CompTIA Network+ Certification Guide E-Book

CompTIA Network+ Certification Guide

Copyright © 2018 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Commissioning Editor: Vijin BorichaAcquisition Editor: Heramb BhavsarContent Development Editor: Abhishek JadhavTechnical Editor: Swathy MohanCopy Editor:Safis EditingProject Coordinator: Jagdish PrabhuProofreader: Safis EditingIndexer: Priyanka DhadkeGraphics: Tom ScariaProduction Coordinator: Nilesh Mohite

First published: December 2018

Production reference: 1131218

Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK.

ISBN 978-1-78934-050-1

www.packtpub.com

Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

Why subscribe?

Spend less time learning and more time coding with practical eBooks and videos from over 4,000 industry professionals

Improve your learning with Skill Plans built especially for you

Get a free eBook or video every month

Mapt is fully searchable

Copy and paste, print, and bookmark content

Packt.com

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.packt.com and, as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.packt.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks. 

Contributors

About the authors

Glen D. Singh is a cyber-security instructor, consultant, entrepreneur and public speaker. He has been conducting multiple training exercises in offensive security, digital forensics, network security, enterprise networking and IT service management annually. He also holds various information security certifications, such as the EC-Council's Certified Ethical Hacker (CEH), Computer Hacking Forensic Investigator (CHFI), Cisco's CCNA Security, CCNA Routing and Switching, and many others in the field of network security. Glen has been recognized for his passion and expertise by both the private and public sector organizations of Trinidad and Tobago and internationally.

Rishi Latchmepersad is a Tier II data center engineer in the IP team at Air Link Networks, a medium-sized, Miami-based ISP that provides a number of video, co-location, and dedicated internet access facilities for numerous customers in the western-hemisphere. Rishi works alongside his team to manage the core IP network, managing infrastructure in a multi-vendor environment across several geographically diverse sites. Before taking on this role, Rishi worked at the University of the West Indies to develop a small network management solution (NMS) to measure several KPIs across a network by employing small probes in the network.

About the reviewer

Rishalin Pillay with over 11 years of cybersecurity experience has acquired a vast number of skills consulting for Fortune 500 companies while participating in projects involving the performance of tasks associated with network security design, implementation, and vulnerability analysis. 

He holds many certifications that demonstrate his knowledge and expertise in the cybersecurity field, including CISSP, CCNP Security, CCSPA, MCSE, MCT, A+, and Network+.

Rishalin currently works at a large software company as a senior cybersecurity engineer.

Packt is searching for authors like you

If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.

Table of Contents

Title Page

Copyright and Credits

CompTIA Network+ Certification Guide

About Packt

Why subscribe?

Packt.com

Contributors

About the authors

About the reviewer

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Get in touch

Reviews

The OSI Reference Model and the TCP/IP Stack

The OSI reference model

Relationship between the Protocol Data Unit (PDU) and Service Data Unit (SDU)

The seven layers of the OSI model

Application Layer

Presentation Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Physical Layer

Communication using the relay system

The TCP/IP protocol suite

The four layers of the TCP/IP protocol suite

Communication using the TCP/IP protocol suite

Summary

Questions

Network Ports, Protocols, and Topologies

Technical requirements

Network port numbers

Network protocols

Protocol types

ICMP

ICMP message types

ICMP Type 0 – Echo Reply

ICMP Type 3 – Destination Unreachable

ICMP Type 5 – Redirect

ICMP Type 8 – Echo Request

ICMP Type 11 – Time Exceeded

TCP

User Datagram Protocol (UDP)

Comparison of TCP and UDP

IP

Protocols and ports

File Transfer Protocol (FTP)

Secure Shell (SSH), Secure Copy (SCP), and Secure FTP (SFTP)

Telnet

Simple Mail Transfer Protocol (SMTP)

Domain Name System (DNS)

Dynamic Host Configuration Protocol (DHCP)

Trivial File Transfer Protocol (TFTP)

Hypertext Transfer Protocol (HTTP)

Post Office Protocol (POP)

Network Time Protocol (NTP)

Internet Message Access Protocol (IMAP)

Simple Network Management Protocol (SNMP)

Lightweight Directory Access Protocol (LDAP)

HTTP Secure (HTTPS)

Server Message Block (SMB)

Remote Desktop Protocol (RDP)

Network topologies

Star

Ring

Bus

Hub and spoke

Mesh

Hybrid

Tree

Types of networks

Introducing Ethernet and its evolution

Summary

Questions

Further reading

Ethernet

What is Ethernet?

