CompTIA Network+ N10-009 Certification Course

[music] [music] [music] A topology is a layout of how a network communicates with different devices. And

there are a couple of different categories of topologies. There's wired

and wireless. So we're first going to talk about the most common wired topologies. And the most common wired

topologies. And the most common wired topology is the star topology. In a star topology, all the computers are connected to a central wiring point such

as a hub or a switch. All data on a star network passes through this central point before continuing to its destination. One of the major benefits

destination. One of the major benefits of this topology is that if one computer failed or if there was a break in the cable, the other computers would not be

affected because each computer has their own cable connection. However, a

disadvantage of a star topology is that if the central hub or switch fails, then all the computers on that central point would be affected and this is called a

single point of failure because if this happens, the entire network goes down.

There is also the mesh topology. In a

mesh topology, each computer on the network is connected to every other computer on the network. So by having so many connections, it handles failure

very well. So in this illustration,

very well. So in this illustration, there are four computers with three connections on each computer, which makes a total of 12 connections for this network. Now the advantage of a mesh

network. Now the advantage of a mesh topology is that it creates a high redundancy level because if one or more connections fail, the computers would still be able to communicate with each

other. But because of the amount of

other. But because of the amount of cabling and network cards that have to be used, mesh topologies can be expensive. So they are rarely used on

expensive. So they are rarely used on local area networks or LANs. They are

mainly used on wide area networks like the internet. In fact, the internet is a

the internet. In fact, the internet is a perfect example of a mesh topology because the internet is made up of numerous routers all over the world that are connected to each other to route

data to their destination.

A point-to-point topology is two hosts that are directly connected to each other using a single cable. These hosts

could be computers, routers, switches, servers, and so on. So, a point-to-point topology is the simplest form of topology there is. Topologies can also

be combined with other topologies if needed, and these are known as hybrid topologies. So for example, an

topologies. So for example, an organization may use a combination of a star mesh or pointto-point topologies in their network.

A spine leaf topology creates a full mesh connection in a network. This is

made up of two layers. One layer is made up of spine switches which are the backbone of a network and the second layer are leaf switches. In this setup,

each spine switch is connected to every leaf switch but are not connected to the other spine switches. And each leaf switch is connected to every spine

switch but they are not connected to the other leaf switches. And then the leaf switches are connected to the servers.

So in this setup, if this server wanted to communicate with this server over here, the data would go from this leaf switch to the other spine switch and

then to the leaf of that destination server. So no matter how these servers

server. So no matter how these servers are connected with each other, the maximum amount of hops will be a maximum of two, which minimizes network latency

and improves network performance. And

because all the spine and leaf switches are interconnected, this creates multiple paths for data to travel through, which creates redundancy and

reduces bottlenecks.

As far as designing large enterprise networks, Cisco has created a fast, cost-saving, and reliable model for achieving this, and it's called the

three tier hierarchical model. And this

model serves as the blueprint for creating large networks by breaking it down into three layers. The top layer is the core layer. Now, this is the backbone of a network. This layer is

made up of high-speed routers and switches with redundant links that move large amounts of data. It's essentially

the doorway that provides access to internal and external networks.

The next layer is the distribution layer. The distribution layer acts as a

layer. The distribution layer acts as a middleman for exchanging data between the core and the access layer. This

layer provides intelligent switching, routing, and network access policies for the network. This layer is made up of

the network. This layer is made up of standard routers and layer 3 switches.

And the last layer is the access layer.

In this layer, users can use their computers that are connected to switches to access network resources such as applications, data, and other networks.

This layer is made up of computers and switches.

And there is also the collapsed core model. The collapsed core model is

model. The collapsed core model is designed for smaller networks. So

instead of having three layers, this combines the core and distribution layers into one layer, creating a two-tier model. A main benefit of using

two-tier model. A main benefit of using this model is to reduce network cost.

In computer networking, there are terms for the flow of traffic. For example,

there's east west traffic. This refers

to network traffic between machines in a particular data center. So for example in this data center when these servers communicate with the other servers this

would be an example of east west traffic and then there's also north south traffic flow and this refers to data traveling from or to a system that is

physically located outside the data center. So if this data center

center. So if this data center communicates with another data center in another part of the world this will be called north south traffic.

>> [music] [music] >> In order for network communication to take place, there needs to be a set of standards and that's why the OSI model

was developed. OSI stands for open

was developed. OSI stands for open systems interconnection. The OSI model

systems interconnection. The OSI model describes how information from software in one computer moves through a network to reach software on another computer.

And it does this by breaking down this huge task of data communication into seven different layers giving control of a data being sent from one layer to

another. These layers are numbered from

another. These layers are numbered from one to seven starting from the bottom.

These layers are the physical data link, network transport session presentation, and application.

This illustration shows how data flows through the OSI model. When two

computers want to communicate, the data flows down the OSI model, and when the data crosses over the network media, such as the internet, it flows back up

the OSI model to its destination.

The first layer of the OSI model is the physical layer. This layer deals how raw

physical layer. This layer deals how raw bits of data are transmitted through physical media such as cables and connectors. This layer also defines the

connectors. This layer also defines the topology of a network.

And moving our way up, the second layer is the data link layer. And this layer is responsible for getting the raw bits of data from the physical layer and

organizing it into frames. A frame is when raw data is properly formatted and prepared by adding headers and trailers so it can be transferred over a local

network. And one of these headers that

network. And one of these headers that are added contains the MAC address. The

MAC address is an identifier that every network device uses to uniquely identify itself on the network. And the MAC address is what is ultimately used when

devices talk to each other. A common

device that uses the MAC address is a switch. And [clears throat] this is

switch. And [clears throat] this is because a switch is a layer 2 device because a switch reads the MAC address in a frame and uses it to determine

where to forward it.

And the next layer is layer three which is a network layer. And this layer is responsible for routing the frames across different networks using IP

addresses. In this layer, the data is

addresses. In this layer, the data is broken down into smaller chunks or packets and then are sent with instructions on how to get to their

destination. Some examples of layer 3

destination. Some examples of layer 3 devices are routers and layer 3 switches.

The transport layer is layer 4. This

layer provides the transfer of data between end users by using the TCP or UDP protocols. TCP is responsible for

UDP protocols. TCP is responsible for resending any data packets that do not receive an acknowledgement from the destination ensuring that the data

packets were received by the destination. It also reassembles the

destination. It also reassembles the data in the correct order when it is received by the destination. and it also

does error checking. Now, UDP is also used to transfer data, but the main difference between UDP and TCP is that

UDP does not guarantee the delivery of data. UDP is a faster protocol that's

data. UDP is a faster protocol that's mainly used for applications such as streaming videos.

Layer five is the session layer. Now,

this layer controls the dialogue during communications. So as an example, if two

communications. So as an example, if two people are doing a video call with each other over a network, the session layer is responsible for starting, managing

and ending the communication between those devices that are doing the video call. This layer is also known as a

call. This layer is also known as a traffic cup because it directs network traffic.

Layer six is the presentation layer and this layer is responsible for translating the data into a readable format as it hands it off to the

application layer. This is where the

application layer. This is where the data is compressed or decompressed and encrypted or decrypted. This layer is sometimes referred to as the translation

layer.

And layer seven is the application layer. Now, this layer, as you might

layer. Now, this layer, as you might have guessed, deals with applications.

It's the layer that we see. It's data

that resembles something that you can actually read when you're using application protocols such as email, HTTP, and FTP.

[music] >> [music] >> Now, a switch is a networking device that connects all of your network devices together on a local network.

It's a device that has multiple ports that accepts Ethernet connections from network devices. A switch is considered

network devices. A switch is considered intelligent because a switch can actually learn the physical addresses of the devices that are connected to it and

it stores these physical addresses called MAC addresses in its table. So

when a data packet is sent to a switch, it's directed only to the intended destination port. So if this computer

destination port. So if this computer here wanted to communicate with this computer over here, the data packet arrives at the switch and the switch

will look at his table of MAC addresses and matching ports and deliver the data to the correct port and then the data

packet would go to that computer.

Now a router does exactly what its name implies. A router is a device that

implies. A router is a device that routes or forwards data from one network to another based on their IP address.

When a data packet is received from a router, the router inspects the data packet's IP address and determines if the packet was meant for its own network

or if it's meant for another network. If

the router determines that the data packet is meant for its own network, it'll receive it. But if it's not meant for its own network, it sends it off to

another network. So a router is

another network. So a router is essentially the gateway for a network.

So here we have a private network with its router. And we'll refer to this as

its router. And we'll refer to this as the red network indicated by the red colored screens on the computers. And

over here you're going to have different data packets indicated by their different colors which represents different IP addresses. and they are going to be entering the red network's

router from the internet. The router is only going to accept the red data packets because they are the only ones intended for this network. So all of the

other data packets, the yellows, blues, greens, and so on will be rejected by this router because they were not intended for this network because their

IP addresses were not meant for this network.

A firewall is a system that's designed to prevent unauthorized access from entering a private network by filtering the information that comes in from the

internet. It blocks unwanted traffic and

internet. It blocks unwanted traffic and permits wanted traffic. So, a firewall's purpose is to create a safety barrier between a private network and the public

internet. Because out on the internet,

internet. Because out on the internet, there's always going to be hackers and malicious traffic that may try to penetrate into a private network to cause harm. And a firewall is the main

cause harm. And a firewall is the main component on a network to prevent this.

A firewall that's used on computer networks is similar to how a firewall works in a building structure. In fact,

this is where the word firewall came from. A firewall in a building structure

from. A firewall in a building structure provides a barrier so that in the event of an actual fire on either side of the building, the firewall is there to keep

the fire contained and keep it from spreading over to the other side. So, it

would keep the fire from destroying the whole building. A firewall works by

whole building. A firewall works by filtering the incoming network data and determines by its rules if it is allowed to enter a network. These rules are also

known as an access control list. These

rules are customizable and configured by the network administrator. The

administrator not only decides what can enter a network but also what can leave a network. So these rules will either

a network. So these rules will either allow or deny permission.

Intrusion detection or prevention system is a hardware tool that's typically placed between the internet and the firewall. And its job is to alert and

firewall. And its job is to alert and protect a network from outside attacks.

These attacks include viruses, malware, and hackers who are trying to sabotage an internal network. It monitors traffic flowing through a network looking for

suspicious patterns. and if it finds

suspicious patterns. and if it finds any, it alerts the network administrator of a pending danger.

A load balancer is a piece of hardware or software that is used to evenly distribute data activity across a network so that no single server or

computer becomes overwhelmed with the workload. So for example, here we have a

workload. So for example, here we have a network and one of the servers is getting more network activity than the other server. So to fix this problem we

other server. So to fix this problem we can add a load balancer so that both servers are sharing the network activity evenly.

QoS stands for quality of service and this feature is built into many routers and switches and it's used to prioritize bandwidth in a local network based on

certain applications and devices which is also known as traffic shaping. So

with QoS, a network administrator can decide if an application such as voice communication is more important than web browsing and then the administrator can

configure voice communication as a higher priority which will make sure it gets more bandwidth than other applications.

Now the definition of a proxy is just someone or something that has authority to do something for another person or thing. So in terms of computers and

thing. So in terms of computers and networks, a proxy is a server and a proxy server acts on behalf of clients on a network such as retrieving data for

those clients. A proxy is a middleman

those clients. A proxy is a middleman that sits between a private network and the public internet. So for example here we have a private network with a bunch

of computers or clients. Now all of these computers have access to the internet. But as most of us know with

internet. But as most of us know with all these computers having the ability to access the internet it could also create a massive security concern because with all of these individual

computers accessing the internet they could draw in malicious traffic that could wreck havoc inside this network.

So this is where a proxy or to be more specific a forward proxy can be beneficial.

When a forward proxy server is used on this network, the proxy server is now the guardian of this network. So when

all of these computers want to access the internet, they go to the proxy server instead. And then the proxy

server instead. And then the proxy server will fetch the data out on the internet on their behalf. So by doing this this creates a safety barrier

between a private network and the internet because a major benefit of a proxy is that it can regulate traffic by blocking harmful websites.

And some other benefits of a proxy is that it hides the identity of clients by masking their IP addresses and using its own IP address. So when these clients

connect to websites and servers out on the internet, those websites and servers only see the IP address of the proxy server and not the clients.

Another benefit is that it logs user activity. A lot of organizations like to

activity. A lot of organizations like to know what websites that their clients are visiting and by using a proxy, it will keep track of the websites that were visited and how long they were on

those websites.

And another benefit is that it can bypass restricted content. Some

organizations like schools and governments may restrict access to certain websites, but by using a proxy, you may be able to bypass those restrictions and access those restricted

websites.

And finally, another benefit of using a proxy server is speed. Because a proxy can cache or store copies of websites that are frequently used by their

clients. So instead of the proxy server

clients. So instead of the proxy server fetching the same websites out on the internet over and over again, those websites can be stored in the proxies

cache database instead.

NAS stands for networkattached storage.

A NAS is a storage device that is used strictly for storing data and it doesn't do anything else besides storing data.

Typically, a NAS is a box that may have multiple drives in a RAID configuration for redundancy and a network interface card that directly attaches to a switch

or a router so that the data can be accessed over a network. Then once it's on the network, it can be accessed from other devices such as desktops, laptops,

and servers as a shared drive. These are

typically used in homes and small to medium-siz businesses.

And a sand or storage area network is a special high-speed network that stores and provides access to large amounts of data. Basically, it's a dedicated

data. Basically, it's a dedicated network that's used for data storage.

This network consists of multiple disk arrays, switches, and servers. And

because it has multiples of these devices, a sand is fault tolerant and the data is shared among several disk arrays. So if a switch or a disc array

arrays. So if a switch or a disc array or if a server goes down, the data can still be accessed. And when a server accesses the data, it accesses the data

as if it was a local hard drive because that's how operating systems recognize a SAN. It's recognized as a localattached

SAN. It's recognized as a localattached drive rather than a shared network drive like a NAS. And SANS are not cheap. They

come at a very high cost, which is why they are mainly used by large companies.

A wireless access point is basically a wireless hub that's used by wireless devices to connect to an existing wired network. So it relays data between the

network. So it relays data between the wired network and the wireless devices.

Now wireless access points are primarily used by medium to large organizations.

And typically an organization will have multiple access points to make sure it covers the entire building. So for

example here we have a medium-sized office and this office has desktop computers, laptops and tablets. So the

desktop computers will connect to the organization's router using Ethernet cables. But in order for the wireless

cables. But in order for the wireless laptops and tablets to connect to the network, this office is going to use wireless access points. So the access points are going to be placed in

strategic places and each of them will connect to the router using an Ethernet cable. Then once that is done, they will

cable. Then once that is done, they will all broadcast a Wi-Fi signal so that the laptops and tablets can connect wirelessly and join this network. So now

all the desktop computers and wireless devices are joined together in one network. And that one network is managed

network. And that one network is managed by one single router.

And in addition to be connected to a router, they could also be connected to a wireless LAN controller. A wireless

LAN controller is a device that manages wireless access points in a network. It

extends a router's bandwidth, allowing several devices to connect to the network from a greater distance.

CDN stands for content delivery network and this is a network that makes websites load faster by bringing the website content closer to the user.

Whenever you want to go to a website, you would use your computer, tablet, or smartphone. And then you would type in

smartphone. And then you would type in the address of that website. And then

your request would travel from your device over the internet to the origin web server. And then the origin web

web server. And then the origin web server would send the website data such as HTML coding, scripts, and images back to your device and display the web page.

So depending upon the distance between your location and the origin web server, it will directly affect how fast the website loads on your device.

So for example, if the origin web server is located in the USA and you are also located close by in the same country, the website is going to load fast

because the distance is short. But if

you are located in a different area, such as in South America, the website will take longer to load because of the further distance. Or if you're in

further distance. Or if you're in Europe, which is even further, the website will take even longer to load.

And if a business is running a website, the last thing it needs is for that website to load slow. Because if a website is slow, users will start to drop off quickly, which means less

sales.

So this is where a CDN comes in. A CDN

was created to make websites faster by eliminating the distance between the user and the origin web server. A CDN

works by establishing what's called a POP or point of presence. And these pops are placed in different geographical areas all over the world. These pops are

made up of servers called edge servers.

These edge servers cache the content of the origin web server to deliver the website data to users faster by bringing the website data closer to the users. So

instead of users connecting directly to the origin web server to retrieve the web page, they will connect to an edge server closest to their location which

eliminates any latency caused by long distances which dramatically speeds up website retrieval. So regardless if

website retrieval. So regardless if users are located near the origin web server or far away in a different country, it wouldn't matter. The website

will load quickly for everyone.

>> [music] >> Now virtualization in computing is the process of simulating hardware and software such as computers, operating

systems, storage and networking and it does it in a virtual or software environment. Now the traditional way a

environment. Now the traditional way a business operates is by having one machine for one application. So for

example, let's say that a business has three servers and they would have one of those servers dedicated to running an email service and that server has Microsoft Windows as its operating

system and then that business would have another server that's used for running a website and it would have Linux as its operating system and then they would have another server that's running a

database and it's using Unix as its operating system. So one machine with

operating system. So one machine with one application and in addition those three servers are running three different operating systems. But instead

of having three servers running one application each, what if just one server could do the job just as good and do it more efficiently? So basically one

server would take the place of the three and run all the applications and even run their different operating systems. So this is what virtualization does.

Virtualization is basically consolidating all of these physical servers with their different operating systems and applications and running them on just one physical server in a

virtual environment. So now this one

virtual environment. So now this one server is running three VMs or virtual machines. It's running all of the

machines. It's running all of the different applications such as email, web services, and databases. and they're

all running side by side on one machine.

But not only the applications, but it's also running the different operating systems side by side. And it's doing this all by using software. And it does it so well that when users interact with

a virtual server, they would interact the same way as if they were still on multiple physical servers. They won't be able to tell the difference. Now, the

software that creates and runs the virtualization is called a hypervisor. A

hypervisor is what allows one machine to run multiple virtual machines. It

allocates and controls the sharing of a machine's resources such as storage space, RAM, CPUs, and so on.

VPC stands for virtual private cloud and a private cloud is an isolated private network within a public cloud. So the

first thing we have to ask is well what is a cloud? Well to put it simply the cloud is just a bunch of servers in a building and these servers are accessed

from the internet. These servers provide services on behalf of clients such as businesses and organizations and this cloud is available for the public to use

which is why it's called a public cloud.

So, as an example, if a business or an organization wanted to run their applications such as a website or a database, they could spend the money and

the time to build and maintain their own servers on premises and run these applications on them. Or another option is to use a public cloud, meaning they

can instead go with a cloud provider and use their servers instead to run their applications, which is what a cloud is.

A public cloud is a third-party service provider that sells their servers computing resources to the public. Some

popular public cloud providers are Amazon Web Services, Microsoft Azure, and Google Cloud Platform.

So, what is the difference between a public cloud and a virtual private cloud? Well, as I stated before, a VPC

cloud? Well, as I stated before, a VPC is the creation of an isolated private network within a public cloud. And the

reason for a VPC is for isolation and security because in a public cloud the computing resources are shared between the clients that are using that public

cloud. But in a VPC they are not. A VPC

cloud. But in a VPC they are not. A VPC

is a creation of a secure and isolated space in a public cloud which provides greater security.

So as an analogy, the public cloud could be compared to an apartment building with tenants. The building represents

with tenants. The building represents the public cloud's infrastructure and computing resources. And the tenants of

computing resources. And the tenants of the building are clients. And these

tenants are all sharing the infrastructure and the resources of the building such as the concrete, steel, piping, and so on. But a VPC is like

creating another separate building where only one tenant or client occupies it.

So it's totally isolated from the other building.

So how do you create a VPC? So as an example, let's say that a business wanted to use a VPC. So what they would do is they would go to a public cloud provider of their choosing and then in

that public cloud they would create and configure their own VPC. And in a VPC you can configure an entire network from servers, route tables, internet

gateways, subnets, security groups and so on. And it's all done virtually.

so on. And it's all done virtually.

And you can even create multiple networks in your VPC. So let's say that this business wanted to create two separate networks in their VPC. And this

is done by creating a couple of subnets in the VPC. One network or subnet would be for hosting their website and the other would be for their database. So

you would give both subnets different IP address groups to separate the network traffic. Now since the website needs to

traffic. Now since the website needs to be accessed from the public from the internet that subnet would need internet access. So this would be a public

access. So this would be a public subnet. So you would have to configure a

subnet. So you would have to configure a virtual internet gateway and routing tables to let traffic in and out. But

since the database has sensitive information that should not be accessed from the public, this subnet will be a private subnet. So no internet gateway

private subnet. So no internet gateway needs to be configured for this.

