiple networks connected through a switch. Here's one way to think of it: A repeater is to
a hub like a bridge is to a switch.
Figure 5-5 Network computers connected to the Internet through router/switch
Routers
Routers are specialized computers that send your messages and those of every other Internet
user speeding to their destinations along thousands of pathways. A router can connect
different network segments, if they are in the same building or even on the opposite side of
the globe. A router transmitting data is capable of translating the data information from one
network to another; it is similar to a superintelligent bridge. Routers select the best path to
route a messages between any two protocols using fiber optic, coaxial, and twisted-pair
cabling, based on the destination address and origin. It changes the packet size and format
to match the requirements of the destination network. The router can also direct traffic to
prevent head-on collisions, and is smart enough to know when to direct traffic along back
roads and shortcuts.
A router is more complicated than a bridge in that it can make decisions about where and
how to send packets of information.
While bridges know the addresses of all computers on each side of the network, routers
know the addresses of computers, bridges, and other routers on the network. Routers can
even "listen" to the entire network to determine which sections are busiest -- they can then
redirect data around those sections until they clear up.
136
A network needs a router to connect to the Internet. In this case, the router serves as the
translator between the information on your LAN and the Internet. It can also work in MAN
and WAN environments. It also determines the best route to send the data over the Internet.
The advantage of using a router over a bridge is that routers can determine the best path that
data can take to get to its destination. Like bridges, they can segment large networks and
can filter out noise. However, they are slower than bridges because they are more intelligent
devices; as such, they analyze every packet, causing packet forwarding delays. Because of
this intelligence, they are also more expensive.
How Does the Router Work?

When you send e-mail to someone on the other side of the country, the message ends up
exactly where you directed it, rather than on one of the millions of other computers in the
world. Much of the work to get a message from one computer to another is done by routers,
because they're the crucial devices that let messages flow between networks, rather than
within networks.
Here is how a simple router works. A small company that makes video commercials for
local television stations have 10 employees and each with a computer. Four of the
employees are video editors, while the rest are in marketing, accounting and management.
The video editors will need to send very large files back and forth to one another as they
work on projects. To do this, they'll use a network.
When editor sends a video file to another, the very large file will use up most of the
network's bandwidth, and possibly make the network run very slowly for other users. One
of the reasons that a single intensive user can affect the entire network performance stems
from the way that Ethernet works. Each information packet sent from a computer is seen by
all the other computers on the local network. Each computer then examines the packet and
decides whether it was meant for its address. This keeps the basic plan of the network
simple, but has performance consequences as the size of the network or level of network
activity increases. To keep the editors work from interfering with the people in the front
office, the company sets up two separate networks, one for the editors and one for the rest
of the company. A router links the two networks and connects both networks to the Internet.
It is the only device that sees every message sent by any computer on either of the
company's networks. When the editor in the example sends a huge file to another editor, the
router looks at the recipient's address and keeps the traffic on the editors network. When an
editor, on the other hand, sends a message to the accountant asking about an expenseaccount check, then the router sees the recipient's address and forwards the message
between the two networks.
One of the tools a router uses to decide where a packet should go is a configuration table. A
configuration table is a collection of information, including:
Information on which connections lead to particular groups of addresses
Priorities for connections to be used
Rules for handling both routine and special cases of traffic
137
A configuration table can be as simple as a half-dozen lines in the smallest routers, but can
grow to massive size and complexity in the very large routers that handle the bulk of
Internet messages.
A router, then, has two separate but related jobs:
It ensures that information doesn't go where it's not needed. This is crucial for
keeping large volumes of data from clogging the connections of "innocent
bystanders."
It makes sure that information does make it to the intended destination.
In performing these two jobs, a router is extremely useful in dealing with two separate
computer networks. It joins the two networks, passing information from one to the other
and, in some cases, performing translations of various protocols between the two networks.
It also protects the networks from one another, preventing the traffic on one from
unnecessarily spilling over to the other. As the number of networks attached to one another
grows, the configuration table for handling traffic among them grows, and the processing
power of the router is increased. Regardless of how many networks are attached, though,
the basic operation and function of the router remains the same.
Internet data, whether in the form of a Web page, a downloaded file or an e-mail message,
travels over a system known as a packet-switching network. In this system, the data in a
message or file is broken up into packages about 1,500 bytes long. Each of these packages
gets a wrapper that includes information on the sender's address, the receiver's address, the
package's place in the entire message, and how the receiving computer can be sure that the
package arrived intact. Each data package, called a packet, is then sent off to its destination
via the best available route - a route that might be taken by all the other packets in the
message or by none of the other packets in the message. If there is a problem with one piece
of equipment in the network while a message is being transferred, packets can be routed
around the problem, ensuring the delivery of the entire message.
Note: To know more information about routing protocols, go to
Chapter 7 TCP/IP Protocols.
What is a Routing Table?

A Routing Table is a database which keeps track of the routes to networks and the
associated costs. It consists of destinations, routes, and next hops. These entries define a
route to a destination network. A router may create or maintain a table of the available
routes and their conditions and use this information along with distance and cost algorithms
to determine the best route for a given packet. Typically, a packet may travel through a
number of network points with routers before arriving at its destination. Routers must be
constantly updated to changes in the network topology. Routes may be added or removed,
or routes may fail due to a break in the physical link. Convergence is part of the routing
table update process. When a link fails or changes, updates are sent across the network that
describe changes in the network topology. Each router then runs a routing algorithm to recompute routes and build new routing tables based on this information. Once all the routers
in the network have updated their routing tables, convergence is complete.
138
Convergence is a dynamic routing process as opposed to static routing. In static

routing, an operator programs routes into routers. Static routing is appropriate for
small networks or when dedicated links exist between networks.
The routing table consists of three types of entries: destinations, routes, and next hops.
Figure 5-6 Illustration that shows how the routing table entries are related
A destination in the routing table is a network entry represented by a network IP address

and a network subnet mask. A destination entry in the routing table includes the address,
expressed as a network address and network mask, a list of routes to the destination, a list of
opaque pointer slots, the views in which this destination is valid.
The destination contains a structure for each view that contains an identifier for the view, a
pointer to the best route to the destination in this view, the owner of the best route in this
view, flags associated with the best route in this view and a handle to any routes that are in
a hold-down state in this view.
Brouters
A brouter is a hybrid device that merges bridging and routing technology. A brouter is a
network bridge and a router combined in a single product. If a data unit on one LAN is
intended for a destination on an interconnected LAN, the bridge forwards the data unit to
that LAN; otherwise, it passes it along on the same LAN. A bridge usually offers only one
path to a given interconnected LAN.
139
A router connects a network to one or more other networks that are usually part of a wide
area network (WAN) and may offer a number of paths out to destinations on those
networks. A router therefore needs to have more information than a bridge about the
interconnected networks. It consults a routing table for this information.
Since a given outgoing data unit or packet from a computer may be intended for an address
on the local network, on an interconnected LAN, or the wide area network, it makes sense
to have a single unit that examines all data units and forwards them appropriately
Many routers today have bridging functions built into them. When you enable these
functions, your router becomes a bridging-router, or brouter. Basically, a brouter is a bridge
that can bridge multiple protocols and provide routing for some of those protocols. It can be
programmed only to pass data packets using a specific protocol such as IP to route data
packets to the appropriate network. In this case, it is functioning in a similar manner to a
bridge, hence the name.
Figure 5-7 Network computers connected to the Internet through brouter
Gateways
A gateway forwards data between Internet Protocol (IP) networks. It is a machine that acts
as an interface between a small network and a much larger one, such as a local area network
connecting to the internet. Gateways are also used in large corporations to connect small
office-based LANs into the larger corporate mainframe networks. Usually, the gateway
connects to a high-speed network cable or medium called the backbone.
In the early days of the Internet, routers were called gateways. These devices provided
links, initially between mainframe computers, and then later between LANs and other
networks. The term route" is more common now, but gateway is still used when configuring
the IP protocol for host devices. Some networks have multiple routers that lead to other
networks. A host can be configured so that one of the routers is selected over any of the
others. It is usually called the default gateway, meaning that it is the primary path to other
networks.
140
They work at all levels of the OSI model due to the type of translation service they are
providing:
Address Gateway connects networks using the same protocol, but using different
directory spaces such as Message Handling Service
Protocol Gateway connects network using different protocols. Translates source

protocol so destination can understand it
Application Gateway translates between applications such as from an Internet

email server to a messaging server
Internet Routing
Internet routing devices traditionally have been called gateways. In today's terminology,
however, the term gateway refers specifically to a device that performs application-layer
protocol translation between devices. Interior gateways refer to devices that perform these
protocol functions between machines or networks under the same administrative control or
authority, such as a corporation's internal network. These are known as autonomous
systems. On the other hand, exterior gateways perform protocol functions between
independent networks.
Routers within the Internet are organized hierarchically. Routers used for information
exchange within autonomous systems are called interior routers, which use a variety of
Interior Gateway Protocols (IGPs) to accomplish this purpose. The Routing Information
Protocol (RIP) is an example of an IGP.
Routers that move information between autonomous systems are called exterior routers.
These routers use an exterior gateway protocol to exchange information between
autonomous systems. The Border Gateway Protocol (BGP) is an example of an exterior
gateway protocol.
Routing Protocol
A routing protocol is a type of client that registers with the routing table manager. Routers
use routing protocols to route data across a network like RIP (Routing Information
Protocol) and OSPF (Open Shortest Path First) to exchange information regarding routes to
a destination. Routing protocols are either unicast or multicast. Routing protocols advertise
routes to a destination. A routing protocol describes how updates are sent, what knowledge
is contained in these updates, when to send this knowledge, and how to locate recipients of
the updates.
Other types of routing methods include:
Static Routing routes are manually configured by a network administrator.

Manual or static routing requires the network administrator to examine the routes
and build the router tables. This is a very complicated task requiring constant
attention on a large network with frequent changes.
Dynamic Routing adjust automatically to changes in network topology, and

information it receives from other routers.
141
Dynamic routing is performed by routing protocols. These protocols dynamically

discover and maintain routing information. There are several routing protocols used
on networks today, including distance vector and link-state routing protocols. These
protocols broadcast information about errors in routing as well as the content of the
routing table. The following are examples of routing protocols:
Internet Control Message Protocol (ICMP)
Routing Information Protocol (RIP and RIP II)
Open Shortest Path First (OSPF)
Exterior Gateway Protocol (EGP)
Multiprotocol Routing - routers that are capable of supporting multiple independent

routing protocols and maintaining routing tables for several routed protocols
concurrently. This capability allows a router to deliver packets from several routed
protocols such as IP and IPX over the same data links.
A route is a path in the network that goes to a destination that has a certain cost associated
with it. The cost is represented by its administrative preference and its protocol-specific
metric. Each route has an administrative preference (specified by the routing policy), and a
client-dependent metric. The routing table manager uses this information to determine
which route is the better route to a destination. Routes with lower preference are better
routes (one being lowest, and therefore best). If two routes have the same preference, the
route with the lower metric is the better route.
Preference is normally used to indicate priority between clients. For example, an
administrator can assign OSPF a lower (better) preference than RIP. In this case,
OSPF routes are preferable to RIP routes.
Routes with lower costs are preferred over all other routes. A route entry in the routing table
includes a handle to the destination, the owner of this route, the neighbor (peer) that
provided the route information, flags associated with the state of the route, flags associated
with the route, the preference and metric for the route, the list of views to which the route
belongs, information that is private to the owner of the route, and a list of next hops used to
reach the destination.
Routes have one or more next hops associated with them. If the destination is not on a
directly connected network, the next hop is the address of the next router (or network) on
the outgoing network that can best route data to the destination. The best route is the route
that has the least cost, based on the routing policy in use. Each next hop can be used to
forward data on the path to the destination. All routes owned by a client share a common set
of next-hop entries that were added by the client.
Each next hop is uniquely identified by the address of the next hop and the interface index
used to reach the next hop. If the next hop itself is not directly connected, it is marked as a
"remote" next hop. In this case, the forwarder must perform another lookup using the next
hop's network address. This lookup is necessary to find the "local" next hop used to reach
the remote next hop and the destination.
142
A next-hop entry in the routing table includes the network address of the next hop, the
owner of the next hop, the identifier of the outgoing interface, the state of the next hop,
flags associated with the next hop, information that is private to the owner of the next hop
and a handle to the destination corresponding to the remote next hop.
A protocol with the same protocol identifier (that is, the same vendor identifier and
protocol-specific identifier) can register with the routing table manager multiple times. Each
time, the protocol registers using a different protocol instance identifier. For example, an
implementation of OSPF from a particular vendor can register as Vendor-OSPF-1 and
Vendor-OSPF-2. This enables a specific protocol implementation to partition the
information that it keeps in the routing table.

Autonomous System (AS)
AS consists of routers, run by one or more operators that present a consistent view of
routing to the external world. (Routers under a common administration). The Internet
Network Information Center (InterNIC) assigns a unique autonomous system to enterprises.
This autonomous system is a 16-bit number. A routing protocol such as Cisco's Interior
Gateway Routing Protocol (IGRP) requires that you specify this unique, assigned
autonomous system number in your configuration.
Exterior routing protocols are used to communicate between autonomous systems.
Interior routing protocols are used within a single autonomous system.
Interior IP Routing Protocols:
RIP - A distance vector routing protocol.
IGRP Ciscos distance vector routing protocol. (supports multipath

routing)
OSPF - A link-state routing protocol.
Enhanced IGRP - A balanced hybrid routing protocol.
IP Routing configuration tasks:
Global Configuration selects a routing protocol, RIP or IGRP and assign IP network
numbers without specifying subnet values.
Interface Configuration assigns network/subnet addresses and subnet mask
Unicast Routing
A unicast route to a destination is used by a unicast routing protocol to forward unicast data
to that destination. Examples of unicast routing protocols include: Routing Information
Protocol (RIP), Open Shortest Path First (OSPF), and Border Gateway Protocol (BGP).
The RIP for IP routing communicates RIP learned routes by using the Route Table Manager
(Rtm.dll), the central repository for routing information for all routing protocols that
operate under the Routing and Remote Access service and for other components such as the
IP Router Manager.
143
The Windows Server 2003 Routing and Remote Access service supports (for
IPv4 only) both RIP version 1 and version 2 (RIP v1 and RIP v2). However, RIP
v1 is considered outdated. RIP v1 was the first routing protocol accepted as a
standard for TCP/IP. The updated RIP version 2 (RIP v2) supports simple
password authentication (a form of router identification, not a security option) and,
more important, provides improved support for classless networks.
The unicast routing also uses Windows Sockets (Winsock) to send and receive RIP traffic.
Winsock is an implementation of the industry-standard Sockets API for the Windows
operating system. Lastly, it exports management APIs to support SNMP management
information bases (MIBs) and other management applications by using the IP Router
Manager. A MIB is a set of objects, which represent various types of information about a
device that are used by SNMP to manage the device.
Unicast IP Routing in a Windows-based Internetwork4
A typical IPv4 internetwork might contain a mix of computers running Windows Server
2003, Windows XP, Windows 2000 Server, Windows 2000 Professional, or UNIX
operating systems. These computers might be located in multiple subnets connected by
hardware routers from Cisco Systems and software routers running the Windows Server
2003 Routing and Remote Access service. Such an internetwork can easily communicate
with computers on the global Internet because the Internet is also an IP internetwork.
A medium-size or enterprise-size Windows IP internetwork typically deploys the Active
Directory directory service, DNS, and DHCP, and the following routing-related services:
A routing protocol, such as RIP v2 or OSPF, to enable routing information

exchange between routers on an IP internetwork
DHCP relay agents to enable DHCP clients on a subnet with no DHCP server to
request IP addresses from a DHCP server located on a different subnet
IP packet filtering, such as Web traffic filtering or L2TP/IPSec traffic filtering, to

allow only specific types of traffic
ICMP router discovery to enable IP hosts to discover the best default gateway
router on a subnet
Multicast Route
A multicast route to a destination is used by some multicast routing protocols to create the
information that is used to forward multicast data from hosts on the destination network of
the route (known as reverse path forwarding). Examples of multicast routing protocols
include: Multicast Open Shortest Path First (MOSPF), Distance Vector Multicast Routing
Protocol (DVMRP), and Protocol Independent Multicast (PIM).
The routing table manager supports multiple instances of the same protocol (such as
Microsoft's implementation of OSPF and a third-party OSPF) running on the router.
144
The OSPF routing protocol is available only on 32-bit versions of Windows

Server 2003.
This allows routers to use the different capabilities of each version. These protocols have
different protocol identifiers.
Protocol identifiers are comprised of a vendor identifier and a protocol-specific
identifier. The protocol-specific identifier is the same for different implementations
of the protocol, such as Microsoft's implementation of OSPF and a third-party
implementation of OSPF. Only when the vendor and protocol-specific identifiers
are combined is there a unique identifier for a routing protocol.
How RIP and OSPF work
Routing Information Protocol (RIP) for IP facilitates the dynamic exchange of routing
information between RIP routers over IP internetworks. It is the best known and currently
most widely used of the distance vector dynamic routing protocols for IP internetworks, is
an open standard developed by the Internet Engineering Task Force (IETF).
RIP version 1 (RIP v1), which is now outmoded, was the first routing protocol accepted as a
standard for TCP/IP. The updated RIP version 2 (RIP v2) supports simple password
authentication (a form of router identification, not a security option) and, more important,
provides improved support for classless networks. The Windows Server 2003 Routing and
Remote Access service supports both RIP v1 and RIP v2 (for IPv4 only).
The Windows Server 2003 Routing and Remote Access service does not support
RIPng, the version of RIP for IPv6, or any other IPv6 routing protocol.
Open Shortest Path First (OSPF) for IP enables OSPF routers to dynamically exchange
routing information with each other over complex IP internetworks. Routers can add or
remove routes automatically as networks are added or removed from the internetwork,
dynamically building and synchronizing a database of the OSPF network topology. As its
name implies, OSPF is designed to calculate the shortest path to any destination within an
OSPF autonomous system (AS). OSPF, the best known and most widely used link state
routing protocol, is an open standard developed by the Internet Engineering Task Force
(IETF) as an alternative to RIP. OSPF is defined in RFC 2328. The Windows Server 2003
Routing and Remote Access service supports OSPF for IPv4 only.
The OSPF routing protocol is available only on 32-bit versions of Windows Server
2003. The Windows Server 2003 Routing and Remote Access service does not
support OSPF (or any other dynamic routing protocol) for IPv6.
Routing Technologies Supported by Windows Server 2003

Routing technologies manage the flow of data between network segments, also known as
subnets. These routing technologies include unicast routing, multicast routing and network
address translation (NAT).
145
Unicast routing forwards packets from one host to another host using the unicast destination
IP address. Multicast IP routing forwards packets from one host to multiple hosts using the
multicast destination IP address. Network address translation (NAT) functionality is part of
the Routing and Remote Access service. A server that has been configured as a NATenabled router, with a private IP address and at least one public IP address, translates the
private addresses (and TCP or UDP port numbers) in outgoing packets. The outgoing
packets can then be forwarded to a resource on a public network, such as the Internet. The
NAT-enabled router also translates incoming traffic and forwards the incoming packets to
the appropriate address on the private network.

A WAN is generally an extension of an internal network into the wide area using private
circuits such as T1 lines or virtual circuits in cell and packet switched networks such as
ATM and frame relay. WANs links geographically disperse offices in other cities or around
the globe. Because WANs have been built with private leased lines, bandwidth has
traditionally been low and costs have been high, which required careful monitoring and
filtering of traffic between sites. WANs can also be constructed across the Internet by
implementing virtual private network (VPN) technology.
A virtual private network is the creation of private links across public networks such as the
Internet. The idea is to create what appears to be a dedicated private link on a shared
network using encryption and tunneling techniques. Anybody can create a private
connection by encrypting the contents of the traffic being sent across a network, but truly
secure VPNs are better built with the cooperation of service providers that can create
dedicated paths with guaranteed service levels across their networks.
Dedicated leased lines (circuit-oriented) such as T1 lines are still common, although
expensive. The advantage of leased lines is that they are private - no one else shares the
line. An alternative is available with packet-switched networks such as Frame Relay, ATM,
and the Internet. Many users share the networks, which helps lower costs.
Dial-up lines can provide an economical WAN connection in a number of scenarios. For
example, when an existing dedicated leased-line WAN link becomes overburdened, a dialon-demand line can be used to provide additional bandwidth.
Broadband communications is usually considered to be any link with transmission rates
above dial-up lines. Broadband transmission systems typically provide channels for data
transmissions in different directions and by many different users. The following items
below discuss the typical broadband communication systems
146
ISDN (Integrated Services Digital Network) A circuit oriented service

operating at 64-Kbit/sec or 128-Kbit/sec data channel. Primary rate ISDN provides
additional bandwidth in increments of 64 Kbits/sec.
X.25 An early packet-switching protocol still used for many low-bandwidth

requirements (credit card authorization).
ATM (Asynchronous Transfer Mode)

service.
A cell-switched any-to-any virtual circuit
Frame relay
Leased lines T1, T3

service.
A frame-based any-to-any virtual circuit service.