The sublayers of Ethernet

The Data Link Layer

The LLC sublayer

The MAC sublayer

Fields in an Ethernet frame

MAC addresses

Transmission types at the Data Link Layer

The CAM table

Summary

Questions

Understanding IPv4 and IPv6

IPv4 concepts

Converting binary into decimal

Converting decimal into binary

The format of an IPv4 packet

Public IPv4 addresses

Private IPv4 addresses

Subnet mask

Determining the Network ID

The laws of ANDing

Special IPv4 addresses

Loopback addresses

Link-local

TestNet

IPv4 transmission types

Subnetting

Step 1 – determining an appropriate class of address and why

Step 2 – creating subnets (subnetworks)

Step 3 – assigning each network an appropriate subnet and calculating the ranges

Step 4 – VLSM and subnetting a subnet

IP version 6 concepts

The format of an IPv6 packet

IPv6 coexistence on a network

IPv6 address representation

Prefix length

Types of IPv6 addresses

IPv6 transmission types

Configuring an IP address on a Windows system

Configuring an IP address on a Linux system

Configuring an IP address on a Cisco IOS router

Summary

Questions

Further reading

Routing and Switching Concepts

Properties of network traffic

Collision domain

Broadcast domain

Contention-based communication

Carrier Sense Multiple Access/Collision Detection (CSMA/CD)

Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA)

Maximum Transmission Unit (MTU)

Network segmentation

Virtual Local Area Network (VLAN)

Types of VLANs

Trunks

Port mirroring

Spanning Tree Protocol (STP)

Port roles

Routing protocols

Routing types

Static routing

Dynamic routing

Default route

Distance-vector routing protocols

Routing Information Protocol (RIP)

Enhanced Interior Gateway Routing Protocol (EIGRP)

Link-state routing protocols

Open Shortest Path First (OSPF)

Path vector routing protocol

Border Gateway Protocol (BGP)

Network Address Translation (NAT)

Static NAT

Dynamic NAT

PAT

Summary

Questions

Wireless and Cloud Technologies

Wireless technologies

Z-Wave

ANT+

Bluetooth

IEEE 802.15

Near Field Communication (NFC)

Infrared

Radio-Frequency Identification (RFID)

IEEE 802.16

802.11 wireless standards

802.11a

802.11b

802.11g

802.11n

802.11ac

802.11 comparison table

Frequencies

2.4 GHz

5 GHz

Cellular technologies

GSM

TDMA

CDMA

4G and LTE

Antenna and power requirements

Site surveys

Types of wireless LAN topologies

Wireless router configurations

Cloud computing

Types of cloud services

Software as a Service (SaaS)

Platform as a Service (PaaS)

 Infrastructure as a Service (IaaS)

Cloud delivery models

Private

Public

Hybrid

Community

Summary

Questions

Further reading

Network Components

Networking cables and connector types

Copper cables

Unshielded Twisted Pair (UTP) copper cables

Shielded Twisted Pair (STP) copper cables

Coaxial copper cables

Copper cable and termination standards

Fiber cables

Single-mode fiber (SMF) cables

MMF cables

Plenum-rated cables

Connector types

Copper cable connector types

Registered Jack (RJ)-45

RJ-11

Bayonet Neill-Concelman (BNC)

F-type

DB-9 and DB-25

Fiber cable connector types

Little Connector (LC)

Straight Tip (ST)

Subscriber Connector (SC)

Mechanical Transfer Registered Jack (MT-RJ)

Angled Physical Connector (APC) versus Ultra Polished Connector (UPC)

Transceivers

Gigabit Interface Converter (GBIC)

Small Form-Factor Pluggable (SFP), Enhanced Small Form-Factor Pluggable (SFP+), and Quad Small Form-Factor Pluggable (QSFP)

Duplex and bidirectional transceivers

Termination points

66 and 110 blocks

Patch panels

Copper termination standards

TIA/EIA 568A versus TIA/EIA 568B

Crossover versus straight-through

Networking devices and their deployment

Layer 1 devices

Hubs

Modulators/Demodulators (Modems)

Media converters

Wireless Access Points (WAPs) and Wireless Repeaters

Layer 2 devices

Bridges and switches

Layer 3 and higher devices

Routers

Security appliances

Voice over Internet Protocol (VoIP) devices

Servers

Summary

Questions

Further reading

Network Virtualization and WAN Technologies

Virtualization with networking concepts

Hypervisors

Type 1 hypervisor

Type 2 hypervisor

Virtual networking components

Virtual Switch (vSwitch)

Virtual firewall

Virtual routers

Storage technologies

NAS

SAN

Connection type

FC

Fibre Channel over Ethernet (FCoE)

Fibre Channel over IP (FCIP)

Jumbo Frame

WAN technologies

WAN topologies

P2P

Hub and spoke

Full mesh

Dual-homed

WAN service types

Integrated Services Digital Network (ISDN)

Leased lines

T1/T3

E1/E3

Digital Subscriber Line (DSL)

Metropolitan Ethernet

Cable broadband

Dial-up

MPLS

ATM

Frame Relay

Point-to-Point Protocol (PPP)

Point-to-Point Protocol over Ethernet (PPPoE)

Dynamic Multipoint VPN (DMVPN)

Transmission mediums

Satellite

Wireless

Copper cable

Fiber optic

WAN termination

Summary

Questions

Further reading

Business Continuity and Disaster Recovery Concepts

The role of documentation and diagrams

General documentation and diagramming concepts

Physical infrastructure documentation

Operational documentation

Business continuity and disaster recovery

Designing high-availability networks

Redundancy in power delivery

Recovery processes

Availability metrics

Common operational processes

Scanning and patching processes

Continuous monitoring

Summary

Questions

Further reading

Network Identity Management and Policies

Remote access methodologies

VPN

IPsec

Confidentiality

Encryption

Symmetric algorithm

Asymmetric algorithm

Integrity

Authentication

Anti-replay

Diffie-Hellman

IPsec protocols

Authentication Header (AH)