However, the company itself still needs to access the database on this private subnet. And this can be done by

subnet. And this can be done by configuring a VPN to create a secure and direct connection from one network to another over the internet. So with a

virtual private cloud, you have total flexibility. You can create your own

flexibility. You can create your own isolated space on the cloud and you have total control over everything.

So, as I stated earlier, the cloud is just a bunch of servers in a big building. And these servers provide

building. And these servers provide services on behalf of clients such as businesses and organizations. And the

cloud offers scalability, which means that the cloud can add more resources such as servers when needed and it can do this on the fly. It also offers

elasticity which means that the cloud can dynamically adjust its resources quickly whether it's up or down to adapt to fluctuations in a business or an

organization.

And the cloud also offers multi-tenency which means multiple customers or clients share the same resource infrastructure in the cloud.

When a company is ready to deploy a cloud, that company must decide what type of cloud deployment model it wants to use. So for example, a public model.

to use. So for example, a public model.

A public model is when a company is going to offer their product or service accessible to anyone who wants to access it. So for example, this could be a

it. So for example, this could be a company's website where anyone can just use their computer to access the website. And another cloud deployment

website. And another cloud deployment model is a private model. A private

model is when a company offers their service to private users instead of the general public. Now, this could be

general public. Now, this could be something like an internal website where only employees of that company can access it. And a company can also get

access it. And a company can also get the best of both worlds by deploying a hybrid model. A hybrid model is a

hybrid model. A hybrid model is a mixture of private and public models.

There are three different service models in cloud computing. There's

infrastructure as a service or ISA, platform as a service or pass and software as a service or SAS.

So the first one is infrastructure as a service. Now this type is basically

service. Now this type is basically where you're going to let the cloud provider manage a portion of your business which is going to be the hardware portion. The cloud provider

hardware portion. The cloud provider will manage the servers, storage, virtualization, and the networking portion. You, on the other hand, will

portion. You, on the other hand, will still have control over the software portion such as the applications, data, operating system, middleware, and

runtime. Some examples of infrastructure

runtime. Some examples of infrastructure as a service that the common person would use would be online data backup services such as iDrive and Carbonite

that provide cloud storage.

And the next one is called platform as a service. Now pass like IAS allows the

service. Now pass like IAS allows the cloud provider to manage a portion of your business. But the cloud provider

your business. But the cloud provider has more control. In a pass the cloud provider not only manages the hardware such as server, storage and networking,

but it also manages the operating system, middleware and runtime. You on

the other hand are only responsible for the applications and the data.

And finally, there's software as a service or SAS. Now, this is probably the most common cloud service by far. In

this type, all the applications are hosted by the cloud provider. There is

no software to install on your computer and no hardware to manage. You just

simply access and run the application from your computer when you connect to the cloud service through the internet.

So the cloud provider manages all the hardware software networking operating system, and storage. A good

example of SAS is something that I use all the time, which is Google Docs.

Google Docs is a free online office suite that is accessed using a web browser. There is no additional software

browser. There is no additional software that needs to be installed on your computer to use Google Docs. Everything

is accessed and managed from your web browser.

>> [music] >> Now, a port is a logical connection that is used by programs to exchange information. And these ports have a

information. And these ports have a unique number that identifies them. The

number ranges from 0 to 65535, but for the exam, you only need to know a few of them. So here is a chart of the ports that you need to know for the

exam. Some of these ports are very

exam. Some of these ports are very common and are used every single day such as port 80 which is used for bringing up web pages on the internet.

And another one is port 443 which is used for loading up secure web pages.

And another common port is port 25 and this is used for sending email.

Whenever a computer wants to communicate with another computer, the communication between those two computers needs to be good and reliable so it can guarantee

that the data is received correctly. For

example, when you want to view a web page or download a file or look at an email, you'd expect to view the web page intact and in order with nothing

missing. or if you're downloading a

missing. or if you're downloading a file, you would want the entire file and not just a part of the file because if data is missing or out of order, then it

wouldn't be of any benefit to you. So,

this is where TCP comes in. TCP stands

for transmission control protocol and this is one of the main protocols used in a TCP IP network and TCP is what is

used to guarantee that all the data is received and in order because without TCP then some of the data could be

missing or out of order because if you view a web page without TCP your web page could be all messed up. the images

could be missing or the text could be backwards and out of order or if you download a file then you might not get the entire file or you could get the

file out of order which would render the file useless.

So again this is where TCP comes in. Now

TCP is a connectionoriented protocol which basically means that it must first acknowledge a session between the two computers that are communicating. So the

two computers verify a connection before any communication takes place. And it

does this by using a three-way handshake.

So the first step is that a computer will send a message called a send s.

Then the receiving computer will send back an acknowledgement message telling the sender that it has received the message. And then finally the sender

message. And then finally the sender computer sends another acknowledgement message back to the receiver. And then

once this has taken place, data can be delivered. Another important thing to

delivered. Another important thing to remember about TCP is that it guarantees the delivery of the data. So if a data

packet goes astray and doesn't arrive then TCP will resend it.

Now UDP is very similar to TCP. UDP is

also for sending and receiving data but the main difference is that UDP is connectionless which means that it does not establish a

session and it does not guarantee data delivery. So when a computer sends their

delivery. So when a computer sends their data, it doesn't really care if the data is received at the other end. And that's

why UDP is known as the fire and forget protocol because it sends data and it doesn't really care what happens to it as this demonstration will show. Another

point to remember is because of the less overhead that's involved of not guaranteeing data delivery, UDP is faster than TCP.

Now, IPSAC is a set of protocols for security at the network layer of the OSI model. The IP stands for internet

model. The IP stands for internet protocol, which is what the internet uses to route data, which is by using IP addresses. And the SEC stands for

addresses. And the SEC stands for secure, which is exactly what IPSeack does. It secures the data when

does. It secures the data when communication is happening between two points over a network. And it does this by adding encryption and authentication.

IPSec is also the protocol that is commonly used by businesses to create VPNs.

When devices communicate over a public network such as the internet, the data that is being exchanged is sent in clear text, which means that anyone, as long as they know what they're doing, can

steal the data. Now, normally this would not be a big deal if they were just sending nonsensitive information. But if

they were sending sensitive information such as credit card or other personal information, then this would be a major problem. IPSec was developed to ensure

problem. IPSec was developed to ensure that the data cannot be stolen by protecting the data while it's being transferred over the internet. And it

does this by authentication and making sure that the data is impossible to read by using encryption algorithms to scramble the data that's being

transferred. The way ipset works is by

transferred. The way ipset works is by creating secure tunnels to protect the data during transfer and this is done in two phases using a protocol called IKE

or internet key exchange. The first

phase is where the two sites will identify each other and negotiate parameters for authentication and encryption methods. So this is the first

encryption methods. So this is the first tunnel that is used to protect the negotiation process.

The next phase is phase two of IKE. This

phase is the creation of the IPSec tunnel. And it's in this tunnel where

tunnel. And it's in this tunnel where the data is going to be exchanged between the two sites. But before the data is sent, it needs to be protected.

And this can be done by using a couple of different protocols. One is called ah or authentication header. This protocol

offers authentication and integrity, but it doesn't do any encryption. And

because it doesn't offer any encryption, the other protocol called ESP or encapsulating security payload is the better of the two protocols. ESP does

all three. It offers authentication, integrity, and encryption.

In order to use IPSec, both sender and receiver must share a public or private key. This key is what locks and unlocks

key. This key is what locks and unlocks the encrypted data as it travels across a network. This ensures that the data

a network. This ensures that the data cannot be read or tampered with. So when

this site sends data to the other site, it'll use the key to encrypt or in simple terms lock the data. And then as the data travels across the internet,

the receiver will use the key to unlock or decrypt the data so it can be read.

IPSec operates in two different modes, transport and tunnel mode. When data is sent across a network, the data is not sent in one chunk. It's sent in smaller

chunks called packets. These packets

have an IP header, TCP header, and a payload. The IP and TCP headers contain

payload. The IP and TCP headers contain information such as the source and destination IP address, port and sequence numbers, and so on. And the

payload contains the actual data. So

right now this IP packet has no security. The data is in clear text. But

security. The data is in clear text. But

if we were to add security to this packet with IPSec using transport mode, an ESP header, trailer, and authenticator gets added to the original

packet. And the TCP header, payload, and

packet. And the TCP header, payload, and ESP trailer are all encrypted. Transport

mode is used when two devices such as two computers connect over the public internet.

And in tunnel mode, a new IP header gets attached to the packet. And in addition to the TCP header, payload, and ESP trailer, the IP header also gets

encrypted. So it provides even more

encrypted. So it provides even more security than transport mode. Tonal mode

is used when two sites such as two businesses are connected over the public internet using a VPN.

GRE or generic route encapsulation is a protocol that is used with point-to-point tunneling protocol in creation of a VPN network. GRRE is what

actually creates the tunnel in PPTP. It

is used to encapsulate the data in a secure manner.

Now let's talk about traffic types.

These types are different methods on how data is sent over a network. So first is the term broadcast. Now this refers to when there is a single transmitter of

data and that data is being received by every device. So for example, this could

every device. So for example, this could be where a computer is sending an ARP broadcast out on the network and every computer will receive the message.

Another type is uniccast. Uniccast is a onetoone communication. So the data is

onetoone communication. So the data is sent to a single device and then there's multiccast. In multiccast the data is

multiccast. In multiccast the data is sent to multiple devices at the same time but not to every device. And

finally, there's any cast. And this is where data is sent to the nearest device.

[music] [music] Now, Wi-Fi is a wireless technology that uses radio waves that allows networking devices the ability to communicate with

other networking devices wirelessly using a device such as a Wi-Fi router or a wireless access point. And since the first development of Wi-Fi, there has

been some significant changes in the technology and speed and the Wi-Fi standards. Now the organization that

standards. Now the organization that created and maintains the wireless standards is called the ILE E which stands for the Institute of Electrical

and Electronics Engineers and they are responsible for starting a project called the 802 project and the wireless standards that they created was called

and started with the number 802.11.

So here is a chart of the different 802.11 wireless standards that have been released throughout the years. It shows

their generation name, maximum speed, frequencies, and release year starting with the first wireless standard which was 802.11

which came out in 1997 and all the way up to the latest standard which is the 802.11be standard which was released in 2024.

Another method of connecting to the internet is by using cellular networks which are used by devices such as cell phones and mobile tablets. Cellular

networks divide geographical areas into sections or cells with each cell having a cellular tower to cover that area.

It's these cells that allow devices to connect to the internet wirelessly.

Early on, cellular networks used technologies such as 2G and 3G. And

today, they use modern technologies such as 4G LTE and 5G, which significantly increase the speed of cellular data.

And there is also satellite internet.

Satellite internet is typically used when there is no other option available if you want internet access. and is

typically used in undeveloped areas where there is no network infrastructure available. Satellite networks work by

available. Satellite networks work by data being transmitted by a dish at the customer's location up to orbiting satellites, which the satellites will

then relay the data to a broadband internet ground station. And then from there the ground station will send data back up to the satellites which will

relay the data back to the dish at the customer's location. An example of a

customer's location. An example of a satellite internet provider would be Starlink.

The same ILE E organization that created the 802.11 wireless standards also created standards for cables which is

the 802.3 Ethernet standard. Ethernet is

by far the most common network technology that's used today. And the

speed of Ethernet ranges from 10 megabits to 40,000 megabits per second.

And it uses both copper wire and fiber optic media. And today there are many

optic media. And today there are many different cable Ethernet standards that are used on networks. These cables are categorized and named according to their

speed, type, and media. So here is one example. Here is a cable called 10 b t.

example. Here is a cable called 10 b t.

The 10 stands for the maximum speed of this cable which is 10 megabits per second. Base stands for bassband

second. Base stands for bassband transmission and t stands for twisted pair cable.

So here you can see some examples of the speed, length and cable type of some Ethernet examples. These are the 10 and

Ethernet examples. These are the 10 and 100 base cables. These represent the maximum speed of 10 and 100 megabits per

second. And you can notice the

second. And you can notice the variations in lengths and cable types.

And here is a chart of the 1,000 base cables. These all represent the maximum

cables. These all represent the maximum speeds of 1,000 megabits per second.

These are the gigabit Ethernet standards. And here is a chart for the

standards. And here is a chart for the 10 GB base cables. And these are obviously extremely fast.

In this section, we're going to talk about Ethernet network cables that are used in local area networks. And I'm

referring to twisted pair cables. These

are the Ethernet cables that you'll find as you connect your computer to your router or modem so you can have internet access. One end of the cable plugs into

access. One end of the cable plugs into your computer's network interface card, and the other end plugs into the network port of your router switch or modem,

depending upon what you're using.

Now, Ethernet twisted pair cables come in two different types. The first type is unshielded twisted pair, which is by far the most common type of cable that

is used today. Unshielded twisted pair consists of four pairs of color-coded wires twisted around each other. The

wires are twisted to prevent electromagnetic interference or cross talk. This type of network cable is what

talk. This type of network cable is what most people use in their home or business. And the second type is

business. And the second type is shielded twisted pair. Shielded twisted

pair is very similar to unshielded twisted pair except that it has a foil shield that covers the wires. And this

shielding adds an extra layer of protection against electromagnetic interference leaking into and out of the cable. This type of cable is mainly used

cable. This type of cable is mainly used for industrial purposes and not so much in a home or business.

Now in addition to talking about the different types of twisted pair cables, we also have to talk about the categories of twisted pair cables. And

these categories are called cat 3, cat 5, cat 6 and cat 7. And the difference between these is a maximum speed that they can handle without having any cross

talk or interference. The numbers of these categories represent the tightness of the twists that are applied to the wires. And as you can see on the

wires. And as you can see on the illustration of the categories and speeds of the different twisted pair cables. So as you can see the speed

cables. So as you can see the speed ranges from the lowest category which is cat 3 at 10 megabits per second and all

the way up to cat 6a and cat 7 which has speeds of 10 gabits per second. Now,

most networks today would use at least Cat 5e on their networks because most networks would be running at least at gigabit speeds. So, Cat 3 and Cat 5 are

gigabit speeds. So, Cat 3 and Cat 5 are slower than gigabit and are pretty much obsolete today. But, of course, if

obsolete today. But, of course, if you're running [clears throat] a network that can handle 10 GB speeds, you would have to use Cat 6A or Cat 7 on your

network. But even if you have an older

network. But even if you have an older network that's running slower speeds, you can still use Cat 7 because it is backward compatible. Cat 7 is actually a

backward compatible. Cat 7 is actually a shielded twisted pair version of Cat 6A.

And finally, the latest version is Cat 8. Now, Cat 8 is the ultimate copper

8. Now, Cat 8 is the ultimate copper cable. It's a shielded twister pair

cable. It's a shielded twister pair cable which has a delivery speed of 40 Gbits per second up to a distance of 30

m which is four times faster than Cat 6A or Cat 7.

DAC stands for direct attach copper and this is a copper cable that's used for high-speed data transmission over a short distance. These are typically used

short distance. These are typically used in data centers for connecting devices to each other such as switches on the same rack. DAC uses twin axial cables

same rack. DAC uses twin axial cables which have two conductor wires in a twisted pair separated by an insulator.

The cable comes pre-made from the manufacturer and are terminated with transceiver housings at each end using small form factor pluggable connectors

or SFP. DAC cables are simple to use.

or SFP. DAC cables are simple to use.

You just plug them into the SFP ports on the switches to connect them and that is it. There is no special configuration

it. There is no special configuration that needs to be done. DAC cables are better than Ethernet cables because they offer lower latency, higher speeds, a

better signal quality, and are coste effective.

Now the term plenum refers to a space in a building where there is open airflow circulation and this is usually between the drop ceiling and the structural

ceiling. So as a result buildings that

ceiling. So as a result buildings that have plenum spaces where there is adequate open air flow are more prone to fires than buildings that don't have

plenum spaces. So therefore cables that

plenum spaces. So therefore cables that run through these plenum spaces must meet certain requirements. So first the cable must be more fire resistant and

secondly they must not produce any toxic fumes if they are burned because toxic fumes in plenum areas can recirculate through the air conditioning systems and

cause harm to humans. So in this environment this is where plenum cables should be used. Now buildings that don't have plenum spaces will have air ducts

encapsulating the air flow. So there is no open airflow circulation because of these air ducts because the air is encapsulated in them. So the chances of

a fire happening and recirculating toxic fumes are minimal. So here is an example where you could use nonplenum cables.

This is the coaxial cable. This is used today primarily by cable providers to provide a computer with broadband internet connection. Early on it was

internet connection. Early on it was used as a backbone for networks such as a bus network. There are two common types of coaxial cable. The first type

is RG6 and this is made for long distances and is commonly used for cable television and internet connection and the second type is RG59.

This is made for short distances and is commonly used for highdefin and high quality video.

So now we're getting into fiber optic cables. So here is a cutaway view of a

cables. So here is a cutaway view of a fiber optic cable and a light source.

Fiber optic cable uses pulses of light to send data and as a result it is very fast and it can span for great distances. Now there are two different

distances. Now there are two different modes in fiber optics. Single mode fiber and multiode fiber. Single mode fiber is

a fiber optic cable that allows light to enter only at a single angle as you can see here. So when this type of

see here. So when this type of transmission of light enters at this angle, it can span for great distances.

And this is multiode fiber. The

difference between multiode and single mode is that in multiode, light travels in multiple beams that reflect off the walls of the cable. And unlike single

mode fiber, multiode fiber is made for short distances.

And this is the RJ11 connector. This is

a four-wire connector that's mainly used to connect telephone equipment. But as

far as networking, the RJ11 is used to connect computers to a local area network through the computer's modem.

The RJ11 locks itself into place by a single locking tab, and it resembles the RJ45, but it's a little bit smaller.

Now, the RJ45 is by far the most common network connector. Now, this is an

network connector. Now, this is an eightpin connector that's used to connect computers and other network devices in a local area network. The

RJ45 is used with unshielded twisted pair cable. Twisted pair cable has eight

pair cable. Twisted pair cable has eight wires and these wires are arranged in a certain order and then the wires are inserted into an RJ45 connector and then

they are crimped on both ends using a wire crimper and then one connector will be plugged into the computer's network card and then the other end would plug

into a device such as a switch modem or a router. Then once that is done, the

a router. Then once that is done, the computer will be able to connect to a network. The RJ45 has a single locking

network. The RJ45 has a single locking tab that locks itself into place.

Now, this connector is called the FType.

Now, this is a threaded connector typically used on coaxial cables. These

are primarily used by cable providers to attach to cable modems. So, if you have broadband cable like I do, you will have a modem with a coaxial cable attached to

an F-type connector that screws into the back of your modem that attaches with a nut. And in addition to being used with

nut. And in addition to being used with broadband cable, they are also used with satellite internet.

The BNC connector is a common type of RF connector that is used on coaxial cable.

BNC stands for bayonet Neil consoleman and this is used for both analog and digital video transmissions as well as audio.

So now we're getting into fiber optic connectors. So the first fiber optic

connectors. So the first fiber optic connector is called the SC or standard connector and this is often called the square connector and this was one of the

first connectors to be used in the marketplace. This uses a pushpull

marketplace. This uses a pushpull connector similar to audio and video plugs and these are commonly used between floors in a building.

And our next fiber connector is called the LC or local connector or Lucent connector since it was developed by Lucent. Now this type of connector is

Lucent. Now this type of connector is also commonly used between floors in a building and it was designed to compete with the SC connector. It's about half

the size of the SC connector, which makes it better for highly populated racks and panels. And this also uses a latch that locks itself into place,

similar to the RJ45.

Multiple fibers are combined into a single interface via an MO or multifiber pushon connector. This is a type of

pushon connector. This is a type of fiber optic connector that is used in a high density environment and for high-speed data transfer applications.

And our last fiber optic connector is called the ST or straight tip. Now this

uses a half twist bayonet type of lock and is commonly used with single mode fiber optic cable. Now, this is a large size connector that was developed by

AT&T. And because of its large size, its

AT&T. And because of its large size, its usage has declined in favor of smaller connectors such as the LC and the MTRJ.

[music] Now we're going to discuss the difference between public and private IP version 4 addresses. Now when you order internet service from a company, they

are going to assign the modem in your home or business a public IP address.

