OBJECTIVES 2.1 Identify a MAC (Media Access Control

2.1 Identify a MAC (Media Access Control) address and its parts.

UNDERSTANDING THE OBJECTIVE

A MAC (Media Access Control) address is the unique,hexadecimal number assigned to a NICat the manufacturer’s factory.The MAC address operates in the MAC sublayer of the Data Linklayer of the OSI Model. It provides the interface between the Physical layer and the LogicalLink Control sublayer of the Data Link layer.

WHAT YOU REALLY NEED TO KNOW◆ The Data Link layer is subdivided into the Logical Link Control and the MAC

sublayers.◆ The MAC sublayer appends the physical address of the destination to the data

frame, thus creating a connection between the Physical layer and the Logical LinkControl sublayer of the Data Link layer.

◆ Data Link layer addresses are fixed numbers associated with the networking hard-ware and are usually assigned to the network adapter at the factory. Theseaddresses are also called MAC addresses or physical addresses.

◆ MAC addresses are 12-character hexadecimal strings guaranteed to be uniquebecause industry standards govern what addresses each manufacturer can use.

◆ As an example, NICs manufactured by the 3Com Corporation begin with the fol-lowing sequence of six characters: 00608C. The part of the MAC address unique toa particular vendor is called the Block ID. The remaining six characters in thesequence are added at the factory, based on the NIC’s model and manufacturedate, and together are called the Device ID. An example of a Device ID assigned bya manufacturer might be 005499. Together, this Block ID and Device ID wouldresult in the unique string, “00608C005499.” In hexadecimal format, this MACaddress is represented as 00:60:8C:00:54:99.

◆ You can view the MAC address of a device or client’s NIC through the NIC diagnos-tic utility. On a Windows 9x computer, you can also view it through the winipcfgutility. On a Windows NT, 2000, Server 2003, or XP computer, you can view itthrough the ipconfig utility. On a UNIX or Linux computer, use the ifconfig utility.It may also be printed on the NIC’s circuit board.

◆ MAC addresses are used by some connectivity devices, such as bridges, to deter-mine how to forward data over the network.

OBJECTIVES ON THE JOB

MAC addresses, which are key pieces of information in troubleshooting, should never bechanged (and it is difficult to do so). For example, you need to know how to recognize andinterpret MAC addresses to resolve other addressing conflicts (such as IP or IPX conflicts).

34384_CPEG_02 2/15/2005 9:42:36 Page 74

O B J E C T I V E S

74 NETWORK+ COURSEPREP

PRACTICE TEST QUESTIONS

1. Which of the following is an example of a valid MAC address?a. 128.7.99.24b. AE:09:33:00:23:B5c. 92:CG:50:28:K3:48d. 247.34.188.203

2. What part of a MAC address would all like-model Ethernet NICs have in common?a. Port IDb. Node IDc. Block IDd. Host ID

3. Which of the following devices depends on MAC addresses to forward packets?a. bridgesb. routersc. hubsd. firewalls

4. How can an end user discover a Windows XP workstation’s MAC address?a. by checking the TCP/IP propertiesb. by running winipcfg /all at the command promptc. by running ipconfig /all at the command promptd. by checking the network adapter properties in the Devices tab of the System properties

dialog box

5. Which of the following terms is used interchangeably with “MAC address”?a. LLC sublayer addressb. physical addressc. logical addressd. network address

6. What does MAC stand for?a. Median Axis Channelb. Multiple Access Carrierc. Media Access Controld. Multiple Arbitrator Channel

7. Which of the following occurs at the MAC sublayer?a. An address is appended to the data packet.b. Checksum data is added to the data packet.c. Flow control data is added to the data packet.d. Packets are padded if they do not meet the minimum packet size.

34384_CPEG_02 2/15/2005 9:42:36 Page 75

75NETWORK+ COURSEPREP

2.2 Identify the seven layers of the OSI (Open Systems Interconnect) Model andtheir functions:

LAYERS 1 THROUGH 3


The OSI (Open Systems Interconnect, also known as Open Systems Interconnection)Model is a theoretical construct that separates the functions of a network into seven layers.Each layer is associated with different protocols, hardware, or software. Layers 1 through 3include the Physical, Data Link, and Network layers. Services that operate at these layersinclude electrical pulses (Physical layer), physical addressing (Data Link layer), and logicaladdressing and routing (Network layer).

WHAT YOU REALLY NEED TO KNOW◆ The OSI Model is a theoretical representation of what happens between two nodes

on a network. It does not stipulate hardware or software.◆ The Physical layer is the lowest, or first, layer of the OSI Model. This layer contains

the physical networking medium, such as network adapters, cabling, connectors,hubs, and repeaters. Protocols at the Physical layer are responsible for generatingand detecting voltage in order to transmit and receive signals carrying data.

◆ The Physical layer handles the data transmission rate and monitors data error rates,but does not handle error correction.

◆ The second layer of the OSI Model, the Data Link layer, controls communicationbetween the Network layer and Physical layer. Its primary function is to divide datait receives from the Network layer into distinct frames that can then be transmit-ted by the Physical layer.

◆ Bridges and switches (and some network adapters) work in the Data Link layer,because they decode frames and use the frame information to transmit data to itscorrect recipient.

◆ The primary function of the Network layer, the third layer, is to translate networkaddresses into their physical counterparts and decide how to route data from thesender to the receiver.

◆ The Network layer determines the best route between nodes by considering deliv-ery priorities, network congestion, quality of service, and cost of alternative routes.Routers and Layer 3 switches function at the Network layer where they read andinterpret network addresses to send data to their destinations.

◆ Services that work in the Network layer include IP and IPX.


Knowledge of the OSI Model helps you identify and fix errors on a network. It also helps youunderstand higher-level networking concepts such as addressing. A deep understanding ofwhat functions occur at each layer of the OSI Model helps you install, configure, andtroubleshoot routers, switches, bridges, and other networking equipment.

34384_CPEG_02 2/15/2005 9:42:36 Page 76

O B J E C T I V E S



1. At which layer of the OSI Model would a network be affected if a coaxial cable were severed?a. Physicalb. Data Linkc. Networkd. Transport

2. Which of the following functions belongs to the Network layer of the OSI Model?a. bridgingb. repeatingc. routingd. error correction

3. At which layer of the OSI Model are MAC addresses interpreted?a. Physicalb. Data Linkc. Networkd. Transport

4. If a printer can interpret physical addresses but cannot interpret an IP address, at what layer is itfailing?

a. Physicalb. Data Linkc. Networkd. Transport

5. Which of the following does a router not consider when it chooses the best path from one node toanother on a network?

a. network congestionb. quality of servicec. time to send datad. geographical distance between nodes

6. At which layer of the OSI Model is data packaged into frames?a. Physicalb. Data Linkc. Networkd. Transport

7. Which of the following functions occur in the Physical layer?a. applying electrical charges to a wireb. determining which segment a node is on, based on its MAC addressc. determining which segment a node is on, based on its IPX addressd. determining whether a packet has been damaged between its source and target

34384_CPEG_02 2/15/2005 9:42:36 Page 77


2.2 Identify the seven layers of the OSI (Open Systems Interconnect) Model andtheir functions (continued):

LAYERS 4 THROUGH 7


Layers 4 through 7 deal with higher-level functions, such as managing traffic on a network,encoding and encrypting data, and establishing a user interface. Examples of these functionsinclude HTTP and e-mail (the Application layer), data encryption (the Presentation layer),session negotiation (the Session layer), and error correction (the Transport layer).

WHAT YOU REALLY NEED TO KNOW◆ The top four layers of the OSI Model are, for the most part, independent of any

hardware that connects the parts of the network. The function of these layers isgenerally carried out via software protocols embedded in operating systems andprograms.

◆ The Transport layer, the fourth layer of the OSI Model, is responsible for ensuringthat data is transferred from point A to point B reliably, in the correct sequence,and without errors.

◆ Transport protocols also handle flow control, the method of gauging the appropri-ate rate of transmission based on how fast the recipient can accept data.

◆ Services that work in the Transport layer include TCP and SPX.◆ The Session layer, the fifth layer of the OSI Model, is responsible for establishing

and maintaining communication between two nodes on the network for the ses-sion’s duration. Other Session layer functions include synchronizing the dialoguebetween the two nodes, determining whether communication has been cut, and ifit has been cut, where to restart transmission.

◆ The Session layer also sets the terms of communication by deciding which nodecommunicates first and how long a node can communicate.

◆ The Presentation layer, the sixth layer of the OSI Model, serves as a translatorbetween the application and the network. At the Presentation layer, data is for-matted in a schema that the network can understand. The Presentation layer alsotakes care of data encryption and decryption, such as the scrambling of systempasswords.

◆ The top, or seventh, layer of the OSI Model is the Application layer. The Applica-tion layer provides interfaces to the software that enable programs to use networkservices, but it does not refer to a particular program. Some of the services pro-vided by the Application layer include file transfer, file management, and messagehandling for electronic mail.


Problems that occur in the higher layers of the OSI Model are more apt to be related tosoftware than hardware or firmware. For example, if you have ruled out physical connectivityproblems when you are unable to dial in to your ISP’s modem pool, you might find a problemat the Session layer (which handles communication).

34384_CPEG_02 2/15/2005 9:42:37 Page 78

O B J E C T I V E S



1. Which layer of the OSI Model is also known as the traffic cop because it manages communicationbetween nodes?

a. Transportb. Sessionc. Presentationd. Application

2. Which of the following is a true statement?a. Microsoft Word resides at the Application layer.b. The MSMQ API resides at the Application layer.c. The network operating system resides at the Application layer.d. The MAC address resides at the Application layer.

3. At which layer of the OSI Model does data encryption take place?a. Transportb. Sessionc. Presentationd. Application

4. Which layer of the OSI Model is responsible for sequencing?a. Transportb. Sessionc. Presentationd. Application

5. With which layer of the OSI Model would a Web browser interface?a. Transportb. Sessionc. Presentationd. Application

6. Which layer of the OSI Model takes care of error correction?a. Transportb. Sessionc. Presentationd. Application

7. Which of the following is an example of a Transport layer protocol?a. IPb. IPXc. TCPd. FTP

34384_CPEG_02 2/15/2005 9:42:37 Page 79


2.3 Identify the OSI (Open System Interconnect) layers at which the followingnetwork components operate:

HUBS, SWITCHES, BRIDGES, ROUTERS, NICs (NETWORK INTERFACE CARDS), ANDWAPs (WIRELESS ACCESS POINTS)


Higher OSI Model layers demand more sophistication from network components. Hubs,repeaters, and, to a certain extent,NICs and WAPs (wireless access points) operate at lowerlayers than bridges, switches,gateways, and routers because they do less interpretation of logicaladdressing information.

WHAT YOU REALLY NEED TO KNOW◆ Network equipment operating at the Physical layer of the OSI Model handles volt-

age detection, signaling, and transmission. Such equipment includes NICs, hubs,repeaters, connectors, and transmission media (cable or atmospheric).

◆ Hubs and repeaters are not capable of interpreting any type of address—eitherphysical or logical. They simply regenerate a signal on a network segment.

◆ NICs operate at both the Physical and Data Link layers because they are responsiblefor both applying signals to a network medium and packaging data into frames.

◆ Bridges operate at the Data Link layer. Thus, they are only capable of interpretingMAC (or physical) addresses, not logical addresses.

◆ Most switches also operate at the Data Link layer. Like bridges, switches rely onMAC address information to determine how to direct packets to their destination.

◆ Layer 3 switches, so called because they can function at Layer 3 (the Networklayer), are capable of interpreting logical as well as physical addresses.

◆ Routers, because they rely on logical addresses to determine how to forward datato their destination, belong to the Network layer.

◆ Gateways operate at several layers of the OSI Model because they are a combina-tion of hardware and software. Gateways are most likely to operate in the Net-work, Transport, Session, and Presentation layers.

◆ A WAP, also frequently referred to as simply an AP (access point), functions essen-tially like a hub or a switch on a WLAN (wireless LAN). It is equipped with anantenna and acts as a central transmitter and receiver of RF signals. Thus, a WAPoperates at the Physical layer, or, if it is interpreting MAC addresses, it operates inthe MAC sublayer of the Data Link layer.


Understanding the layers at which each component of a network operates is vital to properlydesigning a network and to troubleshooting. For example, you may recognize errors on anetwork that are due to late collisions on an Ethernet network, leading you to realize that datasignals are not being timed properly. Because signaling belongs to the Physical layer, you canthen examine hubs, repeaters,WAPs, and NICs for the problem.

34384_CPEG_02 2/15/2005 9:42:37 Page 80

O B J E C T I V E S



1. Which of the following perform functions that belong to the Network layer of the OSI Model?(Choose all that apply.)

a. hubsb. routersc. NICsd. WAPs

2. Which of the following is responsible for assigning Data Link layer information to a packet?a. hubb. repeaterc. NICd. router

3. At which layer of the OSI Model do bridges and WAPs operate?a. Physicalb. Data Linkc. Networkd. Transport

4. Suppose a workstation on a network that relies solely on TCP/IP begins issuing IPX/SPX-based datapackets. What device will recognize this problem?

a. hubb. bridgec. switchd. router

5. Which of the following devices could perform functions at the Session layer of the OSI Model?a. WAPb. switchc. gatewayd. router

6. A Layer 3 switch is capable of performing functions at which two layers of the OSI Model?a. Physical and Data Linkb. Data Link and Networkc. Physical and Networkd. Network and Transport

7. What kind of addresses does a traditional switch interpret?a. MAC addressesb. IP addressesc. logical addressesd. static addresses

34384_CPEG_02 2/15/2005 9:42:37 Page 81


2.4 Differentiate between the following network protocols in terms of routing,addressing schemes, interoperability, and naming conventions:

IPX/SPX (INTERNETWORK PACKET EXCHANGE/SEQUENCED PACKET EXCHANGE)


The IPX/SPX (Internetwork Packet Exchange/Sequenced Packet Exchange) pro-tocol suite was originally designed by Xerox. Novell modified it in the 1980s for its NetWareNOS (network operating system). In Novell’s latest NOS version,NetWare 6.5, TCP/IP is thesuite of protocols installed by default. However, IPX/SPX is still available on version 6.5 andwill likely be the dominant suite found on older Novell installations (NetWare 5 and earlier).IPX contains Network layer addressing information; therefore, the IPX/SPX protocol isroutable.

WHAT YOU REALLY NEED TO KNOW◆ IPX operates at the Network layer of the OSI Model and provides routing and

internetwork services.◆ IPX is a connectionless service, which means it does not require that a session be

established before transmitting, and it does not guarantee that data will be deliv-ered error-free.

◆ SPX is a connection-oriented protocol that belongs to the Transport layer of theOSI Model. It verifies that data is received whole, error-free, and in sequence.

◆ Because it contains addressing information, IPX/SPX is routable.◆ IPX/SPX is required for Novell NetWare versions 3.x and lower. In versions 4.x and

higher, IPX/SPX is optional. It has been replaced by TCP/IP as the default protocolsuite in NetWare 6.5.

◆ Other operating systems, such as Windows 2000, Windows XP, Windows Server2003, Macintosh, UNIX, and Linux, can use IPX/SPX to internetwork with NovellNetWare systems.

◆ IPX addresses contain two parts: the network address and the node address.◆ An IPX network address must be an 8-bit hexadecimal address, which means that

each of its bits can have a value of either 0–9 or A–F. An example of a valid net-work address is 000008A2. The network address then becomes the first part of theIPX address on all nodes that use that server as their primary server.

◆ An IPX node address is equal to a device’s MAC (or physical) address. Because MACaddresses are preassigned to all NICs, using IPX/SPX means a network administratordoes not need to manually assign node addresses to each device.


If you are establishing or maintaining an IPX/SPX network, become familiar with theaddressing conventions of this protocol. Node addresses depend on MAC addresses (whichshould never change), but network addresses are assigned manually. If they are improperlyassigned, the server and all of its clients will be unable to communicate on the network.

34384_CPEG_02 2/15/2005 9:42:37 Page 82

O B J E C T I V E S



1. Which company originally designed the IPX/SPX protocol?a. IBMb. Xeroxc. Microsoftd. Cisco

2. Which of the following protocols belonging to the IPX/SPX suite verifies that data is receivederror-free?

a. IPXb. SAPc. SPXd. NCP

3. Two workstations on the same network running IPX/SPX will have the same ____________________.a. host addressb. network addressc. node addressd. MAC address

4. To which layer of the OSI Model does the IPX protocol belong?a. Data Linkb. Networkc. Transportd. Session

5. Which of the following is not a valid network address when using the IPX/SPX protocol?a. 11111111b. AB0045099c. ABCABCABd. F29FF034

6. Which of the following is a connectionless protocol?a. IPXb. SPXc. SAPd. RIP

7. Which of the following network operating systems requires the use of IPX/SPX?a. NetWare 6.5b. NetWare 5.0c. NetWare 4.11d. NetWare 3.11

34384_CPEG_02 2/15/2005 9:42:37 Page 83


2.4 Differentiate between the following network protocols in terms of routing,addressing schemes, interoperability, and naming conventions (continued):

NETBEUI (NETWORK BASIC INPUT/OUTPUT SYSTEM EXTENDED USER INTERFACE)


NetBIOS (Network Basic Input Output System) is a protocol designed by IBM toprovide Transport and Session layer services for applications running on small, homogenousnetworks. Microsoft adopted NetBIOS as its foundation protocol and added an Applicationlayer component on top of NetBIOS called the NetBEUI (NetBIOS Extended UserInterface).

WHAT YOU REALLY NEED TO KNOW◆ Microsoft adopted IBM’s NetBIOS as its foundation protocol, initially for networks

using Windows for Workgroups, and added an Application layer component on topof NetBIOS called NetBEUI.

◆ NetBEUI is a fast and efficient protocol that consumes few network resources, pro-vides excellent error correction, and requires little configuration. NetBEUI is theeasiest type of protocol to set up.