Encapsulation Security Payload (ESP)

SSL

Transport Layer Security (TLS)

VPN topologies

Site-to-site VPN

Remote access VPN

Remote Desktop Protocol (RDP)

Secure Shell (SSH)

Telnet

HTTPS

Identity policies and best practices

AUP

BYOD policy

Internet access policy

Password policy

Remote access policy

User account policy

Wireless network policy

Summary

Questions

Network Security Concepts

Wireless security

Wireless encryption standards

Wired Equivalent Privacy (WEP)

Wi-Fi Protected Access (WPA)

Wi-Fi Protected Access 2 (WPA2)

Authentication and security on a wireless network

Extensible Authentication Protocol (EAP)

EAP Flexible Authentication via Secure Tunneling (EAP-FAST)

EAP Transport Layer Security (EAP-TLS)

EAP Tunneled Transport Layer Security (EAP-TTLS)

Protected Extensible Authentication Protocol (PEAP)

MAC filtering

Geofencing

Network attacks and threats

Denial-of-Service (DoS)

Reflective

Amplified

Distributed

Social engineering

Insider threat

Logic bomb

Rogue Access Point (AP)

Evil twin

War-driving

Ransomware

DNS poisoning

ARP poisoning

Deauthentication

Brute force

Virtual Local Area Network (VLAN) hopping

Exploits versus vulnerabilities

Securing networking devices

 Changing default credentials

Microsoft Windows

Linux

Other devices

Avoiding common passwords

Device hardening

Disabling unnecessary services

Disabling services in Windows

Linux

Cisco

Network scanning

Disabling physical ports

Mitigation techniques

Network segmentation – Demilitarized Zone (DMZ)

Network segmentation – VLANs

Changing the native VLAN

Spanning Tree Protocol (STP) threat mitigation techniques

Bridge Protocol Data Unit (BPDU) guard

Root guard

DHCP snooping

Honeypot and honeynet

Penetration testing

Summary

Questions

Further reading

TCP/IP Security

Vulnerabilities at the Application Layer

Cross Site Scripting (XSS)

SQL injection (SQLi)

Lightweight Directory Access Protocol (LDAP) injection

Cross-Site Request Forgery (CSRF)

Session hijacking

Cookie poisoning

DNS

Distributed Denial-of-Service (DDoS)

Registrar hijacking

Cache poisoning

Typosquatting

Vulnerabilities at the Transport Layer

Fingerprinting

Enumeration

DNS enumeration

DNS zone transfer

Microsoft RPC Endpoint Mapper

SMTP

SYN flooding

TCP reassembly and sequencing

Vulnerabilities at the Internet Layer

Route spoofing

IP address spoofing

Internet Control Message Protocol (ICMP)

DoS vulnerability in ICMP

Smurf attack

Teardrop attack

Ping of Death (PoD)

Vulnerabilities at the Network Access/Link Layer

Data Link Layer

Address Resolution Protocol (ARP) poisoning

Sniffing

Broadcast storms

VLAN hopping

Physical Layer

Wiretapping

Other physical issues

Securing TCP/IP using a DiD approach

Mitigating security threats

Implement a next-generation firewall

Implement an IPS

Implement Web Security Appliance (WSA)

Implementing Email Security Appliance

Implement layer 2 security on switches

Implement Virtual Private Networks (VPNs)

Other important security checks

Summary

Questions

Organizational Security

Physical security

Video surveillance

Asset-tracking tags

Tamper detection

Prevention techniques

Badges

Biometrics

Security tokens

Locks

Authentication concepts

Remote Authentication Dial-In User Service (RADIUS)

Terminal Access Controller Access Control System (TACACS)

Kerberos

Multi-Factor Authentication (MFA)

Summary

Questions

Troubleshooting a Network

Proper network troubleshooting methodology

Utilizing appropriate troubleshooting tools

Hardware-based troubleshooting tools

Software-based troubleshooting tools

Common issues on wired networks

Common issues on wireless networks

Common network service issues

Summary

Questions

Further reading

Assessment

Chapter 1: The OSI Reference Model and the TCP/IP Stack

Chapter 2: Network Ports, Protocols, and Topologies

Chapter 3: Ethernet

Chapter 4: Understanding IPv4 and IPv6

Chapter 5: Routing and Switching Concepts

Chapter 6: Wireless and Cloud Technologies

Chapter 7: Network Components

Chapter 8: Network Virtualization and WAN Technologies

Chapter 9: Business Continuity and Disaster Recovery Concepts

Chapter 10: Network Identity Management and Policies

Chapter 11: Network Security Concepts

Chapter 12: TCP/IP Security

Chapter 13: Organizational Security

Chapter 14: Troubleshooting a Network

Other Books You May Enjoy

Leave a review - let other readers know what you think

Preface

CompTIA-certified professionals have always held the upper hand in the IT industry. This book will be your ideal guide to passing and achieving this certification efficiently, learning from industry experts and implementing their practices in order to resolve complex IT issues.

This book will focus on networking concepts; readers will learn everything from network architecture to security, network monitoring, and troubleshooting. This book will not only prepare readers conceptually, but will also help them to pass the N10-007 exam.