This public IP address is registered on the internet. It's what gives you access

the internet. It's what gives you access to the worldwide web. So if you don't have a public IP, you cannot access the

internet. Public IP addresses are also

internet. Public IP addresses are also unique. So there are no duplicates of

unique. So there are no duplicates of public IP addresses. Now when IP addresses were created, engineers didn't realize how big the internet would

become because even though there were over 4 billion IP version 4 addresses available, the engineers thought that this would be enough, but they were

obviously wrong because of the explosive growth of the internet. So in order to prevent a shortage of public IP version 4 addresses, engineers from the Internet

Engineering Task Force in a document labeled RFC1918 developed private IP addresses. Now

private IP addresses are not publicly registered on the internet. So you can't access the internet using a private IP address. But if your device has a

address. But if your device has a private IP address and you want to access the internet, your private IP has to be converted into a public IP address

before you can access the internet.

Private IP addresses are only used internally such as inside a home or a business. They are not used out on the

business. They are not used out on the public internet. And the service that

public internet. And the service that converts or translates this is calledNAT or network address translation. And this

is a service that's built into a router.

So not only does it translate private to public, but it also translates public to private. Because if a computer on the

private. Because if a computer on the internet wants to communicate with a computer on this private network, the public IP address needs to be translated

by NAT to the private IP address for that computer. The RFC1 1918 standard

that computer. The RFC1 1918 standard created private IP addressing to prevent a shortage of public IP addresses

available to ISPs and subscribers.

Now, port address translation or PAT is similar to NAT in that they both allow multiple devices on a private network to

share a single IP address. But PAT adds to NAT by using port numbers as well. By

giving each device on a private network its own port number, PAT allows multiple devices share a single public IP address.

Private IP addresses have three different classes and these classes have different ranges. A class A private IP

different ranges. A class A private IP starts with the number 10. This class is typically used for large organizations.

Class B starts with 172 and this is used in medium-sized organizations and class C will start with 192 and this

is used for small organizations or homes.

An IP address is an identifier for a computer or device on a network. Every

device has to have an IP address for communication purposes. And to be

communication purposes. And to be specific, I'm talking about an IP version 4 address. An IP version 4 address is a 32bit numeric address

written as four numbers separated by periods. Each group of numbers that are

periods. Each group of numbers that are separated by periods is called an octet.

The number range in each octed is from 0 to 255. An IP address consists of two

to 255. An IP address consists of two parts. The first part is the network

parts. The first part is the network address and the second part is the host address. The network address or network

address. The network address or network ID is a number that's assigned to a network. So, every network will have a

network. So, every network will have a unique address. The host address or host

unique address. The host address or host ID is what's assigned to hosts within that network such as computers, servers,

tablets, routers, and so on. So, every

host will have a unique host address.

Now, the way to tell which portion of the IP address is the network or the host is where the subnet mask comes in.

A subnet mask is a number that resembles an IP address and it reveals how many bits in the IP address are used for the network by masking the network portion

of the IP address.

Now, in the world of computers and networks, IP addresses and subnet masks in this decimal format here are meaningless. And this is because

meaningless. And this is because computers and networks don't read them in this format. And that's because they only understand numbers in a binary format which are ones and zeros. And

these are called bits. So the binary number for this IP address is this number here. And the binary number for

number here. And the binary number for this subnet mask is this number. And

these are the numbers that computers and networks only understand. So the next question is how do we get these binary numbers from this IP address and this

subnet mask.

So here we have an 8bit octet chart. The

bits in each octed are represented by a number. So starting from the right, the

number. So starting from the right, the first bit has a value of one and then the number doubles with each step. So

there's two then four 8 and so on all the way up to 128. Each bit in the octed can be either a one or a zero. If the

number is a one, then the number that it represents counts. If the number is a

represents counts. If the number is a zero, then the number that it represents does not count. So by manipulating the ones and zeros in the octet, you can

come up with a number range from 0 to 255.

So for example, the first octet in this IP address is 192. So, how do we get a binary number out of 192? First, you

look at the octet chart and then you would put ones under the numbers that would add up to the total of 192. So,

you would put a one in the 128 slot and then a one in the 64 slot. So, now if we count all the numbers that we have ones underneath them, you would get a total

of 192. All of the other bits would be

of 192. All of the other bits would be zeros because we don't need to count them since we already have our number.

So this number here is the binary bit version of 192.

So let's do the next octet which is 168.

So let's put a one under 128, 32, and 8.

And then all the rest would be zeros. So

if we were to add all the numbers that we have ones underneath them, we would get a total of 168.

The next octet is one. So we'll put a one in the one slot. And when you add up only one, you get one.

And the last octed is zero, which makes things simple because all the binary numbers would be all zeros. So here is the binary number for our IP address.

Now the subnet mask binary conversion is exactly the same way. So in this subnet mask, the first three octets are 255. So

if we were to look at this subnet mask in binary form, the first three octets would be all ones because when you count all the numbers in an octet, it will

equal 255. And then the last octet would

equal 255. And then the last octet would be all zeros.

So here we have our IP address and subnet mask in binary form lined up together. So the way to tell which

together. So the way to tell which portion of this IP address is the network part is when the subnet mask binary digit is a one, it will indicate

the position of the IP address that defines the network. So we'll cross out all the digits in the IP address that line up with the ones in the subnet

mask. And when you do this, it will

mask. And when you do this, it will reveal that the first three octets of the IP address is the network portion and the remaining is the host portion.

So the ones in the subnet mask indicate the network address and the zeros indicate the host addresses.

So in another example, let's use a different IP address and subnet mask and let's put them in binary form. So in

this example, the first two octets are 255 and the last two octets are zero. So

if we cross out all the digits in the IP address that line up with the ones in the subnet mask, we'll see that the first two octets is the network portion

and the last two octets is the host portion.

And let's do one more. And in this subnet mask, the first octet is 255 and the rest are zeros. And then we'll cross out all the digits again. And this time

it reveals that the first octet is the network portion and the last three octets are for hosts.

Now figuring out the network and host parts of an IP address using these default subnet masks was simple because as I stated before when you count all

the numbers in an octet it will equal 255. So we automatically know that the

255. So we automatically know that the numbers in the octet are all ones. So,

we really didn't have to see the IP address or subnet mask in its binary format because it's so simple. But what

if the subnet mask was this number here where the first two octets are 255, but the third octet is 224. So, this is a little trickier. So, here is the binary

little trickier. So, here is the binary number for this subnet mask. The first

two octets are all ones. And in the third octet, the first three bits are ones, which will equal 224. Because

starting from the left, when you add the first three bits in an octet, it adds up to 224.

So, let's put this subnet mask and IP address in its binary format. And again,

if we cross out all the digits in the IP address that line up with the ones in the subnet mask, we'll see that in the IP address, the first two octets and the

first three bits and the third octet is the network part and the 13 remaining bits are used for hosts.

So another question is why does an IP address have a network and a host part?

Why can't it just have a host part to uniquely assign each device an IP address? So why does it have a network

address? So why does it have a network part also? Now the reason for this is

part also? Now the reason for this is manageability. It's for breaking down a

manageability. It's for breaking down a large network into smaller networks or sub networks which is known as subnetting. So for example, let's say

subnetting. So for example, let's say that there were no small networks. Let's

say that an organization has a large amount of computers in one huge network.

Now, when a computer wants to talk to another computer, it needs to know how and where to reach that computer. And it

does this by using a broadcast. A

broadcast is when a computer sends out data to all computers on a network so it can locate and talk to a certain computer. So, for example, let's say

computer. So, for example, let's say that this computer here wanted to communicate with this computer over here. So what happens next is that this

here. So what happens next is that this computer here will send out a broadcast out on the network asking the target computer to identify itself so it can

communicate with it. But the problem with this is that every computer on this network will also receive the broadcast because they are all on the same

network. So, as you can imagine, if

network. So, as you can imagine, if every computer on this large network was broadcasting to every other computer just to communicate, it would be chaos.

It would slow down the network and potentially bring it to a halt because of the tremendous amount of broadcast traffic it would cause and it might even

cause fires. Well, not really, but and

cause fires. Well, not really, but and if a problem were to happen on the network, it would be very difficult to pinpoint because the network is so big.

So in order to prevent this, networks need to be broken down into smaller networks. And networks are broken down

networks. And networks are broken down and physically separated by using routers. And by using routers, this

routers. And by using routers, this would alleviate the problem of excessive traffic because broadcasts do not go past routers. Broadcasts only stay

past routers. Broadcasts only stay within a network. So now instead of one large network, this network is broken

down into six subn networks or subnets.

So now if this computer here wanted to communicate with this computer over here, the computer will send out a broadcast that only the computers in its

subn network can receive. But since the target computer is on a different subn network here, the data will be sent to the default gateway which is the router.

and then the router will intelligently route the data to the destination. So

this is why IP addresses have a network portion and a host portion. So networks

can be logically broken down into smaller networks which is known as subnetting.

So let's do an example here. So let's

say that you have a small business and that this is your IP address and subnet mask. Now, let's say that your small

mask. Now, let's say that your small business has a total of 12 computers and all 12 of these computers are on a single network. And these computers

single network. And these computers belong to different departments indicated by their colors. But let's say that you wanted to separate the computers into three different networks

so that each department won't see the other department's network traffic. So

instead of having one network in your business, you want to break it down into three small networks. So the way to break this network down into smaller

networks is by subnetting. Subnetting is

done by changing the default subnet mask by borrowing some of the bits that were designated for host and using them to create subnets. So in this subnet mask,

create subnets. So in this subnet mask, we're going to change some of the zeros in the host portion into ones so we can create more networks. So if we leave the

subnet mask the way it is, it will give us one network with 256 hosts. Now

technically we have to subtract two hosts because the values that are all ones and zeros are reserved for the broadcast and network address respectively. So we actually have 254

respectively. So we actually have 254 usable hosts. But we need to change this

usable hosts. But we need to change this subnet mask so we can produce the three networks that we need.

So for example, let's borrow one bit from the host portion. So here is our new subnet mask. So now the fourth octet is 128 because when you count the first

bit in an octet, it equals 128. So by

borrowing one bit, this will divide the network in half. So now instead of having one network with 254 hosts, this will give us two networks or subnets

with 126 hosts in each subnet.

Now let's keep going and borrow another bit from the host portion. So now we are borrowing a total of two bits from the host portion. So here is our new subnet

host portion. So here is our new subnet mask and the fourth octet is 192. So by

borrowing two bits, this will divide the network even further and now it'll give us four subnets with 62 hosts each.

And again let's borrow another bit from the host portion. So here is our new subnet mask. And by borrowing three

subnet mask. And by borrowing three bits, this will divide the network into eight subnets with 30 hosts each.

So if we continue breaking down this network, here is the result if we borrow four bits, which will give us 16 subnets with 14 hosts each.

And here is the result if we borrow five bits, which will give us 32 subnets with six hosts each.

And if we borrow six bits, this will give us 64 subnets with two hosts in each subnet. Now, this is pretty much

each subnet. Now, this is pretty much the limit because if we borrow seven bits, it will give us 128 subnets but with zero usable hosts.

So, as you can see, the more bits the network portion borrows from the host portion, the amount of networks that can be created doubles with each bit. But

also, the amount of hosts per network gets cut in half with each bit.

So, going back to our business example, if we wanted to break this network down into three smaller networks or subnets, we would have to borrow two bits from the host portion. So even though we only

need three networks, this subnet mask will give us at least four networks to work with. So our new custom subnet mask

work with. So our new custom subnet mask for our three subnets would be 255.255.255.192.

So now our network is broken down into three smaller networks or subnets.

Now IP addresses and subnet masks come in five different classes which are classes A through E. However, three of these classes are for commercial use.

So, here is a chart of the IP addresses and default subnet masks which are class A, B, and C. And you can tell by the number in the first octet of the IP

address and by the default subnet mask which class they belong to. Now, when an organization needs networking, they will need an IP address class according to

the needs of that organization, which is based on how many hosts they have. So if

an organization has a very large amount of hosts, they will need a class A IP address. A class A IP address can

address. A class A IP address can produce up to 16 million hosts. So as

you can see in a default class A subnet mask, the host part is very large. Three

octets are used for hosts, which is why it can produce so many. An example of an organization that would need this many hosts would be something like an internet service provider because they

would need to distribute millions of IP addresses to all their customers.

A class B IP address can produce up to 65,000 hosts. This class is given to

65,000 hosts. This class is given to medium to large organizations. And a

class C IP address can produce 254 hosts. Class C IP addresses are used in

hosts. Class C IP addresses are used in small organizations and homes that don't have a lot of hosts.

Now, subnet masks can also be expressed in a different method called cider. And

cider stands for classless interdomain routing, which is also known as slashnotation. Slash notation is a

slashnotation. Slash notation is a shorter way to write a subnet mask. And

it does this by writing a forward slash and then a number counting the ones in the subnet mask. So for example, if you see an IP address like this with a cider

notation of /24, this means that the subnet mask is 24 bits in length, meaning it has 24 ones.

If the cider notation is /25, this means that the subnet mask is 25 bits in length. Or if it's SL26, this means that

length. Or if it's SL26, this means that the subnet mask is 26 bits in length. Or

if the cider notation is slash8, this means that the subnet mask is 8 bits in length.

[music] [music] SDN stands for softwaredefined network.

This is a system where the network is managed by administrators from a centralized software system rather than having each individual device make

decisions themselves. So for example in

decisions themselves. So for example in a traditional network you have switches and routers and these devices will have a couple of different layers or planes.

These are the control layer and the data layer. The control layer is the manager

layer. The control layer is the manager and this refers to how data moves through the network based on policies and configurations

and the data layer refers to the transfer of the data based on the policies of the control layer. So when

routers and switches receive data, they will refer to their control layer such as routing and switching tables and based on their configuration, they will

decide themselves on how and where the data is sent. But in an SDN network, the control layer is taken away from the individual routers and switches and

instead are managed by software in a centralized location. So, an SDN allows

centralized location. So, an SDN allows network administrators to manage and configure all the traffic in a network.

And this has several benefits such as prioritizing traffic and load balancing when needed. It also allows for easy

when needed. It also allows for easy scalability to either scale up or down when needed. It improves network

when needed. It improves network performance and it also provides greater security using segmentation and isolation.

An SDWAND or softwaredefined wide area network is an extension of an SDN. It's

basically a virtual WAN that uses software to manage the network. Long-d

distanceance networks can be created and managed more effectively with SDWAN. The

main difference between SDWAND and a regular WAN is that the SDWAN is softwaredefined, which significantly speeds up the process of configuring

policies throughout your network. And by

making it simpler to use many connections rather than paying for expensive MLS connections, it also enhances the performance of your

network. So as a result you get better

network. So as a result you get better performance out of your network for less money.

One of the features of SDWAN is applicationaware.

This gives the SDWAN the capability to identify which application is being used and it'll know where to forward it and it can prioritize the data from that

application if needed.

Another feature of SDWAN is zero touch provisioning. This feature configures

provisioning. This feature configures new network devices automatically without any manual intervention. It

automates the process of installing software, configuring settings and enrolling devices in a network which results in a faster deployment of new

devices.

An SDWAN is also transport agnostic, which means it'll work with just about anything. So when an SDWAN is

anything. So when an SDWAN is implemented, it can make effective use of the underlying physical network infrastructure regardless of what it is,

whether it's broadband internet, 5G, satellite, MLPS, and so on. And in an SDWAN, the management of a network from

policies, configurations, and the flow of data are all done through a central policy management system using a centralized controller.

A security framework known as zero trust architecture or ZTA makes the assumption that no user device or application even

those located inside a network should be completely trusted because oftentimes when just using traditional security when users log into a system they could

be trusted and verified for a period of time without requiring extra verification. But with ZTA, this is no

verification. But with ZTA, this is no longer the case. This architecture uses a never trust, always verify guideline

in its operation. It uses policybased authentication which is based on the user's identity, the time and date when they log in, their location, and their

behavior before access is granted. It

also requires for the users and devices to be continuously verified as part of its authentication.

And also when users are granted access, they are given least privilege access which only grants users the least or minimal access that's needed to do their

job. So zero trust architecture provides

job. So zero trust architecture provides the highest security framework to verify someone's identity.

The way an organization does business has changed in the past 20 years, leaving behind the traditional way of doing business of hosting your own

applications and servers on premises to using the cloud infrastructure instead.

And since transitioning to the cloud, security needs to evolve to incorporate the cloud as well. And this is where safe or secure access secure edge comes

in. SACE provides a better and safer way

in. SACE provides a better and safer way to accessing data and applications by integrating networking and security into the cloud infrastructure. SAFE includes

different technologies including zerorust network access, secure web gateways, SDWAN and VPNs. SACE is often

referred to as the next generation VPN because it provides a more thorough and more secure method of cloud

communication and remote access.

No matter the user's location or device, security service edge or SSE is another cloud security solution. This aims to secure access to websites, cloud

services, and private apps. It is

frequently a component of a broader SACE architecture in which WAN edge services control network connectivity and SSE

manages the security.

Infrastructure as code is a way of setting up and managing the infrastructure of a cloud network by using a script. Now the traditional way of setting up a network on the cloud is

by doing things manually. So for

example, administrators would manually set up and configure virtual machines, load balancers, firewalls, databases, install and configure software and

manage that network. But with IA, this is done automatically by writing code or a script. So instead of the

a script. So instead of the administrators manually setting up a network, they would get together and write scripts that would design, build, and configure the network they want. and

then those scripts will be uploaded to the cloud and then the cloud would build and configure the network automatically using those scripts.

IA has several benefits such as fast deployment. So instead of manually

deployment. So instead of manually setting up a network, the network is built and configured automatically by scripts. It's also reliable and

scripts. It's also reliable and consistent because it eliminates human error. And it also saves money because

error. And it also saves money because it doesn't require a large staff to build and manage a network.

IA uses a playbook which is a structured document used in IT that offers a collection of procedures for managing different scenarios including

complicated operations, common IT tasks and security issues. A template is a reusable file used in IA that specifies

the ideal configuration of your cloud infrastructure such as servers, databases, and networks by automating the distribution and administration of

these resources. Templates provide

these resources. Templates provide scalability, consistency, and reduce human error. And since IA uses code, it

human error. And since IA uses code, it also prevents a configuration shift. A

configuration shift is when there is a deviation in the network's baseline configuration that's caused by manual configurations and human error. And

whenever an upgrade is needed to the network, instead of making a change to the existing code, a new script would be written with the new upgrade instructions and then the whole file

will be uploaded to the cloud and the whole network would be recreated with the new upgrades. In IA, the term source

control refers to tracking the changes in IA scripts when using a version control system such as Git. Git is used

to manage different versions of scripts and acts as a central repository to store and provide a centralized location. Version control systems also

location. Version control systems also identify conflicts when changes are made to the scripts, which happens when multiple users are making changes to the

code. And it also supports branching,

code. And it also supports branching, which is a process of making a copy of a code base at a certain point in time.

This enables developers to work on experiments, bug fixes, and new features without affecting the project's main version.

>> [music] >> When the internet was first being developed, programmers didn't realize how big it would become. They thought

that IP version 4, which produced over 4 billion IP addresses, would be enough.

But they were obviously wrong. IP

version 6 is the next generation of IP addresses. The main difference between

addresses. The main difference between IP version 4 and IP version 6 is the length of the address. The IP version 4

address is a 32-bit numeric address whereas IP version 6 is a 128 bit hexadesimal address. Hexadimal uses both

hexadesimal address. Hexadimal uses both numbers and alphabets in the address. So

with this type of address, IP version 6 can produce an unbelievable 340 unicilian IP addresses. That's the

number 340 with 36 digits after it. So

as you might have guessed, IP version 6 is more than enough for the foreseeable future.

So here is an example of an IP version 6 address. So, as you can tell, it's a

address. So, as you can tell, it's a very long IP address, but there is a method in IP version 6 that can be used to abbreviate or compress the address

and make it easier to read. So, for

example, in IP version 6, there are eight groups of hexadesimals, which are known as hexets. So the first rule of

compressing an IP version 6 address is if there are zeros leading a group then those zeros can be omitted except for

the last digit in the group. And the

second rule is if there are two or more consecutive groups of all zeros then they can be replaced by using a double colon. So in this IP address in the

colon. So in this IP address in the first two groups there are no leading zeros. So these groups can't be

zeros. So these groups can't be compressed. But the third group has all

compressed. But the third group has all zeros, which means we can compress it by omitting the first three zeros and leaving the last zero. The fourth group

can't be compressed because there are no leading zeros. Now the fifth and sixth

leading zeros. Now the fifth and sixth groups are consecutive groups with all zeros, which means those groups can be

replaced by using a double colon. The

seventh group has no zeros, so we can't do anything with it. But the last group has a leading zero, which means it can be compressed by omitting the leading

zero. So here is our compressed version

zero. So here is our compressed version of this IP version 6 address.