◆ Neither NetBIOS nor NetBEUI provides services at all the OSI Model layers, thoughNetBEUI roughly corresponds to the Presentation and Session layers.

◆ NetBEUI can only support up to 254 connections and does not allow for goodsecurity. It is, therefore, not appropriate for use on large networks. In practice,using the maximum of 254 nodes would result in very poor performance. There-fore, NetBEUI networks usually contain many fewer nodes.

◆ Because NetBEUI lacks network addressing information, it is not routable by itself.◆ NetBIOS does not contain a Network layer with addressing information, but to

transmit data between network nodes, NetBIOS needs to know how to reacheach workstation. Network administrators must assign each workstation aNetBIOS name.

◆ The NetBIOS name can be any combination of 16 or fewer alphanumeric charac-ters, including special characters.

◆ After NetBIOS has found a workstation’s NetBIOS name, it discovers the worksta-tion’s MAC address and uses it for further communication with the workstation.

◆ If you are running both TCP/IP and NetBIOS on your network, it’s a good policy tomake the NetBIOS name identical to the TCP/IP host name.


Today, NetBEUI is most commonly used in small Microsoft-based networks to integratelegacy, peer-to-peer networks. In newer networks,TCP/IP has become the protocol of choicebecause it is routable and more flexible and scalable than NetBEUI. Therefore, masteringNetBEUI is useful for administrators working on older Microsoft networks, but it is a skillrarely needed when administering modern networks.

34384_CPEG_02 2/15/2005 9:42:38 Page 84

O B J E C T I V E S



1. What is the relationship between NetBIOS and NetBEUI?a. NetBEUI encrypts NetBIOS on the network.b. NetBEUI enables NetBIOS to be routed.c. NetBEUI adds an Application layer to NetBIOS.d. NetBEUI is the IBM version of NetBIOS.

2. To which layers of the OSI Model does NetBEUI correspond?a. Physical and Networkb. Session and Transportc. Transport and Networkd. Presentation and Session

3. What does NetBEUI use to identify workstations on the network?a. host nameb. node addressc. network addressd. NetBIOS name

4. What company originally designed NetBIOS?a. IBMb. Microsoftc. Sund. Cisco

5. Why is NetBEUI not suitable for large networks?a. It can only support dumb terminals.b. It suffers poor performance when more than 100 nodes are connected.c. It cannot support shared devices such as printers.d. It can only support up to 512 NetBIOS names.

6. Under what circumstances can NetBIOS be routed?a. if it’s encapsulated by another protocolb. if it’s bound to multiple NICsc. if it traverses LAN segmentsd. if it’s assigned appropriate node addresses

7. What is the maximum number of characters in a NetBIOS name?a. 8b. 16c. 32d. 64

34384_CPEG_02 2/15/2005 9:42:38 Page 85



APPLETALK/APPLETALK OVER IP (INTERNET PROTOCOL)

UNDERSTANDING THE OBJECTIVEAppleTalk is the suite of protocols designed by Apple Computer, Inc., to network Macintoshcomputers. It has largely been replaced by newer, more flexible protocols such as TCP/IP.AppleTalk over IP is different from traditional AppleTalk in that it employs the IP protocol forrouting.

WHAT YOU REALLY NEED TO KNOW◆ AppleTalk is a complete, routable protocol suite used to interconnect Macintosh

computers that contains services fitting into each layer of the OSI Model.◆ AppleTalk was originally designed to support peer-to-peer networking among

Macintoshes, but can now be routed between network segments and integratedwith other networks.

◆ An AppleTalk network is separated into logical groups of computers called Apple-Talk zones. Each network can contain multiple zones, but each node can belong toonly one zone. Zones enable users to share resources on other Macintoshes.

◆ Zone names are not subject to the same strict naming conventions that TCP/IP andIPX/SPX networks must follow. An example of a zone name is “Sales andMarketing.”

◆ AppleShare is the AppleTalk subprotocol that provides file and print services, pass-word access to files or folders, and user accounting information.

◆ An AppleTalk node ID is a unique 8-bit or 16-bit number, assigned at network con-nection, that identifies a computer on an AppleTalk network. The ID is randomlychosen from a group of currently available addresses and stored by the device forlater use.

◆ An AppleTalk network number is a unique 16-bit number that identifies a node’snetwork allowing nodes from several networks to communicate.

◆ AppleTalk over IP is a network transport technique that improves the flexibility ofAppleTalk without having to convert totally to TCP/IP. AppleTalk packets are encap-sulated in IP packets for transport over AppleTalk or different networks, such asthe Internet. The AppleTalk packets are said to “tunnel” through the IP networksthat handle all of the network address interpretation.

◆ Many newer network devices do not support the AppleTalk protocol suite, but theymay support AppleTalk over IP. A viable solution for connecting these devices to anetwork running TCP/IP is to enable AppleTalk over IP to transport data throughthat device.

◆ AppleTalk over IP eases the implementation of AppleTalk internetworking. How-ever, it increases network traffic and places an added burden on network devicesto cache and keep track of network addresses.

OBJECTIVES ON THE JOBAlthough Apple has improved AppleTalk’s ability to use different network models and spannetwork segments, it remains unsuited to large LANs or WANs.Apple now uses the TCP/IPprotocol to integrate Macintoshes with other networks, including the Internet.

34384_CPEG_02 2/15/2005 9:42:38 Page 86

O B J E C T I V E S



1. What is a logical group of computers on an AppleTalk network called?a. a workgroupb. a zonec. a shared. a segment

2. An AppleTalk network number is similar to what IPX/SPX number?a. host addressb. node IDc. network addressd. logon ID

3. How can an AppleTalk packet be transported over a TCP/IP network?a. by encapsulating it in an IP packetb. by encapsulating it in a TCP packetc. by encapsulating an IP packet inside an AppleTalk packetd. by encapsulating a TCP packet inside an AppleTalk packet

4. Which of the following protocols are routable? (Choose all that apply.)a. AppleTalkb. TCP/IPc. IPX/SPXd. NetBEUI

5. Which of the following AppleTalk subprotocols provides print queuing functions?a. AppleTalk Transaction Protocolb. Zone Information Protocolc. AppleTalk Filing Protocold. AppleShare

6. AppleTalk can be used with which of the following network operating systems? (Choose all thatapply.)

a. Windows NTb. NetWare 3.11c. Windows 98d. DOS

7. Which of the following networks is most likely to use AppleTalk?a. a WAN that connects 25 departments on a university campusb. a group of three Macintosh graphics computers in a home-based businessc. a LAN that connects 120 mobile salespeople with their corporate headquartersd. a MAN that connects 50 city and county government offices across a large city

34384_CPEG_02 2/15/2005 9:42:38 Page 87



TCP/IP (TRANSPORT CONTROL PROTOCOL/INTERNET PROTOCOL)


TCP/IP (Transmission Control Protocol/Internet Protocol) is the most popularprotocol in use today and is used exclusively by Internet services. IP in the TCP/IP suitecontains addressing information; therefore, it belongs to the Network layer of the OSI Modeland is routable.

WHAT YOU REALLY NEED TO KNOW◆ TCP/IP is a routable protocol (or suite of protocols). It is the protocol of choice for

most modern networks, including the Internet.◆ Two core protocols of TCP/IP are TCP and IP.◆ TCP, a connection-oriented protocol, belongs to the Transport layer of the OSI

Model and ensures that data is received whole, in sequence, and error-free.Connection-oriented means that TCP verifies that a connection is sound before ittransmits data.

◆ IP operates at the Network layer of the OSI Model and provides information abouthow and where data should be delivered. IP is the subprotocol that enables TCP/IPto internetwork—that is, to traverse more than one LAN segment and more thanone type of network through a router—and thus, makes it routable.

◆ In the most widely used version of IP, IPv4 (IP version 4), each IP address is aunique, 32-bit number, divided into four groups of octets, or 8-bit bytes, that areseparated by periods.

◆ IP address data is sent across the network in binary form. For example, the IPaddress 131.127.3.22 (in dotted decimal notation) is the same as the binary number10000011 01111111 00000011 00010110.

◆ To communicate via the Internet, organizations must register for a group of IPaddresses that are associated with their domain name. Available IP addressesbelong to one of three classes: A, B, or C.

◆ TCP/IP is compatible with every modern desktop and network operating system,including Macintosh, NetWare, Windows XP, Windows 2000, Windows Server 2003,UNIX, and Linux.


Because the Internet and many different applications rely on TCP/IP and probably will for along time, the need to understand this protocol will continue to be critical.You should knowthe addressing conventions of this protocol, as well as the addresses that have special meaning,such as the loopback address.You should also be prepared to recognize addressing conflicts andknow how to help avoid them.

34384_CPEG_02 2/15/2005 9:42:38 Page 88

O B J E C T I V E S



1. Which protocol in the TCP/IP suite is responsible for addressing?a. UDPb. TCPc. ARPd. IP

2. At which layer of the OSI Model does TCP reside?a. Data Linkb. Networkc. Transportd. Session

3. Which of the following is not a valid IP address?a. 127.0.0.1b. 10.10.10.10c. 199.220.37.18d. 392.89.32.5

4. Which of the following is a connection-oriented subprotocol of the TCP/IP suite?a. TCPb. IPc. UDPd. ICMP

5. Which of the following subprotocols allows TCP/IP to be routable?a. TCPb. IPc. UDPd. ICMP

6. On a UNIX server, what command could you type to determine the IP address of your networkinterface?

a. ipconfig /all

b. ifconfig /all

c. winipcfg /all

d. inetcfg /all

7. On what version of TCP/IP does most of the Internet currently rely?a. 2b. 4c. 6d. 8

34384_CPEG_02 2/15/2005 9:42:39 Page 89


2.5 Identify the components and structure of IP (Internet Protocol) addresses(IPv4, IPv6) and the required setting for connections across the Internet.


IPv4 is the version ofTCP/IP addressing used on most hosts today.Addresses in this scheme arerepresented by four 8-bit bytes (for a total of 32 bits) separated by periods. In IPv6 (IP version 6),the new addressing scheme, addresses are composed of eight 16-bit fields and total 128 bits.

WHAT YOU REALLY NEED TO KNOW◆ The current version of IP addressing used by most of the Internet, as well as most

private networks, is IPv4.◆ In the IPv4 convention, each IP address is a unique 32-bit number, divided into four

octets, or 8-bit bytes, that are separated by periods. An example of a valid IPaddress is 144.92.43.178.

◆ Valid octet numbers range from 0 to 255 and represent a binary address. Forexample, an octet with the value of 68 equals 01 00 01 00 in an 8-bit binarypattern.

◆ In the IPv4 convention, each IP address contains two types of information: networkand host. The first octet identifies the network class: A, B, or C.

◆ All nodes on a Class A network share the first octet of their IP numbers, a numberbetween 1 and 126. Nodes on a Class B network share the first two octets, andtheir IP addresses begin with a number between 128 and 191. Class C network IPnumbers share the first three octets, with their first octet being a number between192 and 223.

◆ Because only 126 Class A networks are available on the Internet, most Class A net-works have already been reserved by large corporations, educational institutions,or governments.

◆ To respond to a demand for more IP addresses, a new addressing scheme has beendeveloped, called IPv6 (IP version 6).

◆ IPv6 addresses are composed of eight 16-bit fields and total 128 bits. The addedfields and the larger address size results in an increase of 2128 (or 4 billion times 4billion times 4 billion) available IP addresses in the IPv6 addressing scheme.

◆ Whereas each octet in an IPv4 address contains binary numbers separated by aperiod, each field in an IPv6 address contains hexadecimal numbers separated by acolon. An example of a valid IPv6 address is F:F:0:0:0:0:3012:0CE3.

◆ Because many IPv6 addresses will contain multiple fields that have values of 0, ashorthand for representing these fields has been established. This shorthand substi-tutes “::” for any number of adjacent multiple zero-value fields.


Even if your network uses DHCP to automatically assign IP addresses to network nodes,you still need to be able to identify, interpret, and manually assign both IP addresses andsubnet masks.

34384_CPEG_02 2/15/2005 9:42:39 Page 90

O B J E C T I V E S



1. What is one of the primary reasons for switching from the IPv4 to the IPv6 addressing scheme?a. IPv6 offers many more IP addresses than IPv4.b. IPv6 is more universally accepted and used than IPv4.c. IPv6 is more compatible with newer networking hardware and software.d. IPv6 offers a simpler management solution to assigning IP addresses.

2. Which of the following best describes the convention for representing IPv4 addresses?a. eight 16-bit fields separated by periodsb. sixteen 8-bit fields separated by colonsc. four 8-bit fields separated by periodsd. four 16-bit fields separated by colons

3. What numbering system is typically used to write IPv6 addresses?a. decimalb. hexadecimalc. binaryd. octal

4. Which of the following is a valid IPv6 address?a. AE::00::DCb. 124.55.89.112:80c. 177.9.3.58d. AE:03:FF:00:16:CE:C6:00E2

5. Which of the following IPv4 addressing techniques is rendered obsolete by IPv6?a. NATb. IPSecc. RASd. WINS

6. In which two of the following numbering systems will you typically see IPv4 addresses written?a. decimalb. hexadecimalc. binaryd. octal

7. Which of the following is not a legitimate IPv4 address for Internet use?a. 1.1.1.1b. 128.23.23.23c. 233.0.233.1d. 127.0.0.1

34384_CPEG_02 2/15/2005 9:42:39 Page 91


2.6 Identify classful IP (Internet Protocol) ranges and their subnet masks (forexample, Class A, B, and C).


Classful IP addresses are structured to conform to one of the network class standardsdesignated by IANA (Internet Assigned Numbers Authority). Subnet masking is used tofurther subdivide networks into smaller logical segments.

WHAT YOU REALLY NEED TO KNOW◆ Each interface that is connected to a TCP/IP network, such as the Internet, must

have a unique IP address. The available IP addresses are divided into Classes A, B,and C to better manage address allocation in a hierarchical manner. Classes D andE are reserved for special purposes.

◆ Classful 32-bit IP addresses are defined with a part called the network address thatuniquely identifies the device’s network and a part called the host address, whichuniquely identifies the host on the given network.

◆ Each address has four 8-bit octets. An example of a dotted decimal IP address is121.32.101.123. In binary format, this is 01111001.00100000.01100101.01111011.Each octet can range from 0 to 255 for a total of 4,294,967,296 possible addresses,although there are restrictions. Zero (0) is not used in the first octet and 255 is notused only for subnets and multicasts.

◆ Class A addresses have a first octet range of 1 to 126. 127 is restricted for testpurposes—for example, 127.0.0.1 is used to test if a NIC is working properly. Thefirst octet identifies the network address and the last three octets identify the hostaddress. There are 126 Class A networks, each having 16,777,214 hosts.

◆ A Class B address has a first octet in the range 128 to 191. The first two octetsidentify the network address and the last two octets identify the host address.There are 16,384 Class B networks, each having 65,534 hosts.

◆ A Class C address has a first octet in the range 192 to 223. First octet addressesfrom 224 to 255 are not used for Internet addressing. The first three octets identifythe network address and the last octet identifies the host address. There are2,097,152 Class C networks, each having 254 hosts.

◆ Each class has a default subnet mask that is used by network protocols, such asARP (Address Resolution Protocol), to forward IP packets. Following are the defaultsubnet masks: Class A—255.0.0.0; Class B—255.255.0.0; Class C—255.255.255.0.Other subnet masks are also possible, depending on how the network administra-tor chooses to subdivide the network.


IP addressing is one of the most frequent and important tasks that a network administrator willperform.Your job is made easier by some NOS features such as DHCP, but you will still haveto rely on your own knowledge to configure static IP addresses on devices such as servers androuters.

34384_CPEG_02 2/15/2005 9:42:39 Page 92

O B J E C T I V E S



1. To which class of network does the following IPv4 address belong (assuming subnetting is not inuse): 198.34.61.207?

a. Ab. Bc. Cd. D

2. On a Class A network in the IPv4 addressing scheme, all nodes have which octet(s) in common?a. only the first octetb. the first and second octetsc. only the second octetd. the second and third octets

3. Which of the following types of IPv4 networks has the most available networks (assuming thatsubnetting is not in use)?

a. Class Ab. Class Bc. Class Cd. They all have the same number of available networks.

4. Which of the following IPv4 network classes has the most possible unique host addresses peravailable network address?

a. Class Ab. Class Bc. Class Cd. They all have the same number of available hosts per network.

5. Which of the following binary octets identify a Class B network address?a. 01001110b. 00100000c. 10011111d. 11011111

6. What is the default subnet mask for a Class C network?a. 255.0.0.0b. 255.255.0.0c. 255.255.255.0d. 255.255.255.255

7. Which of the following source and destination IP addresses are on the same network?a. 126.111.103.22 and 125.111.103.22b. 155.155.155.22 and 155.154.155.22c. 195.111.23.46 and 195.111.24.46d. 177.57.23.167 and 177.57.23.166

34384_CPEG_02 2/15/2005 9:42:39 Page 93


2.7 Identify the purpose of subnetting.


To allow for the efficient use of a limited number of IP addresses, the concept of subnettingwas devised in the 1980s.Subnetting separates networks into smaller subnets that can use moreIP addresses, as long as a subnet mask is specified. On TCP/IP networks, the gateways thatconnect subnets are called default IP gateways. These gateways are usually interfaces onrouters.

WHAT YOU REALLY NEED TO KNOW◆ Subnetting is the process of logically subdividing a single class of network into

multiple, smaller networks. It results in a more efficient use of limited IP addresses.◆ A subnet is created by extending the network address into the host portion of the

IP address. This is done by borrowing host bits to add to the network bits. Networkadministrators then divide the borrowed part of a network address into two ormore logical networks so that part of the borrowed host address is used for net-work identification purposes. The IP address is said to have an “extended” networkaddress. Smaller networks can be created in this way while still preserving theintegrity of the Internet hierarchical addressing scheme.