This guide will also provide practical exercises at the end of every chapter, where readers can ensure that they understand the concepts fully.

By the end of this book, readers will leverage this guide and the included practice questions to boost their confidence in appearing for the actual certificate.

Who this book is for

This book is intended for readers wanting to pass the CompTIA Network+ certificate. Rookie network engineers and system administrators interested in enhancing their networking skills would also benefit from this book. No prior knowledge of networking is required.

What this book covers

Chapter 1, The OSI Reference Model and the TCP/IP Stack, covers both the OSI reference model and TCP/IP stack, and the purpose of network port numbers, protocols, and network design (topologies). Furthermore, the reader will be introduced to IP addressing and subnetting, the fundamentals of routing and switching concepts, and cloud technologies.

Chapter 2, Network Ports, Protocols, and Topologies, discusses the importance of network ports on a system and the different protocols that are used in networks. The reader will also learn about network design using diagrams that are known as network topologies.

Chapter 3, Ethernet, explains the fundamentals of Ethernet and its importance on a network. This chapter also covers the sub-layers of Ethernet and how each sub-layer interacts with other components and protocols on the network.

Chapter 4, Understanding IPv4 and IPv6, delves into the different classes of IP addressing and their assignments. The second half of this chapter will teach the reader how to break down an IP address block into smaller subnetworks for better efficiency.

Chapter 5, Routing and Switching Concepts, covers the properties of network traffic, segmentation, network performance concepts, how traffic is routed between networks, and how switching works.

Chapter 6, Wireless and Cloud Technologies, explains the fundamentals of wireless technologies and configurations. The second half of this chapter will discuss cloud technologies and their uses.

Chapter 7, Network Components, describes the different types of wired media and their connectors and determines the appropriate placement of networking devices on a network.

Chapter 8, Network Virtualization and WAN Technologies, helps the reader to understand how virtualization technologies can be used in a network infrastructure and its benefits, while exploring network storage technologies and wide-area network technologies and concepts.

Chapter 9, Business Continuity and Disaster Recovery Concepts, focuses on network uptime and ensuring a high availability of network resources. It provides an insight into business continuity and disaster recovery concepts, ensuring that proper network documentation and topology diagrams are available and secured. Concluding this chapter, the reader will be able to use appropriate tools to scan and monitor a network to prevent and mitigate security risks.

Chapter 10, Network Identity Management and Policies, discusses how access works on a network and introduces methods for ensuring that it is secure for users and organizations. We will then dive into discussing identity management, policies, and best practices.

Chapter 11, Network Security Concepts, focuses primarily on understanding the different types of cybersecurity threats and network attacks, securing a wireless and wired network infrastructure using best practices and mitigation techniques.

Chapter 12, TCP/IP Security, focuses on the vulnerabilities in the TCP/IP design and how an attacker can take advantage of weaknesses in the layers of the TCP/IP stack to leverage an attack and exploit these vulnerabilities further. The reader will learn how to adopt best practices and apply security to the TCP/IP stack.

Chapter 13, Organizational Security, covers a number of aspects of organizational security, providing the reader with information on physical security concepts, such as the purpose of physical devices and access control methods and concepts. This is important when it comes to helping to restrict unauthorized access to the physical network infrastructure and its components.

Chapter 14, Troubleshooting a Network, teaches the reader how to troubleshoot using a systematic approach involving a variety of methods, using the appropriate network security tools to identify and mitigate various network security threats, and troubleshooting both a wired and wireless network infrastructure and network services.

To get the most out of this book

In this book, we need the following:

PC with working Internet connection

Wireless router

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://www.packtpub.com/sites/default/files/downloads/9781789340501_ColorImages.pdf.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packt.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in, and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Reviews

Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit packt.com.

The OSI Reference Model and the TCP/IP Stack

The Internet—the largest computer network in the world today, is constructed from several protocols and protocol suites that work together to allow users (like you and I) to communicate across the globe. A protocol is simply a rule, or a collection of rules and conventions, that a device (such as your computer) follows in order to communicate with other devices around the world (which follow those same rules). A protocol suite is simply a collection of these rules, which work together to allow complex applications on networking devices (for example, web browsers on your computer) to communicate with billions of other devices around the world, through an assortment of networking equipment and media:

In this chapter, we will discuss two protocol suites in particular that have largely influenced the internet as we know it today:

The

Open Systems Interconnection

(

OSI

) reference model

The

Transmission Control Protocol

/

Internet Protocol

(

TCP

/

IP

) suite

Although these two protocol suites possess significant differences between them, they both serve as important blocks in the foundation of the internet, and, as such, they both continue to exist as important concepts that budding Network Engineers and System Administrators must understand and appreciate if they wish to become exceptional in their careers.

By understanding these two protocol suites, professionals add an important tool to their arsenal of network troubleshooting weaponry; namely, a systematic, step-by-step approach to be followed in the diagnostic processing of any networking issue, which both simplifies and speeds up the process of pinpointing the root cause of an issue and the rectification of the situation. These suites allow both equipment vendors and Network Engineers to segment the operation of a network into several discrete modular parts or layers, and deal with each layer individually. This allows us to focus on a single part of a system at a time, thus greatly simplifying the development and troubleshooting of networking equipment.