A dedicated leased line time division multiplexing (TDM)
TDM is a multiplexing technique that divides a circuit into multiple channels based on
time. The technique is associated with telephone company voice services. T1 and T3
circuits are divided into multiple channels using time division multiplexing. The most
common TDM circuit for business users is the T1 line (1.544 Mbits/sec). It consists of
24 multiplexed 64-Kbit/sec voice channels. Each channel may carry a single phone
5
call, or the entire circuit may be dedicated to data.
DSL (Digital Subscriber Line)

over the local loop.
Broadband wireless
A high-speed circuit-oriented service that runs
A high-speed Internet access and LAN/WAN extensions
Comparing T1 and T3
T1 or Trunk Level 1 is a digital transmission link with a total signaling speed of 1.544
Mbps. Since the development of T1 in 1957 by AT&T's Bell Labs, it has become the
building block of dedicated voice and data service in North America. T1, also know as DS1,
is part of a progression of digital transmission pipes - a hierarchy known generically as DS,
or Digital Signal Level.
Frame Relay, VPN and Dedicated Internet Access all use T1 connections to make the
respective service possible, but they are not the same. By itself, Trunk Level 1 service is
nearly useless. It takes a standard or protocol like Frame Relay or VPN to provide data
transport over a Wide Area Network.
The four most common uses of a T1 line include the following:
From one point to another, this often refers to a Private Line;
From one point into a secure carrier network as with Frame Relay;
From one point into the public Internet;
From one point into a carrier's voice network.
A T3 line (also know as a DS-3) is an ultra high-speed connection capable of transmitting

data at rates up to 45 Mbps. A T3 line is equal to approximately 672 regular voice-grade
telephone lines, which is fast enough to transmit full-motion, real-time video, and very large
databases over a busy network. A T3 line is typically installed as a major networking artery
for large corporations and universities with high-volume network traffic. A T3 is the second
fastest, non optical connection offered in North America. A T3 line is comprised of 28 T1
lines, each operating at total signaling rate of 1.544 Mbps.
The most significant differences between T1 lines and T3 lines are cost and speed. The
typical T1 connection costs approximately $800 per month while a T3 connection can cost
as much as $15,000 per month. T3 lines are extremely high bandwidth connections into a
147
carrier's backbone. They typically include SLAs (Service Level Agreements) that guarantee
uptime and performance.6
148

The network connectivity devices allow you to extend communications beyond your local
networks and allow your computers to talk to wide area networks such as other computers
in the next building, city or country. These devices include hubs, repeaters, switches,
bridges, routers, brouters and gateways.
A routing protocol like RIP and OSPF is used by routers to route data across a network to
exchange information regarding routes to a destination. Routing protocols are either unicast
or multicast.
Repeaters, bridges, routers and gateways all extend and segment networks. The difference
between these devices lies in the different degrees of data discrimination and handling
capability. A repeater regenerates signals to span longer segments of network; it does not
alter data. A bridge links two subnets (networks) that use the same media and protocol; may
control data traffic and speed. A router allows the interconnection of two or more physically
distinct networks; have advanced intelligence enabling it to determine the most efficient
method of delivering data. Gateways are designed to connect radically different networks.
Review Questions
1. This process of transmitting data repeats any signal that comes in on one port and copy
it to all the other ports
a) Routing
b) Broadcasting
c) Multiplexing
d) Repeating
2. This device is used to extend the network when the total length of your network cable
exceeds the standards set for the type of cable being used.
a) Router
b) Hub
c) Repeater
d) Brouter
3. This device connects a network to one or more other networks that are usually part of a
wide area network (WAN) and may offer a number of paths out to destinations on those
networks.
a) Router
b) Hub
c) Repeater
d) Brouter
149
4. Which of these examples do not belong to protocols used for unicast routing?
a) RIP
b) OSPF
c) TDP
d) BGP
5. Which among these statements is true?
a) Unicast routing removes packets from one host to another host using the unicast
destination IP address.
b) Unicast routing forwards packets from one host to another host using the multicast
c) Multicast IP routing forwards packets from one host to multiple hosts using the
multicast destination IP address.
d) Multicast IP routing forwards packets from one host to multiple hosts using the
unicast destination IP address.
150
Chapter 6: The OSI Model

Chapter Objectives
Know the seven layers of the OSI model
Know what happens at the Application layer
Know what happens at the Presentation layer
Know what happens at the Session layer
Know what happens at the Transport layer
Know what happens at the Network layer
Know what happens at the Data Link layer
Know what happens at the Physical layer
Know how the Data Link Layer is divided up into the LLC and MAC layers in
the IEEE 802 model
Identify where a particular hardware device operates the layer in the OSI model
151
The OSI Networking Model

Communication Protocols
The Application Layer
The Presentation Layer
The Session Layer
The Transport Layer
The Network Layer
The Data Link Layer
The Physical Layer
62
Notes
152
Know the seven layers of the OSI model

Know what happens at the Application layer
Know what happens at the Presentation layer
Know what happens at the Session layer
Know what happens at the Transport layer
Know what happens at the Network layer
Know what happens at the Data Link layer
Know what happens at the Physical layer
Know how the Data Link Layer is divided up into the
LLC and MAC layers in the IEEE 802 model
Identify where a particular hardware device operates
the layer in the OSI model
63
Notes
153
The OSI Reference Model
64
Notes
154
65
Notes
155
Introduction
The Open System Interconnection (OSI) model, developed by the International
Organization for Standardization, defines how the various hardware and software
components involved in data communication should interact with each other.
A good analogy to describe this would be a traveler who prepares herself to return home
through many dangerous territories by obtaining permits to enter each country at the very
beginning of the trip. At each boundary, she has to hand over a permit to enter the country.
Once inside, she asks the border guards for directions to reach the next destination and then
shows the permit to the new territory as proof that she has a legitimate reason for wanting to
go there.
In reference to the OSI model, each component along the data communications path is
assigned a layer of responsibility, in other words, a territory over which it rules. Each
layer extracts the permit, or header information it needs from the data and then uses this
information to correctly forward what's left to the next layer. This layer also takes away its
permit and forwards the data to the next layer, and so the cycle continues until it reaches to
the seventh layer.
This chapter describes OSI Reference Model in detail. It discusses some general concepts
related to the OSI model and networking models overall. Some useful analogy will help you
understand how the reference model works to explain the interaction of networks on
multiple levels. This chapter also aims to familiarize you of the seven layers of the OSI
Model and then conclude with a summary of the layers and their respective functions.

An architectural model developed by the International Standards Organization (ISO) is
frequently used to describe the structure and function of data communication protocols.
This architectural model, called the Open Systems Interconnect (OSI) Reference Model,
contains seven layers that define the functions of data communications protocols. Each
layer represents a function performed when data is transferred between co-operating
applications across an intervening network. A layer does not define a single protocol but it
defines a data communications function that may be performed by any number of protocols.
Therefore, each layer may contain multiple protocols, each providing a service suitable to
the function of that layer. Every protocol communicates with its peer. A peer-to-peer
network is an implementation of the same protocol in the equivalent layer on a remote
system. Each protocol is only concerned with communicating to its peer, it does not care
about the layer above or below it. However, there must also be agreement on how to pass
data between the layers on a single computer, because every layer is involved in sending
data from a local application to an equivalent remote application. The individual layers do
not need to know how the layers above and below them function, they only need to know
how to pass data to them. Isolating network communications functions in different layers
minimizes the impact of technological change on the entire protocol suite. New applications
156
can be added without changing the physical network, and new network hardware can be
installed without rewriting the application software.
Figure 6-1 Protocol Layers in the OSI Model
Each layer provides a specific type of network service. It illustrates why groups of related
protocols are frequently called protocol stacks.
157
The connections between the different applications that are running on these
processors are carried by the higher layers (5-7).
The connections between the different processors are carried by the lower layers (14).
The physical and the data link layers, the lower layers 1 & 2, of the network
protocol stack together define a machine's network interface.
Communication Protocols
The approach used to designing a communication system is known as a layered
architecture. Each layer has specific responsibilities and specific rules for carrying out those
responsibilities, and knows nothing about the procedures the other layers follow. The layer
carries out its task and delivers the message to the next layer in the process, and that is
enough.
Characteristics of Layered Architectures:
They break the communication process into manageable chunks. Designing a small part
of a process is much easier than designing the entire process, and simplifies engineering.
A change at one layer does not affect the other layers. New delivery technology's can be
introduced without affecting other layers.
When a layer receives a message from an upper layer, the lower layer frequently encloses
the message in a distinct package.
The protocols at the various layers have the appearance of a stack, and a complete model
of data communication architecture is often called a protocol stack.
Layers can be mixed and matched to achieve different requirements.
Layers follow specific procedures for communicating with adjacent layers. The interfaces
between layers must be clearly defined.
An address mechanism is the common element that allows packets to be routed through
the various layers until it reaches its destination. Sometimes, layers add their own address
information.
Essentially, each layer at the sender's end communicates with the corresponding layer at
the receiver's end.
Errors can occur at any of the layers. For critical messages, error-detecting mechanisms
should be in place to either correct errors or notify the sender when they occur.
Network protocols are typically described with a layered model, in which the protocols are
stacked on top of each other. Data coming into a machine is passed from the lowest-level
protocol up to the highest, and data sent to other hosts moves down the protocol stack. The
layered model is a useful description because it allows network services to be defined with
their functions, rather than their specific implementation. New protocols can be substituted
at lower levels without affecting the higher-level protocols, as long as these new protocols
behave in the same manner as those that were replaced. Each layer has certain functions.
158
Communication in a heterogeneous network can take place if the functions in each layer are
successfully executed to conform to the standards.
The following section will discuss the different layers of the OSI Model and their functions
at each layer.
The Application Layer

Layer 7, the Application layer is the level of the protocol hierarchy where user-accessed
network processes reside. These are the actual programs that you use to create the data to be
transferred over the network. These includes email programs, newsgroups, web browsers
such as Netscape or Internet Explorer, Internet File Transfer programs, Host Sessions
through Telnet programs (such as the terminal machines in the UNSW Library used to
access the catalogue), Directory Services for Domain Name Resolution, Network
Management of the hardware on the network such as hubs and switches, File Services such
as network directories on your PC when you connect to the server.
A TCP/IP application is any network process that occurs above the transport layer. The
Application Layer provides the services user applications needed to communicate through
the network.
Here are several examples of user application layer services:
Electronic mail transport
Remote file access
Remote job execution
Directories
Network management
The Application layer is responsible for defining how interactions occur between network
services or applications and the network. These services include (but are not limited to) file,
print and messaging services.
The Application layer supplies network services to end-user applications. Network services
are typically protocols that work with user's data. For example, in a Web browser
application, the Application layer protocol HyperText Transfer Protocol (HTTP) packages
the data needed to send and receive Web page content as illustrated above. The Application
layer provides data to (and obtains data from) the Presentation layer.
The Application Protocols

The Internet Protocol suite includes many application-layer protocols that represent a wide
variety of applications. The following protocols are the more common application-layer
protocols in use:
159
Application
Protocols
File transfer
FTP, TFTP
Terminal emulation
Telnet
Electronic mail
SMTP
Network management
SNMP
Distributed file services
NFS, XDR, RPC, X Windows
Table 6-1 Higher-Layer Protocols and Their Applications
File Transfer Protocol (FTP)
FTP enables a file on one system to be copied to another system. Users don't actually
log in as full users to the machine they want to access but instead use the FTP service to
provide access. The remote machine must be set up with the permissions necessary to
provide the user access to the files.
FTP uses TCP to create and maintain a connection between source and destination
machines. Once the connection to a remote machine has been established, FTP enables
you to copy one or more files to your machine. The term transfer implies that the file is
moved from one system to another, but the original is not affected, files are copied from
one system to another.
Trivial File Transfer Protocol (TFTP)
TFTP is a very simple, unsophisticated file transfer protocol that lacks ant security. It
uses UDP as a transport. Although not as sophisticated or as fast as FTP, TFTP can be
used on many systems that do not enable FTP access. In some ways, TFTP can be
analogous to an e-mail message requesting and receiving a file instead of a text body.
Telnet
The Telnet service provides a remote login capability. This lets a user on one machine
log into another machine and act as if they are directly in front of the second machine.
The connection can be anywhere on the local network, or on another network anywhere
in the world, as long as the user has permission to log into the remote system. Telnet
uses TCP to maintain a connection between two machines.
Simple Mail Transfer Protocol (SMTP)
SMTP is one protocol used for transferring electronic mail. This protocol is transparent
to the user. SMTP connects to different machines and transfers mail messages, much
like FTP transfers files. The two most commonly used email client protocols are POP3
(Post Office Protocol) and IMAP (Interactive Mail Access Protocol).
160
Simple Network Management Protocol (SNMP)
SNMP is a network management protocol. SNMP uses UDP as a transport mechanism.

SNMP relies on several terms from TCP/IP standard specifications, working with
managers and agents instead of clients and servers. An agent provides information
about a device, whereas a manager communicates across the network.
Domain Name System (DNS)
DNS enables a device with a common name to be converted to a special network

address. DNS provides the conversion from a common local name to the unique
physical address of the device's network connection.
Network File Server (NFS)
NFS is used to transparently enable multiple machines to access each other's directories.
NFS accomplishes this by using a distributed filesystem scheme. NFS systems are
common in large corporate environments.
Remote Procedure Calls (RPC)
RPC are programming functions that enable an application to communicate with

another machine, the server. They provide the programming functions, return codes,
and predefined variables to support distributed computing.
X Windows
This serves as a distributed windowing and graphics system used for communication
between X terminals and UNIX workstations
The Presentation Layer

Layer 6, the Presentation layer is responsible for formatting data exchange. This is where
the set of character are converted and the data is encrypted. Data may also be compressed in
this layer as this layer usually handles the redirection of data streams. It ensures that the
data can hop from link to link on the way to the final destination described in its header.
The presentation layer provides a variety of coding and conversion functions that are
applied to application layer data. These functions ensure that information sent from the
application layer of one system would be readable by the application layer of another
system. Some examples of presentation layer coding and conversion schemes include
common data representation formats, conversion of character representation formats,
common data compression schemes, and common data encryption schemes.
Common data representation formats, or the use of standard image, sound, and video
formats, enable the interchange of application data between different types of computer
systems. Conversion schemes are used to exchange information with systems by using
different text and data representations, such as Extended Binary-Coded Decimal
Interchange Code (EBCDIC) and American Standard Code for Information Interchange
(ASCII). Standard data compression schemes enable data that is compressed at the source
161
device to be properly decompressed at the destination. Standard data encryption schemes

enable data encrypted at the source device to be properly deciphered at the destination.
Presentation layer implementations are not typically associated with a particular protocol
stack. Some well-known standards for video include QuickTime and Motion Picture Experts
Group (MPEG). QuickTime is an Apple Computer specification for video and audio, and
MPEG is a standard for video compression and coding. Among the well-known graphic
image formats are Graphics Interchange Format (GIF), Joint Photographic Experts Group
(JPEG), and Tagged Image File Format (TIFF). GIF is a standard for compressing and
coding graphic images. JPEG is another compression and coding standard for graphic
images, and TIFF is a standard coding format for graphic images.
This is where the data created by the programs above is "encoded", ready to be sent over the
network. The following are used to "present" the data to the next layer:
POP/SMTP
The Post Office Protocol and Simple Mail Transfer Protocol used by the server to
receive, store and send your e-mail. When setting up your e-mail program, you include
this information so the program knows where to get your e-mail from.
Usenet Newsgroups
This is one of the programs/protocols that run on the server to give you access to
Newsgroups.
HTTP
The Hyper Text Transfer Protocol is used to translate web pages to and from your Web
Browser. This is why web addresses start with http://...
FTP
The File Transfer Protocol is used by programs such as CuteFTP and WS-FTP to
interpret and transfer data to the next layer of the network.
DNS Domains
These are domain names such as unsw.edu.au, and the next level of the network.
SNMP Hardware
The Simple Network Management Protocol controls the physical devices that make up
the network, such as hubs, switches, etc.
NFS
The Network File System is the client/server application that allows your computer to
store and update files in your directory on the server.
162
The Session Layer

Layer 5, the Session Layer manages the sessions (connection) between cooperating
applications. In TCP/IP, this function largely occurs in the transport layer, and the term
session is not used. For TCP/IP, the term socket and port are used to describe the path over
which cooperating applications communicate. This layer is not identifiable as a separate
layer in the TCP/IP protocol hierarchy.
The Session Layer is responsible for dialogue control between nodes. A dialogue is a formal
conversation in which two nodes agree to exchange data.
Communication can take place in three dialogue modes:
Simplex: One node transmit exclusively, while another exclusively receives.
Half-duplex: Only one node may send at a given time, and nodes take turns
transmitting.
Full-duplex: Nodes may transmit and receive simultaneously.
Sessions enable nodes to communicate in an organized manner.

