• The purpose of ICMP messages is to provide feedback about issues related to the processing of

IP packets under certain conditions.

• The ICMP messages common to both ICMPv4 and ICMPv6 are: Host reachability, Destination or
Service Unreachable, and Time exceeded.

• The messages between an IPv6 router and an IPv6 device including dynamic address allocation
include RS and RA. The messages between IPv6 devices include the redirect (similar to IPv4), NS
and NA.

• Ping (used by IPv4 and IPv6) uses ICMP echo request and echo reply messages to test
connectivity between hosts

• Ping can be used to test the internal configuration of IPv4 or IPv6 on the local host.

• Traceroute (tracert) generates a list of hops that were successfully reached along the path.

• ICMP

• ICMPv4

• ICMPv6

• ping

• traceroute

• tracert

• Network Discovery Protocol

• Router Solicitation (RS)

• Router Advertisement (RA)

• Neighbor Solicitation (NS)

• Neighbor Advertisement (NA)

• TTL

• The transport layer is the link between the application layer and the lower layers that are
responsible for network transmission.

• The transport layer includes TCP and UDP.

• TCP establishes sessions, ensures reliability, provides same-order delivery, and supports flow
control.

• UDP is a simple protocol that provides the basic transport layer functions.

• UDP reconstructs data in the order it is received, lost segments are not resent, no session
establishment, and UPD does not inform the sender of resource availability.
• The TCP and UDP transport layer protocols use port numbers to manage multiple simultaneous
conversations.

• Each application process running on a server is configured to use a port number.

• The port number is either automatically assigned or configured manually by a system

administrator.

• For the original message to be understood by the recipient, all the data must be received and
the data in these segments must be reassembled into the original order.

• Sequence numbers are assigned in the header of each packet.

• Flow control helps maintain the reliability of TCP transmission by adjusting the rate of data flow
between source and destination.

• A source might be transmitting 1,460 bytes of data within each TCP segment. This is the typical
MSS that a destination device can receive.

• The process of the destination sending acknowledgments as it processes bytes received and the
continual adjustment of the source’s send window is known as sliding windows.

• To avoid and control congestion, TCP employs several congestion handling mechanisms.
• Application layer protocols are used to exchange data between programs running on the source
and destination hosts. The presentation layer has three primary functions: formatting, or
presenting data, compressing data, and encrypting data for transmission and decrypting data
upon receipt. The session layer creates and maintains dialogs between source and destination
applications.

• In the client/server model, the device requesting the information is called a client and the device
responding to the request is called a server.

• In a P2P network, two or more computers are connected via a network and can share resources
without having a dedicated server.

• The three common HTTP message types are GET, POST, and PUT.

• Email supports three separate protocols for operation: SMTP, POP, and IMAP.

• DNS protocol matches resource names with the required numeric network address.

• DHCP for IPv4 service automates the assignment of IPv4 addresses, subnet masks, gateways,
and other IPv4 networking parameters. The DHCPv6 messages are SOLICIT, ADVERTISE,
INFORMATION REQUEST, and REPLY.

• An FTP client is an application which runs on a computer that is being used to push and pull data
from an FTP server.

• Three functions of SMB messages: start, authenticate, and terminate sessions, control file and
printer access, and allow an application to send or receive messages to or from another device.
• Application Layer • IMAP

• Presentation Layer • Domain Name Service (DNS)

• Session Layer • Fully-Qualified Domain Names (FQDNs)

• Client-server model • nslookup

• Peer-to-peer • Dynamic Host Configuration Protocol

(DHCP)
• Uniform Resource Locator (URL)
• DHCPDISCOVER
• Uniform Resource Identifiers (URI)
• DHCPOFFER
• HTTP/HTTPS
• DHCPREQUEST
• GET
• DHCPACK
• POST
• File Transfer Protocol (FTP)
• PUT
• Server Message Block (SMB)
• SMTP

• POP
• After the threat actor gains access to the network, four types of threats may arise: information
theft, data loss and manipulation, identity theft, and disruption of service.

• There are three primary vulnerabilities or weaknesses: technological, configuration, and security
policy.

• The four classes of physical threats are: hardware, environmental, electrical, and maintenance.

• Malware is short for malicious software. It is code or software specifically designed to damage,
disrupt, steal, or inflict “bad” or illegitimate action on data, hosts, or networks. Viruses, worms,
and Trojan horses are types of malware.

• Network attacks can be classified into three major categories: reconnaissance, access, and
denial of service.

• To mitigate network attacks, you must first secure devices including routers, switches, servers,
and hosts. Most organizations employ a defense-in-depth approach to security. This requires a
combination of networking devices and services working together.

• Several security devices and services are implemented to protect an organization’s users and
assets against TCP/IP threats: VPN, ASA firewall, IPS, ESA/WSA, and AAA server.