To illustrate this concept in a real-life scenario, consider the following situation—you're a System Administrator in a small IT firm. It's 4 o'clock on a Friday evening and you're excited to clock out and start your weekend. Suddenly, your Syslog Server starts sending emails to all the administrators in your team, complaining about a reachability issue regarding a particular server in your datacenter. Your co-workers immediately begin to panic, knowing that several employees have already left and that they'll likely be working late on a Friday evening. However, since you've mastered your protocol suites, you immediately locate the server and begin troubleshooting the issue from the Physical Layer upwards, quickly locating a disconnected cable to the server and saving your team a lot of troubleshooting time and stress:

For the rest of this chapter, we will first discuss the OSI reference model, delving into a bit of its history and the combination of factors and entities that led to its development and subsequent publication in 1984, before discussing each of the seven layers of the developed model in detail, explaining the purpose of each of the layers and illustrating how each of the layers interact to effect communication between devices across a network. We will then introduce the TCP/IP protocol suite, comparing and contrasting it to the OSI reference model, and similarly explaining and illustrating how each of the layers plays a vital role in transmitting messages across a network. Lastly, we will conclude this chapter with a set of practice questions, which will allow you to test how much information you've retained about the content we've covered in this chapter.

The OSI reference model

Development of the OSI reference model began in the late 1970s in response to the amalgam of proprietary, non-interoperable networking equipment and protocols that vendors were creating at that time. Networks had to be built entirely out of equipment from a single vendor, since networks built from equipment from different vendors could not easily be interconnected. The OSI reference model was thus designed as one solution to this interoperability problem. The development of this model was fueled by two teams—one from the International Organization for Standardization (ISO), and the other from the Consultative Committee for International Telephony and Telegraphy (CCITT). The aim of the model was to become a global framework for protocol development, allowing a diverse array of networking and computing architecture to easily interconnect and communicate.

The standard describing the model, titled ISO/IEC 7498-1, was initially published in 1984, with a second edition succeeding it in 1994.

The OSI reference model described by the standard consists of seven layers:

The Application Layer (layer 7)

The Presentation Layer (layer 6)

The Session Layer (layer 5)

The Transport Layer (layer 4)

The Network Layer (layer 3)

The Data Link Layer (layer 2)

The Physical Layer (layer 1)

With this model in mind, protocol developers create their protocols for a specific N layer. At this particular layer, termed layer N, a protocol may communicate with other protocols at the same layer, but may not communicate with protocols at other layers directly. A protocol at layer N only utilizes the services provided by the layer following it (N-1 layer), and provides its services to the layer preceding it (N+1 layer):

At each N layer, protocols act on several bits of data, specifically:

Protocol Control Information (PCI)

: Information communicated among entities at a specific N layer

User Data (UD)

: Data transmitted between entities at a specific N layer on behalf of the entities above them at layer N+1, for whom they are providing services

Protocol Data Unit (PDU)

: A unit of data specified in a protocol at a layer N, consisting of both PCI and UD

Service Data Unit (SDU)

: Some information that is preserved through the lower layer N when transmitted between entities at the higher N+1 layer

Relationship between the Protocol Data Unit (PDU) and Service Data Unit (SDU)

To understand the relationship between this data, consider the following diagram of data being passed down from the upper layers to the lower layers during transmission of data from a sender to a receiver.

Data is passed down from a higher Layer N+1 to the current Layer N and becomes an SDU at the current layer. Layer N then adds its bits of PCI and UD (if present), and combines all of this data into a new PDU, which is to be passed down again to the lower Layer N-1 to become a new SDU at that lower layer. This process is termed encapsulation, as each SDU is encapsulated (contained) in a new PDU at the lower layers.

This process of encapsulation continues until the data reaches the lowest layer (the Physical Layer), at which point the data is transmitted over transmission media as a signal until it reaches the intended recipient. Then, the reverse process of decapsulation occurs. During this decapsulation process, protocols at each layer strip off the PCI and UD that are applicable to their layer, and pass the remaining SDU upwards to the higher layers, thereby delivering the data required by the upper layers and thus providing their services to the higher layers.

To understand this concept, consider that Alice, existing at Layer N+1, in this example wants to mail a letter to her friend Bob also existing at Layer N+1 in another country. Alice writes her letter, places it in an envelope, and hands it to the mailman for delivery. The mailman existing at Layer N collects the envelope from Alice and adds it to a pouch of other envelopes that are destined for that country, ensuring that it has all of the necessary information that the other mailmen might need. He then hands the pouch to the team responsible for airmail existing at Layer N-1. This airmail team then places the pouch in a box, ensuring that it has all of the information that their own teams need, and delivers the box to the destination country. The airmail team in the destination country then reads the addressing information that they need, removes the pouch from the box, and passes it up to the mailman in their area. The mailman, in turn, reads the address on the pouch and removes the envelope from the pouch, finally delivering just the envelope to Bob.

In this example, Bob has no idea about the pouches and boxes used to deliver Alice's letter; he only reads the actual letter that Alice has sent. In the same way, higher-level protocols in protocol suites are independent of the protocols below them, allowing certain protocols to be updated or changed without requiring the protocols at other layers to be changed as well.