◆ In subnetting, one of the address’s octets is used to indicate how the network issubdivided. Rather than consisting simply of network and host information, a sub-netted address consists of network, subnet, and host information.

◆ Devices in a subnetted network are assigned a subnet mask, a special 32-bit num-ber that, combined with a device’s IP address, tells the rest of the network the net-work class to which the device is attached.

◆ For a subnet mask to be valid, the leftmost bits must be equal to 1 and the right-most bits must be equal to 0. If a subnet mask is not specified, the default subnetmask for a Class A network is 255.0.0.0. For a Class B network, the default subnetmask is 255.255.0.0, and for a Class C network, the default subnet mask is 255.255.255.0.

◆ Network protocols interpret subnet masks to determine which part of an IP addressis the network address and which part is the host address. A router uses networkaddress information, for example, to determine whether a data packet is destinedfor a host on its own network or whether the packet has to be routed to a differ-ent network.


Prudent use of subnetting allows you to break up your larger Class C network into smaller,more manageable logical segments. Subnetting can isolate and secure groups of nodes andenable better traffic management without expensive hardware investments.

34384_CPEG_02 2/15/2005 9:42:39 Page 94

O B J E C T I V E S



1. How many bits make up an IPv4 subnet mask?a. 8 bitsb. 16 bitsc. 32 bitsd. 64 bits

2. What is the default subnet mask for a Class B network?a. 0.0.0.0b. 255.0.0.0c. 255.255.0.0d. 255.255.255.255

3. In which of the following situations would subnetting be useful?a. A network administrator needs to segregate a company’s HR group from the rest of the com-

pany’s computers.b. A person with two home computers connects them using a crossover network cable.c. A network administrator has two network printers that he wants everyone on his network to

be able to access.d. A network administrator has just switched all of his network devices from IPv4 to IPv6.

4. What is the main purpose for subnetting a network?a. to create a more systematic way of tracking addresses on the networkb. to more equitably allocate addresses to all devices on a networkc. to make more efficient use of a limited number of addressesd. to make TCP/IP client and server configuration easier

5. What types of information are contained in the IP address of a device on a network that has notbeen subnetted?

a. host, subnet, and networkb. host, server, and networkc. protocol and networkd. host and network

6. To what type of network does the default subnet mask 255.255.255.0 belong?a. Class Ab. Class Bc. Class Cd. Class D

7. Which of the following is not a legitimate subnet mask?a. 255.0.0.1b. 255.255.240.0c. 255.255.254.0d. 255.255.255.0

34384_CPEG_02 2/15/2005 9:42:40 Page 95


2.8 Identify the differences between private and public network addressingschemes.


Public networks are accessible to multiple users and can be accessed without credentials. Datatraveling over public networks is often susceptible to eavesdropping and, therefore, should beprotected. Private networks are accessible only to authorized users.

WHAT YOU REALLY NEED TO KNOW◆ A public network is one that allows access from any node that has the capability

to connect to it. Certain resources of a public network may be restricted but accessto the network is not.

◆ Most public networks rely at least in part on public transmission systems, such asthe PSTN.

◆ Because they rely on public transmission methods, public networks are more sus-ceptible to eavesdropping. Data transmitted over a public network should be pro-tected through encryption or another technique to secure data.

◆ The Internet is the largest and most familiar example of a public network.◆ A private network is one that allows only authorized users to connect to it and

access its resources. Examples of private networks are corporate LANs and WANs.◆ Private networks use private transmission systems, such as wiring inside a corpora-

tion’s building, or a T1 line leased from a telecommunications carrier that is solelydedicated to carrying one organization’s network traffic.

◆ When private networks connect to public networks (for example, a corporate LANthat allows its users to connect to the Internet), measures must be taken to protectthe private network from public access. NAT, data encryption (such as IPSec), andthe use of firewalls can protect a private network and its data from public access.

◆ VPNs (virtual private networks) are secured tunnels that protect data in transit.VPNs are often used to create private WANs over public transmission systems. Theprivate network encapsulates its data in secure packets and then uses a public net-work, such as the Internet, to transport (or tunnel) the secure packets to the desti-nation private network.

◆ When created across public transmission systems, VPNs serve an organization’s usersbut isolate that organization’s traffic from other users of the same public lines.They provide a way of constructing a private WAN from less-expensive public trans-mission systems.


Chances are you will work on a private network that connects to the Internet (a publicnetwork) at some point in your career. You should be aware of current techniques forpreventing unauthorized users from accessing your private network through the publicnetwork. Because these techniques change frequently, a large organization may dedicate anemployee or a whole team of people to managing security between the private and publicnetworks.

34384_CPEG_02 2/15/2005 9:42:40 Page 96

O B J E C T I V E S



1. Which of the following is an example of a public network?a. PSTNb. VPNc. VLANd. SONET ring

2. What kind of private WAN uses a public network’s transmission systems?a. PSTNb. VPNc. VLANd. SONET ring

3. On which of the following networks would the security of data in transit be of greatest concern?a. a MAN that connects two buildings on a corporate campus via fiber-optic cableb. a WAN that connects 25 buildings of an insurance company through dedicated T1 lines in a

partial mesh topologyc. a LAN that connects 56 customer service representatives at a company’s headquarters and

allows access to the Internet through a gateway and firewalld. a WAN that allows its 250 salespeople to access their company’s server over the Internet from

hotel rooms around the country

4. What technique does a private VPN use to securely transport data over a public network?a. The VPN establishes a dedicated, secure line of communication before transmitting its data.b. The VPN uses unique circuit switching to disguise its transmissions.c. The VPN encapsulates its data in secure packets and tunnels them over the public network.d. It is not possible for the VPN to transport private data over a public network.

5. Which one of the following networks would be the most expensive to install?a. a MAN that connects two office buildings on a corporate campus via fiber-optic cableb. a WAN that connects 25 buildings of an insurance company through dedicated T1 lines in a

partial mesh topologyc. a LAN that connects 56 customer service representatives at a catalog company’s headquarters

and allows employees to access the Internet through a gateway and firewalld. a WAN that allows its 250 salespeople who work for a pharmaceutical company to dial in to

a remote access server from their hotel rooms around the country

6. Which of the following is characteristic of private networks but not public networks?a. restricted access to resourcesb. the use of routers to interconnect dissimilar network typesc. the use of gatewaysd. the use of leased WAN lines

7. The Internet is an example of a public network. True or False?

34384_CPEG_02 2/15/2005 9:42:40 Page 97


2.9 Identify and differentiate between the following IP (Internet Protocol)addressing methods:

STATIC, DYNAMIC, AND SELF-ASSIGNED (APIPA (AUTOMATIC PRIVATE INTERNETPROTOCOL ADDRESSING))


For networks using IP addresses to uniquely identify individual nodes on a network, it isessential that IP addressing be administered in an efficient, error-free manner. Several differentaddressing methods are available to accomplish this goal, including static addressing, dynamicaddressing, self-assigned addressing, or a combination of these methods.

WHAT YOU REALLY NEED TO KNOW◆ Static IP addressing is accomplished by assigning an IP address to a device via the

operating system. The static IP address remains in force unless someone changes itusing the method described in the next bullet.

◆ To assign a static IP address on a Windows-based computer, you use the NIC prop-erties dialog box. For devices, such as servers and routers, that are critical to net-work functionality, assigned static IP addresses are ideal, so that they don’t get“lost” on the network.

◆ For a small network of perhaps a dozen computers, printers, and other devices,assigning static IP addresses to all devices is easily handled by the networkadministrator.

◆ Dynamic IP addressing is a necessity for larger networks with many devices inwhich static addressing would quickly become unmanageable. A dynamic IPaddress is temporarily assigned from a pool of available IP addresses by protocolsoperating within the NOS.

◆ DHCP (Dynamic Host Configuration Protocol) is a protocol that performs dynamic IPaddress allocation. On a network, one server is designated to act as a DHCP server.This server “loans out” individual IP addresses from a preassigned pool of IPaddresses. When a host logs on to the network, the logon script requests an IPaddress from the DHCP server. When the host logs off, the IP address is returned tothe IP pool of available addresses. Each time a host logs on to the network, it mayreceive a different IP address.

◆ APIPA (Automatic Private IP Addressing) is a form of automatic IP addressing avail-able on Windows operating systems. It works in conjunction with DHCP. A host log-ging on to a network checks for a DHCP server. If it can’t find one, the host’sAPIPA protocol allocates a special IP address that can only be used on internal net-works and that is not routable over the Internet. (IANA has allocated 169.254.0.1through 169.254.255.254 to Microsoft for this purpose.)


Every network administrator will have to assign IP addresses at some point. Knowing whichmethod to use to assign addresses can save time and can prevent network address conflicts thatmay be difficult to resolve.

34384_CPEG_02 2/15/2005 9:42:40 Page 98

O B J E C T I V E S



1. Which Application layer protocol can be used to assign IP addresses to network hosts?a. TCPb. HTTPc. FTPd. DHCP

2. A small company has a network of six workstations with no DHCP services. All workstations havetheir own Internet access. Which method is the network administrator likely to use to allocate IPaddresses?

a. static IP addressingb. dynamic IP addressingc. automatic private IP addressingd. either a or b

3. Which of the following might be a cause for an IP address conflict on a network?a. A network user gained access to his NIC properties and made some changes to improve

performance.b. A network administrator has just changed his network from static IP addressing to dynamic IP

addressing.c. A network is using automatic private IP addressing to allocate IP addresses.d. None of the preceding situations could possibly cause an IP address conflict.

4. Which of the following IP addresses cannot be routed over the Internet?a. 125.22.89.2b. 169.254.12.111c. 196.54.211.122d. 138.138.138.1

5. Which of the following network operating systems has the capability to use APIPA?a. Linuxb. UNIXc. Novell NetWare 6.5d. Windows Server 2003

6. When implementing dynamic IP addressing on a network, which devices should be left with staticIP addresses? (Choose all that apply.)

a. all computers in the Payroll Departmentb. the DHCP serverc. a guest computer that has many people logging on and off all dayd. the router connecting the company network to the Internet

7. What is the function of DHCP services on a network?a. to control Internet accessb. to act as an Internet firewallc. to allocate IP addresses from an available poold. to convert MAC addresses to IP addresses

34384_CPEG_02 2/15/2005 9:42:40 Page 99


2.10 Define the purpose, function, and use of the following protocols used in theTCP/IP (Transmission Control Protocol/Internet Protocol) suite:

TCP (TRANSMISSION CONTROL PROTOCOL) AND UDP (USER DATAGRAMPROTOCOL)


IP, TCP, and UDP are all core protocols in the TCP/IP protocol suite. IP resides at theNetwork layer, whereas TCP and UDP are Transport layer protocols.

WHAT YOU REALLY NEED TO KNOW◆ The IP (Internet Protocol) is a core protocol in the TCP/IP suite that resides at the

Network layer of the OSI Model. Its primary purpose is to add logical addresses todata frames, providing information on how and where data should be delivered.

◆ Because IP provides addressing, logical addresses in the TCP/IP suite are known asIP addresses.

◆ IP is considered connectionless because it does not require that a session be estab-lished before it begins transmission, and it does not guarantee that data will bedelivered in sequence or error-free.

◆ The TCP (Transport Control Protocol) belongs to the Transport layer of the TCP/IPsuite and provides reliable data delivery services. TCP sits on top of the IP subpro-tocol and makes up for IP’s reliability deficiencies with its checksum, flow control,and sequencing information.

◆ TCP is a connection-oriented subprotocol, which means it requires that a connec-tion be established between communicating nodes before it transmits data.

◆ A TCP segment contains several components that ensure data reliability, includingacknowledgment, code, urgent pointer, and flow control fields.

◆ The UDP (User Datagram Protocol), like TCP, also sits in the Transport layer of theOSI Model and relies on IP. Unlike TCP, UDP is a connectionless transport service.UDP offers no assurance that packets will be received in the correct sequence. Infact, this protocol does not guarantee that the packets will be received at all.

◆ UDP’s lack of sophistication is an advantage in situations in which data must betransferred quickly, such as live audio or video transmissions over the Internet. Inthese cases, TCP, with its acknowledgments, checksums, and flow control mecha-nisms, would add too much overhead to the transmission and bog it down.


In optimizing and troubleshooting networks, it is critical to understand that TCP isconnection-oriented, whereas UDP is connectionless. Different higher-levelTCP/IP subpro-tocols rely on either TCP or UDP, using UDP when efficiency is their primary criterion orTCP when reliability is more important. For example,TCP should never be used to send livevideo feeds over the Internet, because its error-correction and flow-control mechanisms willcause transmission delays.

34384_CPEG_02 2/15/2005 9:42:40 Page 100

O B J E C T I V E S



1. Which of the following protocols is responsible for providing information on where data should bedelivered?

a. TCPb. IPc. HTTPd. UDP

2. What is the function of the Acknowledgment field in the TCP datagram?a. It confirms receipt of the data in a return message to the sender.b. It confirms the size of the datagram to the recipient, proving that the datagram was not cor-

rupted en route.c. It confirms the sequence of the datagrams to the recipient.d. It confirms the length of the datagram’s header in a return message to the sender.

3. What is an advantage of using UDP over TCP?a. It is more reliable.b. It is more secure.c. It is more widely compatible.d. It is more efficient.

4. Which of the following protocols are connectionless? (Choose all that apply.)a. TCPb. IPc. UDPd. HTTP

5. Which of the following fields would be found in both a UDP and a TCP datagram? (Choose all thatapply.)

a. Acknowledgmentb. Source Portc. Sequence Numberd. Destination Port

6. What Transport layer protocol does Telnet use?a. TCPb. IPc. UDPd. ICMP

7. What Network layer protocol does TCP use?a. TCPb. UDPc. IPd. ICMP

34384_CPEG_02 2/15/2005 9:42:41 Page 101


2.10 Define the purpose, function, and/or use of the following protocols usedin the TCP/IP (Transmission Control Protocol/Internet Protocol) suite(continued):

FTP (FILE TRANSFER PROTOCOL), SFTP (SECURE FILE TRANSFER PROTOCOL), ANDTFTP (TRIVIAL FILE TRANSFER PROTOCOL)


FTP (File Transfer Protocol) is the basic file transfer utility used to download data from theInternet, and to upload data to Web pages or other TCP/IP hosts.TFTP (Trivial File TransferProtocol) also transfers files but relies on UDP at the Transport layer.

WHAT YOU REALLY NEED TO KNOW◆ FTP is an Application layer protocol in the TCP/IP suite that enables a client and

server to directly exchange data through a series of commands. FTP manages filetransfers between TCP/IP hosts.

◆ At the Transport layer, FTP depends on TCP, and is, therefore, connection-oriented.◆ FTP is a popular way to distribute files over the Internet. Some software sites allow

users to download programs through a process called anonymous FTP, in which theFTP host does not require a secure logon.

◆ FTP transfers are separated into two channels: FTP data is exchanged over TCP port20, and the FTP control commands are over TCP port 21.

◆ FTP displays file and directory structures, manages files and directories, sends datain binary or ASCII format, compresses files, and appends files.

◆ TFTP is similar to FTP in that it is a TCP/IP Application layer protocol that enablesfile transfers between computers. TFTP, however, relies on UDP at the Transportlayer and is, therefore, connectionless and does not guarantee reliable delivery ofdata.

◆ TFTP does not log on to the remote host before enabling file transfers. Instead, acomputer issues a read request or a write request to the remote host, whichresponds with an acknowledgment. The two computers then begin transferringdata. For each packet transmitted to the host, the local workstation waits for anacknowledgment from the host before issuing another packet.

◆ SFTP (Secure File Transfer Protocol) is a secure FTP replacement that runs on an SSHtunnel created by the SSH (Secure Shell) protocol. SSH enables secure data transfer.SFTP is intended to provide a safe, secure mechanism for transferring files betweena local computer and a remote computer.

◆ SFTP encrypts both data and commands, thus preventing passwords and other sen-sitive information from being openly exposed over a communications channel. Theprotocols used by SFTP are not compatible with those of FTP. Therefore, an FTP cli-ent cannot communicate with an SFTP server or vice versa.


Before the Web provided an easier means of transferring files, FTP commands were regularlyused to exchange data between machines.You can still use FTP commands from the operatingsystem’s command prompt.As a network professional, you may need to use these commandsto download NOS patches or client updates.

34384_CPEG_02 2/15/2005 9:43:58 Page 102

O B J E C T I V E S



1. To connect to the Netscape FTP site (ftp.netscape.com) from an FTP prompt, what command wouldyou type?

a. ftp netscape.com

b. login ftp.netscape.com

c. ftp.netscape.com

d. open ftp.netscape.com

2. On which Transport layer protocol does TFTP rely?a. TCPb. IPc. UDPd. ICMP

3. Which of the following statements is correct?a. An SFTP client can communicate with an SFTP server.b. An FTP client can communicate with an SFTP server.c. An SFTP client can communicate with an FTP server.d. None of the preceding statements are correct.

4. What can you type at the FTP prompt to see a list of available commands?a. ?

b. query

c. list commands

d. commands/H

5. If an FTP site allows unrestricted access, what user name can you probably type to log on tothe site?

a. your e-mail addressb. anonymousc. guestd. anyone

6. Which of the following functions cannot be performed via FTP?a. sending a file to a serverb. changing to another directoryc. retrieving a file from a serverd. changing the permissions on a file

7. Which of the following protocols is best used when transferring a file containing a list of SocialSecurity numbers?

a. FTPb. TFTPc. SFTPd. HTTP

34384_CPEG_02 2/15/2005 9:43:58 Page 103


2.10 Define the purpose, function, and/or use of the following protocolsused in the TCP/IP (Transmission Control Protocol/Internet Protocol)suite (continued):

SMTP (SIMPLE MAIL TRANSFER PROTOCOL), POP3 (POST OFFICE PROTOCOLVERSION 3), AND IMAP4 (INTERNET MESSAGE ACCESS PROTOCOL VERSION 4)


Together, POP3 (Post Office Protocol version 3) and SMTP (Simple Mail TransferProtocol) form the routine that enables clients to pick up e-mail from a server. WhereasSMTP transfers mail between servers, POP3 accepts the mail from SMTP and holds it untile-mail clients retrieve it.A newer subprotocol, IMAP4 (Internet MessageAccess Protocolversion 4), is replacing POP3 in many cases.