Each session has three phases:
Connection establishment: The nodes establish contact. They negotiate the rules of
communication, including the protocol to be used and communication parameters.
Data transfer: The nodes engage in a dialogue to exchange data.
Connection release: When the nodes no longer need to communicate, they engage
in an orderly release of the session.
Connection establishment and Connection release represent extra overhead for the
communication process. When devices are managed on a network, they send out periodic
status reports that generally consist of single frame messages. If all such messages were sent
as part of a formal session, the connection establishment and release phases would transfer
far more data than the message itself. In such situation, communicating using a
connectionless approach is common. The sending node simply transmits its data and
assumes availability of the desired receiver. A connection-oriented session approach is
better for complex communication. Consider transmitting a large amount of data to another
node. Without formal controls, a single error anytime during the transfer would require
resending of the entire file. After establishing a session, the sending and receiving nodes
can agree on a checkpoint procedure. If an error occurs, the sending node must retransmit
only the data sent since the previous checkpoint. The process of managing a complex
activity is called activity management.
A session is created over a virtual "port", which is the "location" where the Layer 6 protocol
talks to the Layer 4 protocol.
E-mail over port 25 (SMTP email)
Newsgroups over port 532
163
HTTP over port 80
FTP over ports 20/21
Telnet over port 23
DNS over port 53
SNMP over 161/162
NFS using a portmapper that allocates a port automatically.
The Transport Layer

Layer 4, the Transport Layer guarantees that the receiver gets the data exactly as it was sent.
In TCP/IP this function is performed by the Transmission Control Protocol (TCP),
However, TCP/IP offers a second Transport Layer service, User Datagram Protocol (UDP)
that does not perform the end-to-end reliability checks.
All network technologies set a maximum size for frames that can be sent on the network.
Ethernet limits the size of the data field to 1500 bytes.
This limit is necessary for two reasons:
Small frames improve network efficiency when many devices must share the
network. If devices could transmit frames of unlimited size, the might monopolize
the network for an excessive period of time. With small frames, devices take turns
at shorter intervals, and devices are more likely to have ready access to the network.
With small frames, less data must be retranslated to correct an error.
One responsibility of the transport layer is to divide messages into fragments that fit within
the size limitations established by the network. At the receiving end, the transport layer
reassembles the fragments to recover the original message.
When messages are divided into multiple fragments, the possibility increases that segments
might not be received in the order sent. When the packets are received, the transport layer
must reassemble the message fragments in the correct order. To enable packets to be
reassembled in their original order, the transport layer includes a message sequence number
in its header.
The transport layer is responsible for delivering messages from a specific process on one
computer to the corresponding process on the destination computer. The transport layer
assigns a Service Access Point (SAP) ID to each packet.
The SAP ID is an address that identifies the process that originated the message. The
SAP ID enables the transport layer of the receiving node to route the message to the
appropriate process.
164
Identifying messages from several processes so that the message can be transmitted through
the same network medium is called multiplexing. The procedure of recovering messages
and directing them to the correct process is called demultiplexing. Multiplexing is a
common occurrence on networks, which are designed to enable many dialogues to share the
same network medium. Because multiple protocols may be supported for any given layer,
multiplexing and demultiplexing can occur at many layers.
Although the data link and network layers can be assigned responsibility for detecting errors
in transmitting data, that responsibility generally is dedicated to the transport layer.
Two general categories of error detection can be performed by the transport layer:
Reliable delivery: Does not mean that errors cannot occur, only that, errors are
detected if the do occur. Recovery from a detected error can take the form of simply
notifying upper layer processes that the error occurred. Often, however, the transport
layer can request the retransmission of a packet for which an error was detected.
Unreliable delivery: Does not mean that errors are likely to occur, but rather,
indicates that the transport layer does not check for errors. Because error checking
takes time and reduces network performance, unreliable delivery often is preferred
when a network is known to be highly reliable, which is the case with majority of
local area networks. Unreliable delivery generally is used when each packet contains
a complete message, whereas reliable delivery is preferred when messages consist of
large number of packets. Unreliable delivery is often called datagram delivery, and
independent packets transmitted in this way frequently are called datagrams.
Assuming that reliable delivery is always preferable is a common mistake. Unreliable

delivery actually is preferable in at least two cases: When the network is fairly reliable and
performance must be optimized, and when entire messages are contained in individual
packets and loss of a packet is not a critical problem.
The Network Layer

Layer 3, the Network Layer transmits the data and decides which route the data must follow
through the Internetwork, a network that consists of several network segments. The network
layer receives data packets from the upper layer from the transmitter, and then transmits
these by so many connections and subsystems as needed to reach it destination. This layer
also defines the network packets and controls the routing and the switching from the data
through the network. This layer controls the transmitting from packets between stations.
This layer permits that data units can be transmit to other networks if the are using routers.
Routers are defined in this layer.
The Network Layer manages connections across the network and isolates the upper layer
protocols from the details of the underlying network. The Internet Protocol (IP), which
isolates the upper layers from the underlying network and handles the addressing and
delivery of data, is usually described as TCP/IP's Network layer.
The most known protocol in this layer is IP. The network-layer is the limit from the
communication subnet: Above this layer increases the level off abstraction dramatically.
165
For layer 3 and lower is there mostly an upper-limit for the size of these packets. In
broadcast-networks is the routing very simply, so that the network-layer is thin or event
existing. This is the reason why the transport layer-protocol TCP so many times is
combined with IP, called TCP/IP.
Network Interface Layer Protocols: SLIP and PPP

To fill the gap between IP at layer three and the physical connection at layer one, a pair of
special protocols have been defined that operate at layer two and provide the services that
IP requires to function. These are:
Serial Line Internet Protocol (SLIP): A very simple layer two protocol that provides
only basic framing for IP.
Point-to-Point Protocol (PPP): A more complex, full-featured data link layer protocol
that provides framing as well as many additional features that improve security and
performance.
Quality of Service (QoS)

Only the smallest networks consist of a single, local network. The majority of networks
must be subdivided. These subdivisions may be planned to reduce traffic on network
segments or to isolate remote networks connected by slower communication media. When
networks are subdivided, it can no longer be assumed that messages will be delivered on the
local network. A mechanism must be put in place to route messages from one network to
another.
The Network layer is responsible for logical addressing and translating logical names into
physical addresses. The Network layer also prioritizes data to be transmitted, since not all
data has equal importance such as email message delay or audio or video data delay. This
prioritization is known as Quality of Service (QoS).
Routing
The Network layer adds the concept of routing above the Data Link layer. As illustrated
above, when data arrives at the Network layer, the source and destination addresses
contained inside each frame are examined to determine if the data has reached its final
destination. If the data has reached the final destination, the Network layer formats the data
into packets delivered to the Transport layer. Otherwise, the Network layer updates the
destination address and pushes the frame back down to the lower layers.
This is the layer that knows where to send the packets produced in the Transport Layer. It
addresses information packets by their Internet Protocol address and also controls such
things as the route of the message, which is the best and quickest way to go, and which way
to go if one of the routes is broken.
166
IP version 4
IP version 6
IPX/SPX used with Novell servers such as the UNSW Chancellery Server.
To support routing, the Network layer maintains logical addresses such as IP addresses for
devices on the network. The Network layer also manages the mapping between these
logical addresses and physical addresses. In IP networking, this mapping is accomplished
through the Address Resolution Protocol (ARP).
ARP is one of several protocols that helps determine addresses on a network. ARP works
with IP to set routes to a destination. ARP converts an IP address to a network interface
hardware address.
Three devices operate at the Network layer: routers, brouters and Layer 3 switches. The
Layer 3 switches perform the multiport, virtual LAN, data-pipelining functions of a
standard Layer 2 switch, but it can also perform basic routing functions between virtual
LANs. In some workgroups, a Layer 3 switch can replace a router.
The Data Link Layer

Layer 2, the Data Link Layer, is the reliable delivery of data across the underlying physical
network. TCP/IP rarely creates protocols in this layer. This layer defines how these streams
of bits are put together into manageable chunks of data.
Data Frame Format
As data is exchanged between computers, communication processes need to make decisions

about the various aspects of the exchange process:
As the receiving computer listens to the wire to recover messages send to it, a
detection mechanism is required to tell whether to treat signals it detects as datacarrying signals or to discard them as mere noise.
If the detection mechanism detects that it is indeed data-carrying signals, the second
decision the receiving end must be able to make is to determine whether the data
was intended for itself, some other computer on the network, or a broadcast.
If the receiving end engages in the process of recovering data from the wire, it
needs to be able to tell where the data train intended for the receiver ends. After it
determines this, the receiver should discard subsequent signals unless it can
determine that they belong to a new, impeding transmission.
When data reception is complete, another concern is to determine if the recovered

data withstood corruption from noise and electromagnetic interference. In the event
of detecting corruption, the receiver must have the capability of dealing with the
corruption.
As a conclusion to these points, the computers must be able to exchange additional

information about the progress of the physical communication process. To accommodate
these decision-making requirements, network designers decided to deliver data on the wire
as well-defined packages called data frames.
167
It is important to realize that the primary concern of the receiving station is to make sure
that the information embedded in the package is recovered error-free. It is not concerned
about the actual contents of that field. Instead, processing the data in the information field is
delegated to another process as the receive process reverse to listening mode to take care of
future transmissions.
Devices that can communicate on a network frequently are called nodes, station or device.
The data link layer is responsible for providing node-to-node communication on a single,
local network. To provide this service, the data link layer must perform two functions. It
must provide an address mechanism that enable messages to be delivered to the correct
nodes. Also, it must translate messages from upper layers into bits that the physical layer
can transmit. When the data link layer receives a message to transmit, it formats the
message into a data frame (packets). The sections of a frame are called fields.
The Data Link Layer is made up of two sublayers namely the Media Access Control (MAC)
sublayer and the Logical Link Control (LLC) sublayer.
The LLC sublayer provides error-free transfer of data frames from one node to
another. It establishes and terminates logical links, controls frame flow, sequences
frames, acknowledges frames, and retransmits unacknowledged frames. It uses
frame acknowledgement and retransmission to provide virtually error-free
transmission over the link to the layers above.
The MAC sublayer manages access to the physical layer, checks frame errors, and
manages address recognition of received frames.
This is the layer where the protocols control the transfer of the data across the physical
network (the cables).
PPP is the Point to Point Protocol used when you connect to the Internet via a modem.
PPP is the protocol that controls the transfer of data to your modem, the physical device.
SLIP has been superseded by PPP.
When obtaining data from the Physical layer, the Data Link layer also manages physical
addressing schemes such as MAC address, which is also called Ethernet address or physical
address. The MAC address has a 12-digit hexadecimal number (i.e.
07:57:AC:1F:B2:76). Normally, the MAC address of a network interface card is set at
the factory and cannot be changed. The switch is also another device that manipulates data
at this layer.
At this layer, data coming from the upper-layer protocols are divided into logical bits called
packets. A packet is a unit of transmission. The size and format of these packets depend on
the transmission technology. The Data Link layer checks for physical transmission errors
and packages bits into frames.
This logic includes information about where the data should go, which computer
sent the data, and the overall validity of the bytes sent. It can describe the
method of media access such as CSMA/CD, token passing, and CSMA/CA.
168
In most situations, the Data Link layer then waits for a positive ACK. If it does not receive
any, or if the frame is damaged, then another frame is sent.
One of the major components of the Data Link Layer is the result of IEEE 802 networking
standards.
The Physical Layer

Layer 1, the Physical Layer defines the characteristics of the hardware necessary to carry
the data transmission signal. Things such as voltage levels, and the number and locations of
interface pins, are defined in this layer. TCP/IP does not define physical standards but
makes use of existing standards. This layer describes the way data is actually transmitted on
the network medium.
The Physical Layer communicates directly with the communication medium, and has two
responsibilities: Sending bits and receiving bits. A binary digit, or bit, is the basic unit of
information in data communication.
A bit can have only two values, 0 or 1, represented by different states on the communication
medium. Other communication layers are responsible for collecting these bits into groups
that represent message data. Bits are represented by changes in signals on the network
medium. Some wire media represent 0s and 1s with different voltages, some use distinct
audio tones, and yet others use more sophisticated methods, such as state transitions.
The physical layer carries the signals for all of the higher layers. It is responsible for the
ultimate transmission of data over network communications media. For network
components that use serial ports, the physical layer can also include low-level network
software that defines how the serial stream of bits is divided into packets of data. It operates
with data in the form of bits that are sent from the Physical layer of the sending (source)
device and received at the Physical layer of the destination device. In Windows 2000 and
later versions, the physical layer is implemented by the network interface card (NIC), its
transceiver, and the medium to which the NIC is attached.
The physical layer describes the bit patters to be used, but does not define the medium, it
describes how data are encoded into media signals and the characteristics of the media
attachment interface.
Any protocol or device that operates on this layer deals with the physical concepts of the
network.
A wide variety of media are used for data communication, including electric cable, fiber
optics, light waves, radio, and microwaves. The medium used can vary since different
medium simply necessitates a different set of physical layer protocols. Thus, the upper
layers are completely independent from the particular process used to deliver bits through
the network medium.
This layer is the combination of software and hardware programming that transfers the
actual data stream from one point to another, it doesn't actually include the cables
169
themselves. However the technologies used are often called the same name as the type of
cables (confusing). The physical layer technologies include:
CAT 1 used in analogue telephone services
ISDN (Intergrated Digital Services Network) lines which run over you telephone
cable but much faster than a modem.
ADSL (Asymmetric Digital Subscriber Line) which runs over your normal
telephone line but on different wires, so you can be connected and use the phone at
the same time.
ATM (A-synchronous Transfer Method) which is used to switch data between

hardware devices very quickly.
FDDI (Fiber Distributed Data Interface) for fiber optic cables.
Cat 1-5
Coaxial Cables
Figure 6-1 Overview of the OSI Model
170

The OSI Model defines how the various hardware and software components involved in
data communication should interact with each other. It is composed of seven layers, and
each layer has a special function in the network. It is used to describe what tasks a protocol
suite performs as you explore how data moves across a network.
Layers
Name
Description
Application
The user interface to the application

7
Application
Collection of miscellaneous protocols for high level

applications
telnet
Email, file transfer, connecting remote terminals, etc.
SMTP
FTP
E.g. SMTP, FTP, Telnet, HTTP, etc
Converts data from one presentation format to

another. For example, e-mail text entered into Outlook
Express being converted into SMTP mail formatted
data.
Very few applications use this
6
Presentation
Concerned with the semantics of the bits.

Define records and fields in them.
telnet
FTP
sendmail
Sender can tell the receiver of the format.

Makes machines with different internal
representations to communicate.
If implemented, the best layer for cryptography.
Manages continuing requests and responses between

the applications at both ends over the various
established connections.
5
Session
Very few applications use this

Enhanced version of transport layer.
telnet
FTP
sendmail
Dialog control, synchronization facilities.

Rarely supported (Internet suite does not).
Transport
Transport layer ensures reliable service.
TCP
Breaks the message (from sessions layer) into smaller

packets, assigns sequence number and sends them.
UDP
Reliable transport connections are built on top of X.25
171
or IP.
In case IP, lost packets arriving out of order must be
reordered.
TCP (Transport Control Protocol) - Internet transport
protocol.
TCP/IP Widely used for network/transport layer
(UNIX).
UDP (Universal Datagram Protocol) - Internet
connectionless transport layer protocol.
Application programs that do not need connectionoriented protocol generally use UDP.
Network layer does not deal with lost messages.

Handles the routing of data between links that are not
physically connected together.
Concerned with the transmission of packets.
3
Network
Choose the best path to send a packet (routing).

It may be complex in a large network (e.g. Internet).
IP
ARP
Shortest (distance) route vs. route with least delay.

Static (long term average) vs. dynamic (current load)
routing.
Two protocols are most widely used: X.25 and IP
Handles errors in the physical layer.

Groups bits into frames and ensures their correct
delivery.
2
Link
Adds some bits at the beginning and end of each

frame plus the checksum.
Ethernet
ARP
Receiver verifies the checksum.

If the checksum is not correct, it asks for
retransmission (send a control message).
Consists of two sublayers: LLC and MAC
172
Concerned with the transmission of bits.

How many volts for 0, how many for 1?
Number of bits of second to be transmitted.
1
Physical
Two way or one-way transmission
Ethernet
Standardized protocol dealing with electrical,

mechanical and signaling interfaces.
Review Questions
1. This layer in the OSI model is responsible for formatting data exchange. This is
where the set of character are converted and the data is encrypted.
a) Application Layer
b) Transport Layer
c) Presentation Layer
d) Session Layer
2. This layer is responsible for providing node-to-node communication on a single,
local network.
a) Physical Layer
b) Data Link Layer
c) Session Layer
d) Application Layer
3. Which of the following statements is true?
a) FTP uses UDP to create and maintain a connection between source and
destination machines and TFTP also uses UDP as a transport.
b) FTP uses TCP to create and maintain a connection between source and
destination machines and TFTP uses TCP as a transport.
c) TFTP uses TCP to create and maintain a connection between source and
destination machines while FTP uses UDP as a transport.
d) FTP uses TCP to create and maintain a connection between source and
destination machines while TFTP uses UDP as a transport.
173
4. The most known protocol in the Network Layer is

a) PPP
b) SLP
c) IP
d) TIP
5. Any protocol or device that operates on the physical layer deals with which concept
of the network?
a) The biological concepts of the network
b) The logical concepts of the network
c) The physical concepts of the network
d) The contextual concepts of the network
174
Chapter 7: TCP/IP Protocol Suite

Chapter Objectives
Describe the characteristics of the TCP/IP protocol
Understand how MAC addresses are resolved in TCP/IP
Know the components of the TCP/IP protocol
Know what a DHCP is and how it is employed
Know what a WINS is and how it is employed
Know what a DNS is and how it is employed
Distinguish between a LMHOSTS file and an HOSTS file
Understand the name resolution methods for NetBIOS and Host names
175
The Characteristics of the TCP/IP Protocol Suite

Resolving MAC Address in TCP/IP Protocol
Components of the TCP/IP Protocol Suite
The Internet Protocol (IP)
Transmission Control Protocol (TCP)
User Datagram Protocol (UDP)
Function of Dynamic Host Configuration Protocol
(DHCP)
Implementing NetBIOS Name Resolution
Function of Windows Internet Name Service (WINS)
Function of Domain Name System (DNS)

WINS and DNS Integration in Name Resolution
TCP/IP Utilities and Services
The TCP/IP Request for Comments (RFCs)
66
Notes
176
Describe the characteristics of the TCP/IP
protocol
Understand how MAC addresses are resolved
in TCP/IP
Know the components of the TCP/IP protocol
Know what a DHCP is and how it is employed
Know what a WINS is and how it is employed
Know what a DNS is and how it is employed
Distinguish between a LMHOSTS file and an
HOSTS file
Understand the name resolution methods for
NetBIOS and Host names
67
Notes
177
TCP/IP Protocol
The system, or protocol, for this transmission is defined
as the Internet Protocol, or IP. The Internet addressing
scheme is defined within that protocol.
The Terminal Control Protocol, or TCP. It makes sure
packets get where they are going and are reassembled in
the right order.
The main protocols at the Internet and Transport layers are
the Internet Protocol (IP), Transmission Control Protocol
(TCP) and User Datagram Protocol (UDP).
68
Notes
178
The Characteristics of the TCP/IP Protocol

Suite
Open protocol and universal interconnectivity
Conformity (modularity)
Internet addressing
69
Notes
179

Frame Addressing and Delivery
At the lowest levels of the network, a frame is transmitted
across media based on its destination media access control
(MAC) address.
For Ethernet and Token Ring networks, the MAC address is a
48-bit field that uniquely identifies the destination network
interface for each frame.
Processing Received Frames

The NIC can discard any frames that do not meet the filter
criteria without incurring any CPU processing.
All frames, including broadcasts, that pass the hardware filter
and frame check sequence validation
70
Notes
180
Configuring a Default Gateway

The default gateway is configured if the network contains a router.
This address is configured by the network administrators and it
informs each personal computer or other network device where to send
data if the target station does not reside on the same subnet as the
source.
If your machine can reach all stations on the same subnet (usually a
building or a sector within a building), but cannot communicate outside
of this area, it is usually because of an incorrectly configured default
gateway.
71
Notes
181
Internet Protocol
IP has two primary responsibilities:
providing connectionless delivery of datagrams
between internetworked devices;
and providing fragmentation and reassembly of
datagrams to support data links with different
maximum-transmission unit (MTU) sizes.
72
Notes
182
IP Routing Protocol
Static Routing
Dynamic Routing
73
Notes
183

TCP is the primary
transport protocol of
the TCP/IP protocol
suite.
TCP offers efficient
flow control
TCP is a connectionbased protocol
74
Notes
184

UDP is a connectionless transport-layer
protocol
UDP is basically an interface between IP and
upper-layer processes.
Unlike the TCP, UDP adds no reliability,
flow-control, or error-recovery functions to
IP.
UDP headers contain fewer bytes and
consume less network overhead than TCP.
75
Notes
185
Dynamic Host Configuration Protocol (DHCP)
The DHCP lease generation process
76
Notes
186
NetBIOS Name Resolution

Microsoft started with a different protocol as its LAN
Manager operating system's native protocol, known as
NetBIOS Extended User Interface (NetBEUI).
NetBIOS has a design limitation that shows up in routed
networks because NetBIOS relies heavily on broadcast
messages (as way of transmitting data in the network)
to advertise servers and their shared resources.
Microsoft's first solution, introduced in its older LAN
Manager server, was to use a LAN Manager HOSTS
(LMHOSTS) file on each computer on the network.
LMHOSTS file is used when planning a NetBIOS name
resolution.
77
187
Understanding Naming Convention

Relative Distinguished Name is a name that uniquely identifies a host within
its own domain, but not throughout the entire DNS hierarchy. For example,
server1 is a relative distinguished name, while
server1.products.Microsoft.com is a fully qualified domain name (FQDN).
Fully Qualified Domain Name (FQDN) is a name that uniquely identifies a host
in the DNS hierarchy, such that a host called server1 in the products
hierarchy at Microsoft may have an FQDN of server1.products.Microsoft.com.
78
Notes
188
Windows Internet Name Service (WINS)

WINS is to allow a NetBIOS name to be
converted to an IP address.
a network typically has one or more WINS
servers that a WINS client may contact for name
resolution.
Four elements in WINS network
WINS server
WINS client computers
Non-WINS in network
WINS proxies
79
Notes
189
Domain Name System (DNS)

Helps users to find their
way around the Internet.
Translating the name into
the IP address is called
"resolving the domain
name."
Provides the protocol
which allows clients and
servers to communicate
with each other.
Network Solutions is in charge of maintaining the COM domain list
80
Notes
190

You can configure a DNS server to query a WINS server
by configuring a DNS zone setting.
This is accomplished by adding a WINS lookup record
to the authoritative zone.
After it is configured, the DNS server will query a WINS
server for every request made to it for which it does not
have a valid record.
If the requested name is located on the WINS server,
the information is returned to the requesting client via
the DNS server.
The process is invisible to all clients.
81
Notes
191
Start or stop the TCP/IP services from the command prompt
82
Notes
192