So let's do another example. So in this IP address, the first group has no leading zeros. So we cannot compress it.

leading zeros. So we cannot compress it.

The second group has a leading zero. So

we can compress it by omitting the leading zero. The third group has all

leading zero. The third group has all zeros. So we can omit the first three

zeros. So we can omit the first three zeros and leave the last zero. The

fourth group has no leading zeros, so we can't compress it. Now the next three groups have all zeros. So remember the rule that two or more consecutive groups

of all zeros can be replaced with a double colon and the last group has three leading zeros which means that we can omit them and just leave the two. So

here is the compressed version of this IP address.

So, as I stated earlier, IP version 4 was the first version of IP addresses and we have officially run out of them.

So, ISPs are not giving out new ones.

And because of this, we are now migrating over to IP version 6 address, but we haven't fully migrated because a lot of organizations are still using the

older IP version 4. So today we are using a mixture of IP version 4 and IP version 6. So in order to enable the

version 6. So in order to enable the communication between IP version 4 and IP version 6, we need to use a transitioning technology called

tunneling. And tunneling is when IP

tunneling. And tunneling is when IP version 6 packets are enclosed into IP version 4 packets. So the routing can be accomplished between the two IP

versions.

And there's also another transition technology called dual stack. And dual

stack allows your device to process IP version 4 and IP version 6 data simultaneously.

So you won't have any compatibility issues when accessing websites and servers during the migration. And this

is why if you open a command prompt on a Windows machine for example and do an IP config command, you will see that your

computer has both an IP version 6 and IP version 4 address which is a result of having a dual stack installed on your computer.

And another transition technology is calledNAT 64. So where dual stack allows

calledNAT 64. So where dual stack allows devices to run both IP version 4 and IP version 6 simultaneously,

NAT 64 is what is used on IP version 6 devices only. It's what translates IP

devices only. It's what translates IP version 6on devices so they can communicate with IP version 4on servers.

And it does this by inserting an IP version 4 address into an IP version 6 prefix.

>> [music] [music] >> VLAN stands for virtual local area network. A VLAN is a local area network

network. A VLAN is a local area network where computers, servers, and other network devices are logically connected regardless of their physical location.

So even if these devices are scattered in different places, it wouldn't matter because a VLAN can logically group them into separate network segments. And the

purpose of a VLAN is for improved security, traffic management, and to make a network more simple. So, as an example, let's say that you have a

threestory office building and in this building you have computers that belong to certain departments that are mixed in with other computers that belong to other departments on the same floor. So,

the red computers represents the accounting department. The blue

accounting department. The blue computers represents the shipping department and the green computers represent the support department. Now,

as you can see, all these computers from these different departments are all connected to a switch and they are all on one segment on a local area network

or LAN. So, all the network broadcast

or LAN. So, all the network broadcast traffic from the different departments are mixed in with other departments. So,

the departments are all seeing each other's network traffic. Now suppose as a network administrator you wanted to separate the network broadcast traffic between these departments from each

other so that the accounting department doesn't see any traffic from support doesn't see any traffic from shipping and so on. Now, one way to solve this is

to physically move the computers that belong to the same department and put them together, such as putting them on the same floor and deploying extra

network hardware and cabling. But this

could be a hassle and unnecessary work.

But there is an easier way to accomplish this and that way is by creating VLANs.

By using VLANs on a VLAN capable switch, you can logically create several virtual networks to separate the network broadcast traffic. So in this case,

broadcast traffic. So in this case, we're going to create three VLANs for three different departments. So we're

going to create a VLAN for the accounting department and then create another VLAN for the support department and then create another one for the

shipping department. So now as the VLANs

shipping department. So now as the VLANs are implemented the traffic between the three departments are isolated. So they

won't see any traffic created by the other departments. They only see their

other departments. They only see their own network traffic even though all the computers from the different departments are connected to the same switch.

So in our example, the VLANs were created on the switch. And this is done by designating specific ports on the switch and assigning those ports to a

specific VLAN. So on the switch, we'll

specific VLAN. So on the switch, we'll create a VLAN for the support department. So we'll plug all the

department. So we'll plug all the computers that belong to the support department into those ports. And then

we'll designate another set of ports and create another VLAN for the accounting department. And finally, we'll designate

department. And finally, we'll designate another set of ports for another VLAN for the shipping department. And as you can see, the network traffic is

separated between the departments because of the VLANs.

Now, if you wanted to connect VLANs together that are connected to different switches, this is where 802.1Q tagging comes in. So for example on

switch one we have two VLANs which are tagged VLAN 10 and VLAN 20 and on switch two we also have two VLANs tagged VLAN

10 and VLAN 20. So let's say that we want to give the computers on VLAN 10 from each switch the ability to communicate with each other and also

have the computers on VLAN 20 from each switch the ability to communicate with each other. And this is done by using

each other. And this is done by using 802.1Q VLAN trunks. A VLAN trunk allows

VLAN trunks. A VLAN trunk allows multiple VLANs the ability to communicate through a single physical cable between the switches. And the

cable is connected to a trunk port on each switch. And it's on these trunk

each switch. And it's on these trunk ports where the tagging is configured.

And then once everything is configured and the cable is connected, the frames coming from the computers are tagged.

These tags contain the VLAN ID number which allows each switch to determine which VLAN to send the frame to. So if

this computer here on VLAN 10 from switch one sends a frame to this computer on VLAN 10 on switch 2, the frame gets sent to the switch and then

the switch will see that it's going to a VLAN 10 device and then it'll tag the frame with the VLAN ID which is VLAN 10.

And then once it reaches the trunk port on switch two, the switch will look at the VLAN ID on the tag and then forward

the frame to this computer on VLAN 10.

And there's also a native VLAN. A native

VLAN is a VLAN where the frames are untagged as opposed to tag frames that we just talked about. And the purpose of a native VLAN is so that older devices

that don't support VLAN tagging can communicate over a trunk link. So for

example, let's say that we have some older computers that we added to each switch and we want those older computers to be on the same VLAN. So what we have

to do is that we have to configure each trunk port on each switch a native VLAN which means any devices that are going to be on the native VLAN the Ethernet

frames will be not tagged. So when this computer wants to communicate with this computer here, the computer will send an untagged frame and then once the trunk

port on switch one receives the frame, it will notice that it's untagged, which means it's on the native VLAN that we configured. So then it'll send the frame

configured. So then it'll send the frame to switch two and switch two will also notice that it's untagged, which means that it's on the native VLAN that we

configured. So it'll send the frame to

configured. So it'll send the frame to this computer.

So as a reviewer here we have the three VLANs, VLAN 10, VLAN 20 and the native VLAN and their broadcast traffic which are frames are separated from the other

VLANs. Now just to clear things up, this

VLANs. Now just to clear things up, this does not mean that these computers can't communicate with other computers that are on different VLANs because they can.

The creation of VLANs just means that their broadcast traffic or frames are kept within their own VLAN.

Now, VLANs do have some limitations and one of them is that they only operate at layer 2. So, they are not routable. So,

layer 2. So, they are not routable. So,

VLANs cannot be created if the networks are in different geographical locations.

And another limitation is that they only support a maximum of 4,000 virtual networks. Now, normally this wouldn't be

networks. Now, normally this wouldn't be a problem because 4,000 virtual networks is plenty for most organizations. But

for large enterprise organizations with data centers that use cloud computing and virtual machines, 4,000 is not

enough. So, this is where a VXLAN comes

enough. So, this is where a VXLAN comes in. VXLAN stands for virtual extensible

in. VXLAN stands for virtual extensible local area network and a VXLAN can support 16 million virtual networks and

it's also routable. So it can create virtual networks if they are in different geographical areas.

So for example here we have two data centers in two geographical locations.

So let's say that you wanted these two data centers to be on the same virtual network. Now, VXLANs use a VN ID or

network. Now, VXLANs use a VN ID or virtual network identifier, which is a label or tag that is used to identify a

specific virtual network. So, since we want these two data centers to be on the same virtual network, we'll tag them both as VNI 100. And then on each

switch, we need to create and configure VTAPs or VXLAN tunnel end ports. These

end ports are responsible for encapsulating and decapsulating the VXLAN frames that are being sent and received through a VXLAN tunnel. So when

this data center here sends a frame, the VTEP will encapsulate that frame in a VXLAN header and in this header it will

include the VNI number which in this case will be VNI 100 and then that frame will be sent over the internet where the other switch will decapsulate the frame

and send it to the other data center. So

in a nutshell this is how a VXLAN works.

The two data centers will act as if they were on the same local network even though they are in different geographical areas. And this is also

geographical areas. And this is also where we get the term DCI or data center interconnect which refers to a technology that connects multiple data

centers together in a VXLAN.

Now, layer 2 switches are by far the most common type of switches. These are

the traditional switches that you'll find in homes and in small to medium-sized businesses. Now, a layer

medium-sized businesses. Now, a layer three switch, which is also called a multi-layer switch, operates at layer three of the OSI model. Layer 3 is the

network layer. And this has to do with

network layer. And this has to do with routing, which deals with IP addresses.

So, a layer 3 switch can route data using IP addresses. But in addition to operating at layer 3, it can still operate at layer 2. So it can forward

data by using MAC addresses which are layer 2 and it can route data using IP addresses which are layer three.

And as far as additional switch configurations, there is also link aggregation. Now this is a networking

aggregation. Now this is a networking technique that uses multiple cables connecting to multiple ports to create a single logical connection which

increases the bandwidth between the switches.

And there is also the term duplex. The

term duplex in a network switch means that a device can send and receive data in either direction at the same time which is known as full duplex. If it can

only send and receive data in one direction at a time, then this is known as half duplex. Now, full duplex is obviously better because it works faster

and can double the bandwidth.

And switches will also have different interface speed ratings. The most common interface speeds are measured in megabits per second, such as 10, 100,

1,000, or even 10,000 megabits per second. But in order to take full

second. But in order to take full advantage of a certain speed, both of the connected interfaces of the devices must be capable of handling that speed.

So if your device has an interface of 1,000 megabits per second, but you plug it into a switch that has a rating of only 100 megabits per second, you are

only going to achieve 100 megabits per second. So you need to plug in your

second. So you need to plug in your device in a 1,00 megbit switch to get the maximum speed possible. Now a lot of switches will have a feature called autonegotiation

which is a protocol that automatically determines the best settings like the speed and duplex mode for both devices.

One of the things that a network device such as a switch can handle is the biggest size of a data packet that it can accept which is measured in bytes.

And this is called the MTU or maximum transmission unit. The MTU size for

transmission unit. The MTU size for Ethernet is 1500 bytes by default. If

frames are bigger than 1500 bytes, then these are called jumbo frames. These

will typically be 9,000 bytes in size.

Now, jumbo frames are not typically used on the internet or in homes. They are

typically used in high-speed internal networks for moving large amounts of data. These high-speed networks will use

data. These high-speed networks will use gigabit or even 10 gigabit switches.

[music] >> [music] >> The internet is a giant highway of pathways for data to travel to reach their destination. And in between these

their destination. And in between these pathways are devices called routers. And

routers, just like its name says, routes data on the internet so that the data can reach its intended destination. And

routers route data by using routing tables. A routing table is a file that

tables. A routing table is a file that contains a set of rules that shows information on what path a data packet takes to its destination. So as a data

packet arrives at the router, the router looks at its routing table to find out where to forward the data packet along the best path to its destination.

Routing tables are populated in three ways which are directly connected, static and dynamic. Directly connected

routes show the routes for the networks which are directly connected to a router's interface. These routes are

router's interface. These routes are automatically created by the router as soon as the router's interfaces are configured with an IP address and subnet

mask.

Static routes are entered manually by a network administrator. These routes are

network administrator. These routes are necessary to access networks that are not directly connected to a router's interface.

Dynamic routes are similar to static routes, but the difference is how the routes are entered into a routing table.

So where static routes are entered manually, dynamic routes are entered automatically by neighboring routers using one or more dynamic routing

protocols. These dynamic routing

protocols. These dynamic routing protocols are RIP, OSPF, BGP and EIGRP.

The oldest routing protocol is called RIP or RIP, which stands for routing information protocol. Routers that use

information protocol. Routers that use RIP broadcast the routing information to other routers every 30 seconds, regardless if the routing information

has changed or not. So as a result as networks got bigger this caused a lot of unnecessary traffic on the network. So

this is why RIP version 2 was created which solved the problem of excessive broadcast traffic that RIP version one caused.

OPF stands for open shortest path first and this is a routing protocol that uses the shortest path first algorithm which is used to determine the least cost path

or in other words the most efficient route for data packets to take to their destination. Now, this is a link state

destination. Now, this is a link state routing protocol that uses linkstate advertisements or LSAs to exchange information with other routers and

builds a topology map of a network.

BGP stands for border gateway protocol and this is a standard routing protocol of the internet. It determines routing directions that are based on paths and

policies and it's the language that's used when different networks on the internet want to communicate. BGP is a distance vector routing protocol which

means it factors the distance to the destination based on how many hops. A

hop refers to how many routers a data packet has to go through to reach its destination.

And another type of routing protocol is called a hybrid. And in this case, we're talking about EIGRP which stands for enhanced interior

gateway routing protocol. And this is a combination of distance vector and link state protocols and it runs on Cisco

routers. It uses the diffusing update

routers. It uses the diffusing update algorithm known as duel to find the best path to the destination. It is fast. It

has less overhead and it can support many network layer protocols.

Route selection is a process by which a router chooses the best path to forward data packets to their destination. This

selection is based on different factors including the destination address, the routes available in the router's routing table and the rules and protocols used

by the router.

So here is an entry into a routing table that shows the different fields. Now one

of the ways a route is selected is by administrative distance. The router uses

administrative distance. The router uses administrative distance to decide which route to take if there are more than one to the same location in the routing

table such as a tie. The administrative

distance is a number that is given to each route to show how reliable and trustworthy it is. The lower the number, the higher the priority.

Another way is by using the prefix length. The prefix length in IP version

length. The prefix length in IP version 4 is the bit count in the network part of an IP address. It shows how many bits are used to identify the network portion

which refers to the subnet mask. When

there are numerous routes that match a destination IP address, the prefix length is very important in deciding which route to choose. The longest

prefix match algorithm is what routers utilize. This means that they give

utilize. This means that they give priority to routes with the longest prefix that still matches the destination IP address. This makes sure

that more particular routes are chosen over less specific ones. So as an example, when a router looks at an incoming data packet and sees the

destination IP address of 192.168.0.1, the router will look at its routing table to see where to forward the packet. And if there is more than one

packet. And if there is more than one entry in the table, such as these here, the router will use the longest prefix length to determine which one to use.

Now, both of these entries will work.

But since this entry has the longer prefix length, in other words, it's more specific. The router would choose this

specific. The router would choose this route to send the packet.

And another way that a route is selected is by using the metric. A metric is a numerical value given to a path that indicates the cost or preference of

choosing that particular path. The main

purpose of a routing metric is to rank routes and choose the best way to send network data. The lower the metric, the

network data. The lower the metric, the higher the preference is in choosing that route.

[music] [music] Wi-Fi uses three frequency bands. These

are the 2.4 4 GHz, 5 GHz, and 6 GHz. And

each of these bands has its own advantages and disadvantages.

Now, the 2.4 GHz band has the longest range of the three bands, but it's also very common and is used in a lot of other devices such as microwave ovens,

cordless phones, wireless cameras, and so on. So, a lot of times these devices

so on. So, a lot of times these devices will interfere with other Wi-Fi signals and this could cause problems because it would slow down the Wi-Fi network speed

and sometimes could cause you to lose connection to the Wi-Fi router and it's also the slowest band.

The 5 GHz band is faster than the 2.4 and it's also not as common. So there's

a lot less interference and more privacy with the 5 GHz band. However, the

disadvantage is that it has a shorter range than the 2.4.

And the newest band is the 6 GHz band.

The 6 GHz band is the fastest of the three bands. And since it's relatively

three bands. And since it's relatively new, it has the lowest interference because few devices use it. But the

disadvantage is that it has the shortest range of the three.

Now in all these frequency bands are Wi-Fi channels. These channels are

Wi-Fi channels. These channels are smaller ranges of the frequencies in a band. And devices use these channels to

band. And devices use these channels to send and receive data. These channels

have different bandwidths and are measured in hertz such as 20, 40, 80, and 160 megahertz. The wider the channel, the more data can be

transferred. And you can also use these

transferred. And you can also use these wireless channels to fine-tune and alter a frequency because sometimes you might need to change to a different channel if

you are experiencing any interference from other nearby wireless networks. So

for example, the 2.4 4 GHz band has 11 channels to choose from, but of these 11 channels, only three are nonover

overlapping, such as channel 1, 6, and 11. So, if you're experiencing

11. So, if you're experiencing interference with other Wi-Fi networks, you can try changing the channel to one

of these nonover overlapping channels.

The ITLE E 802.11H standard for wireless networking focuses on dynamic frequency selection and

transmit power control in the 5 GHz band mainly in Europe. And this was made so that radar systems and other devices

that use the same frequency band would not interfere with it. DFS is part of a system that lets wireless devices know

when radars are nearby and automatically change to a different channel. This

keeps 5 GHz networks and radar devices from talking to each other too much. And

when a radar is found, the device has to wait a certain amount of time before it can use that channel again.

and TPC limits the most power that wireless devices can send, which makes it less likely that they will interact with other systems or devices that use

the same frequency. The 802.11h

standard was first made to meet the rules in Europe, but it's also being used in other places around the world.

Band steering is a feature in modern Wi-Fi routers and access points that connects Wi-Fi devices automatically to

the best frequency band such as a 2.4 or 5 GHz. And it does this so that the user

5 GHz. And it does this so that the user can get the best performance available.

Band steering works by checking what bands a Wi-Fi device can handle. And if

the device supports both the 2.4 4 and 5 GHz bands. It automatically connects to

GHz bands. It automatically connects to the 5 GHz band because of its faster speeds and it has less interference than the 2.4.

When you set up a new Wi-Fi router, you can configure the wireless settings for your network. So, for example, you can

your network. So, for example, you can set the SSID, which stands for service set identifier, which is basically the name of your wireless network. The SSID

is shared among all wireless devices in your network. The SSID is customizable

your network. The SSID is customizable and you can call it whatever you want.

And as you can see here, this SSID is called home Wi-Fi. So, as an example, when a wireless device scans for wireless networks to join in the

vicinity of this router, the device will see the router's SSID broadcast called home Wi-Fi. and if it has the proper

home Wi-Fi. and if it has the proper credentials, it can join the network.

Now, sometimes you might come across a situation where two nearby Wi-Fi routers or access points are broadcasting the

same SSID name. So, in order to distinguish between the two signals is where the B SSID comes in. BSSID stands

for basic service set identifier and this is a unique identifier for a Wi-Fi router or access point. The identifier

is the MAC address of that device. So

the BSSID can make sure that you're connecting to the correct SSID.

Now if a network has more than one Wi-Fi router or access point, the extended service set identifier or ESSID

is used instead of the SSID. So instead

of joining a single access point, the ESSID stands for the whole Wi-Fi network. This lets a Wi-Fi device move

network. This lets a Wi-Fi device move between access points without losing its connection.

So now we're going to talk about wireless network types. So let's start with infrastructure. Now this network

with infrastructure. Now this network uses a combination of wired and wireless devices. This is very similar to a star

devices. This is very similar to a star topology where you have wired devices such as these computers here physically connected to a switch and you would also

have a wireless access point that's also connected by a cable to the switch. The

wireless access point is here so that the wireless devices such as laptops, tablets, and cell phones can connect wirelessly to the network. So the

wireless access point acts like a bridge between the wireless network and the wired network. Now the infrastructure

wired network. Now the infrastructure topology is not limited to a single wireless access point. In fact, you can have multiple wireless access points if

you want. It just depends on the needs

you want. It just depends on the needs of a network.

The next wireless topology is ad hoc.