WHAT YOU REALLY NEED TO KNOW◆ SMTP moves messages from one e-mail server to another over TCP/IP networks.

SMTP is a subprotocol of the TCP/IP suite. It provides the basis for Internet e-mailservice and relies on higher-level programs for its instructions. Such services as theUNIX Sendmail software (also available for Linux and Windows) provide a user-friendly and sophisticated mail interface while using SMTP for transport.

◆ Requests to receive and send mail go through port 25 on SMTP servers.◆ POP is a subprotocol of the TCP/IP suite that provides centralized storage for e-mail

messages. POP also assigns error messages in the case of undeliverable mail. Itrelies on SMTP. The current and most widely used version of POP is POP3.

◆ A POP server is necessary to store messages because users are not always loggedon to the network and available for receiving messages from the SMTP server. BothSMTP and a service such as POP3 are necessary for a mail server to receive, store,and forward messages.

◆ When configuring clients to use Internet e-mail, the SMTP and POP3 server namesmust be specified within the e-mail client.

◆ A small organization can use one POP server for all its users’ mail. Very large cor-porations can have several POP servers, one for each department. Internet serviceproviders typically have one large POP server for all their clients.

◆ POP3 does not let users keep the mail on the server after they retrieve it, whichcan be a disadvantage for users who move from machine to machine. A newerprotocol that is replacing POP3, IMAP4, does let users read messages and keepthem on the mail server.


If a company’s SMTP server is down, mail cannot leave the organization, but it can beexchanged within the organization. If a POP3 server is down, clients cannot pick up mailbecause the SMTP server cannot transfer mail to it. Most companies have one SMTP serverand one or more POP3 or IMAP4 servers for storing mail.

34384_CPEG_02 2/15/2005 9:43:58 Page 104

O B J E C T I V E S



1. If all users in a multinational organization can send and receive mail to and from colleagues, exceptfor those in the Marketing Department, what is probably the source of the problem?

a. the company’s SMTP serverb. the company’s POP3 serverc. the Marketing Department’s SMTP serverd. the Marketing Department’s POP3 server

2. What port does SMTP use?a. 20b. 21c. 25d. 28

3. Which of the following is one advantage of using POP3 over IMAP4?a. It requires fewer resources on the server.b. It allows clients to save unread messages on the server.c. It allows clients to selectively delete messages on the server before downloading them.d. It is more reliable.

4. What does the S in SMTP stand for?a. systemb. selectivec. secured. simple

5. Where must a client identify its SMTP server to properly send and receive mail?a. within the e-mail client softwareb. within the operating system’s TCP/IP configurationc. within the NIC device settingsd. within the CMOS settings

6. Which protocol is responsible for interpreting the following type of address: [email protected]?a. SMTPb. POP3c. IMAP4d. SNMP

7. Which of the following is one advantage of using IMAP4 over POP3?a. It requires fewer resources on the server.b. It is simpler for a client to use.c. It allows clients to selectively delete messages on the server before downloading them.d. It can be more easily integrated into environments with multiple SMTP servers.

34384_CPEG_02 2/15/2005 9:43:58 Page 105



HTTP (HYPERTEXT TRANSFER PROTOCOL) AND HTTPS (HYPERTEXT TRANSFERPROTOCOL SECURE)


HTTP (Hypertext Transfer Protocol) and HTTPS (Hypertext Transfer ProtocolSecure, also known as Hypertext Transfer Protocol over Secure Sockets Layer) areApplication layer protocols in the TCP/IP suite that translate information from Web serversinto a user-friendly format.The main difference between HTTP and HTTPS is that HTTPSuses measures to secure information in transit.

WHAT YOU REALLY NEED TO KNOW◆ HTTP, an Application layer protocol, is the language that Web clients and servers

use to exchange commands and control information.◆ When a Web user types the URL (uniform resource locator) or IP address of a Web

page in the Web browser’s address field, HTTP transports the information aboutthe request to the Web server and returns the Web server’s information in HTML(Hypertext Markup Language), the Web document formatting language.

◆ HTTP is also the mechanism that displays a Web page after a user clicks a link.◆ The original version of HTTP, HTTP/0.9, was released in 1990. This version provided

only the simplest means of transferring data over the Internet. Since then, HTTPhas been improved to make Web client/server connections more efficient, reliable,and secure.

◆ Simple HTTP information is not secured in transit. To make the HTTP exchangesecure, a version of HTTP called HTTPS (HTTP over Secure Sockets Layer, alsoknown as Hypertext Transfer over Secure Sockets Layer) must be used. When Webpage URLs begin with the prefix HTTPS, they are requiring that their data be trans-ferred from server to client and vice versa using SSL encryption.

◆ HTTPS uses the TCP port number 443, rather than port 80. To indicate that an SSLconnection has been established between a Web server and client, the client’sbrowser displays a padlock in the lower-right corner of the screen (this applies toInternet Explorer and Netscape versions 4.0 and higher).


You should understand the differences between HTTP and HTML for troubleshootingpurposes. In addition, you should understand the security limitations of HTTP in case yourclients are attempting to transmit secure data.You should also understand when using HTTPSis more appropriate. For example, e-commerce sites or other sites that require financialtransactions almost always use HTTPS.

34384_CPEG_02 2/15/2005 9:43:58 Page 106

O B J E C T I V E S



1. To which layer of the OSI Model does HTTPS belong?a. Data Linkb. Networkc. Sessiond. Application

2. Which of the following is a valid HTTP address?a. 205.23.88.71:80b. 267.12.11.89c. AE:56:0F:C3:88d. 12:80:01:CF

3. In what year was HTTP first released?a. 1989b. 1990c. 1991d. 1993

4. Which of the following can be interpreted by a Web browser (and result in the display of a Webpage)? (Choose all that apply.)

a. http://www.whitehouse.govb. html://www.ibm.comc. tcp://www.loc.govd. www.microsoft.com

5. Which of the following is a secure Web site?a. http://www.ebay.comb. www.microsoft.netc. https://www.schwab.com/logind. html://www.secure.ibm.net

6. What port does HTTPS use?a. 80b. 88c. 160d. 443

7. On which Transport layer protocol does HTTP rely?a. TCPb. IPc. UDPd. ICMP

34384_CPEG_02 2/17/2005 16:46:42 Page 107



TELNET


Telnet is a popular terminal emulation utility that enables clients to log on to TCP/IP hostsand perform tasks as if the user were sitting at the device’s console.

WHAT YOU REALLY NEED TO KNOW◆ Telnet is a terminal emulation program that facilitates connections between hosts

on a TCP/IP network. Prior to the World Wide Web, Telnet provided the primarymeans of connecting to other hosts over the Internet.

◆ Often, Telnet is used to connect two dissimilar systems. For example, a remote net-work administrator could use Telnet to log on to a UNIX or Linux server from herWindows XP PC.

◆ After connecting, a user who has Telnetted and logged on to a host can performany authorized function on that host, just as if she were directly connected tothe host.

◆ You can initiate a Telnet session simply by typing telnet Y, where Y is the hostname or IP address of the remote host. For example, telnet lib.dartmouth.

edu will connect you to the Dartmouth library system.◆ Many options can be used in conjunction with Telnet, including an echo function,

flow control, and the selection of full- or half-duplex communication.◆ Connecting to a host through Telnet requires an authorized logon ID and

password. Telnet is a common way to send commands to a server or networkdevice. Routers, for example, can be controlled and managed remotely using theTelnet command.

◆ Telnet relies on TCP; thus, it is a connection-oriented service and waits for a receiv-ing node to acknowledge that the connection is sound before transmitting data.

◆ The Telnet service uses port 23 by default.


Telnet is the primary method of connecting to network devices, such as routers. It is quick andefficient but does not come with a GUI interface. For this reason, if you are charged withmanaging routers and other devices, you should memorize the Telnet command options andsyntax.

34384_CPEG_02 2/15/2005 9:43:59 Page 108

O B J E C T I V E S



1. Which of the following could not be controlled through the Telnet utility?a. routerb. workstationc. switchd. hub

2. What port does the Telnet utility use by default?a. 20b. 21c. 22d. 23

3. In which layer of the OSI Model does Telnet reside?a. Applicationb. Sessionc. Transportd. Network

4. Which of the following utilities allow you to view the directory contents on a remote host, giventhe proper authority? (Choose all that apply.)

a. PINGb. Tracertc. TFTPd. Telnet

5. Which of the following is an appropriate use for Telnet?a. to browse the contents of an online storeb. to assess network performance between hosts on the Internetc. to send commands to a routerd. to reconfigure a client whose TCP/IP stack has been damaged

6. Which of the following is an example of proper Telnet command syntax?a. telnet 134.45.66.78

b. telnet 134.45.66.78:20

c. tlnt 134.45.66.78:21

d. t 134.45.66.78:23

7. Which of the following is a potential disadvantage to using Telnet to remotely log on to a router?a. It is not very secure.b. It requires a high-bandwidth connection.c. It not very efficient.d. It is not compatible with all types of router operating systems.

34384_CPEG_02 2/15/2005 9:43:59 Page 109



SSH (SECURE SHELL) AND SCP (SECURE COPY PROTOCOL)


SSH (Secure Shell) is a connection utility that provides security for establishing a connectionand transmitting encrypted data over the secure connection. SCP (Secure Copy Protocol) is aprotocol that works with SSH to provide secure file transfer between a local and remote hostor between two remote hosts.

WHAT YOU REALLY NEED TO KNOW◆ SSH is a software utility (also called a protocol) that logs on to one network com-

puter from another and provides strong authentication and a secure communica-tion channel for executing commands and transferring data between thecomputers.

◆ SSH protects a computer from malicious attacks such as IP spoofing (in which anintruder sends a message that appears to come from a trusted host) and DNSspoofing (in which a hacker forges name server records to falsify his host’sidentity).

◆ SHH can be run from a command line. Some versions of SSH come with a graphicaluser interface.

◆ SSH requires generating a public key and a private key on the client machine byrunning the ssh keygen command. The keys are saved to the hard drive in sepa-rate encrypted files. The public key is transferred to an authorization file on thehost to which connection will be made. Connection is then accomplished using thecommand slogin -1 username hostname and public keys are exchanged. Ifauthentication succeeds, secure communication can proceed.

◆ SSH offers many configuration options, including the choice of several types ofencryption and the option of requiring a password. It can also be configured toredirect traffic from an insecure port (such as FTP) to an SSH secured port, a pro-cess called port forwarding. A client can exchange HTTP traffic with a Web servervia an SSH secured connection.

◆ The latest version of SSH, called SSH2, provides more security, efficiency, and port-ability than its predecessor.

◆ Some versions of SSH and SSH2 include SCP as a means of transferring files to andfrom remote hosts. SCP uses SSH servers and clients to achieve secure file transfersacross unsecured networks. SCP encrypts data being transferred, so that it cannotbe interpreted in case it is intercepted along its journey. This is in contrast to FTP,which transfers all data, including user names and passwords in plain text.


A network administrator is often faced with the task of securing communications linksbetween different segments of a network. Configuring client and server machines to use SSHis an excellent way to secure these communications links.

34384_CPEG_02 2/15/2005 9:44:43 Page 110

O B J E C T I V E S



1. Which of the following will SSH protect against?a. IP spoofingb. hard drive failurec. data corruptiond. the Melissa virus

2. In which situation could SSH be a useful tool?a. A user needs to lock her computer every day before leaving work.b. A network administrator must find a way to keep users from storing the passwords on their

hard drives.c. A company CEO must send confidential company documents to his executives over a wireless

network.d. A network administrator must scan e-mail leaving the company mail server.

3. Which of the following protocols is used to transfer data securely between remote hosts?a. FTPb. TFTPc. HTTPd. SCP

4. How can SSH help secure an FTP transmission?a. by using port spoofingb. by securing port 21c. by using port forwardingd. by breaking up the transmission and forwarding the pieces via different routes

5. SSH provides a secure communication alternative to which protocol?a. IPb. IPXc. ICMPd. Telnet

6. Which key must the host receive before communication can take place?a. public keyb. private keyc. password keyd. user key

7. Which SSH command is used to create the necessary encrypted keys?a. ssh makekey

b. ssh keys

c. ssh cutkeys

d. ssh keygen

34384_CPEG_02 2/15/2005 9:44:43 Page 111



ICMP (INTERNET CONTROL MESSAGE PROTOCOL), ARP (ADDRESS RESOLUTIONPROTOCOL), RARP (REVERSE ADDRESS RESOLUTION PROTOCOL), AND NTP

(NETWORK TIME PROTOCOL)

UNDERSTANDING THE OBJECTIVEICMP (Internet Control Message Protocol) ensures packets arrive at their destination.ARP (Address Resolution Protocol) can obtain the MAC address of a device on aTCP/IPnetwork based on its IP address, whereas RARP (Reverse Address Resolution Protocol)finds an IP address based on the MAC address of a device. NTP (NetworkTime Protocol)synchronizes the clocks of all computers on a network.

WHAT YOU REALLY NEED TO KNOW◆ Whereas IP ensures that packets reach the correct destination, ICMP notifies the

sender when something goes wrong in the transmission process and the packetsare not delivered.

◆ ICMP does not provide error control. It simply reports which networks are unreach-able and which packets have been discarded because the allotted time for theirdelivery expired.

◆ ICMP is used by diagnostic utilities, such as Ping and Tracert.◆ ARP is a TCP/IP protocol that translates IP addresses into MAC (physical) addresses

by broadcasting a packet to the entire network. This packet contains the IP addressof the host for which the MAC address needs to be known. When the host whoseIP address is being broadcast receives the packet, it responds. Other hosts on thenetwork ignore the broadcast.

◆ RARP is a TCP/IP protocol that performs a function that is the opposite of ARP. ARARP server maintains a table of MAC addresses and their associated IP addresses,which it uses to locate IP addresses in response to client requests.

◆ Hosts often keep a cache of ARP results, which enable them to respond morequickly to ARP requests (this works as long as IP addresses don’t often change).This cache is known as an ARP table.

◆ ARP can be a valuable troubleshooting tool for discovering the identity of amachine whose IP address you know or for troubleshooting two machines that aretrying to use the same IP address.

◆ NTP is used to synchronize the clocks of computers on a network. It is a verysimple protocol that belongs to the Application layer of the TCP/IP Model anddepends on UDP.

◆ Time synchronization is necessary on a network (particularly one as large as theInternet) because computers may keep time at slightly different rates. Time discrep-ancies can adversely affect applications that depend on timed responses.

OBJECTIVES ON THE JOBICMP,ARP, RARP, and NTP are important protocols within the TCP/IP suite.You shouldpractice using ARP and RARP to determine the MAC address of machines whose IP addressyou already know; this may prove to be a valuable troubleshooting tool.

34384_CPEG_02 2/15/2005 9:45:20 Page 112

O B J E C T I V E S



1. Which of the following utilities make use of ICMP? (Choose all that apply.)a. Tracertb. Winipcfgc. Pingd. Inetcfg

2. What kind of information will a RARP command return?a. a network addressb. a physical addressc. a hardware addressd. a MAC address

3. What do network hosts do to improve the speed of ARP responses?a. hold ARP tables in cacheb. keep ARP numbers in their TCP/IP configurationc. reassign MAC addresses if a response is not received quickly enoughd. issue multiple broadcasts to ensure prompt responses

4. Why is it important that the clocks of all computers on a network are synchronized?a. to ensure that data is delivered to the correct recipientb. to ensure that time-dependent applications function properlyc. to ensure that packets arrive at their destination in the proper orderd. to ensure that access to shared resources is fairly arbitrated

5. What type of transmission does ARP use to find a host with a specific IP address?a. multicastb. unicastc. broadcastd. loopback

6. On which Transport layer protocol does NTP rely?a. TCPb. IPc. UDPd. ICMP

7. Which of the following devices makes use of ARP tables?a. hubb. bridgec. routerd. NIC

34384_CPEG_02 2/15/2005 9:45:20 Page 113


2.10 Define the purpose, function, and/or use of the followingprotocols used in the TCP/IP (Transmission Control Protocol/InternetProtocol) suite (continued):

NNTP (NETWORK NEWS TRANSFER PROTOCOL), LDAP (LIGHTWEIGHT DIRECTORYACCESS PROTOCOL), IGMP (INTERNET GROUP MULTICAST PROTOCOL), AND LPR

(LINE PRINTER REMOTE)

UNDERSTANDING THE OBJECTIVENNTP (Network NewsTransfer Protocol) is aTCP/IP protocol used to facilitate transfer,printing, and reading of USENET newsgroup articles. LDAP (Lightweight DirectoryAccess Protocol) is used by operating systems to access information stored in directories ofdifferent operating systems. IGMP (Internet Group Multicast Protocol) defines the standardfor multicasting over a TCP/IP network. LPR (Line Printer Remote) works with LPD(Line Printer Daemon) to establish a connection between a host and a network printer.

WHAT YOU REALLY NEED TO KNOW◆ NNTP is an Application layer TCP/IP protocol that facilitates the exchange of news-

group messages between multiple servers and a wide group of userssimultaneously.

◆ News servers are organized hierarchically across the Internet acting as central distri-bution points for messages. Clients can use e-mail, Internet browsers, or specialsoftware to receive newsgroup messages. NNTP supports the process of readingand posting messages, and transferring news files between news servers.

◆ LDAP is an open protocol used to access information stored in a directory. LDAP isindependent of the type of server hosting the directory, thus allowing differentNOSs to share information about their network elements.