Arp
Displays and modifies entries in the Address Resolution Protocol (ARP)
cache
Nslookup
Displays information that you can use to diagnose Domain Name System
(DNS) infrastructure.
Finger
Displays information about a user or users on a specified remote computer
(typically a computer running UNIX) that is running the Finger service or
daemon
Ping
Verifies IP-level connectivity to another TCP/IP computer by sending
Internet Control Message Protocol (ICMP) Echo Request messages.
Ftp
Transfers files to and from a computer running a File Transfer Protocol
(FTP) server service such as Internet Information Services.
Rcp
Copies files between a Windows XP computer and a system running rshd,
the remote shell service (daemon).
83
Notes
193

Hostname
Displays the host name portion of the full computer name of the computer.
Rexec
Runs commands on remote computers running the Rexec service (daemon)
Ipconfig
Displays all current TCP/IP network configuration values and refreshes
Dynamic Host Configuration Protocol (DHCP) and Domain Name System
(DNS) settings.
Route
Displays and modifies the entries in the local IP routing table.
Lpq
Displays the status of a print queue on a computer running Line Printer
Daemon (LPD).
Rsh
Runs commands on remote computers running the RSH service or daemon.
Windows XP and Windows 2000 do not provide an RSH service.
Lpr
Sends a file to a computer running Line Printer Daemon (LPD) in preparation
for printing.
84
Notes
194

Tftp
Transfers files to and from a remote computer, typically a computer running
UNIX, that is running the Trivial File Transfer Protocol (TFTP) service or
daemon.
Nbtstat
Displays NetBIOS over TCP/IP (NetBT) protocol statistics, NetBIOS name
tables for both the local computer and remote computers, and the NetBIOS
name cache.
Tracert
Determines the path taken to a destination by sending Internet Control
Message Protocol (ICMP) Echo Request messages to the destination with
incrementally increasing Time to Live (TTL) field values.
Netstat
Displays active TCP connections, ports on which the computer is listening,
Ethernet statistics, the IP routing table, IPv4 statistics (for the IP, ICMP,
TCP, and UDP protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP
over IPv6, and UDP over IPv6 protocols).
85
Notes
195
Introduction
If you are in a meeting, you have certain rules of order that are used so that everyone isn't
talking at once. If you wish to speak you raise your hand and avoid speaking until the
moderator recognizes you. It is the same with an Ethernet network and with the Internet.
The Internet transmits data in something called packets, each 1500 bytes. Each packet has
some overhead information about the address to which it is to go, where it fits relative to
other packets in your total transmission, and some error-checking information. This system
was birthed during the cold war with concerns about a city being destroyed. The packets
could be routed through the network in multiple ways and then reassembled at the
destination. If one path was down, a packet would automatically be sent another way. This
means the packets of a particular message you get (email, web page, or file) could arrive at
your system using multiple routes. It is then reassembled just before it reaches you. The
system, or protocol, for this transmission is defined as the Internet Protocol, or IP. The
Internet addressing scheme is defined within that protocol.
There is a second protocol that is closely related to the Internet Protocol, and this one is
called the Terminal Control Protocol, or TCP. It makes sure packets get where they are
going and are reassembled in the right order. The TCP and IP protocols are so closely
related that they are often referred to as the TCP/IP protocol. For most people doing
networking and broadband Internet, this is the only networking protocol you need to install
on your computer.
Since TCP/IP is a protocol suite, it is most often discussed in terms of the protocols that
comprise it. Each protocol resides in a particular layer of the OSI model discussed in the
previous chapter. Every TCP/IP protocol is charged with performing a certain subset of the
total functionality required to implement a TCP/IP network or application. TCP/IP is
actually a suite of protocols that work together to provide for reliable and efficient data
communications across an internetwork, which is a network of networks, local and wide
area.
There are there are many hundreds of TCP/IP protocols and applications, however, there are
only a few TCP/IP protocols that are usually called the core of the suite, because they are
responsible for its basic operation. The main protocols at the Internet and Transport layers
are the Internet Protocol (IP), Transmission Control Protocol (TCP) and User Datagram
Protocol (UDP). These core protocols support many other protocols, to perform a variety of
functions at each of the TCP/IP model layers. Still others enable user applications to
function.
196
The Characteristics of the TCP/IP Protocol Suite

TCP/IP carefully defines how information moves from sender to receiver. First, application
programs send messages or streams of data to one of the Internet Transport Layer Protocols,
either the User Datagram Protocol (UDP) or the Transmission Control Protocol (TCP).
These protocols receive the data from the application, divide it into smaller pieces called
packets, add a destination address, and then pass the packets along to the next protocol
layer, the Internet Network layer.
The Internet Network layer encloses the packet in an Internet Protocol (IP) datagram, puts
in the datagram header and trailer, decides where to send the datagram (either directly to a
destination or else to a gateway), and passes the datagram on to the Network Interface layer.
The Network Interface layer accepts IP datagrams and transmits them as frames over
specific network hardware, such as Ethernet or Token-Ring networks.
The TCP/IP Protocol has the following characteristics:
Open protocol and universal interconnectivity

TCP/IP isn't based on or tied to any particular operating system; it's an open
standard that developers can base new systems on without having to worry about
interoperability issues. For example, two different operating systems or processes
running on separate computers can directly communicate using TCP/IP.
Conformity (modularity)
Even though it preceded the emergence of the OSI model by nearly a decade,
TCP/IP conforms to the OSI model. TCP/IP protocols communicate only with the
layers immediately below and above the layers on which they operate. This layering
creates a modularity that can easily be adapted by any system.
Internet addressing
TCP/IP supports a 32-bit (4-octet) addressing scheme that enables it to address over
four billion Internet hosts. This address system is used to identify both the network
and the host.
In addition to the preceding characteristics, the protocols that make up the TCP/IP protocol
suite also provide a wide range of functionality, versatility, and interoperability options to
networked users. It is scalable for use in small and large networks. In large networks, it
provides routing services. It is designed to be fault tolerant, able to dynamically reroute
packets if network links become unavailable by using alternate paths. Protocol companions
such as Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS)
offer advanced functionality.
Documentation of the Internet protocols (including new or revised protocols) and policies
are specified in technical reports called Request For Comments (RFCs), which are
published and then reviewed and analyzed by the Internet community. Protocol refinements
197
are published in the new RFCs. To illustrate the scope of the Internet protocols, maps many
of the protocols of the Internet protocol suite and their corresponding OSI layers.
Figure 7-1 Internet protocols span the complete range of OSI model layers.

The TCP/IP network interface layer provides network functions such as frame
synchronization, media access, and error control. It is sometimes referred to as the network
access layer, and is roughly equivalent to the OSI model's data link layer. Its functionality is
divided between the network interface carddriver combination and the low-level protocol
stack driver.
Frame Addressing and Delivery
At the lowest levels of the network, a frame is transmitted across media based on its
destination media access control (MAC) address. For Ethernet and Token Ring networks,
the MAC address is a 48-bit field that uniquely identifies the destination network interface
for each frame. The MAC address is usually written and displayed in network packet
capture logs as a series of 12 hexadecimal digits in the format 0xAB-CD-EF-12-34-56.
Normally, a network adapter filters out all incoming frames except those that contain one of
the following destination addresses:
198
The adapter address, used in unicast (one-to-one) transmissions.
The all-ones broadcast address (0xFF-FF-FF-FF-FF-FF), which indicates that

all network interfaces on the local area network (LAN) should receive the frame.
As a packet traverses a network or series of networks, the source MAC address is always
that of the network interface card (NIC) that placed it on the media, and the destination
MAC address is that of the NIC that is intended to pull it off the media. In a routed network,
this means that the source and destination MAC address changes with each hop through a
network-layer device (a router or a layer-3 switch). Therefore, two packets with the same
source or destination address at the IP level can contain different MAC addresses,
depending on the path the packet takes through the network.
Processing Received Frames
Because the hardware makes the first filtering decision, the NIC can discard any frames that
do not meet the filter criteria without incurring any CPU processing. All frames, including
broadcasts, that pass the hardware filter and frame check sequence validation (a check for
data corruption in the frame) are passed up to the NIC driver through a hardware interrupt.
Because the NIC driver software runs on the computer, any frame that makes it this far
requires some CPU time to process. The NIC driver brings the frame into system memory
from the interface card. The frame is then passed up to the appropriate bound transport
driver or drivers. Frames are passed up to all bound transport drivers in the order that they
are bound.
Address Resolution Protocol (ARP) Overview

For two machines on a given network to communicate, they must know the other machine's
physical (or MAC) addresses. By broadcasting Address Resolution Protocols (ARPs), a host
can dynamically discover the MAC-layer address corresponding to a particular IP networklayer address.
After receiving a MAC-layer address, IP devices create an ARP cache to store the recently
acquired IP-to-MAC address mapping, thus avoiding having to broadcast ARPS when they
want to recontact a device. If the device does not respond within a specified time frame, the
cache entry is flushed.
In addition to the Reverse Address Resolution Protocol (RARP) is used to map MAC-layer
addresses to IP addresses. RARP, which is the logical inverse of ARP, might be used by
diskless workstations that do not know their IP addresses when they boot. RARP relies on
the presence of a RARP server with table entries of MAC-layer-to-IP address mappings.
Components of the TCP/IP Protocol Suite

The network layer (layer three) protocol provides addressing, datagram routing and other
functions in an internetwork. The Transmission Control Protocol (TCP) is the primary
transport layer (layer four) protocol, and is responsible for connection establishment and
management and reliable data transmission. Due to the importance of these two protocols,
their abbreviations have come to represent the entire suite: TCP/IP. IP and TCP are
important because many of TCP/IP's most critical functions are implemented at layers three
199
and four. However, there is much more to TCP/IP than just TCP and IP. The protocol suite
as a whole requires the work of many different protocols and technologies to make a
functional network that can properly provide users with the applications they need.
TCP/IP uses its own four-layer architecture that corresponds roughly to the OSI Reference
Model and provides a framework for the various protocols that comprise the suite. It also
includes numerous high-level applications, some of which are well-known by Internet users
who may not realize they are part of TCP/IP, such as HTTP (which runs the World Wide
Web) and FTP.
Since TCP/IP is a protocol suite, it is most often discussed in terms of the protocols that
comprise it. Every TCP/IP protocol is charged with performing a certain subset of the total
functionality required to implement to implement a TCP/IP network or application. They
work together to allow TCP/IP as a whole to operate.
There are a few TCP/IP protocols that are usually called the core of the suite, because
they are responsible for its basic operation. However, the main protocols at the internet and
transport layers are the Internet Protocol (IP), Transmission Control Protocol (TCP) and
User Datagram Protocol (UDP). These core protocols support many other protocols, to
perform a variety of functions at each of the TCP/IP model layers. Still others enable user
applications to function.
The Internet Protocol (IP)

The Internet Protocol (IP) is the primary network layer protocol in the protocol suite that
contains addressing information and some control information that enables packets to be
routed. IP has two primary responsibilities: providing connectionless delivery of datagrams
between internetworked devices; and providing fragmentation and reassembly of datagrams to
support data links with different maximum-transmission unit (MTU) sizes.
These datagrams are then passed down to the data link layer where they are sent over physical
network links. In order for this to work properly, each datagram must be small enough to fit
within the frame format of the underlying technology. If the message is bigger than the
maximum frame size of the underlying network, it may be necessary to break up an IP
message into several datagrams, a process called fragmentation. The datagrams are then sent
individually and reassembled into the original message.
Data transmitted over an internet using IP is carried in messages called IP
datagrams. Like all network protocol messages, IP uses a specific format for its
datagrams such as IP v4. The IPv4 datagram is conceptually divided into two
pieces: the header and the payload. The header contains addressing and control
fields, while the payload carries the actual data to be sent over the internetwork.
Unlike some message formats, IP datagrams do not have a footer following the
payload.
Even though IP is a relatively simple, connectionless, unreliable protocol, the
IPv4 header carries a fair bit of information, which makes it rather large. At a
minimum, it is 20 bytes long, and with options can be significantly longer.
200
IP Address
The IP address uniquely identifies your computer on the network. It is a four-field, 32 bit
address, separated by periods, normally expressed as four "octets" in a "dotted decimal
number (notation)."
The four numbers in an IP address are called octets because they can have
values between 0 and 255 (28 possibilities per octet).
For instance, the IP address 172.16.122.204 is analogous to your telephone number in

that the telephone number is used by the telephone network to direct calls to you. The IP
address is used by the Internet to direct data to your computer, e.g. the data your web
browser retrieves and displays when you surf the net. One task of DHCP is to assist in
getting a functional and unique IP number for the computers that connect to the Internet.
Every machine on the Internet has its own IP address. A server has a static IP address that
does not change very often. A computer at home that is dialing up through a modem often
has an IP address that is assigned by the Internet Service Provider (ISP) when you dial in.
That IP address is unique for your session and may be different the next time you dial in. In
this way, an ISP only needs one IP address for each modem it supports, rather than for
every customer.
There are two parts in the address format: the network address and the host (or local)
computers address. IP addressing supports five different address classes: A, B, C, D, and
E. Only classes A, B, and C are available for commercial use.
The left-most (high-order) bits indicate the network class provides reference information
about the five IP address classes. The IP address has three main classes: Class A, B and C.
201
Figure 7-2 IP Class Assignments
Depending on the class you use, different parts of the address show the network portion and
the host address as shown below.
Figure 7-2 IP Class Network and Host Addresses
The class of address can be determined easily by examining the first octet of the address
and mapping that value to a class range in the following table. In an IP address of
172.31.1.2, for example, the first octet is 172. Because 172 falls between 128 and
191, 172.31.1.2 is a Class B address.
The PING (Packet Internet Groper) TCP/IP utility is used to check the validity of a remote
IP address.
IP Subnet Addressing
IP networks can be divided into smaller networks called subnetworks (or subnets).
Subnetting provides the network administrator with several benefits, including extra
flexibility, more efficient use of network addresses, and the capability to contain broadcast
traffic (a broadcast will not cross a router).
Subnets are under local administration. As such, the outside world sees an organization as a
single network and has no detailed knowledge of the organization's internal structure.
A given network address can be broken up into many subnetworks. For example,
172.16.1.0, 172.16.2.0, 172.16.3.0, and 172.16.4.0 are all subnets
within network 171.16.0.0. (All 0s in the host portion of an address specifies the entire
network.)
Subnet Mask
The subnet mask is used to specify which part of the IP address is the network address and
which part of the address is the host.
202
By using 255, you are selecting the octets used to identify the network address. For
example, in the Class B network address 192.200.2.1, if the subnet mask is
255.255.0.0, then 192.200 is the network address, and 2.1 is the host address.
The default gateway is configured if the network contains a router. This address is
configured by the network administrators and it informs each personal computer or other
network device where to send data if the target station does not reside on the same subnet as
the source. If your machine can reach all stations on the same subnet (usually a building or
a sector within a building), but cannot communicate outside of this area, it is usually
because of an incorrectly configured default gateway.
As an example below, Network A uses the IP address 131.1.0.0. Network B uses the IP
address 131.2.0.0. In this case, each network card in the router should be configured
with an IP address of the network card on the router that is attached to the network segment.
In this example, the computer Win2K1 is attached to Network A. the default gateway that
would be configured for this computer is 131.1.0.0. The computer Win2K2 is attached
to Network B. The default gateway that would be configured for this computer is
131.2.0.10.
Figure 7-3 Configuring default gateways

How Subnet Masks are Used to Determine the Network Number
The router performs a set process to determine the network (or more specifically, the
subnetwork) address. First, the router extracts the IP destination address from the
incoming packet and retrieves the internal subnet mask. It then performs a logical AND
operation to obtain the network number. This causes the host portion of the IP
destination address to be removed, while the destination network number remains. The
router then looks up the destination network number and matches it with an outgoing
interface. Finally, it forwards the frame to the destination IP address.
203
Finding Your Internet IP and Subnet
If you are NOT using a router, go to the command mode on your computer and enter
IPCONFIG -all. The screen will display the IP, subnet, DNS server, physical address,
and more. The DNS server is the system on the Internet that converts a domain name to
its IP address.
If you are using a router, this is more complicated as the router shields your system
from the actual Internet addressing. Try the above on your system and you will get the
IP and subnet assigned by the DHCP in the router to your computer. To find the actual
address you are using on the Internet, you will need to access the configuration screen
of the router (or wireless access point if you are using that - which as a router in it.) For
instance, if you are using a Linksys wireless access point, type this is http://192.168.1.1/
on your browser. For a Linksys WAP on the configuration screen you would then select
the Status option. You will then see the IP, subnet, DNS, physical address and more you
are using with the Internet at that time.
One quick troubleshooting trick when your system locks up on the Internet is to close
the browser or email program and then disconnect the power cord from the modem for
30 seconds. Then restore the modem's power again. This forces the router to request a
new IP from the Internet. This takes the system a few seconds to complete. Then your
system is up again. This also forces the router to reassign the local IPs again as well.
You could use the router's reset button to do this, but I like the strategy of dropping the
modem's power.
Internet Protocol Routing

Internet Protocol (IP) routing protocols are dynamic. Dynamic routing calls for routes to be
calculated automatically at regular intervals by software in routing devices. This contrasts
with static routing, where routers are established by the network administrator and do not
change until the network administrator changes them.
Figure 7-4 shows an example of dynamic routing
204
Figure 7-5 shows an example of static routing
An IP routing table, which consists of destination address/next hop pairs, is used to enable
dynamic routing. An entry in this table, for example, would be interpreted as follows: to get to
network 172.31.0.0, send the packet out Ethernet interface 0 (E0).
IP routing specifies that IP datagrams travel through internetworks one hop at a time. The
entire route is not known at the onset of the journey, however. Instead, at each stop, the next
destination is calculated by matching the destination address within the datagram with an
entry in the current node's routing table.
Each node's involvement in the routing process is limited to forwarding packets based on
internal information. The nodes do not monitor whether the packets get to their final
destination, nor does IP provide for error reporting back to the source when routing anomalies
occur. This task is left to another Internet protocol, the Internet Control-Message Protocol
(ICMP).
Internet Control-Message Protocol (ICMP)

The Internet Control Message Protocol (ICMP) is a special form of IP used to handle error
and status messages between IP layers on different machines. It is a network-layer Internet
protocol that provides message packets to report errors and other information regarding IP
packet processing back to the source. Whenever one IP layer has to send information to
another, it uses ICMP. Also, whenever IP software detects an error of some sort, it uses
ICMP to send reports to the other machine. Probably the most common use of ICMP is for
the ping command, which checks whether a machine is responsive by sending a small
ICMP message to the machine and waiting for a reply.
ICMP Messages
ICMPs generate several kinds of useful messages, including:
Destination Unreachable
205
Echo Request and Reply
Redirect
Time Exceeded
Router Advertisement
Router Solicitation
If an ICMP message cannot be delivered, no second one is generated. This is to avoid

an endless flood of ICMP messages.
When an ICMP destination-unreachable message is sent by a router, it means that the
router is unable to send the package to its final destination. The router then discards the
original packet. Two reasons exist for why a destination might be unreachable. Most
commonly, the source host has specified a nonexistent address. Less frequently, the
router does not have a route to the destination.
Destination-unreachable messages include four basic types: network unreachable, host
unreachable, protocol unreachable, and port unreachable.
Network-unreachable messages usually mean that a failure has occurred in the
routing or addressing of a packet.
Host-unreachable messages usually indicates delivery failure, such as a wrong
subnet mask.
Protocol-unreachable messages generally mean that the destination does not
support the upper-layer protocol specified in the packet.
Port-unreachable messages imply that the TCP socket or port is not available.
An ICMP echo-request message, which is generated by the ping command, is sent by
any host to test node reachability across an internetwork. The ICMP echo-reply
message indicates that the node can be successfully reached.
An ICMP Redirect message is sent by the router to the source host to stimulate more
efficient routing. The router still forwards the original packet to the destination. ICMP
redirects allow host routing tables to remain small because it is necessary to know the
address of only one router, even if that router does not provide the best path. Even after
receiving an ICMP Redirect message, some devices might continue using the lessefficient route.
An ICMP Time-exceeded message is sent by the router if an IP packet's Time-to-Live
(TTL) field (expressed in hops or seconds) reaches zero. The TTL field prevents
packets from continuously circulating the internetwork if the internetwork contains a
routing loop. The router then discards the original packet.
ICMP Router-Discovery Protocol (IDRP)

IDRP uses Router-Advertisement and Router-Solicitation messages to discover the
addresses of routers on directly attached subnets. Each router periodically multicasts
206
Router-Advertisement messages from each of its interfaces. Hosts then discover addresses
of routers on directly attached subnets by listening for these messages. Hosts can use
Router-Solicitation messages to request immediate advertisements rather than waiting for
unsolicited messages.
IRDP offers several advantages over other methods of discovering addresses of neighboring
routers. Primarily, it does not require hosts to recognize routing protocols, nor does it
require manual configuration by an administrator.
Router-Advertisement messages enable hosts to discover the existence of neighboring
routers, but not which router is best to reach a particular destination. If a host uses a poor
first-hop router to reach a particular destination, it receives a Redirect message identifying a
better choice.