Additionally, by using this layered OSI model, functionality of a complex networking or computing system can be broken up and grouped into each of the layers, with similar functions being collected in a single layer. This allows an engineer to easily describe the workings of that system by beginning at either the top or bottom or the model and working their way to the other end, describing the function or group of functions provided at each layer as they move through the model.

This concept becomes incredibly important to an engineer or administrator during the troubleshooting process. Rather than randomly trying things in an attempt to diagnose and solve issues on a system, engineers and administrators are now able to begin at one end and work through protocols at each layer, thereby developing a logical methodology for troubleshooting. CompTIA refers to this as the top-to-bottom, or bottom-to-top, troubleshooting methodology.

In the next section, we will discuss each of the layers of the OSI model in detail, which will help you understand which protocols can be grouped into which layers, and thus determine the steps to take in troubleshooting the protocols comprising a system.

The seven layers of the OSI model

The following diagram illustrates the seven layers of the OSI model. Communication between peer protocols (protocols at the same layer in different systems) is established using the same processes of encapsulation and decapsulation that we discussed previously. Remember that protocols may communicate with protocols in remote systems at the same layer, but not with protocols in different layers of those remote systems. PDUs are therefore exchanged between corresponding layers in remote systems referred to as open systems in the OSI model through physical media interconnections, allowing networking and computing devices to communicate all the way around the world:

Professionals and students alike have come up with several mnemonics and acronyms to help them remember the names of each of the layers. One such mnemonic is All People Seem To Need Data Processing, with the first letter of each word in the mnemonic corresponding to the first letter of each word in the OSI model. Feel free to make up your own method of remembering these layers!

Before delving into descriptions of each of the individual layers, it is important to distinguish between two important terms that often arise in discussions of protocol stacks—connection-mode transmissions and connectionless-mode transmissions. In a connection-mode or connection-oriented transmission, an association must first be established between two or more peer protocols before data can be transferred between these peer protocols. In contrast, in connectionless-mode transmissions, data may be transferred between peer protocols without a prior connection establishment.

Now, let's explore what each of these layers are actually responsible for.

Application Layer

The Application Layer (layer 7) is the highest layer in the OSI reference model (although you may sometimes hear coworkers joke about end users being the theoretical eighth layer). This is the layer that most end users of networks and systems are familiar with, as it is responsible for directly providing services to application processes or programs that we use on a day-to-day basis. This layer also encompasses any other services that are not provided by the lower layers. This includes functions of programs, as well as end users (the people using these devices). As the highest layer in the model, the Application Layer provides the means for processes and end users to access and interact with the OSI protocol stack. Applications and protocols that we utilize in our machines (such as web browsers and email clients) are categorized in this layer. Devices such as desktop computers, mobile phones, and special layer 7 or Application Layer firewalls operate at this layer. Common protocols at this layer include X.500 (used to provide electronic directory services) and X.400 (a message handling system).

Presentation Layer

The Presentation Layer (layer 6) follows, and is responsible for how information is represented while it's being transferred between Application Layer entities. This method of data representation is called the transfer syntax. Remember that lower layers in the protocol stack provide services to upper layers in the stack. In this case, the Presentation Layer makes a set of transfer syntaxes, which are available to the Application Layer. This layer therefore provides services such as encryption (ensuring that data is not easily readable while being transferred), decryption (making the data readable again), and translation of data between different structures. One protocol that exists at this layer is the X.216 protocol (the presentation service).

Session Layer

The Session Layer (layer 5) is the next layer in the OSI model. This layer is responsible for providing presentation layer protocols with a means to organize and synchronize their communication. This layer allows protocols above it to establish session connections, to exchange data in an orderly fashion, and to finally tear down or release the connection. Additionally, this layer may provide other services such as exception handling services (generating error dialogues when problems occur with the connection). An example of a protocol that exists at this layer is the X.215 protocol (the session service).

Transport Layer

Below the Session Layer is the Transport Layer (layer 4). This layer in the model is responsible for the transparent transferring of data between protocols at the session layer, providing a reliable and cost-effective means of transferring data from the preceding layers. This layer determines how best to utilize the available resources below it (the network services) in order to meet the performance demands of the session layer protocols above it. The Transport Layer assigns transport addresses to each Session Layer protocol that requires its services, and then uses these addresses to establish communication between Session Layer protocols. This communication may be connection-oriented or connectionless, and may allow multiple connections to the same Session Layer protocol. This layer may additionally provide services such as data segmentation (the breaking up of large chunks of data into smaller pieces), the generation of acknowledgements (providing a message when a chunk of data is delivered), and data reordering (ensuring that data is processed in the correct order on the receiving side). Examples of protocols at this layer include X.224 (the connection-mode service protocol) and X.234 (the connectionless-mode service protocol).

Network Layer

The next layer in the OSI reference model is the Network Layer (layer 3). This layer is responsible for providing the means to establish, maintain, and tear down network connections between network devices and computing systems in an interconnected system. It provides a means to transparently transfer data between transport layer protocols in different machines. This transportation of data is facilitated by network addresses, which uniquely identify each end system in an OSI interconnected system. The OSI model stipulates that network connections at this layer must be point-to-point (from a single system to only one other system), although it supports complex physical networking configurations.