◆ LDAP network entities are called objects and their properties are called attributes.For example, a printer object’s attributes may include a location and printingpreferences. LDAP directories and their objects form hierarchical trees (calledschemas), which become maps for accessing directory information.

◆ IGMP is a TCP/IP Network layer protocol that controls and limits multicast trafficallowing hosts to participate in IP multicasting on the Internet. Multicasting is aprocess that sends a single message to a defined group of recipients. IGMP man-ages network multicast traffic by issuing queries to locate multicast groupmembers. Routers then channel multicast traffic only to group memberships, thusreducing overall network traffic. Network hosts use IGMP to subscribe to or toleave multicast groups.

◆ LPR is a TCP/IP protocol used to send print requests from a client to a networkedprinter or print server. If the request is sent to a print server, LPR is used in con-junction with a service called LPD (Line Printer Daemon) to establish connectivitybetween the client and the print server and receive LPR print requests. A printserver places client requests in a print queue and sends them to the networkprinter when it is available.

OBJECTIVES ON THE JOBEnsuring that printers work properly, that network traffic is not congested, that users canparticipate in Internet discussions, and that files move smoothly between different servers arepart of what keeps an administrator’s day very active.

34384_CPEG_02 2/15/2005 9:45:20 Page 114

O B J E C T I V E S



1. Suppose a user wants to send a print job to a network printer in another department instead ofusing her local printer. What is the best way to make this possible?

a. Reassign that user to the other department.b. Buy a printer for the user just like the one in the other department.c. Redirect print jobs from the user’s local printer to the print queue of the network printer.d. Have the user carry her files on a floppy disk over to the department where the printer is

located.

2. Which TCP/IP protocol is used to manage multicast traffic on a network?a. LDP/LPRb. IGMPc. NNTPd. LDAP

3. Which of the following statements is true?a. Clients can use e-mail to receive newsgroup messages.b. There are only a few newsgroups on the Internet, but the number is slowly growing.c. NNTP supports reading of newsgroup messages, but LPD/LPR is needed to send newsgroup

messages.d. NNTP operates in the Transport layer of the OSI Model.

4. What are the entities within an LDAP directory called?a. objectsb. propertiesc. attributesd. trees

5. What is the primary purpose of the LDAP protocol?a. to facilitate cross-platform system maintenanceb. to facilitate cross-platform exchange of filesc. to enable applications within a system to encrypt their filesd. to support file compression

6. Which protocol encapsulates IGMP datagrams?a. TCPb. IPc. ICMPd. UDP

7. Which network devices usually perform multicast queries?a. NICsb. hubsc. bridgesd. routers

34384_CPEG_02 2/15/2005 9:45:20 Page 115


2.11 Define the function of TCP/UDP (Transmission Control Protocol/UserDatagram Protocol) ports.


A socket is a logical address assigned to a specific process running on a host computer. Socketsdepend on the assignment of ports to different processes.

WHAT YOU REALLY NEED TO KNOW◆ When one computer attempts to communicate with another, it alerts the socket

address of the desired process on the other computer. The second computer recog-nizes the request and establishes the virtual circuit between the two computers sothat data exchange can begin. This forms a virtual connection between the hostand client.

◆ A port is a number assigned to a process running on a host. Port numbers canhave any value. Some software programs choose their own port numbers bydefault.

◆ The socket’s address is a combination of the host computer’s IP address and theport number associated with a process. For example, the Telnet service on a Webserver with an IP address of 10.43.3.87 might have a socket address of 10.43.3.87:23, where 23 is the standard port number for the Telnet service.

◆ The use of port numbers simplifies TCP/IP communications. When a client requestscommunications with a server and specifies port 23, for example, the server knowsimmediately that the client wants a Telnet session. No extra data exchange is nec-essary to define the session type, and the server can initiate the Telnet servicewithout delay. The server connects to the client’s Telnet port, which by default isalso port 23, and establishes a virtual circuit.

◆ Port numbers can be configured through software. Most servers maintain a text-based file of port numbers and their associated services, which is editable. Chang-ing a default port number is not usually a good idea, though, because it goesagainst the standard. However, some network administrators who are preoccupiedwith security may change their servers’ port numbers in an attempt to confusepotential hackers.


You most often use port numbers when networking with the Internet. For example, if youinstall Web server software, you must identify some ports on that server.You can then leaveports at their defaults (for example, port 80 for the HTTP server) or change them to anothernumber not already reserved by a process.

34384_CPEG_02 2/15/2005 9:45:20 Page 116

O B J E C T I V E S



1. How are port numbers configured?a. through softwareb. through NIC dip switchesc. through MAC addressesd. through default gateways

2. In which of the following situations does it make sense to use a port number other than the defaultassigned by the software?

a. when configuring an FTP server for users of freeware to download a patchb. when configuring a Web server that hosts an online clothing storec. when configuring an FTP server for employees within an organization to download their pay-

roll informationd. when configuring the SNMP interface on a server inside an organization’s firewall

3. A socket allows two computers to establish what kind of circuit?a. virtualb. closedc. transitoryd. application

4. Which of the following is a socket address?a. 127.0.0.1.80b. 126.12.132.20:80c. 23:12:122:80d. 80:126.12.132.20

5. How many ports can be assigned on one server?a. only oneb. no more than 10c. no more than 100d. over 65,000

6. What two components form a socket address?a. a TCP header and a port numberb. an IRQ number and an IP addressc. a TCP number and an IP addressd. an IP address and a port number

7. Some software programs choose their own port numbers by default. True or False?

34384_CPEG_02 2/15/2005 9:45:21 Page 117


2.12 Identify the well-known ports associated with the following commonly usedservices and protocols:

WELL KNOWN PORTSUNDERSTANDING THE OBJECTIVE

An IP address will direct a data packet to a specific network device, but it is the port numberthat directs the packet to the destination application or service within the device. On aTCP/IP network, a port is an endpoint destination address for a logical connection thatidentifies a specific service provided by a network computer. Because port numbers are soimportant to the TCP/IP communication process, assignment of numbers to certain ports,known as Well Known Ports, is restricted and can only be done by the proper Internetauthority.

WHAT YOU REALLY NEED TO KNOW◆ On TCP/IP networks, logical IP addresses have a port number suffix attached to

them to direct communication service calls to the correct application or service ona destination node. Port numbers range from 0 to 65,535 and within that rangethey are divided into three groups: well known ports, registered ports, anddynamic/private ports.

◆ Well known ports are those within the reserved range of 0 to 1023 originallyassigned by the Internet authority, IANA, to some popular services, such as FTP andTelnet.

◆ Some well known ports for common TCP/IP services and protocols are shown in thefollowing table:

Port Protocol/Service Port Protocol/Service20 FTP (File Transfer Protocol)—data 80 HTTP (Hypertext Transfer Protocol)21 FTP (File Transfer

Protocol)—commands110 POP3 (Post Office Protocol version 3)

22 SSH (Secure Shell) 119 NNTP (Network News Transfer Protocol)23 Telnet 123 NTP (Network Time Protocol)25 SMTP (Simple Mail Transfer Protocol) 143 IMAP4 (Internet Message Access Protocol

version 4)53 DNS (Domain Name Service) 443 HTTPS (Hypertext Transfer Protocol Secure)69 TFTP (Trivial File Transfer Protocol)

◆ A complete list of well known ports can be found on the Internet at http://www.iana.org/assignments/port-numbers.

◆ Registered Ports are those ports that range between 1024 to 49,151. These portsare accessible to network users and processes that do not have special administra-tive privileges. Default assignments of these ports (for example, by a software pro-gram) must be registered with IANA. Ports ranging from 49,152 to 65, 535 are notcontrolled by the Internet authority.

OBJECTIVES ON THE JOBNetwork administrators must know which ports are operating on their network equipmentand who has access to them. Malicious attacks against networks are often directed at certainport numbers. Knowing which ports are vulnerable to attack and how to secure them is animportant function of a network administrator.

34384_CPEG_02 2/15/2005 9:45:21 Page 118

O B J E C T I V E S



1. Which organization controls allocation of well known port numbers?a. International Organization for Standardization (ISO)b. Institute of Electrical and Electronics Engineers (IEEE)c. Internet Assigned Numbers Authority (IANA)d. American National Standards Institute (ANSI)

2. What is the range for well known port numbers?a. 0 to 999b. 0 to 1023c. 0 to 49,151d. 0 to 65,535

3. To which port on a Web server would client requests for Web pages be directed?a. port 21b. port 23c. port 80d. port 110

4. Which ports might be used by a client host to retrieve e-mail messages from a mail server?(Choose all that apply.)

a. port 23b. port 25c. port 110d. port 143

5. Why might a Web server operate a service on port 443?a. to take any overflow requests directed at port 80b. to have a redundant backup port in case port 80 failedc. to secure the server so that only outgoing communication could take placed. to provide a means of secure communication with the Web server

6. You are a network administrator for your company. Suddenly, employees begin calling you to com-plain that they are unable to receive any e-mail. They are able to send e-mail and access Webpages, but there is no incoming e-mail. What is the problem?

a. There is no connection to your ISP.b. Your SMTP service on port 25 has stopped functioning.c. Your DHCP service is not working.d. Port 110 POP3 service on your mail server is down.

7. Which is the Telnet port?a. port 23b. port 80c. port 143d. port 25

34384_CPEG_02 2/17/2005 16:46:55 Page 119


2.13 Identify the purpose of network services and protocols (for example, DNS(Domain Name Service), NAT (Network Address Translation), ICS (InternetConnection Sharing), WINS (Windows Internet Naming Service), SNMP(Simple Network Management Protocol), NFS (Network File System),Zeroconf (Zero configuration), SMB (Server Message Block), AFP (AppleFile Protocol), LPD (Line Printer Daemon), and Samba):

DNS (DOMAIN NAME SERVICE) AND WINS (WINDOWS INTERNET NAMINGSERVICE)

UNDERSTANDING THE OBJECTIVEDNS (Domain Name Service, also known as Domain Name System) associates IP addresseswith domains on the Internet to allow clients to transfer information more easily.DNS,whichreplaces the older method of resolving names via a single host file, is a hierarchical system inwhich multiple servers across the Internet share the burden of finding machines belonging tospecific domains. WINS (Windows Internet Naming Service) provides a mechanism forresolving Windows NetBIOS names into IP addresses.

WHAT YOU REALLY NEED TO KNOW◆ In the mid-1980s, a hierarchical way of resolving host and domain names with their

IP addresses was developed. This system was called DNS. The DNS database doesnot rely on one file or even one server, but is distributed over key computers onthe Internet to prevent catastrophic failure if one or a few computers go down.

◆ DNS is a TCP/IP service that belongs to the Application layer of the OSI Model.◆ A TCP/IP host is typically associated with a domain, a group of computers that have

part of their IP addresses in common. Often, this group of computers belongs tothe same organization.

◆ A domain is identified by its domain name. Usually, a domain name is associatedwith a company or other type of organization, such as a university or military unit.For example, IBM’s domain name is ibm.com.

◆ Whereas some organizations use only one name server, large organizations oftenmaintain two or more name servers. When more than one name server exists, aprimary name server is the ultimate naming authority on the network.

◆ Each device on the network relies on the name server and, therefore, must be ableto find it. The IP address of the client’s primary and secondary DNS servers must bespecified in the client’s TCP/IP properties.

◆ On a Windows network, WINS provides a means of resolving NetBIOS names withIP addresses. WINS provides for the NetBIOS protocol what DNS provides for theTCP/IP protocol.

◆ WINS can be implemented on servers running Windows NT Server version 3.5 orhigher. The WINS server maintains a database that accepts requests from Windowsor DOS clients to register with a particular NetBIOS name. WINS does not assignnames or IP addresses; it only keeps track of NetBIOS names and their addresses.

OBJECTIVES ON THE JOBEvery client on the network must be able to access a DNS server to resolve host names toaddresses.The alternative on a Windows network is to run the WINS protocol for host nameresolution.

34384_CPEG_02 2/15/2005 9:45:21 Page 120

O B J E C T I V E S



1. Which of the following best describes the relationship between IP addresses and domains?a. Each domain is associated with a single IP address.b. Each IP address is associated with a single domain.c. Each domain is associated with a range of IP addresses.d. Each IP address is associated with a group of domains.

2. To which layer of the OSI Model does DNS belong?a. Applicationb. Presentationc. Sessiond. Transport

3. Which two of the following domain names could belong to a business?a. ferrari.edub. ferrari.milc. ferrari.comd. ferrari.it

4. Where on a client workstation is WINS configured?a. in the network adapter propertiesb. in the modem settingsc. in the TCP/IP propertiesd. in the Microsoft client settings

5. Which one of the following is most likely to use WINS?a. a Windows 3.11 workstationb. a Linux serverc. a Novell serverd. a Windows 2000 workstation

6. What is a significant difference between the Domain Name System and local host files?a. DNS is hierarchical, whereas a host file is flat.b. A host file is easier to maintain than DNS.c. A host file is more efficient than DNS.d. DNS represents a single point of failure, whereas a host file ensures redundancy.

7. How many different organizations can use the same domain name?a. oneb. no more than twoc. no more than two, as long as they are located in the same countryd. no more than four

34384_CPEG_02 2/15/2005 9:45:21 Page 121


2.13 Identify the purpose of network services and protocols (for example, DNS(Domain Name Service), NAT (Network Address Translation), ICS (InternetConnection Sharing), WINS (Windows Internet Naming Service), SNMP(Simple Network Management Protocol), NFS (Network File System),Zeroconf (Zero configuration), SMB (Server Message Block), AFP (AppleFile Protocol), LPD (Line Printer Daemon), and Samba (continued)):

NAT (NETWORK ADDRESS TRANSLATION) AND ICS (INTERNET CONNECTIONSHARING)

UNDERSTANDING THE OBJECTIVENAT (Network Address Translation) is a method of using an IP gateway to associateInternet-recognized IP addresses with a client. Each time the client accesses the Internet, theNAT gateway assigns the client’s data a new source IP address. ICS (Internet ConnectionSharing) is a Windows service that allows multiple PCs to share a single Internet connection.

WHAT YOU REALLY NEED TO KNOW◆ IP gateways can be used to “hide” the IP numbers assigned within an organization

from any public network (such as the Internet). Clients behind the gateway mayuse any IP addressing scheme, but once they need to connect to the Internet theymust have an Internet-recognizable IP address to exchange data. Upon reachingthe IP gateway, the client’s transmission is assigned a publicly recognized IP addressin a process known as NAT.

◆ NAT adds a marginal amount of security to a private network when it is connectedto a public network. Because the transmission is assigned a new IP address when itreaches the public sphere, others outside the organization cannot trace the trans-mission to the client.

◆ NAT also enables a network administrator to develop her own network addressingscheme that does not conform with a scheme dictated by ICANN. This can makenetwork management and troubleshooting easier. A limited number of publiclyrecognized IP addresses can also be shared among multiple machines.

◆ ICS is a service found on Microsoft Windows PC operating systems, such as Win-dows 98 and Windows XP, that allows multiple, networked computers to share asingle Internet connection and a single IP address.

◆ ICS assigns one computer to process Internet requests from each connectedmachine. This computer, or the host, issues each of the connected computers an IPaddress but that address is only for use within the home network. When the hostcomputer accesses the Internet, it uses just the one IP address, its own.

◆ ICS is similar to NAT in that it prevents multiple nodes from having to reveal theirIP addresses when connecting to a public network.

OBJECTIVES ON THE JOBYou will likely encounter NAT in an environment in which IP addresses are scarce or inwhich the IP addresses of clients on a private network need to be protected from outsidedetection. ICS is frequently used on SOHO networks in which several machines might sharea single dial-up connection to an ISP.

34384_CPEG_02 2/15/2005 9:45:21 Page 122

O B J E C T I V E S



1. Which of the following computers would use ICS?a. a NetWare 5.x serverb. a Windows XP workstationc. a Macintosh workstationd. a Windows NT server

2. What type of connectivity device manages NAT?a. bridgeb. hubc. switchd. gateway

3. What does “ICS” stand for?a. Internet Connection Sharingb. Internet configuration systemc. intermittent communications sessiond. integrated communication system

4. Which of the following are reasons for using NAT? (Choose all that apply.)a. to share a limited number of valid IP addresses among multiple clientsb. to automatically assign IP addresses to clients when they log on to a LANc. to mask the real IP addresses of clients on a private networkd. to increase the speed with which Web pages are retrieved from the Internet

5. Which of the following is a reason for using ICS?a. to allow remote users to securely log on to a private LAN via the Internetb. to cache frequently used Web pages so that they can be subsequently accessed fasterc. to share a single Internet connection among multiple clientsd. to detect the presence of suspicious files, such as viruses, in Internet downloads

6. Which of the following is most likely to use ICS?a. a small, nonprofit organization that uses the Internet to solicit contributionsb. a regional insurance company whose salespeople dial in to the corporate LAN each night

from their homesc. an Internet service provider that needs to ensure connectivity between multiple data centers

and telecommunications carriersd. a local architectural firm that sends drawings to and receives drawings from various clients

across the nation

7. How does NAT compare to firewalls, in terms of securing data between public and privatenetworks?

a. NAT offers more security for data in transit.b. NAT offers more security for resources on a server.c. NAT offers less security for data in transit.d. NAT offers more security for private client identification.

34384_CPEG_02 2/15/2005 9:45:22 Page 123


2.13 Identify the purpose of network services and protocols (for example, DNS(Domain Name Service), NAT (Network Address Translation), ICS (InternetConnection Sharing), WINS (Windows Internet Naming Service), SNMP(Simple Network Management Protocol), NFS (Network File System),Zeroconf (Zero configuration), SMB (Server Message Block), AFP (Apple FileProtocol), LPD (Line Printer Daemon), and Samba (continued)):

SNMP (SIMPLE NETWORK MANAGEMENT PROTOCOL)


SNMP (Simple Network Management Protocol) is the underlying mechanism throughwhich network devices and connections are managed. It can detect whether a device isresponding under certain predefined conditions.