• Infrastructure devices should have backups of configuration files and IOS images on an FTP or
similar file server. If the computer or a router hardware fails, the data or configuration can be
restored using the backup copy.

• The most effective way to mitigate a worm attack is to download security updates from the
operating system vendor and patch all vulnerable systems. To manage critical security patches,
to make sure all end systems automatically download updates.

• AAA is a way to control who is permitted to access a network (authenticate), what they can do
while they are there (authorize), and what actions they perform while accessing the network
(accounting).

• Network firewalls reside between two or more networks, control the traffic between them, and
help prevent unauthorized access.

• Securing endpoint devices is critical to network security. A company must have well-
documented policies in place, which may include the use of antivirus software and host
intrusion prevention. More comprehensive endpoint security solutions rely on network access
control.

• For Cisco routers, the Cisco AutoSecure feature can be used to assist securing the system. For
most OSs default usernames and passwords should be changed immediately, access to system
resources should be restricted to only the individuals that are authorized to use those resources,
and any unnecessary services and applications should be turned off and uninstalled when
possible.

• To protect network devices, it is important to use strong passwords. A passphrase is often easier
to remember than a simple password. It is also longer and harder to guess.
• For routers and switches, encrypt all plaintext passwords, setting a minimum acceptable
password length, deter brute-force password guessing attacks, and disable an inactive privileged
EXEC mode access after a specified amount of time.

• Configure appropriate devices to support SSH, and disable unused services.

.

• Factors to consider when selecting network devices for a small network are cost, speed and
types of ports/interfaces, expandability, and OS features and services.

• When implementing a network, create an IP addressing scheme and use it on end devices,
servers and peripherals, and intermediary devices.

• Redundancy can be accomplished by installing duplicate equipment, but it can also be

accomplished by supplying duplicate network links for critical areas.

• The routers and switches in a small network should be configured to support real-time traffic,
such as voice and video, in an appropriate manner relative to other data traffic.

• There are two forms of software programs or processes that provide access to the network:
network applications and application layer services.

• To scale a network, several elements are required: network documentation, device inventory,
budget, and traffic analysis.

• The ping command is the most effective way to quickly test Layer 3 connectivity between a
source and destination IP address.
• The Cisco IOS offers an "extended" mode of the ping command which lets the user create
special types of pings by adjusting parameters related to the command operation.

• A trace returns a list of hops as a packet is routed through a network.

• There is also an extended traceroute command. It allows the administrator to adjust parameters
related to the command operation.

• Network administrators view the IP addressing information (address, mask, router, and DNS) on
a Windows host by issuing the ipconfig command. Other necessary commands are ipconfig /all,
ipconfig /release and ipconfig /renew, and ipconfig /displaydns.

• Verifying IP settings by using the GUI on a Linux machine will differ depending on the Linux
distribution (distro) and desktop interface. Necessary commands are ifconfig, and ip address.

• In the GUI of a Mac host, open Network Preferences > Advanced to get the IP addressing
information. Other IP addressing commands for Mac are ifconfig, and networksetup -
listallnetworkservices and networksetup -getinfo <network service>.

• The arp command is executed from the Windows, Linux, or Mac command prompt. The
command lists all devices currently in the ARP cache of the host, which includes the IPv4
address, physical address, and the type of addressing (static/dynamic), for each device.

• The arp -a command displays the known IP address and MAC address binding.

• Common show commands are show running-config, show interfaces, show ip address, show
arp, show ip route, show protocols, and show version. The show cdp neighbor command
provides the following information about each CDP neighbor device: identifiers, address list,
port identifier, capabilities list, and platform.

• The show cdp neighbors detail command will help determine if one of the CDP neighbors has an
IP configuration error.

• The show ip interface brief command output displays all interfaces on the router, the IP address
assigned to each interface, if any, and the operational status of the interface.

• The six basic steps to troubleshooting Step 1. Identify the problem Step 2. Establish a theory of
probably causes. Step 3. Test the theory to determine the cause. Step 4. Establish a plan of
action and implement the solution. Step 5. Verify the solution and implement preventive
measures. Step 6. Document findings, actions, and outcomes.

• A problem should be escalated when it requires a decision of a manager, some specific

expertise, or network access level unavailable to the troubleshooting technician.

• OS processes, protocols, mechanisms and events generate messages to communicate their

status. The IOS debug command allows the administrator to display these messages in real-time
for analysis.

• To display log messages on a terminal (virtual console), use the terminal monitor privileged EXEC
command.
• network applications

• application layer services

• extended ping

• extended traceroute

• network Baseline

• ifconfig

• netsh interface ip delete arpcache

• scientific method

• debug

• terminal monitor