Additionally, the Network Layer provides services for routing and relaying (moving data around networks and subnetworks), and error detection and recovery. Devices that operate at this layer include routers and layer 3 switches. Examples of protocols at this layer include the Intermediate System to Intermediate System (IS-IS) intra-domain routing protocol and the End System to Intermediate System (ES-IS) routing exchange protocol.

Data Link Layer

The Data Link Layer (layer 2) is the next layer in the reference model. This layer is responsible for the provision of both connection-oriented and connectionless communications among network protocols, through the transfer of data link SDUs. The connections in this layer are also facilitated by addresses called (unsurprisingly) data link addresses. These addresses provide a means for Network Layer protocols to identify each other, and to establish data link connections between themselves. In addition to setting up these connections, the data link layer also provides error notifications, sequence control (ordering of bits of data), and Quality of Service (QoS) parameters. These QoS parameters may allow a network protocol to specify certain requirements, such as the minimum throughput (speed at which data is transferred across a link) or the maximum tolerable error rate on the link. This layer can be further segmented into two sub layers—the Medium Access Control (MAC) and the Logical Link Control (LLC) sub layers. The LLC is responsible for providing addressing, flow control, error detection, and identification of which Network Layer protocol is utilizing the services at the Data Link Layer, while the MAC controls how hosts access the physical media. Devices that operate at this layer include switches and bridges. One example of a Data Link Layer protocol is the X.212 data link service protocol.

Physical Layer

Lastly, at the very base of the OSI model, exists the Physical Layer.  This layer provides the electrical, mechanical, and functional methods to move the actual bits of data (the 1s and 0s that encompass data in its raw forms) between networking and computing devices in order to facilitate the transparent transmission of bit streams between Data Link protocols. This movement of data is supported by various forms of media (both wired and wireless). Examples include copper cables or wireless channels. Data being transmitted across these various forms of media may flow in either half-duplex mode (in one direction at a time) or in full-duplex mode (in both directions simultaneously). Devices that operate at this layer include hubs and repeaters.

Communication using the relay system

Together, these seven layers work in tandem to facilitate communication across end systems. The top four layers (the Application, Presentation, Session, and Transport Layers) are generally considered to be the upper layers, while the lower three layers (Network, Data Link, and Physical Layers) are considered to be the lower layers. It is important to note that not all seven layers are required to be implemented on all of the devices that are present in the network. Some devices simply act as relay agents, supporting the lower layer protocols, while not decapsulating and processing the upper layers:

To illustrate the preceding diagram, consider that the two end devices being used are computers. Applications (such as web browsers) run on these computers and communicate at layer 7, but data for those applications may pass through relay devices that cannot run these applications. These relay devices may be equipment such as routers (devices that read addresses at the Network Layer and move packets between networks) or switches (devices that read addresses at the Data Link Layer and move frames between their ports). Routers, switches, broadcast domains, and collision domains will be discussed in depth in later chapters.

Now that we've explored the seven layers of the OSI reference model and described how systems exchange data using the processes of encapsulation and decapsulation, let's take a step back and establish some context for what we've learned. The OSI model, while being an important tool for explaining concepts and helping professionals develop methodical approaches to troubleshooting, is not widely implemented in the industry today. The reasons for this are numerous, but the most important factor is the existence of a second suite of protocols called the TCP/IP protocol suite or, alternatively, the IP suite. However, the distinctions between both models is often blurred, and many professionals combine the concepts of the OSI reference model with the devices and protocols that are in use today.

In the following section, we will examine this ubiquitous IP suite and consider how it compares to the OSI reference model.

The TCP/IP protocol suite

The IP suite, also called the TCP/IP protocol suite because of two of the key protocols in the stack, TCP and IP, is described in RFC 1122. The Internet Engineering Task Force (IETF) frequently publishes these technical documents related to the internet in the form of Request For Comments (RFCs).

In this RFC, the TCP/IP suite is defined as consisting of four layers:

Application Layer (layer 4)

Transport Layer (layer 3)

Internet Layer (layer 2)

Data Link Layer (layer 1)

We can immediately notice some key differences between both models. The OSI model we discussed previously consisted of seven layers, while this TCP/IP model consists of only four. The Presentation and Session Layers of the OSI model have been absorbed into the Application Layer, while the Physical and Data Link Layers of the OSI model have been combined to form the Link Layer here. The Internet Layer corresponds to the Network Layer of the OSI model, while the Transport Layer remains unchanged. This simplified structure of TCP/IP was actually a key factor in its dominance over the OSI model.

However, in spite of these differences, many of the concepts we discussed in the OSI reference model are also applicable to the TCP/IP suite. Applications still utilize the concepts of encapsulation and decapsulation that we discussed previously, and protocols at a particular layer still communicate with protocols at that same layer in end hosts (called internet hosts in the RFC). In the following section, we will dive into these layers in more detail, and show you how the applications we use every day utilize the TCP/IP protocol suite to transmit data to and from applications on other hosts across the internet.