Now, ad hoc is a very simple wireless network and it's simple because it doesn't rely on any infrastructure such as cables, routers, servers, or wireless

access points. All the devices in an ad

access points. All the devices in an ad hoc network wirelessly connect to other devices in a simple peer-to-peer network. So, ad hocs are very useful for

network. So, ad hocs are very useful for setting up a quick wireless network on the fly.

And then we have a wireless mesh network. A wireless mesh is the latest

network. A wireless mesh is the latest technology to solve the issue of weak or dead spot issues with Wi-Fi. A wireless

mesh is a group of routers or Wi-Fi access points that are placed in different locations inside a home, and it provides a blanket of Wi-Fi coverage

all throughout the home. So, it does a pretty good job of eliminating weak Wi-Fi signals or dead spots in a home. A

great feature of the mesh Wi-Fi system is that the Wi-Fi points communicate with each other wirelessly to create one large Wi-Fi network. So there's no

cables involved when the Wi-Fi points are communicating with each other, which makes the placement of the Wi-Fi points that much easier.

A point-to-point wireless network is where two wireless access points in different locations are directly connected to each other wirelessly. So

if you wanted to join two networks that are in two separate buildings, you can create a wireless link between the two access points. Now this is very

access points. Now this is very convenient and cost-saving because there would be no need to use a cable.

However, for a strong and stable connection, most point-to-point wireless systems need a clear line of sight between the antennas in each place. And

most point-to-point setups use directional antennas to direct the wireless signal in the right direction which increases signal strength and

reduces interference.

Now most of us have connected to a Wi-Fi network with our laptop, tablet or smartphone. And to join that network

smartphone. And to join that network with our device, you had to select the network name and then you had to supply a password. Now, Wi-Fi networks can be

a password. Now, Wi-Fi networks can be just open with no password required. So,

that means that anyone can join it. But

in the majority of cases, Wi-Fi networks will be secure and will require a password. Now, there are several

password. Now, there are several different protocols that are used for securing a Wi-Fi network. So, let's

start with our first one called WP.

WEP or wired equivalent privacy was developed in 1999 and it's the earliest security protocol that was used for wireless networks. But WEP is no longer

wireless networks. But WEP is no longer used because it was easily hackable. And

that brings us to WPA.

WPA or Wi-Fi protected access is another wireless protocol that was developed to solve the problems of WP. WPA is far

better than WEP and this is because it uses a stronger encryption method called TKIP which stands for temporal key

integrity protocol and TKIP dynamically changes its keys as it's being used which ensures data integrity. But even

though WPA is more secure than WP, even now WPA is outdated. And that brings us to WPA2.

WPA2 was developed to provide even stronger security than WPA. And it does this by requiring the use of a stronger

wireless encryption method. So while WPA uses TKIP for encryption which is known to have some limitations, WPA2 uses AES

which stands for advanced encryption standard and this uses a symmetric encryption algorithm which makes it strong enough to resist a brute force

attack.

WPA3 is the latest security protocol for wireless networks offering enhanced security features compared to WPA2.

WPA3 uses stronger encryption using AES with GCM or GWA counter mode which is a mode operation for symmetric key

cryptographic block ciphers and it also uses OWE or opportunistic wireless encryption and this feature is used to prevent snooping by encrypting each

device when using an open public network.

A guest network is a feature on modern Wi-Fi routers that allows visitors to have internet access in your home if you don't want to give them your primary Wi-Fi password or have access to any

devices in your network. So, if you have visitors over your house and they need to access the internet with their device for whatever reason, whether it's to check their email or to look up

something on the internet, they will ask you if they can access your Wi-Fi signal and ask for your password. And then, if you agree, you will give them your Wi-Fi

password. But by doing this, this could

password. But by doing this, this could pose a security risk because now they have access to the internet using your Wi-Fi and they could potentially

download a virus and affect other devices in your home network. Or let's

say that their device is already infected with a virus and then once they join your home network, that virus could spread to other devices in your home. So

this is where a guest network comes in.

By having a guest network, visitors can join your guest network and only have internet access, which not only means that you won't have to give them your

primary home Wi-Fi password, but even better, they won't be able to see or access any other devices in your home because their device is now isolated

from your devices. So basically, it's like having two separate networks in your home.

Now, often times when you're at a place like an airport or hotel, they may give you the option of using their Wi-Fi network so you can access the internet.

And as soon as you join, you may be directed to a web page called a captive portal. The captive portal makes you log

portal. The captive portal makes you log in or agree to their terms of service.

So, it's basically a gatekeeper for network access that lets companies manage and watch who uses their Wi-Fi.

It allows companies to handle their network resources and control their network bandwidth.

As we discussed earlier, when users want to access a secure Wi-Fi network, such as in a home, they will need to type in the password and it would be the same

password for everyone. And this is known as pre-shared key authentication which is suitable for homes. But using

pre-shared key authentication in corporate networks would not be a good idea because of security concerns and manageability. And this is why corporate

manageability. And this is why corporate networks should use enterprise authentication. Enterprise

authentication. Enterprise authentication doesn't use the same password for everyone. Instead, it

assigns unique usernames and passwords to individual users, which makes it better for the corporation to manage on who can access their Wi-Fi network.

Enterprise authentication uses a radius server to provide centralized authentication.

Antennas are another factor that affects a wireless service. Since the wireless devices operate using radio waves, the antenna is a big factor that can

determine the range and speed of a signal. Now, one type of antenna is the

signal. Now, one type of antenna is the omnidirectional antenna. And this

omnidirectional antenna. And this happens to be the most common type as well. This type of antenna transmits the

well. This type of antenna transmits the signal in all directions. So, every

wireless device in all directions can pick up the signal as long as they're in range. And another type of antenna is

range. And another type of antenna is the directional antenna. And this type directs the signal in one direction. And

that direction is wherever you point the antenna to.

For the network plus exam, you need to know the difference between lightweight and autonomous access points. And the

difference is that lightweight access points depend on a central wireless LAN controller or WLC for the management and

configuration of multiple APs. These are

typically used in large networks and autonomous access points are largely independent devices that handle their own network data. Autonomous access

points are easier to set up and manage for smaller networks.

>> [music] [music] >> A server rack is a frame that holds and arranges IT equipment like servers, routers, switches, and storage systems.

These racks have an industry standardized width of 19 in which lets products from different manufacturers fit on the same rack. The height of the

rack is measured in rack units. A rack

unit is 1.75 in. So if a server rack is labeled 42U, that makes the height of the rack at 73.5 in. The depths range

from 20 to 36 in or more based on the type of rack and equipment that will be stored in it.

Server racks are essential for data centers and other places that need to keep their IT systems organized and scalable. And as a network

scalable. And as a network administrator, one of the things that you have to make a decision on is the size of the rack, such as the height and

depth and where the equipment is going to be mounted on the rack. And this will depend on how much equipment that is going to be mounted in the rack and the

spacing in between each piece of the equipment for adequate air flow.

Racks can either be open or closed, and choosing which one to use will depend on the specific needs for that organization. Open racks provide better

organization. Open racks provide better air flow and cooling. They also provide easy access to the equipment that's mounted on them, and they are cheaper.

Closed racks or cabinets is when the equipment is enclosed in a cabinet or box. The purpose of a cabinet rack is

box. The purpose of a cabinet rack is for security. They'll have a lockable

for security. They'll have a lockable door to make sure that only the proper personnel will have access to the equipment inside.

In order to keep a network in constant operation, you need to make sure that it always has power. But unfortunately, in our world, this doesn't always happen.

Power outages can happen for several reasons, such as storms and blackouts.

So, in order to prevent a disruption in network operation from a power loss, you need to use a UPS. UPS stands for uninterrupted power supply. It's a

battery backup that supplies power to your equipment if a power outage were to happen. So, for example, this server

happen. So, for example, this server rack has its own UPS. And if the building were to lose power, the equipment would still be up and running

because they are all connected to a UPS.

and they are now running from battery power. And in addition to supplying

power. And in addition to supplying backup power, a UPS also protects against surges and spikes.

What you also might find on a server rack is a PDU or power distribution unit. A PDU is a device that has a power

unit. A PDU is a device that has a power cord connected to a box. The power cord plugs into an electrical wall outlet.

And then on the other end, the cord is connected to a box or a strip with multiple power outlets where you would plug in devices that need power. And

then the PDU will distribute power to those devices that are plugged into those power outlets. So a PDU is basically a power strip that most of us

have already in our home. But the main difference is that in the IT world, these will be rack mounted and PDUs are

typically plugged into a UPS rather than directly into a wall outlet.

When talking about network devices like switches, port side intake, and port side exhaust, this refers to the direction of air flow. It's how cool air

enters and how hot air leaves the device. When a switch intakes cool air

device. When a switch intakes cool air from the front where the ports are, it lets hot air out the back and this is called port side intake. And when a

switch draws cool air in from the back and exhaust hot air from the front where the ports are, this is called port side exhaust.

Now, a patch panel is a flat piece of hardware with network ports that is typically located in a server room or wiring closet, and its purpose is to reduce clutter by keeping your network

cables neat and organized. A patch panel is similar to a keystone jack and wall plate. The differences is that a patch

plate. The differences is that a patch panel has a large number of ports and is installed on a server rack near a switch. And a wall plate has a small

switch. And a wall plate has a small number of ports and is installed in a wall near a networking device such as a computer.

Patch panels also come in different types depending upon what kind of network you're running. There is

Ethernet which we just talked about, fiber optic and coaxial.

MDF stands for main distribution frame.

And this is the main wiring frame that is used as a distributing point for all the wiring in a building. All of the internal communication lines in a

building connect to the MDF. And from

there the external lines connect also thus completing the circuit. And there

is also the IDF or intermediate distribution frame. And these are

distribution frame. And these are smaller distribution frames that are located in various locations in a building. And these provide better

building. And these provide better flexibility to distribute wires to the main distribution frame.

Buildings that contain a lot of server and networking equipment such as data centers need to keep track of the humidity in the data center to make sure

that the equipment performs at its best and for longevity. It is recommended that the relative humidity should be kept between 45 and 55%. Because having

too little humidity can cause static electricity to build up leading to electrostatic discharge which would damage the equipment. But on the other

hand, having too much humidity can cause condensation and rust. The temperature

in a data center also needs to be maintained at a certain range to prevent overheating. typically between 64 and 81

overheating. typically between 64 and 81 degrees Fahrenheit.

Fire suppression systems in data centers are also very important for data and equipment safety. These systems usually

equipment safety. These systems usually use gas-based or fog systems because they are non-conductive and they don't leave behind a residue. A clean agent

system like FM200 are often chosen because it's safe for electrical equipment. Sprinkler systems can also be

equipment. Sprinkler systems can also be used, but these are often used with gas suppression to improve its effectiveness.

[music] [music] Physical and logical diagrams are visual documents that are used in many fields, including networking. These show how a

including networking. These show how a network is set up physically and how data flows logically. The physical

diagram shows the specific hardware and technology that is going to be used in a network. So for example on this physical

network. So for example on this physical diagram we see a visual representation of a star topology network. It shows

that this network is using Ethernet and how it's connected to the internet. It

also shows what type of Ethernet cables, switch, computers, and Wi-Fi router that's going to be used.

A logical diagram does not show the specific hardware that's going to be used. Instead, it focuses on

used. Instead, it focuses on functionality.

It shows how the network functions and how data flows through this network, which helps to give an understanding on how a network behaves and how to design

a network.

There are also rack diagrams. Now, these give a visual representation of a server rack and shows what equipment is installed and where to install it on the

rack. So, as you can see, this rack

rack. So, as you can see, this rack diagram shows a monitor, switches, RAID arrays, a UPS, and so on. And it tells

you specifically where to install these components in the server rack.

There are also cable maps. Now, cable

maps show how the cables in a building are connected and routed. This shows

what type of cables are being used and what specific device that they are connected to, such as a switch, router, patch panel, and so on.

Based on the OSI model, layer 1, layer 2, and layer 3 network diagrams show computer network architecture and

connectivity. Layer 1 of the OSI model

connectivity. Layer 1 of the OSI model is the physical layer. So layer 1 network diagrams show the physical layout of network devices such as

servers switches routers computers and so on. It will also show the physical interfaces of those devices.

Layer two is the data link layer. Layer

2 network diagrams show logical connections between layer 2 devices such as switches and bridges. This diagram

will also show the MAC addresses of those devices. And layer three is the

those devices. And layer three is the network layer. Layer 3 network diagrams

network layer. Layer 3 network diagrams show the network layer of the OSI model.

This shows the logical structure or topology and how routers, subnets, and network segments are connected. This

diagram will also show the IP address of each device.

It's very important for a company or organization to keep track of all their assets. That's why it's important to

assets. That's why it's important to have an asset inventory. An asset

inventory is a thorough list of all the things that a business or an organization owns. Whether those things

organization owns. Whether those things are physical items such as servers, routers, switches, cables, and so on, or non-physical items such as software,

licensing, and warranties. An asset

inventory list is important because it gives you a single place to keep track of where they are, how they are doing, and how they are being used. It also

helps in making future decisions for a business such as new purchases and upgrades.

IPAM stands for IP address management and this is a way to plan, keep track of and manage IP addresses and other network resources that are connected to

them. It basically means making sure

them. It basically means making sure that every device on the network has a real and unique IP address which prevents IP conflicts and make sure that

the devices can communicate on the network.

A service level agreement is an agreement between a service provider and you. It explains the quality and

you. It explains the quality and performance standards that the provider promises to meet. It makes it clear what is expected, how it will be measured,

and what will happen if it's not met.

A wireless survey heat map shows the Wi-Fi signal strength and coverage on a floor plan or map. The purpose is to find Wi-Fi dead zones. To do a wireless

site survey, a person would walk around the area with a Wi-Fi optimizer or survey tool and check the signal strength at different points. The heat

map shows locations with no or poor signal strength, which informs a network administrator on what changes need to be made, such as moving Wi-Fi points to

different locations. This also shows

different locations. This also shows what Wi-Fi channel is being used. So, if

there is interference that's coming from other Wi-Fi networks, the network administrator can try changing to a different Wi-Fi channel.

Now, a couple of years ago, I purchased a VLAN switch from Netgear and I needed to download the documentation for it.

So, I went to the Netgear website to find the support page for the switch and I saw that this product was marked as end of life. End of life or EOL means

that a product has reached the end of its useful life. Now, this could mean getting rid of the product totally or replacing it with a newer version. EOL

can happen when a product no longer meets business goals, when technology changes or when the market changes. So

the next step after EOL is EOS and EOS stands for end of service. Now this

means that the product will no longer get any support such as firmware updates, maintenance releases or security updates. So, it's important to

security updates. So, it's important to know these dates so a network administrator can stay informed on what equipment needs to be replaced.

And the next step after EOS is decommissioning.

The act of decommissioning something means ending its use or service. It's a

set of steps that make sure that devices are removed or retired in a way that is safe and good for the environment. This

includes not only the hardware of a device, but also any data in that device. The data from the device should

device. The data from the device should be erased to make sure it doesn't end up in the wrong hands after it's been decommissioned.

Software management is essential to keep software and firmware up to date to fix bugs and keep systems stable. Patch

management is an important part of managing software and firmware because it involves installing changes that fix bugs and security holes. Software

updates usually fix problems such as security holes, slow performance, or problems with how well software programs and running systems work together.

Firmware updates are also important.

Hardware devices such as routers, printers, and so on get firmware updates to fix bugs, make them run faster, and make them safer.

Change management is a way to handle changes to IT services and systems so that there are as few problems as possible and the transition goes

smoothly. It's an important step for

smoothly. It's an important step for documenting any changes, updates, or dealing with other changes that could affect how a network functions. Change

management plans, makes and records changes, usually by using best practices from the industry.

And another type of documentation is configuration management. This is a

configuration management. This is a method that makes sure that a network is maintained and runs smoothly by documenting the configurations of

network devices such as routers, firewalls, switches, and so on. This

also involves production configuration, which is the current configuration of a device that's currently operating on a network. It's also important to back up

network. It's also important to back up the configurations of these devices that are running to allow a quick recovery in case of a device failure.

In order to measure a network's performance is where a baseline comes in. A baseline measures and documents

in. A baseline measures and documents the performance of a network at a given time. Typically, a baseline is taken

time. Typically, a baseline is taken when a network is performing well and it's also taken when a network is not performing well. So by comparing these

performing well. So by comparing these two baselines together, a network administrator can see how good or bad a network is performing and make any

necessary changes. And a baseline golden

necessary changes. And a baseline golden configuration is the gold standard baseline. This is the highest standard

baseline. This is the highest standard baseline on how a network, the devices, and configurations in the network are performing. It's an approved setup that

performing. It's an approved setup that is used as a guide to make sure that a network runs at its best. Essentially,

it's the gold standard for comparison.

[music] [music] SNMP stands for simple network management protocol. And this is a

management protocol. And this is a protocol used for network management.

It's basically used for collecting data from various network devices such as routers, printers, and servers.

SNMP has two major components, an SNMP manager and an SNMP agent. An SNMP

manager runs on a centralized computer or server. An SNMP agent runs on the

or server. An SNMP agent runs on the individual network devices. These agents

on these devices collect information about their own device such as their traffic statistics, IP and MAC addresses, operational state, errors,

and so on. And it stores this information in their own database called the MIB or management information base.

So if the SNMP manager requests information about a certain device, it can talk to an SNMP agent and get that information that's stored in the devices

MIB. When the SNMP manager sends a

MIB. When the SNMP manager sends a request, it uses port 161 and uses the UDP protocol.

And also if something happens on a network such as a link or device failure, the SNMP agent will proactively send a message to the SNMP manager to

notify of this event, which is known as a trap. The SNMP agent uses port 162 to

a trap. The SNMP agent uses port 162 to send traps.

SNMP comes in three versions. There's

version one, version 2C, and version three. Each version has its own pros and

three. Each version has its own pros and cons with version three being the latest and most secure. Version one was the

original version. It used plain text

original version. It used plain text community stream for authentication which made it vulnerable to hackers.

Version 2C also used a plain text community stream for authentication but it did make an improvement in error handling and overall performance over

version one. It featured get bulk which

version one. It featured get bulk which made it easier to retrieve large amounts of data. It also has inform request

of data. It also has inform request which lets agents confirm that they have received notifications.

And version 3 has better features and stronger security. It added integrity

stronger security. It added integrity checking and encryption to its authentication.

As a network administrator, it's important to monitor the flow of data on a network in case a problem happens.

That's why there's data flow analyzers such as Net Flow. Net Flow gives a network administrator the ability to monitor data packets as they enter or

exit a network interface. It collects

data from various network devices such as switches, routers, and firewalls.

A packet capture is also known as a packet sniffer and this is a software or hardware tool that is used to troubleshoot and analyze traffic on a

network such as logs, data packets, broadcasts and so on. It can detect network problems, intrusion attempts and monitor networking issues so a

technician can correct the problem. A

very common software protocol analyzer is called Wireshark and it can be downloaded for free at wireshark.org.

In order to keep a network running normally, it's important to track and measure the network's performance when it is running normally. This measurement

will create a standard performance benchmark that can be used for a comparison when a network is not running normally. And this benchmark is created

normally. And this benchmark is created by baseline metrics. Baseline metrics

helps figure out what a typical network performance looks like. And it does this by monitoring key performance indicators and by looking at traffic trends over

time. The baseline metrics includes

time. The baseline metrics includes things such as bandwidth usage, latency, packet loss, traffic patterns, and so on. These metrics are used as a

on. These metrics are used as a benchmark for comparison which helps network administrators find problems, fixes them and make sure that the

network is running at its best.

Log aggregation is the act of collecting and organizing log data from several sources into one place. This makes it easy to analyze, fix, and keep an eye on

systems and applications. But without

log aggregation, network administrators would have to go through log files from many different sources manually, which could take a long time and be

inefficient.

And many systems and applications use syslog as a standard logging protocol.

SIS log works by using a centralized syslog server or collector. This server

receives SIS log messages from many different devices such as routers, switches, servers, and applications. SIS

log messages inform network administrators about activity, security incidents, and application issues, which

helps them to keep an eye on, fix, and keep their systems running smoothly.

Security information and event management is a security tool that enables a network to look at security events and alerts in real time to find

and fix security problems. It combines security information management with security event management to give a network a single and centralized view of

all their security data. This lets them find and fix possible issues before they cause problems on a network.