Transmission Control Protocol (TCP) is the primary transport protocol of the TCP/IP
protocol suite. It provides reliable transmission of data in an IP environment. TCP
corresponds to the transport layer (Layer 4) of the OSI reference model. Among the services
TCP provides are stream data transfer, reliability, efficient flow control, full-duplex
operation, and multiplexing.
With stream data transfer, TCP delivers an unstructured stream of bytes identified by
sequence numbers. This service benefits applications because they do not have to chop data
into blocks before handing it off to TCP. Instead, TCP groups bytes into segments and
passes them to IP for delivery.
TCP offers reliability by providing connection-oriented, end-to-end reliable packet delivery
through an internetwork. It does this by sequencing bytes with a forwarding
acknowledgment number that indicates to the destination the next byte the source expects to
receive. Bytes not acknowledged within a specified time period are retransmitted. The
reliability mechanism of TCP allows devices to deal with lost, delayed, duplicate, or
misread packets. A time-out mechanism allows devices to detect lost packets and request
retransmission.
TCP offers efficient flow control, which means that, when sending acknowledgments back
to the source, the receiving TCP process indicates the highest sequence number it can
receive without overflowing its internal buffers.
207
Figure 7-6 shows an example diagram of network flow control
Full-duplex operation means that TCP processes can both send and receive at the same
time. TCP is a connection-based protocol, meaning that the sending and the destination
machines communicate with each other by sending status messages back and forth. If the
connection is lost because of routing problems or machine failures, errors are sent to the
applications that use TCP. Some service use TCP to maintain a connection between two
machines, notably FTP or Telnet, both of which enable you to move files and commands
back and forth between two machines as if you were logged into both at the same time.

The User Datagram Protocol (UDP) is a connectionless transport-layer protocol (Layer 4)
that belongs to the Internet protocol family. UDP is basically an interface between IP and
upper-layer processes. UDP protocol ports distinguish multiple applications running on a
single device from one another.
Unlike the TCP, UDP adds no reliability, flow-control, or error-recovery functions to IP.
Because of UDP's simplicity, UDP headers contain fewer bytes and consume less network
overhead than TCP.
UDP is useful in situations where the reliability mechanisms of TCP are not necessary, such
as in cases where a higher-layer protocol might provide error and flow control.
UDP is the transport protocol for several well-known application-layer protocols, including
Network File System (NFS), Simple Network Management Protocol (SNMP), Domain
Name System (DNS), and Trivial File Transfer Protocol (TFTP).
The UDP packet format contains four fields, which include source and destination ports,
length, and checksum fields.
Source and destination ports contain the 16-bit UDP protocol port numbers used to
demultiplex datagrams for receiving application-layer processes. A length field specifies the
208
length of the UDP header and data. Checksum provides an (optional) integrity check on the
UDP header and data.
Figure 7-7 shows the UDP packet format
Function of Dynamic Host Configuration Protocol

(DHCP)
Each device that will use TCP/IP on your network must have a valid, unique IP address.
This address can be manually configured or can be automated through DHCP. DHCP is
implemented as a server and a client. The DHCP server is configured with a pool of IP
addresses and their associated IP configurations while the DHCP client is configured to
automatically access the DHCP server to obtain its IP configuration.
Figure 7-8 shows how the DHCP in a router works
The router separates the Internet network from the local network. The DHCP in the router
product acts as a small server system. When a computer in a local network needs an address
from the Internet, it asks the DHCP for and address and the DHCP assigns a local IP. The
NAT in the router then requests and obtains an IP from the Internet DHCP. The Internet
sees a completely different address for this system than any address you see here. The
router then converts between that address and any local computer address.
209
Notice that all local addresses begin with 192.168.1. This is the "Part 1" of any local
address and defines the network. Any local network using Linksys equipment will have this
same "Part 1". It is never seen by the larger Internet network, as the router converts
everything. When an Internet network is defined by the first three octet groups it is called a
Class C network. A Class C network can have as many as 2,097,152 possible addresses, but
supports only 254 possible hosts (the other two addresses are reserved). A Class A network,
in comparison, is defined by the single first octet. There can be only 126 Class A networks;
but each can support over 12 million hosts. A class B network would be defined by the first
two octets.
The router product also blocks any attempt from outside the local network to access the
local computers using their 192.168.1.XXX address. The router knows this is a local
number only, and protects the network from any outside intrusion using this number. In
other words, you have a firewall here as well.
How does DHCP work? When the client starts up, it sends a broadcast DHCPDISCOVER
message, requesting a DHCP server. The request included the hardware address of the
client computer. Any DHCP server receiving the broadcast that has available IP services
will send a DHCPOFFER message to the client. This message offers an IP address for a set
period of time, a subnet mask, and a server identifier (the IP address of the DHCP server).
The address offered by the server is marked unavailable and will not be offered to other
clients during the DHCP negotiation period.
A DHCP lease is the amount of time that the DHCP server grants to the DHCP client
permission to use a particular IP address. A typical server allows its administrator to set
the lease time.
The client selects one of the offers and broadcasts a DHCPREQUEST message, indicating
its selection. This allows any DHCP offers that were not accepted, to be returned to the
pool of IP addresses. The selected DHCP server then sends back a DHCPACK message as
an acknowledgment, indicating the IP address, the subnet mask, and the duration of the
lease that the client will use. It may also send additional configuration information such as
the default gateway address or the DNS server address.
Figure 7-9 The DHCP lease generation process
210
Implementing NetBIOS Name Resolution

Microsoft started with a different protocol as its LAN Manager operating system's native
protocol, known as NetBIOS Extended User Interface (NetBEUI). NetBEUI was useful for
small networks since it did not require configuration and complex addressing like TCP/IP
does. However, NetBEUI cannot handle routing and does not perform well in large
environments. Thus, Microsoft needed to add TCP/IP support.
When Microsoft began to add TCP/IP support to its LAN server products, the naming
system used on Microsoft networks at that time would not function on routed TCP/IP
networks. Microsoft LAN Manager computers use the computer's NetBIOS names for
identification. Although this makes maintaining the network very simple for an
administrator - because servers are automatically advertised on the network by name - this
naming system was a problem with TCP/IP.
NetBIOS has a design limitation that shows up in routed networks because NetBIOS relies
heavily on broadcast messages (as way of transmitting data in the network) to advertise
servers and their shared resources. Broadcast messages are messages that are received by
every computer on a network segment, rather than by a specific computer. This setup
usually works on smaller networks but can add overwhelming amounts of broadcast traffic
on an enterprise network. When this happens, your network will suffer a broadcast storm.
To confine the impact of broadcast messages on a TCP/IP network, IP routers do not
forward broadcast messages. Unlike the Microsoft NWLink protocol for IPX compatibility,
which was written by Microsoft to support broadcasts, TCP/IP conforms to very strict
standards. To function in a TCP/IP environment, Microsoft's TCP/IP implementation had to
conform to the standard. Therefore, Microsoft had to find a way to make NetBIOS naming
work in a standard TCP/IP network.
Microsoft's first solution, introduced in its older LAN Manager server, was to use a LAN
Manager HOSTS (LMHOSTS) file on each computer on the network. Similar to the
HOSTS file used before DNS was available, LMHOSTS consists of records matching
NetBIOS names to IP addresses. An LMHOSTS file is a text file that must be edited
manually. After creating a master LMHOSTS file, an administrator must copy the file to
every computer on the network. Every time a computer was installed or removed, the
master LMHOSTS file had to be updated and redistributed. When a computer couldn't find
a particular NetBIOS computer on the local network, it would consult its LMHOSTS file to
see whether the computer could be found elsewhere.
LMHOSTS file is used when planning a NetBIOS name resolution. Since computers
communicate on a network through broadcast messages, every computer receives and
through directed messages, which are sent to a specific computer. Whenever possible,
communicating through directed messages is preferable. This approach cuts down on the
amount of network traffic and ensures that only the affected hosts receive the message. It
also ensures that the messages propagate across routers. TCP/IP makes sure that WINS
communicated primarily with directed messages.
211
NetBIOS Naming Methods

There are several types of NetBIOS naming methods. These naming methods are commonly
called node types. A node is simply a device on a network and every Windows-based
computer is configured as one of four node types. The node type determines whether the
computer will learn names through broadcast messages, directed messages, or some
combination of broadcast and directed messages.
B-node (broadcast node)

This node relies exclusively on broadcast messages and is the oldest NetBIOS name
resolution mode. A host needing to resolve a name request sends a message to
every host within earshot, requesting the address associated with a hostname. Bnode has two shortcomings: Broadcast traffic is undesirable and becomes a
significant user of network bandwidths, and TCP/IP routers don't forward broadcast
messages, which restricts B-node operation to a single network segment.
P-node (point-to-point node)

This node relies on WINS servers for NetBIOS name resolution. Client computers
register themselves with a WINS server when they come on the network. They then
contact the WINS server with NetBIOS name resolution requests. WINS servers
communicate using directed messages, which can cross routers, so P-node can
operate on large networks. Unfortunately, if the WINS server is unavailable, or if a
node isn't configured to contact a WINS server, P-node name resolution fails.
M-node (modified node)

This hybrid mode first attempts to resolve NetBIOS names using the B-node
mechanism. If that fails, an attempt is made to use P-node name resolution. M-node
was the first hybrid mode put into operation, but it has the disadvantage of favoring
B-node operation, which is associated with high levels of broadcast traffic.
H-node (hybrid node)

This hybrid mode favors the use of WINS for NetBIOS name resolution. When a
computer needs to resolve a NetBIOS name, it first attempts to use P-node
resolution to resolve a name via WINS. Only if WINS resolution fails does the host
resort to B-node to resolve the name via broadcasts. Because it typically results in
the best network utilization, H-node is the default mode of operation for Microsoft
TCP/IP client computers configured to use WINS for name resolution. Microsoft
recommends leaving TCP/IP client computers in the default H-node configuration.
Understanding Naming Convention

Naming conventions resolve a name to a network address, generally an IP address. The
difference between naming conventions lies in each convention's distinct approach to
resolving names.
The following naming conventions are used to identify computers in various Windows
name-resolution methods, including the Windows 2000 method:
212
Computer Name
In the flat NetBIOS name space, a single name clearly resolves a computer name to a
network address. This is the name that previous Windows versions stored in browser and
master browser lists, enabling peer Windows networks to browse resources on networked
Windows computers. In this scenario, the term associated with the computer was computer
name. Registration of the computer name depended on network broadcasts (and a master
browser, determined by elections won by later Windows version numbers or Windows NT
usage, or a combination). This was useful for small, peer-based Windows networks, but
networks soon grew beyond what the use of broadcasts and simple flat-file master browser
lists could service.
Host Name
The Windows Internet Naming Service (WINS) came in, which enabled a dynamic and
centralized repository of NetBIOS-based computer names stored on WINS servers. These
repositories could service a larger network. This was a step in the right direction because
name-resolution queries could be directed to a WINS server (rather than being broadcast)
and conflicts could be centrally arbitrated. With WINS, the term computer name was
retained, but the term host name also appeared and was used interchangeably with computer
name. At the time, WINS was used to solve the default names for Windows platforms, but
DNS was gaining with the popularity and proliferation of larger and larger networks.
Networks grew, and WINS became less capable of handling the growing volume of names.
The decreasing capability of WINS to handle the name-resolution load was not due to the
processing power required for resolution, but instead, to the fact that generating unique
names for lots of computers became an ever-increasing management burden.
Fully Qualified Domain Name
DNS is a better solution; with its hierarchical name space, the need for unique computer
names is isolated to a given domain, enabling a computer name such as server1 to exist in
different domain locations in the same hierarchy. With the capability to have the same host
name in different domains, there was a need for a name that properly addressed the DNS
hierarchy. The name had to include not only the computer name or host name, but also a
name that could clearly identify, or fully qualify, that computer within the entire DNS
hierarchy. That name is the fully qualified domain name (FQDN) - for example,
server1.widgets.microsoft.com.
Fully Qualified Domain Name (FQDN) is a name that uniquely identifies a host in the
DNS hierarchy, such that a host called server1 in the products hierarchy at Microsoft
may have an FQDN of server1.products.Microsoft.com.
Relative Distinguished Name
However, in certain situations, the domain-hierarchy part of the FQDN is cumbersome and
a local name for a given computer (or any other DNS host) that is relative to the DNS
domain in which the host resides is needed. That name is the relative distinguished name.
The relative distinguished name is simply the single host name to the left of the leftmost dot
213
in the FQDN, such that an FQDN of server1.widgets.microsoft.com has server1 as its

relative distinguished name.
Relative Distinguished Name is a name that uniquely identifies a host within its own
domain, but not throughout the entire DNS hierarchy. For example, server1 is a
relative distinguished name, while server1.products.Microsoft.com is a fully qualified
domain name (FQDN).
Rather than imposing new names or new naming conventions on users of NetBIOS names,
DNS simply uses the computer name (host name) as the relative distinguished name and
appends the DNS domain hierarchy to that name to create the FQDN. The following figure
illustrates how to identify the computer-name (or host-name, or relative distinguished
name) part of the FQDN:
Figure 7-10 shows how to identify the computer-name (or host-name, or relative
distinguished name) part of the FQDN
Microsoft NetBIOS Computer Naming Conventions
A computer name can be up to 15 alphanumeric characters with no blank spaces. The name
must be unique on the network and can contain the following special characters:
! @ # $ % ^ & ( ) - _ ' { } . ~
The following characters are not allowed:
\ * + = | : ; " ? < > ,
214
Function of Windows Internet Name Service (WINS)

The WINS infrastructure was used in the earlier versions of Windows NT networks, even
up to the current version, Windows Server 2003.
In Windows Server 2003, WINS is used for backward compatibility only. Windows
Server 2003 Active Directory networks do not need WINS at all.
The purpose of WINS is to allow a NetBIOS name to be converted to an IP address.

Therefore computers using WINS must be using NBT (NetBIOS over TCP/IP). WINS was
originally put in place to compensate for a shortcoming of NetBEUI because it is not
routable. On large networks, the IP is used to transport NetBIOS and rather than using
broadcasts, information is sent to the WINS server.
At the enterprise level, a network typically has one or more WINS servers that a WINS
client may contact for name resolution. In fact, WINS servers may be configured on a given
network so that they replicate all computer names to IP address mappings to each others
respective databases.
There are four elements can be found in a WINS network:
WINS servers - When WINS client computers enter the network, they contact a
WINS server using a directed message. The client computer registers its name with
the WINS server and uses the WINS server to resolve NetBIOS names to IP
addresses.
WINS client computers - WINS client computers use directed (P-node) messages
to communicate with WINS servers and are typically configured to use H-node
communication. Windows 2000, Windows NT, Windows 95 and 98, and Windows
for Workgroups computers can be WINS client computers.
Non-WINS client computers - Older Microsoft network client computers that can't
use P-node can still benefit from WINS. Their broadcast messages are intercepted
by WINS proxy computers that act as intermediaries between the B-node client
computers and WINS servers. MS-DOS and Windows 3.1 client computers
function as non-WINS clients.
WINS proxies -Windows NT, Windows 95 and 98, and Windows for Workgroups
client computers can function as WINS proxies. They intercept B-node broadcasts
on their local subnet and communicate with a WINS server on behalf of the B-node
client computer.
Out of the box, when you configure a Windows NT Serverbased network to use WINS for
its name registration, it adheres to the h-node broadcasting methodology. The h-node refers
to one of the NetBIOS over TCP/IP modes that defines how NBT identifies and accesses
resources on a network.
In a nutshell, the WINS client checks to see if it is the local machine name during name
resolution. Then it looks at its cache of remote names. Any name that is resolved is placed
in a cache, where it remains for 10-minutes. After that, it attempts to contact the WINS
215
server, and then attempts to broadcast. It also checks the LMHOSTS file (if it is configured
to use and check the LMHOSTS file). Lastly, it tries the HOSTS file and then DNS (if
appropriately configured).
When a WINS client boots on the network, a Name Registration Request packet is sent to
the WINS server via TCP/IP to register the client computer name. As many Name
Registration Request packets are sent as necessary to register names. Not surprisingly, these
packets contain the WINS clients IP address and name. When a client uses WINS it
announces to the WINS server over TCP/IP rather than broadcasting to all computers.
Function of Domain Name System (DNS)

The Domain Name System (DNS) helps users to find their way around the Internet. Every
computer on the Internet has a unique address just like a telephone number which is a
rather complicated string of numbers called the IP address. Translating the name into the IP
address is called "resolving the domain name." The goal of the DNS is for any Internet user
any place in the world to reach a specific website IP address by entering its domain name.
Domain names are also used for reaching e-mail addresses and for other Internet
applications. These logical names also allow independence from knowing the physical
location of a host. A host may be moved to a different network, while the users continue to
use the same logical name.
The DNS provides the protocol which allows clients and servers to communicate with each
other.
DNS servers are used to resolve host names to IP addresses. This makes it easier for people
to access domain hosts. When you use the Web or send an e-mail message, you use a
domain name to do it. For example, the URL "http://www.trendmicro.com" contains the
domain name trendmicro.com. So does the e-mail address "antivirus@trendmicro.com."
Human-readable names like "trendmicro.com" are easy for people to remember, but they
are not useful to data communication. All of the computers use names called IP addresses to
refer to one another. Every time you use a domain name, you use the Internet's domain
name servers (DNS) to translate the human-readable domain name into the machinereadable IP address. During a day of browsing and e-mailing, you might access the domain
name servers hundreds of times!
Domain name servers translate domain names to IP addresses. The following are things you
need to know about how DNS servers work:
216
There are billions of IP addresses currently in use, and most machines have a
human-readable name as well.
There are many billions of DNS requests made every day. A single person can
easily make a hundred or more DNS requests a day, and there are hundreds of
millions of people and machines using the Internet daily.
Domain names and IP addresses change daily.
New domain names are created daily.
Millions of people manually change and add domain names and IP addresses every
day.
It is impossible to remember IP addresses of all of the Web sites we visit every day! Human
beings just are not that good at remembering strings of numbers. We are good at
remembering words, however, and that is where domain names come in. Just a few
examples of the hundreds of popular domain names stored below. For example:
www.google.com - a typical name
www.yahoo.com - the world's best-known name
www.mit.edu - a popular EDU name
encarta.msn.com - a Web server that does not start with www
www.bbc.co.uk - a name using four parts rather than three
ftp.trendmicro.com - an File Transfer Protocol (FTP) server rather than a Web

server
Top-Level Domains
The root of system is unnamed. There is a set of what are called "top-level domain names"
(TLDs). The COM, EDU and UK portions of these domain names are called the top-level
domain or first-level domain. There are several hundred top-level domain names, including
COM, EDU, GOV, MIL, NET, ORG and INT, as well as unique two-letter
combinations for every country.
domains on first level of hierarchy are top-level domains:
either country-code top-level domain (ccTLD)
or generic top-level domain (gTLD)
ccTLD represented by two-letter country-codes from ISO 3166, e.g., uk, fr, de, ch
gTLD given in Internet informational RFC 1591 Domain Name System Structure and
Delegation:
edu: educational institutions
com: commercial entities, i.e., companies
net: network providers
org: organisations, e.g. NGOs
gov: government agencies
mil: US military
int: organisations established by international treaties
Within every top-level domain there is huge list of second-level domains. In the COM firstlevel domain, some of these examples include google, yahoo, msn, trendmicro, plus
millions of others.
217
Every name in the COM top-level domain must be unique, but there can be duplication
across domains. For example, howstuffworks.com and howstuffworks.org are completely
different machines. In the case of bbc.co.uk, it is a third-level domain. Up to 127 levels are
possible, although more than four is rare.
The left-most word, such as www or encarta, is the host name. It specifies the name of a
specific machine (with a specific IP address) in a domain. A given domain can potentially
contain millions of host names as long as they are all unique within that domain.
How are Domain Names distributed?
Because all of the names in a given domain need to be unique, there has to be a single entity
that controls the list and makes sure that there are no duplicates. For example, the COM
domain cannot contain any duplicate names, and a company called Network Solutions is in
charge of maintaining this list. When you register a domain name, it goes through one of
several dozen registrars who work with Network Solutions to add names to the list.
Network Solutions, in turn, keeps a central database known as the whois database that
contains information about the owner and name servers for each domain. If you go to the
whois form, you can find information about any domain currently in existence.
While it is important to have a central authority keeping track of the database of names in
the COM (and other) top-level domain, you would not want to centralize the database of all
of the information in the COM domain. For example, Microsoft has hundreds of thousands
of IP addresses and host names. Microsoft wants to maintain its own domain name server
for the microsoft.com domain. Similarly, Great Britain probably wants to administrate the
uk top-level domain, and Australia probably wants to administrate the au domain, and so
on. For this reason, the DNS system is a distributed database. Microsoft is completely
responsible for dealing with the name server for microsoft.com - it maintains the machines
that implement its part of the DNS system, and Microsoft can change the database for its
domain whenever it wants to because it owns its domain name servers.
Every domain has a domain name server somewhere that handles its requests, and there is a
person maintaining the records in that DNS. This is one of the most amazing parts of the
DNS system - it is completely distributed throughout the world on millions of machines
administered by millions of people, yet it behaves like a single, integrated database.
218
Figure 7-11 Network Solutions site at http://www.networksolutions.com
Figure 7-12 Sample screenshot of a whois database extractor