The four layers of the TCP/IP protocol suite

The following diagram serves to illustrate the four layers of the TCP/IP protocol suite and to build upon the knowledge we gained during our study of the OSI reference model to illustrate data flows through each of the layers during the process of encapsulation. At each layer, data is passed down to the layer directly underneath and becomes an SDU or payload at that lower layer. A header, containing information that this lower layer requires, is then added to the SDU/payload, before the process is again repeated for the layer below it. Once the data reaches the Link Layer, it is transmitted across physical media before the reverse process of decapsulation begins:

Let's briefly discuss each of the layers that comprise the TCP/IP protocol suite:

Application Layer

: At the very top of the protocol stack exists the Application Layer. The programs that we use every day on our desktop computers and mobile devices exist at this layer. For example, every time you request a web page in your browser, you use the

Hypertext Transfer Protocol

(

H

TTP

) or

Hypertext Transfer Protocol Secure

(

HTTPS

) protocol. Protocols at this layer create data that needs to be transmitted to or received from other internet hosts.

Transport Layer

: The Transport Layer exists just below the Application Layer, and serves to provide the means for Application Layer protocols above it to transfer data. Devices such as desktop computers and mobile devices also run Transport Layer protocols. There are two well-known protocols at this layer—TCP and the

User Datagram Protocol

(

UDP

). TCP provides connection-oriented transmission of data, requiring a connection to be set up between internet hosts before data can be transmitted, but also providing features such as reliable, in-sequence delivery of data. UDP, on the other hand, is a connectionless protocol that does not require any setup before data can be transmitted, but also does not offer features such as guaranteed delivery of data. Applications access the services of Transport Layer protocols (and, by extension, lower layer protocols) through logical ports. For example, the HTTP protocol uses the well-known TCP port

80

. The concept of logical ports and which protocols are associated with which well-known ports will be discussed in more detail later.

Internet Layer

: The Internet Layer exists just below the Transport Layer, and provides the service of moving data from the Transport Layer across networks, using forms of internet addressing. IP has become the most utilized protocol at this layer, and you are certain to deal with IP addresses from both version 4 of the protocol, IPv4, as well as version 6, IPv6. Other protocols that exist at this layer are the

Internet Control Message Protocol

(

ICMP

) and the

Internet Group Management Protocol

(

IGMP

). Devices that operate at this layer include routers and layer 3 switches.

Link Layer

: At the bottom of the TCP/IP protocol suite, we will find the Link Layer. This layer operates only on the local segment that a host is physically connected to, and is responsible for delivering data between devices that are connected in the same local segment/network. Protocols at this layer include the

Address Resolution Protocol

(

ARP

), Ethernet, and the

Neighbor Discovery Protocol

(

NDP

).

Now that we've covered the services that each layer in the TCP/IP protocol suite provides, let's see how applications can use these layers to actually communicate.

Communication using the TCP/IP protocol suite

The communication using the TCP/IP protocol suite can be seen in the following diagram:

This preceding diagram combines all of the concepts we discussed previously. For a host to transmit messages, application messages/data are encapsulated down the protocol suite. At the Transport Layer, PDUs being transmitted between hosts are commonly called TCP segments or UDP datagrams, depending on which Transport Layer protocol is being used. At the Internet Layer, PDUs are termed IP packets, or simply packets, while PDUs transmitted between Link Layers are termed Ethernet frames, or simply frames, which are then transmitted out the wire as bits (or grouped together to form bytes). The following screenshot shows how Wireshark, a popular tool used to analyze protocols, categorizes data according to protocols that have been arranged in the same layers we have discussed:

Summary

In this chapter, we've covered the OSI reference model and the TCP/IP or IP suite, explaining why these models are significant in the field of networking and how data is actually transmitted across networks by using protocols implemented at the different layers. In the next chapter, we will discuss how communication occurs on a network in more depth by using the various network ports, protocols, and topologies.

Questions

How many layers constitute the OSI reference model?

4

7

5

1

A technician is troubleshooting a connectivity problem on a host machine and his manager asks him to troubleshoot using the bottom-to-top methodology. What layer of the OSI model should he start at?

The Data Link Layer

The Network Layer

The Application Layer

The Physical Layer

An engineer has captured the following output from a host machine:

Which layer of the OSI reference model is this output most applicable to?

The Transport Layer

The Network Layer

The Application Layer

The Session Layer

A network architect has designed a plan for connecting hosts in a new office, but he has realized that he needs to provide more physical ports for these hosts. Which of the following layer 2 devices would be most appropriate to provide these ports?

A router

A switch

A hub

A WAP

Which sub layer of the Data Link Layer controls which host is allowed to access a shared Ethernet link at a particular point in time?

The LLC sub layer

The MAC sub layer

The IP sub layer

The UDP sub layer

An engineer is examining frames from a particular host machine that is exhibiting issues on the network, and notices that headers from higher-level protocols are present in the frame. This is due to the process of:

Decapsulation

Connectionless transport

Encryption

Encapsulation

A security administrator has received notice that management wishes to block access to a particular application on port

80

, but not interfere with other traffic communicating through that same port. What device will be most suitable to implement this rule?

A

 router

A switch

An L7 firewall

An L3 firewall

A network administrator is analyzing TCP traffic in an effort to better understand connection-oriented transmissions. What types of PDUs should he be analyzing?