A technique that is used to monitor and analyze network traffic is port mirroring. Port mirroring is when all

mirroring. Port mirroring is when all the data from a port on a switch is copied or mirrored to another port on a switch. So, as an example, let's say

switch. So, as an example, let's say that you wanted to see all the traffic that's going through port one on this switch. that's connected to a network.

switch. that's connected to a network.

So port one would be considered the source port. So what happens next is

source port. So what happens next is that you would configure another port such as port two to be the destination port. So after the ports have been

port. So after the ports have been configured, all the data that's going through port one will be redirected to port two. And in port two, you can plug

port two. And in port two, you can plug a computer that's using a packet analyzer such as Wireshark to analyze

all the data from port one.

Network discovery is a key component of monitoring a network. This deals with locating and listing network resources, services, and devices in a network. By

using monitoring tools, it enables the detection of devices such as computers, servers, applications, and services.

These monitoring tools can include things such as SNMP, network scanners, and LLDP. These tools can generate an

and LLDP. These tools can generate an inventory of resources to monitor and analyze by identifying the devices and

their characteristics such as IP and MAC addresses, the type of device, software, and operating systems.

Network discovery can also include ad hoc and schedule discovery. Ad hoc

refers to where devices can be discovered in a direct and decentralized manner. Where a network scan is

manner. Where a network scan is specifically needed and schedule discovery is an automated process where a network scan is done on a scheduled

time.

The process of looking at network data to understand how devices communicate and spot possible problems or security threats is known as network traffic

analysis. Analyzing traffic is essential

analysis. Analyzing traffic is essential in order to learn more about network performance, security, and behavior, which involves tracking, recording, and

evaluating network traffic. And by doing this, network administrators can identify security breaches, improve performance, and fix network issues.

The process of gathering, evaluating, and reporting on different metrics in order to evaluate and make sure that a network is running at its best is known

as performance monitoring. This allows

network administrators to proactively detect and fix possible problems before they affect network operations. Some of

these performance monitoring tools are things such as SNMP and Net Flow.

There is also availability monitoring.

Availability monitoring is the observation of what resources, devices, and applications are available on the network.

And finally, there is configuration monitoring. This is a process of keeping

monitoring. This is a process of keeping track of the configurations in network devices, software, and systems in a network. This includes tracking changes

network. This includes tracking changes and current configuration settings, which is an important step in making sure that a network is running at its best.

[music] [music] Disaster recovery is the process that a company uses to get its IT infrastructure back up and running after

a disaster such as a natural disaster, a cyber attack and so on. Now, this means that if a disaster happens, a disaster

recovery plan needs to be created and that plan needs to be tested to make sure it works and in addition a strategy on how to put that plan into action to

reduce data loss and business disruption. So, the goal of disaster

disruption. So, the goal of disaster recovery is to get the business up and running as soon as possible.

When it comes to disaster recovery, there are a few terms that you need to know for the exam, such as recovery point objective or RPO. This defines

what's the most data loss that is acceptable over a certain period of time. And that time is measured from the

time. And that time is measured from the moment of a disaster to the latest backup that is known to be reliable. So

in short, it's the quantity of data that a business may lose without causing major problems or damage.

Another term is RTO or recovery time objective. Now, this defines the longest

objective. Now, this defines the longest time that a service can be down without causing problems. This is important for determining how to recover from a

disaster since it shows how quickly operations need to be back online to limit the damage to the business and possible losses.

MTTR or meanantime to repair is an indicator that tells you how long it usually takes to fix a major device or system once it breaks. It's a way to

measure how well the repair procedure works and how dependable the equipment or systems are. A lower MTR means that

repairs are done faster. An MTBF or meanantime between failures is an indicator that shows how long a system or part can run without failing. It's a

good way to tell how reliable a system is, and it's commonly used to plan maintenance ahead of time. It's a way to assess how reliable a system is in

numbers. A higher MTBF means a more

numbers. A higher MTBF means a more reliable system.

If a natural disaster were to occur, your goal would be to get your organization up and running as fast as possible. And one of the best ways to do

possible. And one of the best ways to do this is by using a hot site. A hot site is defined as an alternative site that is fully functional. A hot site has

servers, computers, printers, and so on already powered up and ready to go. So

if the primary site is destroyed, so for example, by a fire, then the hot site would be on standby and ready to go on a moment's notice. So as you might have

moment's notice. So as you might have already guessed, hot sites can be very expensive because not only do you have to pay for the cost of the building, but

also the cost of replicating the equipment inside.

Now, a warm site is also an alternative site that is used in case of a disaster.

But a warm site is different from a hot site because it doesn't have that much equipment. It may have a small portion

equipment. It may have a small portion of the computer equipment as the primary, but that's about it. So, it's

basically a site that you can just go to get the bare essentials of an organization up and running.

And then finally, we have a cold site. A

cold site is pretty much just a location that is agreed upon in case of a disaster. So basically, it's just a

disaster. So basically, it's just a building with no computer equipment.

High availability means that a system can be up and running and available all the time, even when there are problems or breakdowns. And there are two types

or breakdowns. And there are two types of high availability. There's active

active and active passive. In an active active setup, all the devices in the network are up and running and they all share their workload evenly. But in an

active passive setup, some devices are up and running and some devices are put on standby. So if a failure happens,

on standby. So if a failure happens, only then will the standby devices be activated. But this could cause a delay

activated. But this could cause a delay which is why active active is preferred over active passive because active active keeps the systems up and running

all the time which not only reduces downtime but also improves performance.

Tabletop exercises are a kind of training that allows a business to practice dealing with emergencies or a crisis in a safe low stress setting.

They ask participants to talk about possible situations and how they may react, which helps find the good and bad

points of emergency plans and procedures and where they can be improved.

[music] [music] DHCP stands for dynamic host configuration protocol. Now, every

configuration protocol. Now, every computer or device on the network has to have an IP address for communication purposes. And there are two ways that a

purposes. And there are two ways that a computer can be assigned an IP address.

It could be done by using a static IP or a dynamic IP.

Now, a static IP is where a user assigns a computer or device with an IP address manually. Now, this was the original

manually. Now, this was the original method that was done in the beginning of networking. So for each computer on the

networking. So for each computer on the network, you had to open up the computer's network configuration page and manually type in an IP address. But

in addition to an IP address, you also had to type in the subnet mask, default gateway, and a DNS server. But there is a better and easier way to assign a

computer an IP address, and this is called a dynamic IP. A dynamic IP is where a computer gets an IP address

automatically from a DHCP server. A DHCP

server automatically assigns a computer with an IP address. And in addition to an IP address, it can also assign a subnet mask, default gateway, and a DNS

server.

Now, a DHCP server assigns IP addresses to computers on the network from its scope. A scope is a range of consecutive

scope. A scope is a range of consecutive IP addresses that a DHCP server can hand out. So for example, here we see a scope

out. So for example, here we see a scope of IP addresses from this DHCP server.

So as you can see, this range starts with this IP address and ends with this IP address. So computers and devices on

IP address. So computers and devices on this network will get an IP address from this range of IP addresses. So this

scope can give out 100 IP addresses.

Now if you wanted a computer or device on your network to have a specific IP address all the time, in other words, you never want that IP address to

change, you can create a reservation on the DHCP server. A reservation ensures that a specific computer or device identified by its MAC address will

always be given the same IP address when that computer or device requests an IP address from the DHCP server. So for

example, if I create a reservation for my computer, the DHCP server will recognize my MAC address and will always give me this specific IP address. Now,

reservations are not typically given to regular computers. They are typically

regular computers. They are typically given to special devices such as network printers, servers, and routers that require using the same IP address

constantly.

Now, DHCP exclusion is an IP address or range of IP addresses that the DHCP server does not give out. These IP

addresses are reserved for devices that use them as static IP addresses. So the

difference between reservation and exclusion is that reservation is reserving dynamic IP addresses while

exclusion is for excluding static IP addresses.

When computers obtain an IP address from a DHCP server, the server assigns the IP address as a lease. So the computers

don't actually own the IP address. It's

actually a lease. And a lease is the amount of time an IP address is assigned to a computer. So for example, if I do an IP config/all

in a command prompt in a Windows computer, you can see that the DHCP service has assigned my computer an IP address with a lease of one day. Now,

typically a DHCP server will automatically renew the IP address for you. So, you won't have to do anything

you. So, you won't have to do anything or even notice that the IP address is being renewed. You can just continue on

being renewed. You can just continue on like normal and go about your business.

Every computer has to have an IP address to communicate on a network. Now, when a computer is set to automatically obtain an IP address, it gets the IP from a

DHCP server. But what happens if a

DHCP server. But what happens if a computer cannot reach a server? So for

example, what happens if the DHCP server goes down or if the connection to the server is lost? Well, if this happens, then the computers that are running

Microsoft Windows, the computers themselves will self assign their own IP address. These IP addresses will be in

address. These IP addresses will be in the range starting with 169.254.0.1.

And this type of self assigned IP addressing is what's called a PIPA or automatic private IP addressing. And in

addition, they will also assign themselves a 16bit subnet mask. And the

reason why computers do this is that even though they can't get an IP from a DHCP server, they will still be able to communicate with other computers on the

same local network or subnet that also have self assigned IP addresses.

Now, similar to a PIPA that's used in IP version 4 networks, there's also Slack that's used in IP version 6 networks.

And Slack stands for stateless address auto configuration. This feature is

auto configuration. This feature is built into IP version 6 and this allows IP version 6 devices to autoconfigure

their own IP address and it works by using router advertisements or RAS and using the devices MAC address. One of

the main differences between AIPA and Slack is routability. APIPA IP addresses are not routable. So the devices can't

communicate outside their own network.

But Slack IP addresses are routable and they can talk outside their own network.

And another difference is that where a pipa is a backup method, Slack is actually the preferred way for assigning IP version 6 addresses.

So as stated previously, when a computer needs an IP address, it'll broadcast the request to a DHCP server. And if the server is on the same subnet as the

computer, in other words, if they are using the same IP address settings, the DHCP server will receive the request and assign the computer an IP address.

However, if the computer and the DHCP server are not on the same subnet, in other words, they're not using the same IP address settings, then the DHCP

server will not receive the request because broadcast cannot go outside their own subnet. So, this is where a

DHCP relay comes in. A DHCP relay or IP helper is a service that is enabled on a router that will relay a DHCP broadcast,

it receives and forwards it. So now the computer will broadcast a request for an IP address. And once the DHCP relay on

IP address. And once the DHCP relay on the router receives a broadcast, it'll forward the broadcast to the DHCP server and then the server will assign the

computer an IP address.

>> [music] >> In this section, we're going to be talking about DNS and DNS records.

DNS stands for domain name system. And

the most basic job of DNS is to resolve domain names to IP addresses. And the

reason it has to do this is because computers don't understand names. They

only understand numbers. A domain name is just a text that you type in a web browser when you want to go to a certain website such as example.com, google.com,

yahoo.com, and so on. So when you type in a domain name such as example.com in a web browser, DNS will resolve that domain name into an IP address so you

can retrieve the website.

Now in a DNS hierarchy there are three main levels of servers. There are the root servers, the top level domain servers and the authoritative name

servers. But of these three, the DNS

servers. But of these three, the DNS servers that are responsible for storing the DNS records for resolving domain names to IP addresses are the

authoritative name servers because they are responsible for knowing everything about the domain name, including the IP addresses and much more. But in order

for your query to resolve example.com into an IP address, it needs to know which name server to ask.

So in order to find the correct name server, the query must first go through the top of the DNS hierarchy which is the root server. And once it reaches the

root server, the root server will look at example.com and will forward the query to the correct top level domain server. The tople domain server is

server. The tople domain server is responsible for information of a tople domains such as com.net.org

and so on. So in this case the root server will forward the query to the.com tople domain server because the tople domain for example.com is.com

and then the tople domain server will forward the query to the specific authoritative name server that's responsible for the example.com domain

and once the query reaches the name server example.com will be resolved to the IP address so the website can be

retrieved. D. So in a DNS database, you

retrieved. D. So in a DNS database, you have what's called a DNS zone file. And

this file contains the DNS records. Now,

there are numerous DNS records, but I'm only going to talk about the most common ones. So the first DNS record is the A

ones. So the first DNS record is the A record or address record. And this is the most common DNS record. This is what resolves a domain name to an IP address.

To be specific, it resolves to an IP version 4 address, which is a 32-bit numeric address. So, in the example we

numeric address. So, in the example we just did earlier, when you type in a domain name, such as example.com in a web browser, the A record is what DNS

uses to resolve a domain name to an IP address. And then we also have the TTL

address. And then we also have the TTL or time to live. This field tells us how long each record is valid until the next update.

And then there's also the quad A record.

And this record is just like the A record. So both A and quad A records

record. So both A and quad A records resolve domain names to IP addresses.

But the difference is is that quad A records resolve domain names to IP version 6 addresses. An IP version 6 address is a 128 bit alpha numeric

address that's replacing the older IP version 4 addresses.

The next DNS record is called CNAME or canonical name. And what this does is

canonical name. And what this does is that it resolves a domain or subdomain to another domain name. So basically,

it's an alias for another domain name.

So as an example, computers read domain names from right to left. And domain

names will have several parts. A root

domain, a top level domain, a second level domain, and a subdomain. So when

we look at example.com there is also a hidden dot right after com even though it's hidden and we don't see it but that

dot is the root domain. The.com is the top level domain and example is the second level domain. But if there is an additional name to the left of a second

level domain then that would be a subdomain.

So for example, www is a common subdomain, which is why it is common to create a CNAME record pointing www.acample.com

www.acample.com toample.com.

toample.com.

Which is why when you type example.com or www.acample.com

or www.acample.com in your web browser, you'll end up at the same.com website because of that CNAME record.

Subdomains are also often used when a website has different services running on the same server and are using the same IP address. So as an example, let's

say that example.com has an FTP service running on the same server as their website. So in this case, they can

website. So in this case, they can create a subdomain such as FTP.acample.com example.com for their

FTP.acample.com example.com for their FTP service on the server and then they can create a CNAME record and have it directed toample.com.

directed toample.com.

So now when users type in FTP.acample.com

FTP.acample.com in their web browser, DNS will look at the CNAME record and for the users toample.com.

toample.com.

Now even though it's pointing to example.com but once the request reaches the web server the web server will inspect the URL that the user has typed

and direct it to its FTP service on the server. So CNAME records are similar to

server. So CNAME records are similar to A records but the difference is is that A records resolve domain names to IP addresses while CNAs resolve domain

names to domain names.

And the next DNS record is MX record or mail exchanger record. And this record is used for email. The MX record simply points to the server where email should

be delivered for that domain name. So

for example, when you send an email to tom@acample.com, your MTA or mail transfer agent will query the MX records for example.com

because it's looking for an email server. And then DNS will respond back

server. And then DNS will respond back telling the MTA which server to send the email to which in this case would be mail1.acample.com

mail1.acample.com because that's what the MX record points to. So that's basically what the MX

to. So that's basically what the MX record does. It tells the world which

record does. It tells the world which server to send email to for a particular domain name.

Now, MX records will generally have two entries, a primary email server and a secondary email server along with priority numbers. The lower the priority

priority numbers. The lower the priority number means that it's the primary email server. But if the primary email server

server. But if the primary email server gets overwhelmed or goes down, then the secondary email server would be used.

And the next record is the NS record, which stands for name server. Now this

record just like its name says provides the name of the authoritative name server within a domain. So as I stated previously the name server contains all the DNS records necessary for users to

find a computer or server on a local network or on the internet. It is the final authority in a DNS hierarchy. And

an NS record would generally list two name servers a primary and a secondary.

And then we have a ptr or pointer record. Now this record is basically the

record. Now this record is basically the reverse of an A or a quad A record. So

as you remember A and quad A records resolve domain names to IP addresses.

But PTR records do the opposite. They

resolve IP addresses to domain names.

PTR records are attached to email and are used to prevent email spam. So

whenever an email is received, the email server uses the PTR record to make sure that the sender is authentic by matching the domain name in the email with its

authentic IP address. This is what's known as a reverse DNS lookup. But if an email that is sent does not match with its correct and authentic IP address,

the email will be flagged as spam.

And our last record is the .txt or text.

Now, this record contains miscellaneous information about a domain such as general or contact information. These

are also used to prevent email spam by making sure incoming email is coming from a trusted or authorized source.

In order to keep DNS secure and untampered with, DNS SEC was developed, which stands for domain name system security extensions. This is a group of

security extensions. This is a group of cryptographic protocols that make DNS safer by adding digital signatures to

DNS records. These signatures are added

DNS records. These signatures are added to DNS entries so that the resolvers can make sure that the data hasn't been tampered with.

Another security method that DNS uses is DOH, which stands for DNS over HTTPS.

This is a protocol that encrypts DNS queries using HTTPS, which makes your internet browsing safer and more

private. DO doesn't send DNS requests in

private. DO doesn't send DNS requests in plain text. Instead, they are encrypted

plain text. Instead, they are encrypted in regular HTTPS traffic.

And another security method for DNS is DOT which stands for DNS over TLS or transport layer security. And this also

encrypts DNS queries. DOT attempts to improve privacy and security by stopping others from eavesdropping and tampering

especially from maninthe-middle attacks.

DOT uses port 853 and adds TLS encryption to UDP, which is the protocol that DNS queries use.

In DNS, you have what's called zones. A

forward and a reverse zone. A forward

zone resolves domain names to IP addresses, as we talked about earlier, and a reverse zone is just the opposite.

This resolves IP addresses to domain names. Reverse zones are used to verify

names. Reverse zones are used to verify if email senders are authentic by verifying their IP address.

Now, before DNS, operating systems used a host file to resolve host names to IP addresses. The host file works like a

addresses. The host file works like a local database, letting you change how DNS resolves certain domains. This

implies that instead of visiting a DNS server, your computer will utilize the information in the host file to connect

to a website or server.

NTP stands for network time protocol and this is an internet standard that is used to synchronize the clocks of computers with the US Naval Observatory

Master Clocks. This protocol runs on

Master Clocks. This protocol runs on each computer and it sends out periodic requests to the server to make sure the time is in sync.

Network time security is a protocol that makes the network time protocol safer by making sure that time synchronization between clients and servers is both

encrypted and verified. It fixes

security holes in the old NTP protocol which was a security concern.

[music] [music] Now VPN stands for virtual private network. A VPN is what establishes a

network. A VPN is what establishes a secure and reliable network connection over an unsecured network such as the internet. It protects your internet

internet. It protects your internet activity and disguises your identity as you surf the internet. So for example, when you order internet service from

your ISP or internet service provider, they will set up your internet connection. And when your setup is

connection. And when your setup is complete, your internet activity is routed through your ISP servers, which means that your ISP can see and log all

of your internet activity. So they can see every website that you visited. Now,

typically this wouldn't be a problem if they kept your internet activity private. However, there is a possibility

private. However, there is a possibility that your ISP could share your information with other third parties such as advertisers or maybe even the

government. And if this were to happen,

government. And if this were to happen, your internet activity is no longer private. But by using a VPN, your online

private. But by using a VPN, your online activity will bypass your ISP server and will be redirected to another server

which is a VPN server, which means that your internet provider or any other party can no longer see what websites you are visiting. The VPN server is now

your source where all of your internet activity goes through. And this has several benefits. And the first benefit

several benefits. And the first benefit is that a VPN will disguise your identity by hiding your IP address.

Whenever you order internet service from a provider, they will assign you an IP address. That unique IP address is

address. That unique IP address is attached to your home or business. So

whenever you visit a website, that website can see your IP address. But

when using a VPN, websites can no longer see your IP address. They now only see the IP address of the VPN server which

effectively hides your identity so you can surf the internet anonymously.

Another benefit is that a VPN will encrypt and protect your internet data.

Whenever you go on the internet, the data that you send and receive is broken down into a bunch of smaller data packets. These data packets travel

packets. These data packets travel across the public internet and ultimately find their way to their destination. But as they are traveling

destination. But as they are traveling across the internet, your data can be viewed by ISPs, governments, and it can also be intercepted by hackers,

especially if you use public Wi-Fi networks. But a VPN will prevent this. A

networks. But a VPN will prevent this. A

VPN will encapsulate each data packet by adding an extra layer of protection to each one, which is known as tunneling.

This extra layer adds a layer of protection to ensure your data is secure and kept private as it travels across the internet in a virtual tunnel. So any

activity that you do on the internet such as visiting web pages or transferring files, the data is encrypted and kept private when using a

VPN.