The Whois Extractor software extracts domain information from global whois
database source. It extracts Domain, TLD, Registrant, Admin Name, Address,
City, State, Zip, Country, Phone, Fax, NameServer, Domain Created Date,
Updated Date, Domain Expired Date. The program auto saves all extracted data
in csv/text file with success, error, log text.
219

DNS and WINS can be integrated to provide a more complete name resolution solution for
all clients on your network.
You can configure a DNS server to query a WINS server by configuring a DNS zone
setting. This is helpful when some of the clients you support require NetBIOS name
resolution, such as legacy Windows 9x clients, or cannot register themselves with DNS. In
effect, you are providing a means for DNS clients to look up WINS client names and IP
addresses without needing to contact the WINS server directly. After it is configured, the
DNS server will query a WINS server for every request made to it for which it does not
have a valid record. If the requested name is located on the WINS server, the information is
returned to the requesting client via the DNS server. The process is invisible to all clients.
This can be configured for both forward and reverse lookup zones.
If you have a mixture of Windows and third-party DNS servers in your organization, you
will run into problems if you attempt to replicate WINS lookup records to these third-party
DNS servers. Only Microsoft DNS servers support WINS lookup records; thus, zone
transfers to third-party DNS servers will fail. In this situation, you should use WINS referral
to create and delegate a special "WINS zone" that refers queries to WINS when needed.
This zone does not perform any registrations or updates. Clients need to be configured to
append this additional WINS referral zone to their queries for unqualified names, thus
allowing clients to query both WINS and DNS as required. You also need to ensure that this
WINS referral zone is not configured to transfer to any third-party DNS servers.

This section will enumerate the TCP/IP utilities offer network connections to other
computers, such as UNIX workstations. You must have the TCP/IP network protocol
installed to use the TCP/IP utilities. To start TCP/IP services from the command prompt just
type net start. This displays a list of services that are currently operating. To stop TCP/IP
services from the command prompt, type net stop.
220
Figure7-13 Start or stop the TCP/IP services from the command prompt
To get a complete guide on how to use these utilities and services, go to
Microsoft web site at thus URL:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/enus/tcpip_utils.mspx
Arp
Displays and modifies entries in the Address Resolution Protocol (ARP) cache, which
contains one or more tables that are used to store IP addresses and their resolved
Ethernet or Token Ring physical addresses. There is a separate table for each Ethernet
or Token Ring network adapter installed on your computer. Used without parameters,
the command arp displays help.
Nslookup
Displays information that you can use to diagnose Domain Name System (DNS)
infrastructure. Before using this tool, you should be familiar with how DNS works. The
Nslookup command-line tool is available only if you have installed the TCP/IP
protocol.
Finger
221
Displays information about a user or users on a specified remote computer (typically a

computer running UNIX) that is running the Finger service or daemon. The remote
computer specifies the format and output of the user information display. Used without
parameters, finger displays help.
Ping
Verifies IP-level connectivity to another TCP/IP computer by sending Internet Control
Message Protocol (ICMP) Echo Request messages. The receipt of corresponding Echo
Reply messages are displayed, along with round-trip times. Ping is the primary TCP/IP
command used to troubleshoot connectivity, reachability, and name resolution. Used
without parameters, ping displays help.
Ftp
Transfers files to and from a computer running a File Transfer Protocol (FTP) server
service such as Internet Information Services. Ftp can be used interactively or in batch
mode by processing ASCII text files.
Rcp
Copies files between a Windows XP computer and a system running rshd, the remote
shell service (daemon). Windows XP and Windows 2000 do not provide rshd
service. Used without parameters, rcp displays help.
Hostname
Displays the host name portion of the full computer name of the computer.
Rexec
Runs commands on remote computers running the Rexec service (daemon). The
rexec command authenticates the user name on the remote computer before
executing the specified command. Windows XP and Windows 2000 do not provide the
Rexec service. Used without parameters, rexec displays help.
Ipconfig
Displays all current TCP/IP network configuration values and refreshes Dynamic Host
Configuration Protocol (DHCP) and Domain Name System (DNS) settings. Used
without parameters, ipconfig displays the IP address, subnet mask, and default
gateway for all adapters.
Route
Displays and modifies the entries in the local IP routing table. Used without parameters,
route displays help.
Lpq
Displays the status of a print queue on a computer running Line Printer Daemon (LPD).
Used without parameters, lpq displays command-line help for the lpq command.
222
Rsh
Runs commands on remote computers running the RSH service or daemon.
Windows XP and Windows 2000 do not provide an RSH service. An RSH service
called Rshsvc.exe is provided with the Windows 2000 Server Resource Kit. Used
without parameters, rsh displays help.
Lpr
Sends a file to a computer running Line Printer Daemon (LPD) in preparation for
printing. Used without parameters, lpr displays command-line help for the lpr
command.
Tftp
Transfers files to and from a remote computer, typically a computer running UNIX, that
is running the Trivial File Transfer Protocol (TFTP) service or daemon. Used without
parameters, tftp displays help.
Nbtstat
Displays NetBIOS over TCP/IP (NetBT) protocol statistics, NetBIOS name tables for
both the local computer and remote computers, and the NetBIOS name cache.
Nbtstat allows a refresh of the NetBIOS name cache and the names registered with
Windows Internet Name Service (WINS). Used without parameters, nbtstat displays
help.
Tracert
Determines the path taken to a destination by sending Internet Control Message
Protocol (ICMP) Echo Request messages to the destination with incrementally
increasing Time to Live (TTL) field values. The path displayed is the list of near-side
router interfaces of the routers in the path between a source host and a destination. The
near-side interface is the interface of the router that is closest to the sending host in the
path. Used without parameters, tracert displays help.
Netstat
Displays active TCP connections, ports on which the computer is listening, Ethernet
statistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP
protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over
IPv6 protocols). Used without parameters, netstat displays active TCP connections.
The TCP/IP Request for Comments (RFCs)

The standards for TCP/IP are published in a series of documents called Requests for
Comments (RFCs). RFCs are an evolving series of reports, proposals for protocols, and
protocol standards that describe the internal workings of TCP/IP and the Internet.
223
Although TCP/IP standards are always published as RFCs, not all RFCs specify standards.
RFCs are authored by individuals who voluntarily write and submit a draft proposal for a
new protocol or specification to the Internet Engineering Task Force (IETF) and other
working groups. Submitted drafts are first reviewed by a technical expert, a task force, or an
RFC editor, and then assigned a status.
If a draft passes this initial review stage, it is circulated to the larger Internet community for
a period of further comment and review and assigned an RFC number. This RFC number
remains constant. If changes are made to the proposed specification, drafts that are revised
or updated are circulated by using a new RFC (a number higher than the original RFC
number) to identify more recent documents. 8
Related RFCs for TCP/IP

The following table shows the RFCs supported by the TCP/IP protocol and supporting
services.
RFC
number
768
783
User Datagram Protocol

(UDP)
Trivial File Transfer
Protocol (TFTP)
RFC
number
1256
1323
791
Internet Protocol (IP)
1332
792
Internet Control
Message Protocol
(ICMP)
1518
793
Transmission Control
Protocol (TCP)
1519
816
826
Fault Isolation and

Recovery
Address Resolution
Protocol (ARP)
1534
1542
854
Telnet Protocol
(TELNET)
1552
862
Echo Protocol (ECHO)
1661
863
864
865
867
224
Title
Discard Protocol
(DISCARD)
Character Generator
Protocol (CHARGEN)
Quote of the Day
Protocol (QUOTE)
Daytime Protocol
(DAYTIME)
Title
ICMP Router Discovery
Messages
TCP Extensions for High
Performance
PPP Internet Protocol
Control Protocol (IPCP)
An Architecture for IP
Address Allocation with
CIDR
Classless Inter-Domain
Routing (CIDR): An Address
Assignment and Aggregation
Strategy
Interoperation Between
DHCP and BOOTP
Clarifications and Extensions
for the Bootstrap Protocol
PPP Internetwork Packet
Exchange Control Protocol
(IPXCP)
The Point-to-Point Protocol
(PPP)
1662
PPP in HDLC-like Framing
1748
IEEE 802.5 MIB using SMIv2
1749
1812
894
IP over Ethernet
1828
919
Broadcasting Internet
Datagrams
1829
IEEE 802.5 Station Source

Routing MIB using SMIv2
Requirements for IP
Version 4 Routers
IP Authentication using
Keyed MD5
ESP DES-CBC Transform
922
950
959
1001
1002
1009
Broadcasting Internet
Datagrams in the
Presence of Subnets
Internet Standard
Subnetting Procedure
File Transfer Protocol
(FTP)
Protocol Standard for a
NetBIOS Service on a
TCP/UDP Transport:
Concepts and Methods
Protocol Standard for a
NetBIOS Service on a
TCP/UDP Transport:
Detailed Specifications
Requirements for
Internet Gateways
1851
1852
1878
ESP Triple DES-CBC

Transform
IP Authentication using
Keyed SHA
Variable Length Subnet
Table For IPv4
1886
DNS Extensions to Support

IP Version 6
1994
PPP Challenge Handshake

Authentication Protocol
(CHAP)
1995
Incremental Zone Transfer in

DNS
A Mechanism for Prompt
DNS Notification of Zone
Changes
1034
Domain Names Concepts and Facilities
1996
1035
Domain Names Implementation and

Specification
2018
TCP Selective
Acknowledgment Options
1042
IP over Token Ring
2085
HMAC-MD5 IP
Authentication with Replay
Prevention
2104
HMAC: Keyed Hashing for

Message Authentication
2131
Dynamic Host Configuration

Protocol (DHCP)
2136
Dynamic Updates in the

Domain Name System (DNS
UPDATE)
2181
Clarifications to the DNS

Specification
2236
Internet Group Management

Protocol, Version 2
2308
Negative Caching of DNS

Queries (DNS NCACHE)
2401
Security Architecture for the

Internet Protocol
2402
IP Authentication Header
1055
1065
1112
1122
1123
1144
1157
1179
A Nonstandard for
Transmission of IP
Datagrams Over Serial
Lines: SLIP
Structure and
Identification of
Management Information
for TCP/IP-based
Internets
Internet Group
Management Protocol
(IGMP)
Requirements for
Internet Hosts Communication Layers
Requirements for
Internet Hosts Application and Support
Compressing TCP/IP
Headers for Low-Speed
Serial Links
Simple Network
Management Protocol
(SNMP)
Line Printer Daemon
Protocol
1188
IP over FDDI
2406
1191
1201
Path MTU Discovery

IP over ARCNET
2581
IP Encapsulating Security
Payload (ESP)
TCP Congestion Control
Table 7-2 RFCs supported by the TCP/IP protocol and supporting services
225

The TCP/IP is a protocol suite comprise of protocols which reside in each of the seven
layer of the OSI model. Every TCP/IP protocol is charged with performing a certain subset
of the total functionality required to implement a TCP/IP network or application. The main
protocols at the Internet and Transport layers are the Internet Protocol (IP), Transmission
Control Protocol (TCP) and User Datagram Protocol (UDP). These core protocols support
many other protocols, to perform a variety of functions at each of the TCP/IP model layers.
Each device that will use TCP/IP on your network uses a valid, unique IP address.
Review Questions
1. This is the primary transport protocol of the TCP/IP protocol suite
a) TCP
b) UDP
c) IP
d) STP
2. The TCP/IP protocol that provides for source and destination addressing is a) IP
b) TCP
c) UDP
d) All of the above
3. This TCP/IP utility is used to check the validity of a remote IP address.
a) PING
b) FTP
c) ARP
d) IPCONFIG
4. The dynamic Windows-based service used to resolve NetBIOS names into their IP
addresses is
a) ICMP
b) DNS
c) WINS
d) DHCP
226
5. Which of the following does a router normally use when making a decision about
routing TCP/IP?
a) Destination MAC address
b) Source MAC address
c) Destination IP address
d) Source IP address
e) Destination MAC and IP address
227
Chapter 8: Network Troubleshooting

and Monitoring
Chapter Objectives
228
Identify the basic network problems
Know what a network troubleshooting strategy means
Know how to perform basic troubleshooting techniques
Know some helpful prevention tips
Know the commonly used tools to troubleshoot network problems
Chapter 8: Network Troubleshooting and Monitoring
Chapter 8: Network Troubleshooting and

Monitoring
Network Connectivity Problems

Network Troubleshooting Framework
Network Troubleshooting Strategy
Commonly Used Troubleshooting Tools
Effective Network Management
Recommendation for Effective Network
Troubleshooting
Prevention Tips
Tips for Solving Problems
86
Notes
229
Identify the basic network problems
Know what a network troubleshooting strategy
means
Know how to perform basic troubleshooting
techniques
Know some helpful prevention tips
Know the commonly used tools to troubleshoot
network problems
87
Notes
230
About Connectivity Problems

Loss of connectivity
Intermittent connectivity
Timeout problems
Network Data and the OSI Model Layers
Layer
Application
Presentation
Session
Transport
Data Collected
Protocol information and other Remote
Monitoring (RMON) and RMON2 data
Network
Routing information
Data Link
Traffic counts and other packet breakdowns
88
Notes
231
Recognizing
Symptoms
Understanding the
Problem
Identifying and
Testing the Cause
of the Problem
Solving the
Problem
If you notice changes on your network,

ask the following questions:
9 Is the change expected or unusual?
9 Has this event ever occurred before?
9 Does the change involve a device or
network path for which you already
have a backup solution in place?
9 Does the change interfere with vital
network operations?
9 Does the change affect one or many
devices or network paths?
89
Notes
232

These commonly used tools can also help you
troubleshoot your network:
Network software, such as Ping, Telnet, and FTP and

TFTP. You can use these applications to troubleshoot,
configure, and upgrade your system.
Network monitoring devices, such as Analyzers and
Probes.
Tools, such as Cable Testers, for working on physical
problems.
90
Notes
233

Troubleshooting
These sections describe the steps that you can take to
effectively troubleshoot your network when the need
arises:
Designing Your Network for Troubleshooting

Preparing Devices for Management
Configuring Transcend NCS
Knowing Your Network
91
Notes
234
Introduction
When you encounter a problem in your network, the first question you need to ask is, What
changed? Computer hardware has gotten so reliable that it is difficult to determine where
the problem lies. So you do a process of elimination. Depending on how well you know
your network the components, its behavior and the overall function of each device
attached to it, it may take a few minutes to long hours just trying to figure out what has
changed.
More often than not, network administrators do not manage the network, they manage the
changes that occur in the network. Thats when an administrator needs to design a
network troubleshooting strategy.
Network troubleshooting means recognizing and diagnosing networking problems with the
goal of keeping your network running optimally. As a network administrator, your primary
concern is maintaining connectivity of all devices (a process often called fault
management). You also continually evaluate and improve your network's performance.
Because serious networking problems can sometimes begin as performance problems,
paying attention to performance can help you address issues before they become serious.
This chapter will discuss the basic network issues that require network troubleshooting
strategy. It also provides general prevention tips and solving problem tips toward the end of
the chapter.
Network Connectivity Problems

Connectivity problems occur when clients cannot communicate with other areas of your
local area network (LAN) or wide area network (WAN). Using management tools, you can
often fix a connectivity problem before users even notice it. Connectivity problems include:
Loss of connectivity - When users cannot access areas of your network, your
organization's effectiveness and productivity are impaired. Immediately correct any
connectivity breaks.
Intermittent connectivity - Although users have access to network resources some

of the time, they are still facing periods of downtime. Intermittent connectivity
problems can indicate that your network is on the verge of a major breakdown. If
connectivity is erratic, investigate the problem immediately.
Timeout problems - Timeouts cause loss of connectivity, but are often associated
with poor network performance.
About Performance Problems

Your network has performance problems when it is not operating as effectively as it should.
For example, response times may be slow, the network may not be as reliable as usual, and
235
users may be complaining that it takes them longer to do their work. Some performance
problems are intermittent, such as instances of duplicate addresses. Other problems can
indicate a growing strain on your network, such as consistently high utilization rates or high
CPU usage.
If you regularly examine your network for performance problems, you can extend the
usefulness of your existing network configuration and plan network enhancements, instead
of waiting for a performance problem to adversely affect the users' productivity.
Solving Connectivity and Performance Problems

When you troubleshoot your network, you employ tools and knowledge already at your
disposal. With an in-depth understanding of your network, you can use network software
tools, such as Ping, and network devices, such as Analyzers, to locate problems, and then
make corrections, such as swapping equipment or reconfiguring segments, based on your
analysis.
Network Troubleshooting Framework

The International Standards Organization (ISO) Open Systems Interconnect (OSI) reference
model is the foundation of all network communications. This seven-layer structure provides
a clear picture of how network communications work. As you have learned, protocols
govern communications between the layers of a single system and among several systems.
In this way, devices made by different manufacturers or using different designs can use
different protocols and still communicate.
By understanding how network troubleshooting fits into the framework of the OSI model,
you can identify at what layer problems are located and which type of troubleshooting tools
to use. For example, unreliable packet delivery can be caused by a problem with the
transmission media or with a router configuration.
Table 8-1 describes the data that the network management tools can collect as it relates to
the OSI model layers.
Network Data and the OSI Model Layers
Layer
Data Collected
Application
Presentation
Session
Protocol information and other Remote Monitoring (RMON) and

RMON2 data
Transport
236
Network
Routing information
Data Link
Traffic counts and other packet breakdowns
Physical
Error counts
Table 8-1 OSI Reference Model and Network Troubleshooting