WHAT YOU REALLY NEED TO KNOW◆ SNMP collects information (collectively referred as the up/down status) about com-

puters, including network components, such as servers and routers. Networkadministrators rely on SNMP to monitor and manage networks.

◆ As its name implies, SNMP is a very simple subprotocol. Its functionality is limitedto determining whether a device is responding under specified conditions. It is asubprotocol of the TCP/IP suite that resides in the Application layer of the OSIModel.

◆ SNMP relies on the Transport layer subprotocol UDP; therefore, it does not verifythat a connection has been established before it attempts to discover informationabout a device.

◆ Information gathered via SNMP is stored in a MIB (Management Information Base)by a network management system. MIBs are then interpreted by sophisticated net-work management software packages, such as HP OpenView.

◆ For devices to submit information to a MIB, they must be SNMP-compliant. Mostmodern routers, switches, bridges, and managed hubs have this capability.

◆ One drawback to SNMP is that it may generate a large volume of potentiallysuperfluous information along with useful information (for example, it may reporteach time a NIC is disconnected from the network).


Network administrators often use SNMP to determine the health of the network. Forexample, a Web server’s HTTP port can be monitored through SNMP to determine if it isresponding. If SNMP doesn’t detect a response, a program can use that information to alert thenetwork administrator that theWeb page is down.Thanks to SNMP,problems can be detectedand addressed quickly.

34384_CPEG_02 2/15/2005 9:45:22 Page 124

O B J E C T I V E S



1. On which of the following Transport layer subprotocols does SNMP rely?a. TCPb. IPc. UDPd. ICMP

2. What stores information collected by SNMP?a. MIPb. MIBc. SMIPd. SMB

3. Which of the following programs could be considered a network management system?a. Netscape Navigatorb. Microsoft SQL Serverc. Microsoft Exchange Serverd. HP OpenView

4. In addition to detecting whether a device is running, what other two functions can SNMP helpprovide? (Choose all that apply.)

a. LAN topology mappingb. traffic route optimizationc. broadcast transmission filteringd. notification of network problems

5. At which layer of the OSI Model does SNMP operate?a. Applicationb. Sessionc. Transportd. Data Link

6. Which of the following network components are likely to issue SNMP data? (Choose all that apply.)a. serverb. repeaterc. routerd. tape backup drive

7. Which of the following conditions would SNMP be able to report?a. A Web server is responding to requests at half of its normal speed.b. Half of the ports on a switch are not accepting data.c. A NIC is issuing broadcast error messages to the rest of the nodes on its segment.d. A user is prevented from logging on to the network because he has entered an invalid pass-

word three times.

34384_CPEG_02 2/15/2005 9:45:22 Page 125



NFS (NETWORK FILE SYSTEM)


NFS (Network File System) is a distributed file control mechanism for remotely accessingshared directories and files across a network. It allows the administrator to manipulate remotedirectories and files as if they were on the local machine.

WHAT YOU REALLY NEED TO KNOW◆ The main function of NFS is to provide an export service for directories and files to

remote computers. It operates as a client/server relationship in which access to theshared resources can be restricted to authorized clients.

◆ When a client wants to use a file resource, the server makes the file system avail-able through a process called exporting. The client can then mount the file systemthat has been exported, using the NFS mount protocol, to gain access to the files itholds. The client will need an account on the resource server to mount the filesystem. When the file system is mounted, it becomes a virtual part of the directorytree on the client machine and appears to the client user as if it is located on hermachine. The mounting process does not copy the mounted directory to the client.Instead, RPCs (remote procedure calls) are used to allow the client to access theserver as if the client was accessing its own directory tree. The location client direc-tory tree where the mounted directory appears is called the mount point.

◆ NFS provides many benefits for sharing and accessing network files. Users can havea home directory, located on a network server, which could be accessed from anycomputer on the network. Also, commonly used files could be stored in a centrallocation and accessed by all those who needed the files, resulting in reduced diskstorage space on local machines. Another benefit NFS provides is shared access toshared devices, such as CD-ROMs, on remote machines.


Network administrators often use NFS to establish home directories for users who are thenable to access their home directory from any network computer after proper authentication isestablished. Directory sharing for workgroups is also set up using NFS.

34384_CPEG_02 2/15/2005 9:45:22 Page 126

O B J E C T I V E S



1. Which company originated NFS?a. Microsoftb. IBMc. Xeroxd. Sun Microsystems

2. With NFS, what type of relationship is established between the computer with the resource and thecomputer requiring use of the resource?

a. a terminal relationshipb. a browser-based relationshipc. a client/server relationshipd. an auto-link relationship

3. Which of the following occurs first?a. A client mounts the file system.b. A server exports the file system.c. A user works on files remotely.d. A server closes a connection to the client.

4. What does RPC stand for?a. remote procedure callb. random protocol configurationc. remote protocol configurationd. roaming procedure call

5. In the NFS remote file access process, where are the files located on which the user works?a. on the file serverb. on the client machine’s hard drivec. in the client machine’s ROMd. on a remote database server where the files have been transferred to be worked on

6. Which of the following is an advantage of implementing NFS on a network? (Choose all thatapply.)

a. Files can be shared by many clients.b. Devices such as CD-ROMs can be accessed across a network.c. Computers can be turned on and off remotely.d. E-mail can be accessed remotely.

7. Where is a mount point located?a. on the server’s directory treeb. on the client’s directory treec. on the server’s RAMd. in the client’s RAM

34384_CPEG_02 2/15/2005 9:45:22 Page 127


2.13 Identify the purpose of network services and protocols (for example, DNS(Domain Name Service), NAT (Network Address Translation), ICS (InternetConnection Sharing), WINS (Windows Internet Naming Service), SNMP(Simple Network Management Protocol), NFS (Network File), Zeroconf (Zeroconfiguration), SMB (Server Message Block), AFP (Apple File Protocol), LPD(Line Printer Daemon), and Samba (continued)):

ZEROCONF (ZERO CONFIGURATION)

UNDERSTANDING THE OBJECTIVEZeroconf (Zero Configuration) is a protocol developed by a working group within IETF(Internet EngineeringTask Force) to enable the dynamic configuration of network nodeswithout the need for complex configuration or technical assistance.

WHAT YOU REALLY NEED TO KNOW◆ The Zeroconf Working Group was established by IETF in 1999 amid concerns that IP

networking had become too complex for users who simply wanted to communicateone-on-one or in small groups without the intervention of network administratorsor technicians. Apple users could do this through AppleTalk, but TCP/IP usersneeded DHCP services, DNS, and other services not always available or configuredon personal computers.

◆ Zeroconf is able to work without complex configuration of DHCP, DNS, and otherservices to automatically and seamlessly perform normal networking functions, suchas allocating IP addresses, translating between domain names and IP addresses, andlocating a printer.

◆ A major accomplishment of the Zeroconf Working Group was development of thespecification for dynamic configuration of IPv4LL (IPv4 Link-Local addresses), whichwas completed in 2003. Through the use of IPv4LL, manual configuration of IPaddresses is avoided by automatically allocating link-local IPv4 addresses in the 169.254.0.0/16 range.

◆ Apple Computer, Inc., pioneered the use of Zeroconf in the transition from Apple-Talk to IP networking. They named their Zeroconf technology Rendezvous. It wasdesigned to ensure that Apple computers would continue to be easy to use in anIP environment.

◆ One of the best examples of the implementation of IPv4LL is with networkprinters. Most printers don’t have the interfaces necessary to perform network con-figuration such as IP addresses or subnet masks, so when they are plugged into thenetwork infrastructure, they need to be able to configure themselves automaticallywithout human intervention. In most printers manufactured today, Zeroconf IPv4LLperforms this automatic configuration.

◆ In home networks, individuals with limited experience could easily use Zeroconf tolink two computers. It can also allow for conferencing in which diverse groupscome together and need quick, effortless communications channels.

OBJECTIVES ON THE JOBAs a network administrator, when you are setting up network printers you will encounterZeroconf technology at work as you connect your printer to the network.This protocol isbuilt in to a network printer’s firmware.

34384_CPEG_02 2/15/2005 9:45:22 Page 128

O B J E C T I V E S



1. For clients using Zeroconf, which of the following services need not be enabled or configured?(Choose all that apply.)

a. Web servicesb. DHCPc. DNSd. NetBIOS

2. Which company pioneered the use of Zeroconf?a. Microsoftb. IBMc. Novelld. Apple

3. What was the original goal of the Zeroconf working group?a. to develop a new IP addressing schemeb. to make TCP/IP more robustc. to eliminate IP addressingd. to simplify network setup

4. Which organization is the governing authority for the Zeroconf protocol?a. IETFb. IEEEc. IANAd. ANSI

5. What is the purpose of the IPv4LL specification?a. to describe how printer drivers should be writtenb. to automatically allocate Class D IP addressesc. to automatically configure Internet routersd. to automatically allocate IP addresses in the 169.254.0.0/16 range

6. Which of the following would not be a good situation in which to deploy the Zeroconf protocol?a. when configuring a network with 70 computers on three segments, all of which require the

highest security possibleb. when setting up a network printerc. when meeting with a friend in a coffee shop to exchange files on your laptop computersd. when setting up your two business computers to exchange finance spreadsheets

7. What is the name given to the Apple implementation of Zeroconf?a. Reincarnationb. Reconnaissancec. Rendezvousd. Revolution

34384_CPEG_02 2/15/2005 9:45:23 Page 129



SMB (SERVER MESSAGE BLOCK), SAMBA, AFP (APPLE FILE PROTOCOL), AND LPD(LINE PRINTER DAEMON)

UNDERSTANDING THE OBJECTIVESMB (Server Message Block) is a protocol used in networking tasks, such as file and printsharing. Samba is an implementation of SMB with added Microsoft extensions. AFP (AppleFile Protocol, also known as AppleTalk Filing Protocol) is similar to SMB but is native to theMacintosh OS. LPD (Line Printer Daemon) is a TCP/IP-based protocol used to providecommunication between a client and a printer.

WHAT YOU REALLY NEED TO KNOW◆ IBM’s SMB protocol was modified by Microsoft to run on top of NetBEUI and

renamed CIFS (Common Internet File System). SMB is the file-sharing protocol forWindows 9x/Me/NT, whereas CIFS is native to Windows 2000/XP/2003. Since Win-dows 2000, SMB does not require the NetBIOS API for transport and will run overTCP/IP.

◆ SMB uses the client/server approach to sharing network resources. An SMB serverresponds to requests from SMB clients. It functions at the Application and Presenta-tion layers of the OSI Model to provide commands for opening, writing, and clos-ing files across a network, as well as providing directory services. It relies on lower-level protocols for transport.

◆ Samba is a free suite of UNIX utilities using Microsoft SMB protocols. With Sambarunning, a UNIX or Linux computer appears to Windows or OS/2 clients as a Win-dows computer allowing clients to access a UNIX or Linux computer’s sharedresources and perform file and print sharing.

◆ AFP is the native Macintosh OS file- and print-sharing protocol that performs func-tions similar to those of SMB. It runs over TCP/IP or over the legacy AppleTalkprotocol. Macintosh OS X allows both AFP and SMB connections to its file servers.AFP is a client/server-based implementation similar to Samba and SMB/CIFS.

◆ LPD is a protocol that runs over TCP/IP to provide service between a client com-puter and a print server. LPD works with the LPR protocol, which resides on theclient-side to send requests for printing. LPD functions as the server component,providing a print queuing service for network printers. LPD was originally devel-oped for the UNIX operating system and is now used on a variety of operatingsystems.

OBJECTIVES ON THE JOBWhen working with networks that include a mix of operating systems, a network adminis-trator must support cross-platform file and resource sharing. Knowing the services andprotocols that enable different operating systems to interconnect and share resources is crucialto maintaining an efficient, trouble-free network.

34384_CPEG_02 2/15/2005 9:45:23 Page 130

O B J E C T I V E S



1. What is the primary function of the SMB protocol?a. to provide network securityb. to maintain balanced network traffic loads across segmentsc. to facilitate file and print sharing across a networkd. to upgrade and provide a transport mechanism for HTTP

2. On which operating system would you most likely find both AFP and SMB implemented?a. Windowsb. Macintoshc. UNIXd. Novell

3. At which layers of the OSI Model does SMB function? (Choose all that apply.)a. Transport layerb. Session layerc. Presentation Layerd. Application layer

4. Samba is a protocol in the TCP/IP suite of protocols. True or False?

5. Which approach to network resource sharing do SMB, Samba, and AFP all use?a. terminal/serverb. multitierc. peer-to-peerd. client/server

6. LPD was originally developed for which operating system?a. Windowsb. UNIXc. Linuxd. OS/2

7. Which of the following is true? (Choose all that apply.)a. Samba was first created by IBM.b. Samba is used to assist in communication between Windows and UNIX operating systems.c. SFP is a file-sharing protocol similar to SMB but native to the Linux OS.d. Samba is a free implementation of the Microsoft SMB extended protocol.

34384_CPEG_02 2/15/2005 9:45:23 Page 131


2.14 Identify the basic characteristics (for example, speed, capacity, and media) ofthe following WAN (wide area network) technologies:

PACKET SWITCHING AND CIRCUIT SWITCHING


Circuit switching is a transmission technology used by the PSTN and by T-carriers. Incircuit switching, a channel is dedicated to a certain transmission until the transmission iscompleted. In packet switching, which is used by Ethernet and FDDI, data is divided intopackets. The data packets may then take any route to their destination, where they arereassembled in their original order.

WHAT YOU REALLY NEED TO KNOW◆ In circuit switching, a connection is established between two network nodes before

they begin transmitting data. Bandwidth is dedicated to this connection andremains available until the users terminate communication between the two nodes.While the nodes remain connected, all data follows the same path initially selectedby the switch.

◆ The PSTN uses circuit switching. When you place a telephone call, your call goesthrough a circuit-switched connection. Similarly, the connection between a homePC modem and an ISP’s access server is established via circuit switching.

◆ Because circuit switching monopolizes its allotted bandwidth while the two stationsremain connected (even when no actual communication is taking place), it is notan economical technology.

◆ Some network applications that cannot tolerate the time delay it takes to reorga-nize data packets, such as live audio or videoconferencing, benefit from circuitswitching’s dedicated path.

◆ Some WAN technologies, such as ISDN and T1 services, also use circuit switching.◆ Packet switching breaks data into packets before they are transported. Packets can

travel any path on the network to their destinations, because each packet containsthe destination address and sequencing information. Consequently, packets canattempt to find the fastest circuit available at any instant. They need not followeach other along the same path, nor must they arrive at their destination in thesame sequence they left the transmitting node.

◆ The destination node on a packet-switched network reassembles the packets basedon the packets’ control information. Because of the time it takes to reassemble thepackets into a message, packet switching is not suited to live audio or videotransmission. Nevertheless, it is a fast and efficient mechanism for transportingtypical network data, such as word-processing or spreadsheet files.

◆ Examples of packet-switched networks include Ethernet and FDDI.


If you work on packet-switched LANs, such as those that use the Ethernet network accessmethod,you must understand how the disassembly, sequencing,and reassembly of packets works.

34384_CPEG_02 2/15/2005 9:45:23 Page 132

O B J E C T I V E S



1. Which of the following is characteristic of a packet-switched network, but not a circuit-switchednetwork?

a. sequencingb. transceiversc. star topologyd. shared channels

2. Which of the following technologies uses packet switching?a. PSTNb. Ethernetc. T1d. ISDN

3. Which of the following best describes a packet?a. a collection of data discarded by a routerb. a discrete unit of datac. a means to translate packet-switched data into circuit-switched datad. a continuous stream of data

4. Which of the following is best suited for videoconferencing over the network?a. packet switchingb. circuit switchingc. Ethernetd. Token Ring

5. Which of the following networks would use a combination of packet switching and circuitswitching?

a. a MAN that connects two office buildings using 100BASE-FXb. a WAN that connects 25 buildings of an insurance regional company through dedicated T1sc. a LAN that connects 200 users within a large bankd. a WAN that connects multiple office buildings using FDDI and allows remote employees to

connect by dialing their ISP and logging on to a VPN

6. What is the single greatest disadvantage to packet switching?a. It is expensive.b. It is not highly scalable.c. Its standards are not stable.d. It is ill suited to time-sensitive transmissions.

7. Which of the following best describes circuit switching?a. A dedicated connection is established between two network nodes and remains available until

the users terminate communication.b. A connection is established between two network nodes and may allow other nodes to use

and share the same channel while the first two nodes communicate.c. No dedicated connection is established between two network nodes, but a best path between

them is dynamically discovered as they begin transmitting data.d. No connection is established between two network nodes, but data is separated into units

that may follow separate paths.

34384_CPEG_02 2/15/2005 9:45:23 Page 133


2.14 Identify the basic characteristics (for example, speed, capacity, and media) ofthe following WAN (wide area network) technologies (continued):

ISDN (INTEGRATED SERVICES DIGITAL NETWORK)


ISDN (Integrated Services Digital Network) was developed in the mid-1980s to senddigital data over public transmission lines. ISDN can be a dial-up connection or dedicatedsolution. It has been a popular choice for individuals and small businesses who want a fasterand more secure connection than the PSTN can offer.

WHAT YOU REALLY NEED TO KNOW◆ ISDN is a standard established by the ITU (International Telecommunication Union)

for transmitting data over digital lines.◆ ISDN is a circuit-switched technology that uses the telephone carrier’s lines and

dial-up connections, like PSTN. Unlike PSTN, ISDN travels exclusively over digitalconnections and can carry data and voice simultaneously.

◆ All ISDN connections are based on two types of channels: B channels and Dchannels.

◆ The B channel, which is the bearer channel, uses circuit-switching techniques tocarry voice, video, audio, and data over the ISDN connection. A single B channelhas a maximum throughput of 64 Kbps, although it is sometimes limited to 56Kbps by the ISDN provider. The number of B channels in an ISDN connection canvary.