Now one type of VPN is called sight to sight and this is when an organization has two offices in different geographical locations and they want those offices to beworked and shared

data with each other over the public internet. So they would just need to set

internet. So they would just need to set up a sightto-sightVPN connection and then the VPN will encrypt the data as it goes through the internet and then

decrypt the data as it enters the organization's private network. Creating

a sightto-sightVPN creates an alternative to an internet lease line at a much cheaper cost.

A client to sightVVPN, which is also known as a pointto-sightVPN, securely connects a single computer to a remote network, such as a remote office.

And then once it's connected, the computer can use the network resources and services as if it was physically in the same office.

In clientto-sightVPNs, there's full tunneling and split tunneling. Full tunneling sends all user

tunneling. Full tunneling sends all user traffic through the VPN while split tunneling lets users pick which traffic

travels through the VPN. In full

tunneling, all the data is encrypted which makes it safer, but it can also slow down performance because it adds latency. In split tunneling, only a

latency. In split tunneling, only a portion of the traffic is encrypted, such as the traffic going to a remote network, but all the other traffic such

as traffic for the internet only is not encrypted. Now, this option is more

encrypted. Now, this option is more flexible and may increase performance, but it could also make your VPN less secure because some traffic goes around

it.

A clientless VPN is a type of VPN that lets users connect their computers to a remote network without having to install any specific software or apps on their

devices. Instead, it uses a web browser

devices. Instead, it uses a web browser using protocols like SSL and TLS to make the connection.

There are several ways that a connection to a network can be made and one of those ways is by using SSH or secure shell. This way of connecting lets you

shell. This way of connecting lets you use a command line interface to safely access and administer network devices from a distance. Users would type

commands into a terminal window to talk to network devices. SSH encrypts data as it's sent and verifies users with passwords and lets people access

computers remotely over networks securely. Users often use it to manage

securely. Users often use it to manage network devices such as routers and switches remotely. An SSH uses TCP port

switches remotely. An SSH uses TCP port 22 for its connection.

A network connection can also be made by using a guey or graphical user interface. Now, this provides a

interface. Now, this provides a user-friendly way to connect, control, and change network settings such as connecting to a wired or wireless

network, setting up IP addresses, and setting up VPNs. And it lets you do all these things in a friendly visual fashion as opposed to using command line

tools.

API integration is a practice of linking a couple of software applications via APIs to provide a seamless exchange of data. APIs serve as a middleman

data. APIs serve as a middleman outlining how various software components should interact and communicate with one another.

A console connection is a physical serial connection that uses a serial cable such as an RJ45, USB, or DB9

connection. It lets you directly access

connection. It lets you directly access a network devices command line interface for things such as troubleshooting or doing the initial setup when the device

hasn't joined the network yet. This

feature is important for routers and switches that don't have an IP address.

A jumpbox, which is also called a jump server or jump host, is a computer that lets you securely access other servers or networks in a more limited security

zone. It operates as a gateway, letting

zone. It operates as a gateway, letting users access internal systems while keeping those systems safe from direct access from outside.

There are two methods that exist for managing devices in a network and they differ mainly on how the connection is made. There is inband and out ofband.

made. There is inband and out ofband.

Inband management shares the same network infrastructure to make the connection. The network device will be

connection. The network device will be assigned an IP address where an administrator can log into and access that device using SSH. And outofband

management doesn't use the same network infrastructure to make the connection.

Instead, it uses a direct connection to the device using the devices console port.

[music] >> [music] >> Now when network devices want to communicate with other network devices, they first need to know the MAC address

of those devices. And the way they find the MAC address of a device that they want to talk to is by broadcasting a signal out on the network asking for

that devices's MAC address. And then

once the MAC address is known, communication can take place. So for

example, if computer A wanted to communicate with another computer on this network, it'll send out a unit of data called a broadcast frame. And then

once the broadcast reaches the switch, the switch will forward that broadcast to every device that's connected to it.

Now in a typical network you would have a switch with computers connected to that switch forming a local area network. However, in some cases network

network. However, in some cases network administrators may want to add redundancy to their network in case of a switch or a cable failure. So instead of

having one switch, they may use multiple switches. So for example, this network

switches. So for example, this network is using three switches on this network.

So that means that this computer here has two options. it can take to communicate with this computer over here. It can communicate using this path

here. It can communicate using this path here or if this link goes down, it can use this path instead and vice versa.

But the problem with having a setup like this is that it could create a problem called broadcast loops. So, for example, as I stated before, whenever a computer

wants to communicate with another computer, it first has to send a broadcast frame out on the network to find the computer it wants to talk to.

So, if computer A wants to talk to computer C, computer A will send out a broadcast frame to the switch it's connected to, which is switch one. And

remember, switches will always forward broadcasts to every device that's connected to it. So, switch one will forward the broadcast to computer B,

switch two, and switch three. And then

when switch two receives a broadcast, it will forward the broadcast to computer C and computer D. But it's also going to forward it to switch three. And then

when switch three receives a broadcast, it'll forward the broadcast to switch one. And switch one will forward the

one. And switch one will forward the broadcast again to switch two. And then

this will continue on in a neverending loop. And the same thing happens in the

loop. And the same thing happens in the other direction. When switch three

other direction. When switch three receives a broadcast from switch one, it'll forward the broadcast to switch two and then to these computers again.

And then switch two will forward the broadcast to switch one. And then it's rinse and repeat. The whole network will be caught up in a neverending loop of broadcasts, which is known as a

broadcast storm. And when this happens,

broadcast storm. And when this happens, the network can't do anything because of a constant broadcast and the entire network will come to a grinding halt. So

this is why the spanning tree protocol was developed. It was designed to

was developed. It was designed to prevent broadcast loops when multiple switches are used on a network. So the

next question is well how does STP prevent this? Well the short answer is

prevent this? Well the short answer is that it does this by blocking certain ports on the switches. And so the next question is how does it determine which

port or ports to block? Well, the first thing that STP does is to determine which switch will be the root bridge.

The root bridge will be considered the most important switch. And the way it determines this is by having all the switches talk to each other. And they do this by sending out messages called

BPDUs or bridge protocol data units out on the network. These units contain information

network. These units contain information called the B ID or bridge ID. The bridge

ID consists of the switch's priority number plus the VLAN number along with its MAC address. And STP uses the bridge ID to determine which switch will be the

root bridge. And the switch with the

root bridge. And the switch with the lowest bridge ID value will be considered as superior and will be elected as the root bridge. So for

example, by default each switch will have a priority value of 32768.

And let's say that all the switches are on VLAN 1. So we will add the one to the priority value which will now equal 32769.

But since all the switches on this network have the same priority value, that means it's a tie. However, the

tiebreaker will be determined by the MAC address. So whichever switch has the

address. So whichever switch has the lowest MAC address will be elected as the root bridge. So we see that switch three has the lowest MAC address which

means that it'll be elected as the root bridge. And the ports on the root bridge

bridge. And the ports on the root bridge are labeled designated ports. Designated

ports are ports that lead away from the root bridge.

Now the next step is to determine the root ports. The root ports are ports on

root ports. The root ports are ports on the nonroot switches. So these switches here that forward data to the root bridge. Root ports are elected by what's

bridge. Root ports are elected by what's called the lowest path cost. Which means

that the port on the switch that's the fastest link to the root bridge. The

path cost is calculated in the following chart. If the link speed is 1 Gbits per

chart. If the link speed is 1 Gbits per second, the cost is equal to 4. If the

link speed is 100 megabits per second, the cost is equal to 19. And if the link speed is 10 megabits per second, the cost is equal to 100. So let's say that

all the links between the switches are 100 megabits per second. And if we look at our chart, 100 megabits will have a cost of 19. So all three links will have

a path cost of 19.

So starting with switch one, it has two paths to the root bridge. This one here or this longer one here. So this path

here has a cost of 19. But this path here has a cost of 19 plus another 19 which equals 38. So since this path here

has a lower cost, this port on this switch will be the root port. Because as

I stated before, whichever port has the lowest cost path to the root bridge will be the root port. And the same thing goes with switch two. This path has a

cost of 19. And this other path has a cost of 38. So this path is lower. So

this port will be the root port.

Now just to give you another example, let's say that these two links here are 1 Gbits per second each. And if we look at our chart, that would give them a

cost of four each. So going back to switch one, if we add up the cost of this path, it would be 4 + 4, which equals 8. And the other path is still

equals 8. And the other path is still equal to 19. So since 8 is lower than 19, this port would be the root port. So

this is how root ports are determined.

So let's go ahead and put these links back to 100 megabits each and continue on with the lesson.

So now that we have our root ports figured out, it's time to determine which of these last two remaining ports are going to be blocked to prevent broadcast loops. And the way to

broadcast loops. And the way to determine which port will remain open and which one will be blocked is again based on the switch's bridge ID. And

since the lower bridge ID wins, the port on switch two will remain open and be labeled a designated port. But the port on switch one because it has a higher

bridge ID, its port will be blocked. So

by blocking this port, it will shut down this link which will prevent any broadcast loops. So STP has to go

broadcast loops. So STP has to go through all these steps to find out which port or ports to block. But if any of these other links or devices were to

go down, STP will reactivate this port and bring this link back up.

[music] As a network administrator or a security analyst, it's important to know how and what keeps a network safe, which can be a difficult job because of the number of

threats that are out there on the internet. And one of the most common

internet. And one of the most common types of security is encryption.

Encryption is a method to make data unreadable by scrambling the data using encryption algorithms. Now, this is essential to security because as the

data is in transit, meaning that it's moving over a network to a different location, that data needs to be protected by encryption. So, it can't be

read by hackers if they intercept the information. And this is also true if

information. And this is also true if the data is at rest, meaning it's not moving and stored somewhere. Then this

data also has to be encrypted to keep it safe from hackers. This ensures that the data is safe and only people with the decryption key can read it.

Public key encryption or PKI is a way to make sure that people are who they say they are and that their communications are safe. And this is done by using

are safe. And this is done by using digital certificates and public key encryption. It's a system that lets

encryption. It's a system that lets people and gadgets check each other's identities and encrypt data so that it may be safely sent over a network.

Basically, it's used to let your computer know that the website you're visiting is trustworthy.

So, for example, when a computer connects to a website, that computer's web browser will ask the website to identify itself. Then the web server

identify itself. Then the web server will send a computer a copy of its certificate. Then the computer's browser

certificate. Then the computer's browser will check to make sure that it trusts the certificate and if it does it will send a message to the web server. Then

after the web server will respond back with an acknowledgement so a session can proceed. Then after all these steps are

proceed. Then after all these steps are complete encrypted data can now be exchanged between your computer and the web server. A certificate is issued by a

web server. A certificate is issued by a CA or certificate authority. Browsers

and systems trust CA certificates by default, which makes sure the connection is secure and shows a security icon such as a padlock in the web browser,

but there's also selfassigned certificates. Self-assigned certificates

certificates. Self-assigned certificates are not automatically trusted and will give you the option of manually clicking a button to accept the certificate so

you can proceed to the website.

Identity access management is a security framework that deals with keeping track of digital identities and controlling who can access an organization's

resources. It makes sure that the right

resources. It makes sure that the right people and systems can get to the right resources at the right time. IM includes

rules, tools, and methods for verifying users, giving them permission, and controlling their access.

LDAP or lightweight directory access protocol is a standard way to get to and manage directory services. It lets

clients talk to directory servers like Active Directory to do things like search for information, verify users, and change directory entries. LDAP is an

important part of many network and application settings.

Verifying the identity of a person, thing, or method to make sure they are who they say they are is called authentication.

It's an important part of security that usually comes before authorization and limits the resources that a verified person can access. Authentication checks

that identities such as usernames and passwords are real. And for extra security, it can also use MFA or

multiffactor authentication. MFA is a

multiffactor authentication. MFA is a security system that asks users to prove their identity in at least two ways before they can access a resource or

account. It makes it harder for people

account. It makes it harder for people who aren't supposed to be there to get into accounts because it adds another layer of security on top of a username

and password.

SSO or single sign on is a way for users to log into several apps or websites with just one set of credentials.

Because since people often use their web browsers to access apps directly, companies are putting access management strategies that make both security and

the user experience a priority. and SSO

provides both since users can access all password protected resources without having to log in again after their identity has been verified.

Terminal access control or access control system plus is a network protocol that is widely used in Cisco systems to provide centralized

authentication authorization and accounting for users and devices on the network.

Another aspect of security is physical security. This includes things such as

security. This includes things such as security cameras inside and outside a building. Cameras are a great way to

building. Cameras are a great way to protect property and detering crime.

These camera systems will also include motion detection to alert you of a pending danger. And locks are also

pending danger. And locks are also essential to restrict access and protect personal property from theft.

There are also some deceptive technologies that are used in cyber security such as honeypot and honeyet. A

honeypot is a deceptive mechanism that is used to draw in and catch cyber criminals so that security personnel may examine their strategies and better

prepare for their defenses. It serves as a safe haven where malicious activity can be observed, examined, and learned from without posing a threat to a real

network. And a honeyet is a network of

network. And a honeyet is a network of honeypotss.

As far as common security terminologies, let's start with what a risk is. Now, a

risk is a potential for something bad to happen. Risk is the uncertainty of how

happen. Risk is the uncertainty of how an action will affect something that you would value such as money, health, property, and so on. The word

vulnerability in terms of cyber security is a weakness or flaw in software, hardware, or security measures that could be used by hackers to compromise

data or start an attack. An exploit is a technique used in cyber security to benefit from a vulnerability or security hole in a computer system or

application. It's a technique to hack

application. It's a technique to hack into a system by taking advantage of a known flaw to obtain access. A cyber

security threat is a possible bad action or incident that could harm computer systems and a network. These threats

mostly come from outside the company, but it can also come from within. These

include things such as viruses, malware, fishing attacks, ransomware, and spyware. The CIA triad is one of the

spyware. The CIA triad is one of the most important models in information security. It stands for three main

security. It stands for three main ideas: confidentiality, integrity, and availability. The CIA triad acts as a

availability. The CIA triad acts as a guide in helping people make security rules and policies that keep data and a network safe.

Data locality means doing calculations on the same computer where the data is stored. And this keeps data from having

stored. And this keeps data from having to move around too much in a network.

And this method is especially important in systems that handle large amounts of data because moving data between computers can slow things down and cause

network congestion. Data locality

network congestion. Data locality reduces network traffic and speeds up processing.

Companies that deal with credit cards must follow what's called the payment card industry data security standard when they handle customer data. It's

made to keep user data safe while it's being processed, sent, and stored. Any

business that takes credit card data, processes it, or saves it must follow this standard.

And similar to this standard is the general data protection regulation. And

this is a law in the European Union that controls how sensitive information about people is gathered, used, and kept safe.

The industrial internet of things and the internet of things are both networks of devices that are linked together, but they are used for different things and

have different areas of coverage.

Internet of things is the network of everyday devices that are connected to the internet such as the things that the common person would use such as smart

devices. But industrial internet of

devices. But industrial internet of things on the other hand is a network of connected industrial devices and processes such as machinery,

transportation, energy and so on.

SCADA, ICS, and OT are similar terms that describe systems that are used for controlling and monitoring equipment that are used in industrial facilities

such as power plants, water treatment plants, and refineries. These systems

communicate with sensors and systems in real time that are out in these industrial facilities. And those sensors

industrial facilities. And those sensors and systems send back information to PLC's and RTUs which then sends it to the SCADA computers to be analyzed. And

this information could be things like how to reduce waste, how to improve efficiency, or if there are any problems. Employees

who bring their own network devices such as smartphones, tablets, or laptops and use them for jobrelated tasks can use it through a program called bring your own

device. This program can save a company

device. This program can save a company money because they wouldn't have to purchase and maintain these items for their employees. However, it could

their employees. However, it could create a security risk, for example, if the employee devices have malware installed.

>> [music] [music] >> DOW stands for distributed denial of service. And what this is, it's

service. And what this is, it's basically a cyber attack on a specific server or network with the intended purpose of disrupting that network or

server's normal operation. And a DOS attack does this by flooding the targeted network or server with a constant bombardment of traffic such as

fraudulent requests which overwhelms the system causing a disruption or denial of service to legitimate traffic.

VLAN hopping is also an attack on a network and it occurs when a hacker makes an attempt to access VLANs that they are not authorized to access. And

in addition to posing a substantial threat to network security, this assault weakens the isolation that was expected

to exist between various VLANs.

Another type of attack is MAC flooding.

Whenever a device connects to a port on a switch, the switch will enter that device's MAC address in its table. That

way, the switch will know which port to forward the data to. But when a hacker attacks using MAC flooding, it'll overwhelm a switch by flooding its MAC

address table with fraudulent entries.

And when this happens, the switch would default to fail open mode. Fail open

mode is basically when a switch turns into a hub and starts forwarding traffic to every port, which could slow down a network and potentially open the door

for hackers to intercept data.

The ARP or address resolution protocol can also be used as an attack on a network. Whenever a device on a network

network. Whenever a device on a network wants to communicate with another device on the network, it needs the MAC address of that device. So for example, if this

computer here wants to communicate with this router here, the computer will send out a broadcast using the router's IP address asking for the router's MAC

address. And then the router will

address. And then the router will respond back telling the computer its MAC address. And then the computer will

MAC address. And then the computer will store the IP address along with the corresponding MAC address in its ARP cache. So now anytime the computer wants

cache. So now anytime the computer wants to talk to the router, it knows the MAC address because it's stored in its ARP cache. But if a hacker on the network

cache. But if a hacker on the network wanted to intercept data between the computer and the router, the hacker can do an ARP spoofing. ARP spoofing is when

a device impersonates another device in order to intercept and steal data. So

what will happen is the hacker's computer will respond to this computer and tell it that the router you want to talk to has a different MAC address and

then the computer will store the updated MAC address in its ARP cache thinking it's the MAC address of the router. But

in reality, it's the MAC address of the hacker's computer. And then any data

hacker's computer. And then any data coming from the computer, the hacker's computer will forward the data to the router. So now, whenever the computer

router. So now, whenever the computer wants to communicate with the router, it's actually communicating with the hacker's computer first and then it's forwarded to the router. So the hacker

can now see all the communication between the computer and the router. So

this is known as ARP spoofing. But since

the hacker is now in the path of these two devices, this is also known as an onpath attack or maninthe-middle attack.

DNS poisoning or DNS spoofing is a type of attack that changes DNS data to send people to harmful websites. So, as

stated earlier, DNS is what resolves a domain name to an IP address. and

hackers get into a DNS server or a DNS cache and can change or add fake [clears throat] DNS records. Then these

fake records lead people to a bad website that looks like a real one. So

if you wanted to go to a certain website by typing it in on your web browser and then the web browser would take you to a totally different website then this is

the result of DNS poisoning.

There are also rogue devices and services that can disrupt a network, such as a rogue DHCP server. A rogue

DHCP server is an unauthorized server that can interfere with network security. These servers are frequently

security. These servers are frequently installed on networks either accidentally or by hackers. A rogue DHCP server can duplicate IP addresses which

can block devices from connecting to the network or it could be used as a maninthe-middle attack.

Another device that can cause disruption on a network is a rogue AP. Now this is when a bad actor places a wireless access point on a secure network with

the intent on stealing a user's data when that person joins the rogue AP. The

SSID name that the rogue AP broadcast may look legit and secure to others, but if they join a wireless network, they could get their data stolen. And if the

rogue AP broadcast the same SSID as a legitimate AP, then this is known as an evil twin attack. The purpose is to

trick users to connect to the rogue AP instead of the legitimate one.

Dumpster diving is another type of attack that involves the retrieval of items that were discarded in the trash.

Whether those things are physical, such as on paper, or digital data, such as what is stored on storage drives, then if this information is recovered, it can

be used to steal personal information and be used for fraud.

If someone takes your personal information, such as a PIN number or password, by watching you enter it, this is called shoulder surfing. This can

typically happen where people enter private information like at an ATM or a computer. This kind of identity theft is

computer. This kind of identity theft is pretty simple to do in public places.

Fishing is a very common type of internet fraud in which criminals try to fool people into giving private information such as credit card numbers, passwords, and other personal

information. And they do this by posing

information. And they do this by posing as a legitimate company or person. A lot

of times this happens through things such as emails, chat services, websites, and so on.

Malware stands for malicious software.

And this is software that's intended to damage or take advantage of computer systems in a network. Malware includes

things such as viruses, Trojan horses, worms, ransomware, and spyware.