You can create a strategy to troubleshoot your network if you are familiar with your site's
network configuration and on your network's normal behavior.
Know your network - Understand overall flow patterns and interactions between
systems, and determine how your network is really being used at the application
level.
Optimize your network - Gain an insight into traffic and application usage trends
to help you optimize the use and placement of current network resources and make
wise decisions about capacity planning and network growth.
If you notice changes on your network, ask the following questions:
Is the change expected or unusual?
Has this event ever occurred before?
Does the change involve a device or network path for which you already have a
backup solution in place?
Does the change interfere with vital network operations?
Does the change affect one or many devices or network paths?
After you have an idea of how the change is affecting your network, you can categorize it as
either critical or non-critical. Both of these categories need resolution (except for changes
that are one-time occurrences); the difference between the categories is the amount of time
that you have to fix the problem.
By using a strategy for network troubleshooting, you can approach a problem methodically
and resolve it with minimal disruption to network users. As a best practice, have an accurate
and detailed map of your current network environment. Beyond that, a good approach to
problem resolution is:
Recognizing Symptoms
Understanding the Problem
Identifying and Testing the Cause of the Problem
Solving the Problem
237
Recognizing Symptoms
When resolving any problem, the first step is to identify and interpret the symptoms. You
may discover network problems in several ways. Users may complain that the network
seems slow or that they cannot connect to a server. Your management console is showing
an alert sign indicating that something is not properly functioning in your network.
User Comments
Although you can often solve networking problems before users notice a change in their
environment, you invariably get feedback from your users about how the network is
running, such as:
The printer is not working or they cannot print.
They cannot access the application server.
It takes them much longer to copy files across the network than it usually does.
They cannot log on to a remote server.
When they send e-mail to another site, they get a routing error message.
Their system freezes whenever they try to Telnet.
Network Management Software Alerts
Network management software usually has a feature that can alert you to areas of your
network that need attention. For example:
The application displays Warning icons, beeping tones or flashing signals.
Your weekly utilization report (which indicates the 10 ports with the highest
utilization rates) shows that one port is experiencing much higher utilization levels
than normal.
You receive an email message from your network management station that the
threshold for broadcast and multicast packets has been exceeded.
These signs usually provide additional information about the problem, allowing you to
focus on the right area.
Analyzing Symptoms
When a symptom occurs, ask yourself these types of questions to narrow the location of the
problem and to get more data for analysis:
238
To what degree is the network not acting normally (for example, does it now take
one minute to perform a task that normally takes five seconds)?
On what subnetwork is the user located?
Is the user trying to reach a server, end station, or printer on the same subnetwork
or on a different subnetwork?
Are many users complaining that the network is operating slowly or that a specific
network application is operating slowly?
Are many users reporting network logon failures?
Are the problems intermittent? For example, some files may print with no
problems, while other printing attempts generate error messages, make users lose
their connections, and cause systems to freeze.
Understanding the Problem

Networks are designed to move data from a transmitting device to a receiving device. When
communication becomes problematic, you must determine why data are not traveling as
expected and then find a solution. The two most common causes for data not moving
reliably from source to destination are:
The physical connection breaks (that is, a cable is unplugged or broken).
A network device is not working properly and cannot send or receive some or all
data.
Network management software can easily locate and report a physical connection break
(layer 1 problem). It is more difficult to determine why a network device is not working as
expected, which is often related to a layer 2 or a layer 3 problem.
To determine why a network device is not working properly, look first for:
Valid service - Is the device configured properly for the type of service it is
supposed to provide? For example, has Quality of Service (QoS), which is the
definition of the transmission parameters, been established?
Restricted access - Is an end station supposed to be able to connect with a specific

device or is that connection restricted? For example, is a firewall set up that
prevents that device from accessing certain network resources?
Correct configuration - Is there a misconfiguration of IP address, subnet mask,

gateway, or broadcast address? Network problems are commonly caused by
improper configuration of newly connected or configured devices.
Identifying and Testing the Cause of the Problem

After you develop a theory about the cause of the problem, test your theory. The test must
conclusively prove or disprove your theory.
Two general rules of troubleshooting are:
If you cannot reproduce a problem, then no problem exists unless it happens again
on its own.
If the problem is intermittent and you cannot replicate it, you can configure your
network management software to catch the event in progress.
Although network management tools can provide a great deal of information about
problems and their general location, you may still need to swap equipment or replace
components of your network until you locate the exact trouble spot.
239
After you test your theory, either fix the problem as described in "Solving the Problem" or
develop another theory.
Sample Problem Analysis
This section illustrates the analysis phase of a typical troubleshooting incident.

On your network, a user cannot access the mail server. You need to establish two areas of
information:
What you know - In this case, the user's workstation cannot communicate with the
mail server.
What you do not know and need to test
Can the workstation communicate with the network at all, or is the problem
limited to communication with the server? Test by sending a "Ping" or by
connecting to other devices.
Is the workstation the only device that is unable to communicate with the
server, or do other workstations have the same problem? Test connectivity at
other workstations.
If other workstations cannot communicate with the server, can they

communicate with other network devices? Again, test the connectivity.
The analysis process follows these steps:

1
Can the workstation communicate with any other device on the subnetwork?
1.1
If no, then go to step 2.
1.2
If yes, determine if only the server is unreachable.
1.2.1 If only the server cannot be reached, this suggests a server problem. Confirm by
doing step 2.
1.2.2 If other devices cannot be reached, this suggests a connectivity problem in the
network. Confirm by doing step 3.
2
Can other workstations communicate with the server?

2.1
If no, then most likely it is a server problem. Go to step 3.
2.2
If yes, then the problem is that the workstation is not communicating with the
subnetwork. (This situation can be caused by workstation issues or a network issue with
that specific station.)
3
Can other workstations communicate with other network devices?

3.1
If no, then the problem is likely a network problem.
3.2
If yes, the problem is likely a server problem.
When you determine whether the problem is with the server, subnetwork, or workstation,
you can further analyze the problem, as follows:
240
For a problem with the server - Examine whether the server is running, if it is
properly connected to the network, and if it is configured appropriately.
For a problem with the subnetwork - Examine any device on the path between
the users and the server.
For a problem with the workstation - Examine whether the workstation can
access other network resources and if it is configured to communicate with that
particular server.
Equipment for Testing
To help identify and test the cause of problems, have available:
A laptop computer that is loaded with a terminal emulator, TCP/IP stack, TFTP
server, CD-ROM drive (to read the online documentation), and some key network
management applications. With the laptop computer, you can plug into any
subnetwork to gather and analyze data about the segment.
A spare managed hub to swap for any hub that does not have management.
Swapping in a managed hub allows you to quickly spot which port is generating the
errors.
A single port probe to insert in the network if you are having a problem where you
do not have management capability.
Console cables for each type of connector, labeled and stored in a secure place.
Solving the Problem

Many device or network problems are straightforward to resolve, but others result to
misleading symptoms. If one solution does not work, continue with another.
A solution often involves:
Upgrading software or hardware (for example, upgrading to a new version of agent

software or installing Gigabit Ethernet devices)
Balancing your network load by analyzing:
What users communicate with which servers
What the user traffic levels are in different segments
Based on these findings, you can decide how to redistribute network traffic.
Adding segments to your LAN (for example, adding a new switch where utilization
is continually high)
Replacing faulty equipment (for example, replacing a module that has port
problems or replacing a network card that has a faulty jabber protection
mechanism)
To help solve problems, make sure you have the following items below available for your
use:
241
Spare hardware equipment (such as modules and power supplies), especially for
your critical devices
A recent backup of your device configurations to reload if flash memory gets

corrupted (which can sometimes happen due to a power outage)

These commonly used tools can also help you troubleshoot your network:
Network software, such as Ping, Telnet, and FTP and TFTP. You can use these
applications to troubleshoot, configure, and upgrade your system.
Network monitoring devices, such as Analyzers and Probes.
Tools, such as Cable Testers, for working on physical problems.
Ping
Packet Internet Groper (Ping) allows you to quickly verify the connectivity of your network
devices. Ping attempts to transmit a packet from one device to a station on the network, and
listens for the response to ensure that it was correctly received. You can validate
connections on the parts of your network by pinging different devices:
242
A successful response indicates that a valid network path exists between your
station and the remote host and that the remote host is active.
Slower response times than normal can indicate that the path is congested or
obstructed.
A failed response indicates that a connection is broken somewhere; use the message
to help locate the problem.
Figure 8-1 shows an example of a ping

Strategies for Using Ping
Follow these strategies for using Ping:
Ping devices when your network is operating normally so that you have a
performance baseline for comparison.
Ping by IP address when:
You want to test devices on different subnetworks. This method allows you to
Ping your network segments in an organized way, rather than having to
remember all the hostnames and locations.
Your Domain Name System (DNS) server is down and your system cannot
look up host names properly. You can Ping with IP addresses even if you
cannot access hostname information.
Ping by hostname when you want to identify DNS server problems.
To troubleshoot problems that involve large packet sizes, Ping the remote host
repeatedly, increasing the packet size each time.
To determine if a link is erratic, perform a continuous Ping (using ping -s on

UNIX), which indicates the time that it takes the device to respond to each Ping.
To determine a route taken to a destination, use the trace route function

(tracert).
Consider creating a Ping script that periodically sends a Ping to all necessary
networking devices. If a Ping failure message is received, the script can
perform some action to notify you of the problem, such as paging you.
243
Use the Ping functions of your network management platform. For example,
in your HP OpenView map, select a device and click the right mouse button
to gain access to ping functions.
Tips on Interpreting Ping Messages
Use the following ping failure messages to troubleshoot problems:

No reply from <destination>
This indicates that the destination routes are available but that there is a problem
with the destination itself.
<destination> is unreachable
This indicates that your system does not know how to get to the destination. This
message means either that routing information to a different subnetwork is
unavailable or that a device on the same subnetwork is down.
ICMP host unreachable from gateway
Indicates that your system can transmit to the target address using a gateway, but
that the gateway cannot forward the packet properly because either a device is
misconfigured or the gateway is not operating.
Telnet
Telnet, which is a login and terminal emulation program for Transmission Control
Protocol/Internet Protocol (TCP/IP) networks, is a common way to communicate with an
individual device. You log in to the device (a remote host) and use that remote device as if
it were a local terminal.
244
Figure 8-2 shows a sample telnet session
If you have established an out-of-band Telnet connection with a device, you can use Telnet
to communicate with that device even if the network is unavailable. This feature makes
Telnet one of the most frequently used network troubleshooting tools. Usually, all device
statistics and configuration capabilities are accessible by using Telnet to connect to the
device's console.
You can invoke the Telnet application on your local system and set up a link to a Telnet
process that is running on a remote host. You can then run a program that is located on a
remote host as if you were working at the remote system.
FTP and TFTP

Most network devices support either the File Transfer Protocol (FTP) or the Trivial File
Transfer Protocol (TFTP) for downloading updates of system software. Updating system
software is often the solution to networking problems that are related to agent problems.
Also, new software features may help correct a networking problem.
FTP provides flexibility and security for file transfer by:
Accepting many file formats, such as ASCII and binary
Using data compression
Providing Read and Write access so that you can display, create, and delete files
and directories
Providing password protection
245
TFTP is a simple version of FTP that does not list directories or require passwords. TFTP
only transfers files to and from a remote server.
Analyzers
An analyzer, which is often called a Sniffer, is a network device that collects network data
on the segment to which it is attached, a process called packet capturing. Software on the
device analyzes this data, which is a process referred to as protocol analysis. Most
analyzers can interpret different types of protocol traffic, such as TCP/IP, AppleTalk, and
Banyan VINES traffic.
You usually use analyzers for reactive troubleshooting - when you see a problem
somewhere on your network, you attach an analyzer to capture and interpret the data from
that area. Analyzers are particularly helpful for identifying intermittent problems. For
example, if your network backbone has experienced moments of instability that prevent
users from logging on to the network, you can attach an analyzer to the backbone to capture
the intermittent problems when they happen again.
Figure 8-3 shows a diagram of how packets are analyzed
Note: Most software-based network protocol analyzers work in

about the same way as shown above, and display, at least initially,
246
the same basic information. The analyzer runs on a host system.

When you start the analyzer (in promiscuous mode), the host NIC's
software driver intercepts all traffic that passes through the NIC.
The protocol analyzer passes the intercepted traffic to the
analyzer's packet-decoder engine, which identifies and splits
packets into their respective layers. The protocol analyzer software
analyzes the packets and displays packet information on the
analyzer host's screen. Depending on the product's capabilities,
you can then analyze and filter the traffic further.9
Probes
Like Analyzers, a probe is a network device that collects network data. Depending on its
type, a probe can collect data from multiple segments simultaneously. It stores the collected
data and transfers the data to an analysis site when requested. Unlike an analyzer, probes do
not interpret data.
A probe can be either a stand-alone device or an agent in a network device. You can use a
probe daily to determine the health of your network. Use this data to make decisions about
reconfiguring devices and end stations as needed.
Figure 8-4 shows NIAS Centralized Probe Management for Enterprise Networks
Note: For enterprise organizations, Network Instruments has
released the Network Instruments Authentication Server (NIAS) for
assistance in managing the security and authentication parameters
for multiple console/probe connections. The NIAS is ideal for
enterprise organizations required to frequently change user names
and passwords to comply with network security policies. This easyto-install software solution makes authenticating users safe, secure
247
and simple by providing centralized management of all Probe users

and all Probe passwords.10
Cable Testers
Cable testers examine the electrical characteristics of the wiring. They are most commonly
used to ensure that building wiring and cables meet Category 5, 4, and 3 standards. For
example, network technologies such as Fast Ethernet require the cabling to meet Category 5
requirements. Testers are also used to find defective and broken wiring in a building.
The first thing to understand about testing data cables is the Attenuation to Crosstalk Ratio
(ACR). Attenuation is the reduction in signal strength over the length of the cable and
frequency range, the crosstalk is the external noise that is introduced into the cable. So, if
these two areas meet, the data signal will be lost because the crosstalk noise will be at the
same level as the attenuated signal.
Figure 8-5 shows the pink area in the graph is the attenuation and the blue area is the
crosstalk.
ACR is the most important result when testing a link because it represents the overall
performance of the cable.
Effective Network Management

Much like buildings, networks must be designed before they can be built. The network
design specifies the network infrastructure, including the layout that dictates how the
computers will be connected, the format the data takes as it passes over the network
connection, and the network architecture.
The network architect must utilize the right mix of technology to provide adequate network
bandwidth for the network users' needs. Network bandwidth is the amount of data that can
248
be transmitted on a network in a particular amount of time. Video- and graphic-intensive

applications require higher bandwidth than simple text-based programs. Bandwidth
management software helps identify and alleviate network bottlenecks. Network
administrators also use load balancing to allocate network bandwidth to compute-intensive
applications so they won't bring down overall network performance.
Many companies are choosing to install fiber-optic cables to transmit data on their
network as fiber optic technology is capable of much higher data throughput than
conventional metal cables.
Another critical network feature is fault tolerance, which is the network's ability to recover
from an unexpected failure. Since a company's revenue and reputation often ride on its
network, many companies employ multiple layers of fault tolerance that ranges from a
backup power source in case of an electrical power outage to mirroring the data from one
server onto another server that will automatically take over ("fail over") in case of failure.
Network clusters are also used to prevent unexpected data loss.
With the network design and installation complete, the focus shifts to network management
and maintenance. Network administrators must ensure the network operates reliably, that its
performance or speed is adequate, and that it is secure from unwanted intrusion. With the
advice of internal or external security professionals, network administrators use techniques
and technology, including firewalls and user authentication, to ensure data stored on a
computer on the network cannot be read without proper authorization.

Troubleshooting
These sections describe the steps that you can take to effectively troubleshoot your network
when the need arises:
Designing Your Network for Troubleshooting
Preparing Devices for Management
Configuring Transcend NCS
Knowing Your Network
By designing your network for troubleshooting, you can access key devices on your
network when your network is experiencing connectivity or performance problems. Having
adequate management access depends on these design criteria:
Position of the management station so that it can gather the greatest amount of
network data through Simple Network Management Protocol (SNMP) polling
Position of probes for distributed management of critical networks
Ability to communicate with each device even when your management station
cannot access the network
249
The following sections discuss how to design your network with the preceding criteria in
mind:
Positioning Your SNMP Management Station
Using Probes
Monitoring Business-critical Networks
Using Telnet, Serial Line, and Modem Connections
Using Communications Servers
Setting Up Redundant Management
Other Tips on Network Design
Figure 8-6 shows an example of network management
Positioning Your SNMP Management Station

In a typical LAN, locate your management station directly off the backbone where it can
conduct SNMP polling and manage network devices. The backbone is usually the optimum
location for the management station because:
250
The backbone is not subject to the failures of individual subnetworked routers or

switches.
In a partial network outage, the information collected by a backbone management

station is probably more accurate than from a station in a routed subnetwork.
The backbone is usually protected with redundant power and technologies, like
Fiber Distributed Data Interface (FDDI), that correct their own problems. This
redundancy ensures that the backbone remains operational, even when other areas
of the network are having problems.
The backbone is typically faster and has a higher bandwidth than other areas of
your network, making it a more efficient location for a management station.
Make sure that the capacity of your backbone can accommodate the SNMP traffic that the
management applications generate.
Figure 8-7 shows a management station that is set up at the network backbone and
polling network devices.
Although SNMP management from the backbone is a good way to keep track of
what is happening on your network, do not rely on it exclusively because SNMP
management occurs in-band (that is, SNMP traffic shares network bandwidth with
data traffic).
Network troubleshooting using SNMP can become a problem in these ways:
Very heavy data traffic or a break in the network can make it difficult or impossible
for the management station to poll a device.
Traffic that SNMP polling adds to the network may contribute to networking
problems.
Using Probes
To minimize the frequency of SNMP traffic on your network, set up one or more probes to
collect Remote Monitoring (RMON) data from the network devices. In the distributed
model illustrated below, the management station uses SNMP polling to collect data from
251
the probes rather than from all the network devices. Distributing the management over the
network ensures you of some continued data collection even if you have network problems.
Note: Many management applications support data from MIBs
other than the RMON MIBs. For this reason, even if you are using
RMON probes, some SNMP polling to individual devices from a
key management station is always useful for a complete picture of
your network.
Figure 8-2 shows management at the backbone with an attached probe
To extend your remote monitoring capabilities, use embedded RMON probes or roving
analysis (monitoring one port for a period of time, moving on to another port for a while,
and so on). However, with roving analysis, you cannot see a historical analysis of the ports
because the probe is moving from one port to another.
Some probes, like 3Com's Enterprise Monitor, are designed to support the large number of
interfaces that are found in switched environments. The probe's high port density supports
this multi-segmented switched environment. You can also use the probe's interfaces to
monitor mirror (or copy) ports on the switch, which means that all data received and
transmitted on a port is also sent to the probe.
Probes do not indicate which port has caused an error. Only a managed hub (a hub or switch
with an onboard management module) can provide that level of detail. Probes and a hub's
own management module complement each other.
252
Monitoring Business-Critical Networks

On business-critical networks, you need to increase your level of management by dedicating
probes to the essential areas of your network. For detailed network management, it is not
enough to gather raw performance figures - you need to know, at the network and
conversation level, what is generating the traffic and when it is being generated.
The three critical areas to monitor on this type of network are discussed in these sections
and shown in the illustration below.
FDDI Backbone Monitoring
Internet WAN Link Monitoring
Switch Management Monitoring
Figure 8-8 shows probes monitoring a business-critical network

FDDI Backbone Monitoring
On the FDDI backbone, you need to continually monitor whether it is being overutilized,
and, if so, by what type of traffic. By placing monitoring software with an FDDI media
module directly at the backbone, you can gather utilization and host matrix information. In
addition, the probe provides a full range of FDDI performance statistics that a LAN
monitoring program can record or that SNMP traps can report to the management station.
To ensure management access to the probe, provide a direct connection to the probe from
your management station. You can use this connection to access probe data even if the ring
is unusable and keeps management traffic off the main ring.
253
Internet WAN Link Monitoring
The Internet link is a concern for dedicated network management because it:
Represents an external cost to the company
Requires budgeting
Primary cause of network security problems
In a way that is similar to monitoring the FDDI backbone, some LAN monitoring program
reports can indicate whether you are paying for too much bandwidth or whether you need to
purchase more. Some can also indicate the level of use on a workgroup basis for internal
billing and highlight the top sites that users visit. Similarly, you can monitor for unexpected
conversations and protocols.
You also need to know the error rates on this link and whether you are experiencing
congestion because of circumstances on the Internet provider's network.
Switch Management Monitoring
The third area of interest in this network is the large number of switch-to-end station links.
When detailed analysis of these devices is required (for example, if one of the ports on the
network suddenly reports much higher traffic than normal), you need to track the source of
the problem and decide whether you can optimize the traffic path. In this case, you need a
way to view the traffic on the switch port at a conversation level.
By placing a monitoring program in a central location, you can easily attach it to the
switches that have the most Ethernet ports as the need arises. By using the roving analysis
feature of many 3Com devices, you can copy data from a monitored port to the port on the
switch that is connected to this program. When a problem arises, roving analysis is
activated for a particular switch and these data are collected from the monitoring programs.
These applications can then monitor the network data for the devices that are connected to
that switch.
Using Telnet, Serial Line, and Modem Connections