◆ The D channel is the data channel that uses packet-switching techniques to carryinformation about the call, such as session initiation and termination signals, calleridentity, call forwarding, and conference calling signals.

◆ A single D channel has a maximum throughput of 16 Kbps or 64 Kbps, dependingon the type of ISDN connection.

◆ North American users commonly use two types of ISDN connections: BRI (Basic RateInterface) or PRI (Primary Rate Interface).

◆ BRI uses two B channels and one D channel, as summarized by this notation: 2B+D.The two B channels are treated as separate connections and can carry voice anddata or two data streams simultaneously and separately.

◆ Through a process called bonding, two 64-Kbps B channels can be combined toachieve an effective throughput of 128 Kbps, the maximum throughput for BRI.

◆ PRI uses 23 B channels and one 64-Kbps D channel, which, when combined, canoffer 1.544-Mbps throughput. PRI is less commonly used by individual subscribersthan BRI but can be used by organizations needing more throughput.


ISDN lines have been a popular choice for small businesses for moderately fast connections tothe Internet.Due to their ability to transmit voice and data simultaneously, ISDN lines can alsoeliminate the need to pay for separate phone lines to support faxes, modems, and voice.

34384_CPEG_02 2/15/2005 9:45:23 Page 134

O B J E C T I V E S



1. How much throughput is optimally available through BRI?a. 1.455 Mbpsb. 56 Kbpsc. 128 Kbpsd. 768 Kbps

2. Which of the following is an advantage of ISDN over PSTN?a. It’s less expensive.b. It provides greater throughput.c. It is easier to configure.d. It doesn’t depend on public transmission lines.

3. Which of the following is an advantage of DSL over BRI?a. It provides greater throughput.b. It’s easier to configure.c. It doesn’t require any special hardware.d. It doesn’t depend on public transmission lines.

4. In the context of ISDN services, what does “2B+D” stand for?a. two basic and one denominatorb. basic, broadband, and digitalc. two bearer and one datad. bearer, broadband, and digital

5. What is the maximum throughput of one B channel?a. 8 Kbpsb. 16 Kbpsc. 64 Kbpsd. 128 Kbps

6. What is the Physical layer difference between PSTN and ISDN?a. ISDN uses all digital lines, whereas PSTN may use analog lines.b. ISDN can encapsulate IP packets, whereas PSTN cannot.c. ISDN uses Ethernet NICs, whereas PSTN uses Token Ring NICs.d. ISDN lines can handle 128 Kbps, whereas PSTN lines can handle only 56 Kbps.

7. In which of the following situations might ISDN be the best choice?a. for a small, nonprofit organization that needs a connection to the Internet to pick up mail

every other dayb. for a multinational insurance company that expects its salespeople to dial in each night from

their hotel roomsc. for a large software development company that needs to transmit and receive programs all

day and all nightd. for a small, rural architectural firm that needs to pick up e-mail frequently and occasionally

send and receive drawings

34384_CPEG_02 2/15/2005 9:45:23 Page 135



FDDI (FIBER DISTRIBUTED DATA INTERFACE) AND X.25


FDDI (Fiber Distributed Data Interface) is a technology whose network access methoddiffers from Ethernet and Token Ring. FDDI relies on a double ring of fiber-optic cable,making it very reliable. X.25 is a WAN network access technology for packet-switchednetworks.

WHAT YOU REALLY NEED TO KNOW◆ FDDI is a logical topology that uses a double ring of multimode or single-mode

fiber to transmit data. It was the first network transport system to reach the 100-Mbps threshold. Therefore, you may find it supporting legacy network backbones.

◆ FDDI’s double-ring topology makes it especially reliable. Normally, data circulateson the primary ring, but if the primary ring is severed, data is carried by the sec-ondary ring.

◆ X.25 is a standard that describes the interface between a node and a terminal on apacket-switched network. Its transmissions are very reliable and secure, with errorchecking at each node. The added packet handling makes X.25 slower than otherWAN technologies. Throughput is optimized at 100 Kbps.

◆ X.25’s reliability and security are favored by financial institutions for conveying sen-sitive data over noisy network connections, such as transferring data from remoteterminals such as automated teller machines. X.25 is also sometimes used to con-nect other WAN technologies such as ISDN.

◆ Each X.25 user end is fitted with DTE (Data Terminal Equipment) and the carrier inbetween has DCE (Data Circuit-terminating Equipment).

◆ X.25 is not a TCP/IP-based data transmission system, but it will carry encapsulatedIP packets over X.25 circuits via a mechanism of address conversion.

◆ X.25 functions in the Physical, Data Link, and Network layers of the OSI Model. Theerror-free nature of X.25 is due to protocols working in the Data Link layer, whichrequire receipt of the entire X.25 packet before checking for errors.

◆ X.25 provides two types of logical communication channels. A SVC (switched vir-tual circuit) is similar to a telephone call in which a connection is established, datais transferred, and the connection is terminated. A PVC (permanent virtual circuit)is similar to a leased line, such as a T-carrier, in which the line is always available.


You may work with X.25 on networks that carry financial data over WAN networks such asmay be found with credit card transactions. Because X.25 is significantly different from themore popular Ethernet, be certain to understand its use of terminal equipment and how thisaffects the media and other components on the network.

34384_CPEG_02 2/15/2005 9:45:24 Page 136

O B J E C T I V E S



1. At what throughput is an X.25 network connection optimized?a. 10 Kbpsb. 10 Mbpsc. 100 Kbpsd. 100 Mbps

2. What is one primary difference between FDDI and Ethernet?a. FDDI uses the token-passing network access method, whereas Ethernet uses CSMA/CD.b. FDDI uses fixed-sized packets, whereas Ethernet uses variable-sized packets.c. FDDI relies on connection-oriented protocols, whereas Ethernet relies on connectionless

protocols.d. FDDI uses permanent virtual circuits, whereas Ethernet uses temporary virtual circuits.

3. What kind of switching does X.25 use?a. packet switchingb. circuit switchingc. message switchingd. terminal switching

4. What is the maximum throughput of a FDDI network?a. 1 Mbpsb. 10 Mbpsc. 100 Mbpsd. 1 Gbps

5. What type of connector might be found on a FDDI network?a. RJ-11b. RJ-45c. SCd. BNC

6. What equipment is used to terminate an X.25 connection at the carrier’s end?a. DTEb. DCEc. PBXd. modem

7. What medium does FDDI require? (Choose all that apply.)a. coaxial cableb. UTPc. single-mode fiberd. multimode fiber

34384_CPEG_02 2/18/2005 8:31:14 Page 137



T1 (T CARRIER LEVEL 1)/E1/J1, T3 (T CARRIER LEVEL 3)/E3/J3 AND OCX (OPTICALCARRIER)


T1s and T3s (known as E1s and E3s in Europe, and J1s and J3s in Japan) use time divisionmultiplexing to achieve high throughput over public transmission systems. A T1 has amaximum throughput of 1.544 Mbps, whereas a T3 has a maximum throughput of 44.736Mbps (or 45 Mbps).The standard measure for transmission through fiber-optic cable is the OC(Optical Carrier) level.

WHAT YOU REALLY NEED TO KNOW◆ T1s, fractional T1s, and T3s are collectively known as T-carriers.◆ T-carrier transmission uses time division multiplexing over two wire pairs (one for

transmitting and one for receiving) to divide a single channel into multiplechannels.

◆ The most common T-carrier implementations are T1 and T3.◆ Multiplexing enables a T1 circuit to carry the equivalent of 24 voice, data, or video

channels, giving a maximum data throughput of 1.544 Mbps.◆ A T3 can carry the equivalent of 672 voice or data channels, giving a maximum

data throughput of 44.736 Mbps (typically rounded to 45 Mbps).◆ The speed of a T-carrier depends on its signal level. The signal level refers to the

T-carrier’s Physical layer electrical signaling characteristics as defined by ANSIstandards. DS0 (which stands for “digital signal, level 0”) is the equivalent of onedata or voice channel. All other signal levels are multiples of DS0.

◆ Technically, T1 is the North American implementation of the international DS1standard. In Europe, the DS1 standard is implemented as E1 and offers a slightlyhigher throughput than T1. DS3 is implemented as E3. In Japan, the equivalent car-rier standards are J1 and J3. A J1 connection allows for 24 channels and offers1.544-Mbps throughput. A J3 connection allows for 480 channels and offers 32.064-Mbps throughput. Using special hardware, T1s can interconnect with E1s or J1s andT3s with E3s or J3s for international communications.

◆ The data rate of a technology using fiber-optic cable is indicated by its internation-ally recognized OCx. The base rate, OC1, provides 51.84-Mbps throughput, whereasOC192 provides 10-Gbps throughput, and OC768 provides 40-Gbps throughput.


As a networking professional, you are most likely to work with T1 or T3 lines.You should befamiliar with their capacity, costs, and uses.T1s are commonly used by businesses to connectbranch offices or to connect to a carrier, such as an ISP. ISPs may use one or more T1s or T3sto connect to their Internet carriers.

34384_CPEG_02 2/15/2005 9:45:24 Page 138

O B J E C T I V E S



1. How many data channels does a T1 carry?a. 1b. 16c. 24d. 45

2. How do E1s and E3s achieve high throughput?a. time division multiplexingb. frequency division multiplexingc. wave division multiplexingd. amplitude modulation

3. What is the difference between an E1 and a T1?a. An E1 has 10 times the capacity of a T1.b. An E1 is the European equivalent of the American T1.c. An E1 offers better quality of service than a T1.d. An E1 uses circuit switching, whereas a T1 uses packet switching.

4. What type of device is used to terminate a T-carrier?a. modemb. CSU/DSUc. bridged. hub

5. What is the maximum throughput of a T3?a. 1.5 Mbpsb. 22.5 Mbpsc. 45 Mbpsd. 99 Mbps

6. What is the maximum throughput of an OC192 carrier?a. 1.5 Mbpsb. 10 Mbpsc. 10 Gbpsd. 40 Gbps

7. What is the capacity of each channel in a T-carrier?a. 64 Kbpsb. 128 Kbpsc. 64 Mbpsd. 128 Mbps

34384_CPEG_02 2/15/2005 9:45:24 Page 139


2.15 Identify the basic characteristics of the following Internet accesstechnologies:

XDSL (DIGITAL SUBSCRIBER LINE)


xDSL (Digital Subscriber Line) is a WAN connection method that provides dedicated,high-speed access to the Internet over the PSTN’s regular telephone lines.

WHAT YOU REALLY NEED TO KNOW◆ DSL requires very little setup or specialized equipment to operate over PSTN regu-

lar phone lines. This allowed DSL to compete directly with ISDN and T1 services forhigh-speed WAN access. However, DSL is only suitable for the WAN local loop seg-ment because it can span only limited distances without the help of repeaters.DSL’s biggest competition, because of cost and availability, is broadband cable.

◆ DSL uses an advanced amplitude or phase modulation techniques to achieveextraordinary throughput over regular phone lines while allowing voice signals tosimultaneously share the same line. Voice signals use the 300- to 3300-Hz frequencyrange, leaving the higher, inaudible frequencies for use by DSL.

◆ Downstream data travels from the carrier facility to the customer, whereasupstream data travels from the customer to the carrier. For symmetrical DSL,upstream and downstream throughput is equal. HDSL, SDSL, and SHDSL areexamples of symmetrical DSL. For asymmetrical DSL, downstream throughputis higher than upstream throughput. ADSL and VDSL are examples of asymmetri-cal DSL.

◆ A DSL modem connects to a LAN hub, switch, or router, or directly to a computer’sNIC via an RJ-45, USB, or wireless interface and modulates outgoing signals anddemodulates incoming signals. A connectivity device and modem may also be inte-grated in one device. For some types of DSL, such as ADSL and VDSL, the modemwill contain a splitter to separate incoming voice and data signals.

◆ The term xDSL refers to all DSL versions. The following table compares characteris-tics of types of DSL:

xDSL Type Maximum UpstreamThroughput (Mbps)

Maximum DownstreamThroughput (Mbps)

Distance Limita-tion (Feet)

ADSL (asymmetric DSL) 1 8 18,000G.Lite (a version of ADSL) 0.512 1.544 25,000HDSL (high bit rate DSL) 1.544 or 2048 1.544 or 2.048 18,000 or 12,000SDSL (symmetric or single-line DSL)

1.544 1.544 12,000

SHDSL (single-line high bitrate DSL)

2.36 or 4.7 2.36 or 4.7 26,000 or 18,000

VDSL (very high bit rate DSL) 1.6, 3.2, or 6.4 12.9, 25.9, or 51.8 1,000 to 4,500


For small business LANs and for home use, DSL offers an easy, readily available, and effectivemethod of gaining Internet access. It is easy to set up and requires almost no maintenance.

34384_CPEG_02 2/15/2005 9:45:24 Page 140

O B J E C T I V E S



1. When describing DSL, an “x” prefix is attached to the DSL name. What does the “x” signify?a. the DSL supplierb. the type of connection cable usedc. the type of DSLd. the year in which it was introduced

2. Which of the following statements regarding DSL is true?a. ADSL has symmetrical throughput.b. Downstream throughput is always the same as upstream throughput.c. DSL signal frequencies are higher than voice frequencies.d. DSL modems are difficult to set up.

3. Which of the following DSL types has the highest potential data throughput?a. ADSLb. G.Litec. HDSLd. VDSL

4. Which of the following DSL types has the highest potential downstream data throughput?a. ADSLb. G.Litec. HDSLd. SDSL

5. What advanced technique does DSL use to get its signals onto the wire?a. advanced signal modulationb. special cable materialc. higher voltage outputd. higher digital bit-rate

6. With which WAN technologies does DSL compete? (Choose all that apply.)a. T1b. T3c. ISDNd. FDDI

7. What does the acronym DSL stand for?a. Dial-up Single Lineb. Dual Signal Linec. Digital Subscriber Lined. Dynamic Signal Line

34384_CPEG_02 2/15/2005 9:45:24 Page 141


2.15 Identify the basic characteristics of the following Internet accesstechnologies (continued):

BROADBAND CABLE (CABLE MODEM)


Broadband cable (also known as cable modem) Internet access is offered by cable companiesthrough the same coaxial cable used for TV signals. It has emerged as a viable alternative toother methods of Internet access, such as DSL and ISDN.

WHAT YOU REALLY NEED TO KNOW◆ Approximately two-thirds of consumers in the United States use cable for broad-

band Internet access service.◆ Broadband cable can theoretically achieve data throughput of 56 Mbps down-

stream and 10 Mbps upstream. Thus, broadband cable is an asymmetricaltechnology. Realistically, however, broadband cable throughput is limited by cablecompanies to, at most, 3 Mbps downstream and 1 Mbps upstream throughput.

◆ Broadband cable connections require a cable modem that modulates and demodu-lates signals. Cable modems operate in the Physical and Data Link layers of the OSIModel. The cable modem connects to a network connectivity device, such as a hub,or directly to a computer’s NIC via an RJ-45, USB, or wireless interface.

◆ For a cable company to provide broadband cable service, the company’s infrastruc-ture must have been upgraded to support bidirectional, digital communications.This is accomplished by replacing older coaxial cable connecting neighborhoodnodes (gathering points) to the company’s head-end (central office) with HFC(hybrid-fiber-coax). Fiber-optic or coaxial cable can be used for cable drops fromthe head-end to individual businesses or homes.

◆ Because broadband cable users share the same local line to the cable company’shead-end, there is concern about security and actual throughput. Because theshared bandwidth is fixed, more users simultaneously accessing the shared resourcewill leave less bandwidth per user. Cable companies have addressed the securityissue by enabling primary level encryption, which will thwart the casualeavesdropper.

◆ Although broadband cable and its competitor, DSL, are priced about the same inmost markets, DSL is more prevalent in the business environment because a busi-ness is more likely to have telephone connectivity than cable TV.


Broadband cable is a popular method of gaining high-speed access to the Internet. For homebusinesses, it is likely to be the access method of choice, because in most cases it offers higherthroughput than DSL and is easy to set up and maintain.

34384_CPEG_02 2/15/2005 9:45:25 Page 142

O B J E C T I V E S



1. What type of media can be used for the broadband cable link from customer to the neighborhoodgathering point?

a. UTPb. HFCc. coaxial copper cabled. wireless

2. What type of media is required for the broadband cable link from the cable company’s neighbor-hood gathering point to its head-end?

a. STPb. HFCc. coaxial copper cabled. wireless

3. What is the link between the customer and the neighborhood gathering point called?a. customer linkb. patch linkc. cable dropd. drop zone

4. What is the realistic maximum downstream throughput for a broadband cable connection?a. 1 Mbpsb. 3 Mbpsc. 10 Mbpsd. 54 Mbps

5. Approximately what fraction of U.S. households with broadband Internet connectivity use broad-band cable?

a. one-quarterb. one-thirdc. one-halfd. two-thirds

6. Which of the following best describes broadband cable technology?a. symmetricalb. asymmetricalc. synchronousd. asynchronous

7. Which of the following statements is true?a. Broadband cable provides a continuous Internet connection.b. Broadband cable requires a dial-up modem.c. A business is more likely to have a broadband cable connection than a DSL connection.d. Broadband cable costs a lot less than DSL.

34384_CPEG_02 2/15/2005 9:45:25 Page 143



POTS/PSTN (PLAIN OLD TELEPHONE SYSTEM/PUBLIC SWITCHED TELEPHONENETWORK)


PSTN (Public Switched Telephone Network), often referred to as POTS (Plain OldTelephone System), is the original and most widely available technology throughout theworld for connecting to the Internet.

WHAT YOU REALLY NEED TO KNOW◆ PSTN is the entire network of telephone lines, carrier equipment, and supporting

infrastructure that services most homes. PSTN was originally composed of analoglines designed to handle voice traffic. However, today, nearly all of the PSTN usesdigital transmission carried by fiber-optic and copper twisted-pair cable, microwave,and satellite connections.