Typically, malware accesses computers through email attachments, and malicious websites.

Tailgating is an attack where a physical breach can happen. Now this can happen when a person follows another person into a restricted area and bypasses

security and then from there that unauthorized person can observe sensitive information that could cause harm to an organization.

>> [music] [music] >> The practice of securing a network or device is referred to as device hardening. This involves decreasing the

hardening. This involves decreasing the chances of an attack of the device or system and increasing its defenses against cyber threats, unauthorized

access, data breaches, and so on. Some

examples of hardening a device are disabling unused ports and services and changing default passwords.

Network access control or knack is a security method that only allows authorized users and devices to access resources on a network. It enforces

policies such as posture checks which makes sure a device is safe and unaffected by malware before allowing that device on a network. Knack involves

security measures such as port security using 802.1x which controls what accesses a network and it also uses MAC filtering which can

restrict network access based on the devices MAC address.

Another security feature is an ACL or access control list. An ACL is what's used on a firewall. It's a list of rules on what can access the network. it

either allows or denies permission. So,

as an example, here we have a very simplified ACL with a list of IP addresses that have been either allowed or denied on this firewall. So, if this

IP address tried to get on this network, the firewall will deny it because of the rules that are set in the ACL. But these

other IP addresses are granted access because the ACL allows them.

And in addition to filtering IP addresses, ACL's can also filter URLs which can either allow or block websites. And it can also do content

websites. And it can also do content filtering. Content filtering is a method

filtering. Content filtering is a method that can block harmful content from the internet. It uses security methods such

internet. It uses security methods such as scanning for certain keywords or phrases, malicious content, images, and video.

As far as network security, a network is divided into a couple of zones, trusted and untrusted. A trusted zone is part of

and untrusted. A trusted zone is part of a network where security is high, such as an internal network in an organization. Trusted networks use

organization. Trusted networks use security measures such as authorization to access resources. And an untrusted zone is where security is low and risky

such as the internet. And this is why internal networks use a firewall or a DMZ to be placed between a trusted zone and an untrusted zone. This helps to

protect the internal network from external threats.

A screen subnet, which is often referred to as a DMZ or demilitarized zone, is used to help improve the security of an organization's network by segregating

devices such as computers and servers on the opposite sides of a firewall. So,

it's basically creating two separate networks. So for example, if a company

networks. So for example, if a company has a website and they want the public to access their website, instead of placing the web server inside the company's internal network behind the

firewall, the company would put their web server outside their internal network on a separate subnet or subnet network on the opposite side of the

firewall. That way, when the public

firewall. That way, when the public accesses their website, they won't need to go past the firewall inside the company's internal network.

[music] [music] Congestion and contention are similar terms that can happen in a network.

Congestion happens when a shared resource is at capacity. which can cause performance problems such as poor network speeds or dropped packets. And

contention happens when too many devices are accessing the same resource. And

those devices are essentially fighting or contending with each other over that resource. And when this happens, it

resource. And when this happens, it could cause delays or even cause a network to shut down. And to fix these issues, a network administrator can

improve the network's architecture, optimize traffic flow by using mechanisms such as traffic shaping and priority scheduling, and by making more

resources available.

The term bottlenecking is when there is a point on the network where data flow is hindered and it's causing a data traffic jam. Bottlenecks can happen in

traffic jam. Bottlenecks can happen in different areas of a network such as hardware, bandwidth, or links that are too busy. And finding and fixing

too busy. And finding and fixing bottlenecks is very important for keeping a network running at its best.

The term bandwidth refers to the maximum amount of data that can be sent over a network connection in a certain length of time. It is usually measured in bits

of time. It is usually measured in bits per second or BPS such as megabits per second or gigabits per second. It

basically tells you how much data a network connection can carry which affects things like download speeds, video streaming quality, and how well

the network performs overall. So as an example, if you have a 100 megabits per second internet service connection, then that means that a maximum of 100

megabits of data can be transferred in 1 second. Or if you have a 500 megabits

second. Or if you have a 500 megabits per second connection, then that means that a maximum of 500 megabits per second of data can be transferred in 1

second.

So as an analogy we can use an illustration of water flowing through a pipe and depending upon the diameter of the pipe it will directly affect how

much water can flow through it. So the

smaller diameter pipe will represent a lower bandwidth connection and the larger diameter pipe will represent a higher bandwidth connection. So, as you

can see, the flow of water is traveling at the same rate in both pipes. But

since the bottom pipe is wider than the top one, it's able to flow a lot more water at the same time more than a smaller pipe, which can fill up the

container at the other end a lot faster.

The time it takes for a network to respond to a user's action is called network latency or lag. It's very

important for network performance, especially for things that need to happen quickly, such as internet gaming, video conferencing, and money transfers.

Latency can be caused by things such as network congestion, distance, server side issues, network hardware limitations, and so on. Latency is

usually measured in milliseconds.

When one or more data packets during a network transmission do not arrive at their destination, then this is known as packet loss. Packet loss can happen for

packet loss. Packet loss can happen for a number of reasons such as a loss of power, network congestion, hardware and

software issues, bad cables, security threats, and so on. And when packet loss does happen, it can cause a number of problems such as a decrease in network

performance, a bad application experience, and a reduction in network throughput.

And the term jitter refers to the variation in time when data packets arrive at their destination. Now, even

though we should expect data packets to arrive on time, they may arrive at different times. And this is caused by

different times. And this is caused by things such as network congestion, routing problems, hardware issues, or even an incorrect quality of service

configuration.

There are also issues that can happen in a wireless environment. For example,

when there are multiple wireless networks in the same area, interference and slow speeds can happen because of wireless channel overlap. And this

happens when numerous devices use the same or adjacent wireless channels.

Another problem that can happen in a wireless network is signal degradation.

And this happens when a wireless signal weakens and becomes corrupted during transmission, which could cause errors and lag.

When a user is connected to a wireless network using their wireless device, another issue that can happen is client disassociation.

Now, this happens when the user gets unexpectedly disconnected from the Wi-Fi signal. And this could be the result of

signal. And this could be the result of interference from other devices, poor signal strength, hardware issues, or

even a malicious attack.

Things such as router placement, obstacles, interference from other devices, and old technology can contribute to insufficient wireless

coverage, which results in a weak or erratic Wi-Fi signal. Now, this could easily be resolved by moving the router, improving its surroundings, or even

using a range extender to increase the coverage.

When you have a network with several wireless access points that are not configured correctly, this is known as roaming misconfiguration

and this could cause problems with things such as device handoffs between APs. Dropped connections, poor

APs. Dropped connections, poor performance, and trouble sustaining uninterrupted connectivity as users move around the network can all be the result

of a roaming misconfiguration.

>> [music] [music] >> Now, in this section, we're going to be talking about command line tools.

Command line tools provide a wealth of troubleshooting information about computers and networks. And in this section, we're going to talk about a few of them. So the first command we're

of them. So the first command we're going to talk about is one of the most common command line tools which is the ping command. The ping command is a

ping command. The ping command is a simple tool that you can use to troubleshoot networking issues such as lag and network connectivity. So, for

example, you can use the ping command to see if your computer can communicate with another computer or device on your local network or to check if your computer can communicate with another

computer or device outside your network out on the internet. So, for example, let's say you wanted to check if your computer can communicate with another computer on your local network. So on

our computer, we would open up a command prompt and then we would type the word ping along with the IP address or the name of the other computer. Then our

computer will send out four data packets to that computer and then we'll wait for a response. And if the other computer

a response. And if the other computer received our data packets, it will send the data packets back to us as a reply.

And if we received a reply, then that means that there is general network connectivity between us and the other computer.

But if we did not get a reply, then this could be for several reasons. It could

mean that there is no network connectivity between the two computers, such as something simple as a disconnected cable. It could also mean

disconnected cable. It could also mean that the other computer is turned off.

Or it could mean that the other computer is turned on, but it's blocking all ping requests. And the same thing goes if we

requests. And the same thing goes if we pinged a server out on the internet. And

the easiest way to do this is by pinging a website using its domain name such as example.com.

example.com.

And if the reply was successful, then that means that the example.com server is up and running and that our computer can access the internet.

And our next command line tool is trace RT which stands for trace route. Now,

the internet is a global network of routers that allows networking devices the ability to talk to each other from all over the world. And these routers communicate with each other so they can

direct or route the data to their intended destination. And trace route is

intended destination. And trace route is used to find out the exact path a data packet takes and to find potential problems such as bottlenecks on its way

to its destination. So for example, let's go ahead and trace the route from our computer to another computer or device out on the internet. So at a

command prompt, we would type trace RT and then the IP address or domain name such as example.com and then we'll press enter. Then the data packet will find

enter. Then the data packet will find its way to the destination. And each

time it reaches a router on its path, which is referred to as a hop, it'll report back information about that router, such as the IP address and the

time it took between each hop, which is reported in milliseconds. So, the trace RT utility is a great tool that can be used to pinpoint where a problem lies on

a network if there's a bottleneck somewhere or if the data packet cannot reach its destination.

And our next command is NS lookup. And

this name is short for name server lookup. And this is used for looking up

lookup. And this is used for looking up DNS information about a domain. And if

you're not familiar with DNS, DNS stands for domain name system. And its job is to resolve domain names to IP addresses.

So when you type in a domain name such as example.com into a web browser, DNS will resolve that domain name into a number which is an IP address so you can

retrieve the website. And it has to do this because computers don't understand names. They only understand numbers. And

names. They only understand numbers. And

you can use nsookup if you're experiencing problems related to DNS. So

for example, you can look up an IP address of a domain name if you want to.

So at a command prompt, if you type in nsookup along with a domain name such as example.com, the result will give you information about the example.com domain

such as the IP address.

And the next command is ARP, which stands for address resolution protocol.

So where DNS is used to resolve IP addresses to domain names, ARP is used to resolve IP addresses to MAC addresses. In order for a computer to

addresses. In order for a computer to communicate with another computer or device, it needs to know the MAC address of that computer or device. So the first thing that the computer does is check

its ARP cache to see whether it already has the MAC address for that computer.

In fact, we can check this ourselves at a command prompt by using the ARP command. So at a command prompt, type

command. So at a command prompt, type ARP with a minus a switch. And as you can see in the output below, it has no entries at all. So since there are no entries, if a computer wants to

communicate with another computer, it will ask that computer with the corresponding IP address for its MAC address. Then once it has the MAC

address. Then once it has the MAC address, it'll store this information in its ARP cache. So let's do the same commands as before. And now you can see

the IP address and matching MAC address has been added to the ARP cache. So the

ARP command is a good way to manually check which IP address is associated with a certain MAC address.

And now our next command is called netstat which stands for network statistics. Now this is a useful tool

statistics. Now this is a useful tool that is used to display current network connections to your computer. So in our example here we can visually see that

our computer is currently communicating with an FTP server and two HTTP web servers. And we can verify this by using

servers. And we can verify this by using the netstat command. So at a command prompt, we type netstat. And in this case, we're going to use a minus a switch. And then we'll press enter. And

switch. And then we'll press enter. And

in the output, we can see the two HTTP web servers and the FTP server that we're connected to. So even if you're not sure what connections your computer

currently has, you can use the nestat command to find out. And in addition to connections, it also displays which ports are open and listening for a

connection and the type of port that it's using, whether it's TCP or UDP.

And the next command is IP config. The

IP config command is another common tool, and this is used to display the network configuration for our computer.

So if you believe you are having an issue with certain services such as DHCP, DNS, default gateway or just to check your IP address, you can use the

IP config command to do this. So at a command prompt, if you type in IP config and then we're going to use a forward slashall switch, this will display the

full TCP IP configuration for our computer such as our computer name, DHCP server, MAC address, IP address, default

gateway, which is the router, DNS servers, and so on.

And finally, there's TCP dump. And this

is a command line tool that lets you capture and analyze network traffic.

This works similar to a network packet sniffer, catching and showing packets that go through the network interface of your device. It allows you to look

your device. It allows you to look closely and fix problems with the network and check for security holes.

NAP is an open-source tool for analyzing a network and security audits. It uses

different scanning techniques to obtain information on network devices, open ports and running services, including

TCP and UDP scans and ICMP echo request scans.

LLDP or link layer discovery protocol and CDP Cisco discovery protocol are layer 2 protocols that let you find devices on your network that are close

by. Both of these protocols help you

by. Both of these protocols help you with managing and fixing networks by giving information about the devices on the network such as what kind of devices

they are, what the devices do, and what ports they use. CDP is a Ciscoon

standard while LLDP is an open standard.

A speed tester is a website tool that tells you how fast an internet connection is by measuring things like download and upload speeds, lag, and so

on. These tests will help you figure out

on. These tests will help you figure out how fast your internet is and what might be wrong. As a network administrator,

be wrong. As a network administrator, you're most likely going to make your own custom length network cables. Now,

after you have cut the cable, arranged the wires, removed the plastic shielding, and crimped an RJ45 connector to the ends, the next thing to do is to

test the cable. And this is done by using a cable tester. A cable tester is used to verify continuity and if the wires are arranged correctly. So you

would just connect both ends of the cable into the tester and then the tester will cycle through all the pins in the cable to make sure that the cable

is properly wired and connected.

A tone generator is also known as a fox and hound. And this is a tool that is

and hound. And this is a tool that is used for tracing cables from one end to the other. So, for example, let's say

the other. So, for example, let's say that you wanted to isolate this network cable and find the other end that's connected to this patch panel. And as

you can see, this patch panel has multiple cables plugged into it. And

this patch panel is located in a different part of the building. So, in

this scenario, it'll be very difficult to find the other end of the cable. So,

that's where a tone generator comes in.

So you just connect the tone generator tool at one end of the cable that you want to isolate and then it will generate a tone through the cable all

the way to the other end. And then with the probe, you would just jump from cable to cable on the patch panel until you find the cable. Then once the probe

detects the tone coming from the cable, the probe will generate a sound indicating that it has found the cable.

A Wi-Fi analyzer is a tool that helps you understand and improve the operation of your wireless network. It tells you about Wi-Fi signals, such as how strong

they are, what channels they are using, and what wireless access points are nearby. You can use this tool for things

nearby. You can use this tool for things such as troubleshooting Wi-Fi problems, the best place to put your Wi-Fi access point, and the best channels to use for

your network.

And a visual fault locator is a tool for finding problems with fiber optic cables. And this works by sending a red

cables. And this works by sending a red laser light into the center of a fiber optic cable. This red light will escape

optic cable. This red light will escape at the point of the problem if a problem is detected, such as a break or a severe bend. The light that escapes from the

bend. The light that escapes from the cable can be seen with the naked eye, which allows you to find the exact spot where the problem lies.

A network tap enables network administrators to get in the path of network packets. It's a portable network

network packets. It's a portable network device that gives you access to networks for monitoring purposes and data traffic collection. So, for example, if you

collection. So, for example, if you wanted to monitor the traffic between a couple of devices, such as a router and a switch, you would connect a network cable from the router and the switch

into the network tap and then connect another cable into a device such as a laptop. And now the tap will collect the

laptop. And now the tap will collect the data packets that are flowing between the switch and the router and then send it to the laptop for an analysis.

When you need to fix something on a network device such as a router or a switch, one of the best and basic command line tools is the show command.

The show command is a Cisco tool that you can use to show different settings on a network. So for example, there's the show MAC address table command. This

shows the MAC address table from a device such as a Cisco switch. It shows

the MAC addresses of the devices that are connected to the switch. It also

shows which port they are connected to and which VLAN they belong to.

Another command is the show route. This

shows the routing table of a network device such as a router.

The show interface command shows information about network interfaces.

This is used to show the configuration and can help identify problems with a network interface. It shows whether the

network interface. It shows whether the interface is up or down or disabled and it can also show the speed of the interface.

The show config command is used to show a devices current configuration.

The show ARP command displays the ARP cache on a device.

The show VLAN shows information about what VLANs are configured on a switch.

It shows things such as the VLAN IDs, the associated ports, and status.

And finally, we have the show power command. Now, this shows information

command. Now, this shows information about the power that a certain device such as a router or switch uses. It

shows the voltage, current, and how much power it's using.

>> [music] [music] >> When troubleshooting networks, there are certain procedures for solving network problems. And here are some of the steps to do that. So the first step is to

gather as much information about the problem. And this starts with

problem. And this starts with questioning the users such as when did the problem occur? Were there any specific error messages? And does it

happen all the time or intermittently?

So, by gathering as much information as possible in the beginning, it'll greatly enhance the diagnosing process and ultimately fixing the problem a lot

faster. And the next step is to identify

faster. And the next step is to identify the symptoms. So, a good question to ask is, is the problem isolated at one particular location or is it spread

across several locations? So for

example, let's say that everyone on a LAN cannot access a network. So one of the first places to look would be the switch because we all know that all the

computers connect to this single device and if the switch wasn't working properly, it would affect everyone or if the problem was isolated at one

particular computer, then in this case we would not check the switch. But a

good place to start is that we would have to check the cable and connection for that particular computer. So when

this step is done correctly, it will dramatically cut down the diagnosing process and save a lot of time. So after

you have identified the symptoms, the next step is to establish what has changed. Problems don't occur at random.

changed. Problems don't occur at random.

They happen for a reason. So the next question to ask is, did anything change prior to the problem happening? Was

there any hardware removed or added? Was

there any software installed or uninstalled? Or did the user download

uninstalled? Or did the user download anything?

The next step is to duplicate the problem if possible. In general

troubleshooting, the process of accurately reproducing the problem is essential for determining the root of the issue and coming up with possible fixes. And by doing this, you can

fixes. And by doing this, you can methodically test modifications and pinpoint the problem by repeatedly duplicating the problem. And if there

are multiple problems, the best approach is to approach these problems individually. Because if you try to fix

individually. Because if you try to fix everything at the same time, this could cause confusion and chaos. So it's best to tackle one issue at a time, primarily

based on which problem is having the biggest impact on the network.

So after identifying the problem, the next phase is to establish a theory of probable cause. This is where you need

probable cause. This is where you need to try and keep this step as simple as possible. Always look for the simple and

possible. Always look for the simple and the obvious solutions before digging deeper. So for example, see if the

deeper. So for example, see if the computer or device is even turned on.

Check to see if the cables are plugged in. Check the simple LEDs. And by doing

in. Check the simple LEDs. And by doing this, you will be amazed how the simplest solutions will fix most network problems.

But if the obvious didn't fix the problem, you can try a top tobottom or bottom to top approach using the OSI model. So for example, if there was a

model. So for example, if there was a problem with software, which is at the top of the OSI model, you can start with diagnosing the application that's having

issues and work your way down. Or if you suspect you're having a hardware issue, you can start at the bottom of the OSI model and start diagnosing physical

hardware such as faulty cables, switches, computers, and so on.

And the next phase is to test the theory to determine the cause. If the theory is confirmed, determine the next steps to resolve the problem. If the theory is

not confirmed, establish a new theory or escalate it.

And the next step is to establish a plan of action and solution including potential effects. Now this step is the

potential effects. Now this step is the cautious phase. So before taking any

cautious phase. So before taking any action to solve a problem, you must know what effect this will have on the network. So for example, if you were to

network. So for example, if you were to take a device offline, how will this affect the rest of the network? And by

doing this, does this distract everyone else or be isolated at one area?

And the next step is to implement the solution or escalate as necessary. Now

this step is where you actually take action to solve the problem. This is

where you would know if your plan of action has solved the problem or not.

And if it hasn't, then the problem needs to be escalated. But if the action solved the problem, verify full system functionality and implement preventive

measures if applicable.

And finally, the last step is to document the solution and process. Now,

this step is a very important one. So,

now that the problem is solved, it's very important to document the problem and the solution so that if it ever happens again, we'll know not only how to solve the problem as fast as

possible, but also to take preventive measures so that the problem will never happen again. So the things to include

happen again. So the things to include in the documentation are the problem itself, what actually caused the problem and how did you fix it. So by following

all these steps carefully, you can be assured to diagnose and solve problems effectively as a network administrator.

So guys, I want to thank you for watching this video on the CompTIA Network Plus. And also, I do recommend

Network Plus. And also, I do recommend getting a good book to study for the exam because you never want to rely on just one source when studying for the exam. And I'll put a link in the

exam. And I'll put a link in the description below of this video of a book that I personally recommend. And

also, if you want to help support my channel, you can become a member by clicking the join button below, and you'll get access to exclusive behindthecenes content.