To minimize your dependency on SNMP management, set up a way to reach the console of
your key networking devices. Through the console, you can often view Ethernet, FDDI, and
ATM statistics, view routing and bridging tables, and determine and modify device
configurations.
Out-of-band (that is, management using a dedicated line to a device) console connections
are also keys to network troubleshooting. If the network goes down, your console
connections are still available.
The types of console connections include:
254
Telnet - Out-of-band and in-band access using a network connection. For example,
on 3Com's CoreBuilder 6000 switch, using Telnet you can access the management
console by using a dedicated Ethernet connection to the management module (outof-band) and from any network attached to the device (in-band).
Serial line - Direct, out-of-band access using a terminal connection. This type of
connection allows you to maintain your connections to a device if it reboots.
Modem - Remote, out-of-band access using a modem connection.
Figure 8-9 shows management of a device through the serial line and modem ports.
Sometimes, direct access to network devices through out-of-band management is the only
way to examine a network problem. For example, if your network connections are down,
you can Telnet to one of your key routers and examine its routing table. The routing table
lists the devices that the router can reach, allowing you to narrow the area of the problem.
You can also Ping from this device to further investigate which areas of the network are
down.
Using Communications Servers
Although out-of-band management keeps you in contact with a particular device during a
network problem, it does not inform you about all the areas of your network from a central
point. You must access each device separately. To manage devices more centrally, you can
set up a communications server (often called a comm server).
255
Figure 8-10 Out-of-band Management with a Communications Server
For optimal benefit, provide two management connections to the communication server:
Connect the comm server to the network (an in-band connection) so that you can
access the devices from anywhere on the network using reverse Telnet.
Connect your management workstation directly to one of the serial ports of the
comm server (an out-of-band connection) so that you can access the devices when
the network is down.
Setting a Redundant Management

To ensure that a management station can always access the backbone, set up a redundancy
system of management. In this setup, management applications (often different ones) run on
separate management workstations, which are connected to the backbone through separate
network devices or by using a network card.
This setup allows the management workstations to monitor each other and report any
problems with their attached network devices. The redundancy system also provides a
backup management connection to your network if one management station loses
connectivity.
Other Tips for Network Troubleshooting
256
Configure the management station to run without any network connection - including
NIS, NFS, and DNS lookups.
Have more than one interface available on the management station, an arrangement
called dual hosting. Connect vital probes to the second interface to create a private
monitoring LAN (one without regular network traffic) on which network problems do
not impair communication.
Do not give the management station privileges on the network, such as the ability to log
in with no passwords. Hackers can easily spot management stations.
Connect the management station to an uninterruptible power supply (UPS) to protect

the station from events that interrupt power, such as blackouts, power surges, and
brownouts.
Regularly back up the management station.
Provide remote access through a modem to the management station so that you can
keep track of your network's activity remotely.
Identifying Your Network's Normal Behavior

By monitoring your network over a long period, you begin to understand its normal
behavior. You begin to see a pattern in the traffic flow, such as which servers are typically
accessed, when peak usage times occur, and so on. If you are familiar with your network
when it is fully operational, you can be more effective at troubleshooting problems that
arise.
Baselining Your Network

You can use a baseline analysis, which is an important indicator of overall network health,
to identify problems. A baseline can serve as a useful reference of network traffic during
normal operation, which you can then compare to captured network traffic while you
troubleshoot network problems. A baseline analysis speeds the process of isolating network
problems.
By running tests on a healthy network, you compile "normal" data to compare against the
results that you get when your network is in trouble. For example, Ping each node to
discover how long it typically takes you to receive a response from devices on your
network.
Identifying Background Noise

Know your network's background noise so that you can recognize "real" data flow. For
example, one evening after everyone is gone, no backups are running, and most nodes are
on, analyze the traffic on your network using a traffic monitoring application. The traffic
that you see is mostly broadcast and multicast packets. Any errors that you see are the result
of faulty devices (trace). This traffic is the background noise of your network - traffic
that occurs for little value. If background noise is high, redesign your network.
Verifying Management Configurations

Verify that the following management configurations are correct:
IP Address
Gateway Address
Subnet Mask
SNMP Community Strings
SNMP Traps
257
How these parameters are configured can vary by device. For more information,
see the manufacturers User Guide for each device.
Follow these steps:

1. Ping the device.
If the device is accessible by Ping, then its IP address is valid and you may have a
problem with the SNMP setup. Go to step 5.
If the device is not accessible by Ping, then there is a problem with either the path
or the IP address.
2. To test the IP address, Telnet into the device using an out-of-band connection. If Telnet
works, then your IP address is working.
3. If Telnet does not work, connect to the device's console using a serial line connection
and ensure that your device's IP address setting is correct. If your management station is
on a separate subnetwork, make sure that the gateway address and subnet mask are set
correctly.
4. Using a management application, perform an SNMP Get and an SNMP Set (try to
poll the device or change a configuration using management software).
5. If you cannot reach the device using SNMP, access the device's console and make sure
that your SNMP community strings and traps are set correctly.
You can access the console using Telnet, a serial connection, or a Web management
interface.
Prevention Tips
This section provides some prevention strategies you can apply:
Ask you management to decide on a downtime comfort level. The faster you want to
get the network back up and running, the more money you need to spend in preparation.
Downtime will stretch to several hours if you have some, but not all, available equipment
for replacement.
Have your management decide which users must get back online first. In case of a
serious network problem, you may be able to support only a few users.
Know your stock equipment. Make an inventory of all your network hardware and
software so youll know what to buy spare parts for and get updated drivers.
Expect everything and everyone to let you down. If you expect the worst, youre
prepared for anything. Youre also pleasantly surprised almost all the time, since the worst
rarely happens.
258
Anything that can fail, will fail. Be prepared for any LAN component to fail, be stolen or
be tampered with.
Know your LAN component profiles. On a server, failures are likely to occur (in order):
disks, RAM, the power supply, or network adapters (NICs). The same applies to a client or
workstation, but only one user is unconvenienced.
Balance your network to eliminate as many single points of failure as possible. Many
network administrators spread every workgroup across two wiring concentrators, so one
failure wont disable an entire department. You can also spread a groups applications
across multiple servers.
Test your backup and restore software and hardware. Determine how long it takes to
completely restore a volume with your backup hardware and software. You cant easily
bring a replacement hard disk online until the restored files are in place.
Duplicate system knowledge among the IT staff. If a person, even you, is the single point
of failure, take precautions. You do not want to come back from your honeymoon just to
replace a hard disk drive!
Your suppliers will let you down sometime, somehow. Support organizations have
problems, too. Dont assume that your suppliers can provide a replacement drive that they
supposedly always have. If you must have one without fail, have it on your shelf.
Find sources of information before you need them. Always check out your sources for
updates and participate in network-oriented bulletin board service and Internet newsgroups.
The more you know, and the more places you can go for quick information, the better off
you are.
Document everything far more than you think necessary. Write down everything about
your network then fill in the blanks. Assume that someone else, your manager, for instance,
needs to fill in your place when youre away. Will your documentation provide your
manager with enough information? If some or all your information is stored electronically,
reprint the information after every substantial change, and store the paper in a safe location.
Its hard to read electronic documentation from a dead server disk!
Keep valuable network information in a safe. Your password, some backup tapes, boot
disks, software licenses, proof of purchase forms, and copy of your network documentation
should be stored in a safe. Only network administrator and your manager should have
access to it.
Make your network as standardized as possible. Hardware and software consistency is
not the hobgoblin of small minds; its the savior of the harried administrator. Standardized
configuration and policy files make life easier. It may be impossible to keep them
consistent, but try. Find a good network interface card and stick with it. Make as few
Windows desktop arrangements as you can.
Make a detailed disaster recovery plan in case of a partial or a complete network
disaster and test your recovery plan. Companies with workable recovery plans stay in
business after s disaster. Those without barely survive after a couple of years after the
disaster.
259
Put step-by-step instructions on the wall above every piece of configuration

equipment. Every server, gateway, or communications server should have a complete
operational outline above it. It should cover all the necessary steps for a computer novice to
take the system down and/or bring the system back up.
Tips for Solving Problems

Network problems can be both physical (cable) and virtual (protocols). When something
goes wrong, follow the hints:
What changed? When theres a problem, 99 percent on the time, somebody changed
something, somewhere. Its common for workstation software to be pushed beyond its
capabilities or to be modified by new applications even by network threats.
When you hear hoofbeats, look for horses before you look for zebras. Check the
simple things first. Is it (the device) plugged in the wall? Is the power on? Is the monitor
brightness turned up? Is this the right cable? Is the cable plugged in on both ends? Is the
connection loose?
Isolate the problem. Does this problem happen with other machines? Does it happen with
the same username? Will this system work on a another network segment? Will the server
talk to another workstation? Can you ping the system having trouble?
Dont change something that works. If you change a configuration parameter and that
doesnt fix the problem, change the parameter back to what it was. Perform a rollback,
revert back to the original settings and so on. The same goes for a hardware. Use a known
good device.
Check your typing. Typos in the configuration files will cause as much of a problem as the
wrong command. Your software wont function as it should if it includes \WINCOWS
instead of \WINDOWS.
Read the documentation. Equipment documentation may not be good enough, but its
better than nothing. Print out the readme files from the installation disks and keep the
printout with the manuals. Its much easier for manufacturers to put critical manual
modifications in the readme file rather than in the manual.
Look for patches. Check your system applications website for files to update your
troublesome hardware. Call the vendor of the third-party products for new drivers for your
network and system components.
Refer to previous issues log files. Keep a log of problems and solutions for your network.
Even a new problem may be related to an old problem youve solved before.
Trust, but verify, everything a user tells you. People interpret the same events different
ways. What is unnoticed by a user may be a crucial bit of information for you. If a user tells
you a screen looks a certain way, take a look for yourself or ask for a screenshot.
Do things methodically, one by one. Dont make a brilliant leap of deductive reasoning;
thats a high risk / high reward procedure.
260

Network troubleshooting means recognizing and diagnosing networking problems with the goal
of keeping your network running optimally. As a network administrator, your primary concern
is to maintain connectivity of all devices. You also continually evaluate and improve your
network's performance. These commonly used tools can also help you troubleshoot your
network: network software, such as Ping, Telnet, and FTP and TFTP; network monitoring
devices, such as Analyzers and Probes; and tools, such as Cable Testers, for working on
physical problems.
Review Questions
1. A problem with unreliable packet delivery can be caused by a problem with the a) high utilization rates or high CPU usage
b) swapping equipment or reconfiguring segments
c) transmission media or with a router configuration
d) background noise of your network
2. If you have established an out-of-band Telnet connection with a device, what would
happen?
a) You cannot use Telnet to communicate with that device even if the network is
available.
b) You can use Telnet to communicate with that device even if the network is
unavailable.
c) You can use PING to communicate with that device even if the network is
unavailable.
d) You can use PING to communicate with that device even if the network is
available.
261
Appendix A: Answers to Review

Questions
Chapter 1 Review Answers
1) Networking hardware includes all computers, peripherals, interface cards and other
equipment needed. These hardware are needed to
a) To perform data-processing and communications within the network
b) To facilitate many types of games and entertainment
c) To provide a framework and technology foundation for designing, building and
d) None of the above.
2) This hardware component provides a link to the services or resources necessary to
perform any task.
a) Printer
b) Server
c) Client
3) What is the purpose of network architecture?
a) To provide access to many files and printers while maintaining performance and
security for the user
b) To provide a framework and technology foundation for designing, building and
c) To enable users to locate, store, and secure information on the network
d) To allow users to share any of their resources in any manner they choose
6. An advantage in networking that allows the administrators to more effectively manage
the company's critical data is advantage on
a) Hardware and Software Management and Administration Costs
b) Network Hardware, Software and Setup Costs
c) Data Security and Management
5. It is a physical or logical location (a server, switch, router, etc) where one or more network
devices are connected
a) Single point of failure
b) Peer-to-peer network
c) Server-based environment
262
Appendix A: Answers to Review Questions

1. The specific physical, logical, or virtual, arrangement of the network components and
devices
a) Network Topology
b) Ring Topology
c) Bus Topology
d) Star Topology
2. A backbone is best described as
a) A cable break that can fail the entire network
b) A set of nodes and links connected together comprising a network, or the upper
layer protocols used in a network
c) The most important thing to understand about the bus topology
3. The Data Logical Link Layer Frame format
a) Transmits the data in the network
b) Listens to determine if another machine is using the network
c) Repeats what it hears from the previous station
d) Describes the format on how data is transmitted on any type of network
4. In this type of topology, the data is not broadcasted on the network but passed from
node to node
a) Network Topology
b) Ring Topology
c) Bus Topology
d) Star Topology
5. In this type of topology, each server and workstation plugs into a central hub that
provides connections to all other devices connected to the switch.
a) Network Topology
b) Ring Topology
c) Bus Topology
d) Star Topology

1. The cable that is easy to install and is less expensive than other types of networking
media.
a) UTP
263
b) STP
c) Fiber Optic
2. This cable combined the techniques of shielding, cancellation, and wire twisting
a) UTP
b) STP
c) Fiber Optic
3. Attenuation is the tendency of a signal to weaken as it travels over a cable. This cable is
less subject to experiencing attenuation.
a) UTP
b) STP
c) Fiber Optic

1. The network devices contend for the network media in the CSMA/CD method. This
means that
a) Nodes estimate when a collision might occur and avoid transmission during that
period.
b) When a device has data to send, it first listens to see if any other device is currently
using the network
c) The source node addresses the packet by using the broadcast address
d) The source node addresses the packet by using a multicast address
2. LAN extenders forward traffic from all the standard network layer protocols (such as
IP) and filter traffic based on
a) Packet
b) MAC address
c) Electrical connections
d) Cabling scheme
3. Why did Ethernet networks implement bridges?
a) To build a hierarchical wiring systems
b) To solve congestion problems due to increase of devices in the network
c) To combine fiber optic backbone and UTP cabling
d) To send a single packet to one or more nodes
4. An Ethernet connection standard that relies on twisted pair wiring (shielded or
unshielded) to connect computers.
a) Ethernet 10Base2
264
b) Ethernet 10Base-T
c) Ethernet100Base-T
5. In the 5-4-3 rule, which statement is true?
a) Between any two nodes on the network, there can only be a maximum of 5
(trunk) segments if they are made of coaxial cable.
b) Between any two nodes on the network, there can only be a maximum of 5
repeaters, connected through 4 segments, 3 of the segments may be populated
c) Between any two nodes on the network, there can only be a maximum of 5

1. This process of transmitting data repeats any signal that comes in on one port and copy
it to all the other ports
a) Routing
b) Broadcasting
c) Multiplexing
d) Repeating
2. This device is used to extend the network when the total length of your network cable
exceeds the standards set for the type of cable being used.
a) Router
b) Hub
c) Repeater
d) Brouter
3. This device connects a network to one or more other networks that are usually part of a
wide area network (WAN) and may offer a number of paths out to destinations on those
networks.
a) Router
b) Hub
c) Repeater
d) Brouter
4. Which of these examples do not belong to protocols used for unicast routing?
a) RIP
265
b) OSPF
c) TDP
d) BGP
5. Which among these statements is true?
a) Unicast routing removes packets from one host to another host using the unicast
b) Unicast routing forwards packets from one host to another host using the multicast
c) Multicast IP routing forwards packets from one host to multiple hosts using the
multicast destination IP address.
d) Multicast IP routing forwards packets from one host to multiple hosts using the
unicast destination IP address.

1. This layer in the OSI model is responsible for formatting data exchange. This is where
the set of character are converted and the data is encrypted.
a) Application Layer
b) Transport Layer
c) Presentation Layer
d) Session Layer
2. This layer is responsible for providing node-to-node communication on a single, local
network.
a) Physical Layer
b) Data Link Layer
c) Session Layer
d) Application Layer
3. Which of the following statements is true?
a) FTP uses UDP to create and maintain a connection between source and destination
machines and TFTP also uses UDP as a transport.
b) FTP uses TCP to create and maintain a connection between source and destination
machines and TFTP uses TCP as a transport.
c) TFTP uses TCP to create and maintain a connection between source and destination
machines while FTP uses UDP as a transport.
266
d) FTP uses TCP to create and maintain a connection between source and destination
machines while TFTP uses UDP as a transport.
4. The most known protocol in the Network Layer is
a) PPP
b) SLP
c) IP
d) TIP
5. Any protocol or device that operates on the physical layer deals with which concept of
the network?
a) The biological concepts of the network
b) The logical concepts of the network
c) The physical concepts of the network
d) The contextual concepts of the network
Chapter 7 Review Questions

1. This is the primary transport protocol of the TCP/IP protocol suite
a) TCP
b) UDP
c) IP
d) STP
2. The TCP/IP protocol that provides for source and destination addressing is a) IP
b) TCP
c) UDP
d) All of the above
3. This TCP/IP utility is used to check the validity of a remote IP address.
a) PING
b) FTP
c) ARP
d) IPCONFIG
267
4. The dynamic Windows-based service used to resolve NetBIOS names into their IP
addresses is
a) ICMP
b) DNS
c) WINS
d) DHCP
5. Which of the following does a router normally use when making a decision about
routing TCP/IP?
a) Destination MAC address
b) Source MAC address
c) Destination IP address
d) Source IP address
e) Destination MAC and IP address
268
Endnotes
Endnotes
1
http://www.bytepile.com/cable_categories.php
http://www.ciscopress.com/articles/article.asp?p=31276&seqNum=2
http://www.datacottage.com/nch/basics.htm
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/202b5d35-72474759-8d6e-e400f7742465.mspx
5
http://www.linktionary.com/t/tdm_newtork.html
http://www.t1-t3-dsl-line.com/page/32/
http://homepages.luc.edu/~bmontes/CIEP489-Images/Network-Protocols.gif
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/
http://www.windowsitpro.com/
10
www.3wan.com/NIAS.shtml
269

Basic Networking Trendmicro

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Basic Networking Trendmicro

Enviado por

Direitos autorais:

Formatos disponíveis

Basic Networking

Copyright 2005 Trend Micro Incorporated. All rights reserved.

Chapter 1: Basic Network Concepts ............................................................... 10

Chapter 2: Basic Network Topologies ............................................................ 39

Chapter 3: Basic Network Cabling .................................................................. 63

Chapter 4: LAN Architecture............................................................................ 90

Chapter 5: Network Connectivity Devices .................................................... 115

Chapter 6: The OSI Model .............................................................................. 151

The Application Layer ............................................................................................... 159

Chapter 7: TCP/IP Protocol Suite .................................................................. 175

Chapter 8: Network Troubleshooting and Monitoring ................................. 228

Appendix A: Answers to Review Questions................................................. 262

Understand the fundamentals of networking

Define the different components that comprise a simple network

Know how to perform basic troubleshooting on a network

Define what is networking and how does it work

Discuss the components in a network and their functions

Learn how to monitor and perform basic troubleshooting steps on a network

Understand the fundamentals of a basic network

Discuss the components of networking

Setup a simple network

Perform basic network troubleshooting

How to Use This Material

2005 Trend Micro Incorporated

Trend Micro Basic Networking Student Textbook

2005 Trend Micro Incorporated

2005 Trend Micro Incorporated

Trend Micro Basic Networking Student Textbook

Copyright 2005 - Trend Micro Inc.

2005 Trend Micro Incorporated

Course Objectives Knowledge - Skills

2005 Trend Micro Incorporated

Trend Micro Basic Networking Student Textbook

Chapter 1: Basic Network Concepts

Understand basic networking concepts

Identify the advantages and disadvantages of networking

Describe the advantages of a peer-to-peer network.

Describe the advantages of a server-based network.

Define network architecture

Define network topology

Identify the basic networking components

2005 Trend Micro Incorporated

Chapter 1: Basic Network Concepts

Chapter 1: Basic Network Concepts

The Advantages (Benefits) of Networking

Copyright 2005 - Trend Micro Inc.

2005 Trend Micro Incorporated

Trend Micro Basic Networking Student Textbook

Copyright 2005 - Trend Micro Inc.

2005 Trend Micro Incorporated

Chapter 1: Basic Network Concepts

Basic Networking Components

Copyright 2005 - Trend Micro Inc.

2005 Trend Micro Incorporated

Trend Micro Basic Networking Student Textbook

Types of Network Categories

2005 Trend Micro Incorporated

Chapter 1: Basic Network Concepts

Types of Network Categories

Copyright 2005 - Trend Micro Inc.

2005 Trend Micro Incorporated

Trend Micro Basic Networking Student Textbook

Copyright 2005 - Trend Micro Inc.

2005 Trend Micro Incorporated