◆ PSTN is often used to establish WAN Internet connectivity via a dial-up connectionin which the user connects through a modem to a distant network and stays con-nected for a finite time, like a telephone conversation, but unlike DSL (which usesthe PSTN as well) or broadband cable, which offer continuous, dedicated WANconnectivity.

◆ PSTN requires a modem at either end of the connection to 1) convert the comput-er’s digital signal to analog format for transmission over the PSTN line, and then 2)convert the analog signal back to digital format at its destination.

◆ The portion of the PSTN that connects the customer to the nearest carrier’s termi-nation point (central office) is called the local loop, or last mile. The customer’s ISPtypically has a dedicated connection to the carrier’s central office at which pointthe ISP multiplexes all customers’ signals for transmission to the ISP’s facility.

◆ The principal advantages of the PSTN are its ubiquity, ease of use, and low cost.The PSTN disadvantages include slow modems offering a theoretical throughput of56 Kbps, but with practical throughputs likely to be 30 Kbps or less. Also, the FCCregulates the use of PSTN lines to 53 Kbps to reduce the effects of crosstalk. ThePSTN signal quality does not suit many network applications. This problem is beingalleviated, however, by the conversion of many PSTN lines from analog to digitalcapability.

◆ The PSTN uses circuit-switching technology, which offers marginal security. Becausethe PSTN is a public network, numerous points exist at which communications canbe intercepted and interpreted.


The PSTN is very likely to be found in the workplace where an inexpensive, only occasionalInternet connection is required, such as remote connectivity for traveling sales staff ormaintenance personnel. It is the most likely form of connectivity to be found in householdswith Internet access.

34384_CPEG_02 2/15/2005 9:45:25 Page 144

O B J E C T I V E S



1. What is a frequently used alternative name for PSTN?a. POSTb. TOPSc. POTSd. STOP

2. What is the maximum possible throughput for a PSTN connection?a. 23 Kbpsb. 53 Kbpsc. 56 Kbpsd. 56 Mbps

3. What method of switching is used by the PSTN?a. message switchingb. packet switchingc. node switchingd. circuit switching

4. What is the name given to the portion of the PSTN that connects the customer to the local carrier?a. the local patchb. the first milec. the local loopd. the first phase

5. What is the most realistic maximum achievable PSTN throughput?a. 10 Kbpsb. 20 Kbpsc. 30 Kbpsd. 40 Kbps

6. What is the function of a PSTN modem?a. It converts an analog signal to a digital signal.b. It converts a digital signal to an analog signal.c. both a and bd. none of the above

7. Which of the following statements is true? (Choose all that apply.)a. Both DSL and dial-up offer dedicated WAN connectivity.b. Both DSL and dial-up use the PSTN.c. DSL and dial-up offer similar downstream throughputs.d. PSTN is not very secure.

34384_CPEG_02 2/15/2005 9:45:25 Page 145



WIRELESS


Wireless Internet access points, sometimes called hot spots, are popular in public places, suchas airports, universities, hotels, and cafés. Some organizations, likeT-Mobile, have established anetwork of hot spots across the nation.

WHAT YOU REALLY NEED TO KNOW◆ Wireless Internet access provides a way to connect to the Internet from a public

location without having to make a physical wire-bound connection to a network.Currently, most Internet access hot spots use the IEEE 802.11b access method.

◆ In some places, access is offered free of charge to customers, whereas in otherlocations, access is available on a paid subscription basis. With a paid subscription,users generally receive client software that affords them a secure connection to theprovider’s wireless service.

◆ Each provider’s hot spot is connected to the Internet using technology other than802.11. For instance, a local café or a university might use a DSL or T1 link to con-nect its Internet ISP to a combined access point and router. Patrons would thenestablish a wireless link only as far as the access point in the room where they arelocated.

◆ To link to a hot spot’s access point, generally you must have DHCP on your com-puter configured for automatic IP allocation. Automatic dial-up should not beselected.

◆ Public access points are limited by the same constraints that limit 802.11 installa-tions in homes and business. Range is limited to approximately 330 feet and signalsare susceptible to interference.

◆ Throughput for IEEE 802.11b connections is limited to a theoretical maximum of 11Mbps. Actual throughputs, however, are more likely to be approximately 5 Mbps.Because an access point’s bandwidth is shared, throughput will vary depending onthe number of simultaneous users.

◆ Wireless Internet access may also be provided under the IEEE 802.16a standard(also called WiMAX—Worldwide Interoperability for Microwave Access), whichoperates in the 2- to 11-GHz range. WiMAX offers theoretical throughputs of up to70 Mbps and, like 802.11, is not limited to line-of-sight transmission paths.WiMAX’s maximum range of 50 kilometers allows it to provide service in someareas where DSL and broadband cable have not reached.


Public wireless Internet access follows many of the same principles that apply to a privateWLAN.The main difference is in the authentication methods used to establish a connectionto a public access point.

34384_CPEG_02 2/15/2005 9:45:25 Page 146

O B J E C T I V E S



1. Which IEEE standard is currently used for most public wireless Internet access points?a. 802.11ab. 802.11bc. 802.11gd. 802.16a

2. What is the name given to a public wireless Internet access point?a. a link pointb. a hot nodec. a hot spotd. a cool spot

3. For public wireless Internet access, how far does the wireless connection go?a. only as far as the a local access pointb. from the customer to the WAN connectionc. from the customer to the WAN carrier’s local officed. from the customer all the way to the ISP

4. What is the maximum theoretical throughput achievable with an 802.11b wireless connection?a. 70 Mbpsb. 11 Mbpsc. 5 Mbpsd. 1 Kbps

5. What is the maximum likely range achievable with an 802.11b connection?a. 10 feetb. 33 feetc. 100 feetd. 330 feet

6. What is the maximum theoretical throughput achievable with an 802.16a wireless connection?a. 70 Mbpsb. 11 Mbpsc. 5 Mbpsd. 1 Mbps

7. What is one advantage that 802.16a Internet access has over 802.11b access?a. 802.16a offers line-of-sight transmission, whereas 802.11b does not.b. 802.16a is less expensive to implement than 802.11b.c. 802.16a is less susceptible to EMI than 802.11b.d. 802.16a has a much greater range than 802.11b.

34384_CPEG_02 2/15/2005 9:45:25 Page 147



SATELLITE


High-bandwidth satellite Internet access is offered by companies that operate GEO satellitesin orbit around the earth. Satellite Internet service monthly fees are comparable to DSL orbroadband cable in most areas of the United States.

WHAT YOU REALLY NEED TO KNOW◆ Most Internet satellites circle the earth in geosynchronous orbits 35,900 kilometers

above the equator. The term GEO (geosynchronous orbit) means that the satellitecircles the earth at the same speed and direction as the earth’s rotation, whichmakes their orbital position stationary relative to a point on earth.

◆ Other satellites may have LEO (low earth orbits) at altitudes of approximately 700to 1400 kilometers, or MEO (medium earth orbits) at approximately 10,350 to10,390 kilometers above the earth’s surface.

◆ Earth-based transmitters uplink to a satellite that typically has 24 to 32transponders. A satellite’s transponder receives uplink signals and transmits themto an earth-based receiver in a downlink. Satellite transmission frequencies areassigned by the FCC. Satellites transmit and receive signals in any one of five fre-quency bands: L-band (1.5–2.7 GHz), S-band (2.7–3.5 GHz), C-band (3.4–6.7 GHz),Ka-band (27–40 GHz), or Ku-band (13–18 GHz).

◆ Satellite Internet access providers typically use frequencies in the C-band orKu-band. Newer technologies are being developed for the higher frequencyKa-band.

◆ Satellite Internet service offers two types of service. In a dial-return arrangement, asubscriber receives Internet data via a satellite link, but sends data to the satellitevia an analog modem (dial-up) connection. With this service, downstream through-puts of 400–550 Kbps (perhaps as much as 1 Mbps) are achievable. However,upstream throughputs using the dial-up connection are limited to 53 Kbps, andactual rates are usually lower. In a satellite-return arrangement, the subscribersends and receives data over the satellite link. This symmetrical technology providesthroughputs of at least 400–500 Kbps and often higher.

◆ To establish a satellite link in the northern hemisphere, a small dish antenna ispointed to the south and a cable is connected to a modem. For a dial-return sub-scriber, an analog modem is also required to handle upstream communications.


Satellite Internet access is an alternative for remotely located homes or businesses that do nothave DSL or broadband cable service.

34384_CPEG_02 2/15/2005 9:45:26 Page 148

O B J E C T I V E S



1. Which type of orbit is maintained by most Internet access satellites?a. polar earth orbitb. geosynchronous earth orbitc. medium earth orbitd. low earth orbit

2. What altitude is maintained by most Internet access satellites?a. 1400 kilometersb. 10,390 kilometersc. 35,900 kilometersd. 55,500 kilometers

3. Which satellite Internet access method requires the use of an analog modem?a. downlink-returnb. satellite-returnc. dial-returnd. geo-return

4. Which satellite Internet access method is a symmetrical technology?a. downlink-returnb. satellite-returnc. dial-returnd. geo-return

5. Which frequency bands are typically used by Internet access satellites? (Choose all that apply.)a. C-bandb. Ku-bandc. L-bandd. S-band

6. Which of these frequencies might be used by an Internet access satellite?a. 10 Hzb. 10 KHzc. 10 MHzd. 10 GHz

7. Which of these downstream throughputs might be achieved by a satellite Internet accesssubscriber?

a. 500 Kbpsb. 50 Mbpsc. 500 Mbpsd. 5 Gbps

34384_CPEG_02 2/15/2005 9:45:26 Page 149


2.16 Define the function of the following remote access protocols and services:

RAS (REMOTE ACCESS SERVICE) AND RDP (REMOTE DESKTOP PROTOCOL)


Microsoft’s RAS (Remote Access Service) is a method of remotely accessing privatenetworks—typically via a dial-up connection. Microsoft’s RDP (Remote DesktopProtocol) provides remote display and input capabilities for Windows applications running anetwork server.

WHAT YOU REALLY NEED TO KNOW◆ The most common type of remote access involves DUN (dial-up networking). DUN

typically refers to a modem connection to a server through the PSTN. It is also thename of the utility that Microsoft provides with its operating systems to achievethis type of connectivity.

◆ A RAS is a combination of software and hardware that provides a central accesspoint for multiple users to dial in to a LAN or WAN. This dial-in solution is pro-vided by Windows NT, 2000 Server, and Server 2003.

◆ After connecting to the remote access server, the LAN treats the direct-dial remoteclient like any other client on the LAN. The computer dialing in to the LANbecomes a remote node on the network.

◆ RAS requires a server configured to accept incoming clients and an authenticatedclient with sufficient privileges on the server to access its resources.

◆ To accommodate faster broadband connections (DSL and broadband cable), Win-dows XP and Server 2003 are configured with RRAS (Routing and Remote Accessservice), which enables a computer to accept multiple remote client connectionsover any type of transmission path and to function as a router, determining whereto direct incoming packets. Further, RRAS incorporates multiple security provisionsto ensure that data cannot be intercepted and interpreted by unauthorized clients.

◆ RDP is used for communication between a terminal server, such as Windows Server2003, and a client. RDP client software is available for most operating systems. RDPoperates at the Application layer of the OSI Model to transmit graphics, text, andinput capabilities quickly over remote network connections while encapsulated andencrypted within TCP. RDP also carries session, licensing, and encryptioninformation.

◆ Remote control via a program such as Microsoft’s RDP is useful when a technicianneeds to take control of a remote user’s computer to fix a problem with theremote computer.


Remote access is a particular concern for mobile users, such as telecommuters and employeeswho frequently travel. Companies that purchase remote access servers must carefully evaluatethe server options for cost, ease of installation, ease of maintenance, and ease of client use.

34384_CPEG_02 2/15/2005 9:45:26 Page 150

O B J E C T I V E S



1. For a Windows XP machine to exchange data with a Windows Server 2003 via DUN, to which ofthe following should the DUN software be bound? (Choose all that apply.)

a. TCP/IPb. IPX/SPXc. Client for Novell Networksd. Client for Microsoft Networks

2. What does RAS stand for?a. remote authentication serviceb. remote access servicec. remote accounting serviced. remote addressing server

3. What transmission media does DUN typically use?a. PSTNb. ISDNc. T1d. T3

4. Which service would Windows Server 2003 use to establish a high-speed remote connection?a. RASb. RRASc. DUNd. PSTN

5. Which technology would RRAS typically use?a. DSLb. dial-upc. SONETd. FDDI

6. What is the maximum practical throughput of a typical DUN connection?a. 53 Kbpsb. 1 Mbpsc. 1.544 Mbpsd. 10 Mbps

7. At which OSI Model layer does RDP operate?a. Session layerb. Transport layerc. Presentation layerd. Application layer

34384_CPEG_02 2/17/2005 16:47:30 Page 151


2.16 Define the function of the following remote access protocols and services(continued):

PPP (POINT-TO-POINT PROTOCOL), PPPoE (POINT-TO-POINT PROTOCOL OVERETHERNET), PPTP (POINT-TO-POINT TUNNELING PROTOCOL), AND SLIP (SERIAL

LINE INTERNET PROTOCOL)


PPP (Point-to-Point Protocol), PPPoE (Point-to-Point Protocol over Ethernet),PPTP (Point-to-Point Tunneling Protocol), and SLIP (Serial Line InternetProtocol) are communications protocols that enable remote access servers and remote clientsto network via a dial-up and dedicated connections.

WHAT YOU REALLY NEED TO KNOW◆ PPP is a communications protocol that enables a workstation to connect to a server

using a serial connection (in the case of dial-up networking, “serial connection”refers to a modem). After connecting via PPP, a remote workstation can act asa client on the local LAN, with its modem and serial port serving the purposeof a NIC.

◆ Such protocols are necessary to transport Network layer traffic over serial inter-faces, which belong to the Data Link layer of the OSI Model. PPP encapsulateshigher-layer networking protocols in its lower-layer data frames.

◆ PPP can carry many different types of Network layer packets, such as IPX or IP. PPPcan support both asynchronous and synchronous transmission. Asynchronous refersto a communications method in which data being transmitted and received bynodes do not have to conform to any timing scheme. A node can transmit at anytime and the destination node has to accept the transmission as it comes. Insynchronous communications, data being transmitted and received by nodes mustconform to a timing scheme.

◆ PPP is known as PPPoE when used with dedicated connections, such as broadbandcable or DSL that connect to an Ethernet network. PPPoE encapsulates the PPP pro-tocol information within an Ethernet frame for transport over an Ethernet LANallowing multiple office users to share DSL, broadband cable, or wireless access.

◆ SLIP is an earlier, simpler version of PPP, which supports only asynchronous datatransmissions and can carry only IP packets. SLIP requires more setup than PPP, suchas specifying IP addresses for both client and server in the dial-up profile. Also, SLIPdoes not provide error correction, data compression, or encryption services.

◆ PPTP provides a secure tunnel for data by encapsulating PPP. PPTP supports theencryption, authentication, and LAN access services provided by RASs.

◆ Users typically establish a dial-up networking connection with their ISP using PPP,then make a PPTP connection (that relies on the PPP connection) to their organiza-tion’s LAN.


To support remote clients, you should be familiar with how your access server handles PPPand PPTP connections so that you can assist users in configuring their dial-up software.

34384_CPEG_02 2/15/2005 9:45:26 Page 152

O B J E C T I V E S



1. By what mechanism does PPP enable Network layer data transmission over a serial interface?a. segmentationb. paddingc. flow controld. encapsulation

2. Which of the following can support IPX transmission? (Choose all that apply.)a. PPPb. SLIPc. PPTPd. DLC

3. At which layer of the OSI Model do PPP, PPPoE, and PPTP operate?a. Physical layerb. Network layerc. Data Link layerd. Session layer

4. What type of operating system can be used to supply a PPTP server?a. Banyan VINESb. Novell NetWare 3.12 or higherc. Windows NT Server 4.0 or higherd. Novell NetWare 4.11 or higher

5. What is the main difference between PPP and PPTP?a. PPP can handle only asynchronous transmission, whereas PPTP can handle both asynchro-

nous and synchronous transmission.b. PPP encapsulates traffic according to its original Network layer protocol, whereas PPTP

encapsulates PPP traffic as IP-based data.c. PPP cannot carry Network layer protocols other than TCP/IP, whereas PPTP can carry any

Network layer protocol.d. PPP is compatible with only NetWare servers, whereas PPTP is compatible with both NetWare

and Windows NT/2000/2003 servers.

6. In the context of remote access, to what does the term “serial connection” refer?a. modemb. NICc. ISDN adapterd. router

7. What does the “T” in “PPTP” stand for?a. transmissionb. telecommunicationsc. trafficd. tunneling

34384_CPEG_02 2/15/2005 9:45:26 Page 153


2.17 Identify the following security protocols and describe their purpose andfunction:

IPSEC (INTERNET PROTOCOL SECURITY), L2TP (LAYER 2 TUNNELING PROTOCOL),AND VPN (VIRTUAL PRIVATE NETWORK)


IPSec (Internet Protocol Security) and L2TP (Layer 2 Tunneling Protocol) are twoways of encrypting data in transit between clients and servers. Both are useful for communi-cation within VPNs (virtual private networks).

WHAT YOU REALLY NEED TO KNOW◆ The IPSec protocol defines encryption, authentication, and key management for

TCP/IP transmissions. It is an enhancement to IPv4 and is native to the newer, IPv6standard. IPSec differs from other methods of securing data by adding securityinformation to the header of all IP packets rather than encrypting the data stream.IPSec operates at the Network layer.

◆ IPSec accomplishes authentication in a key management phase and an encryptionphase. Key management refers to how two nodes agree on common parametersfor the keys they will use. IPSec relies on IKE (Internet Key Exchange) running onUDP port 500 for its key management. A key is a series of characters that is com-bined with a block of data during that data’s encryption. After IKE has establishedthe rules for the type of keys two nodes will use, IPSec invokes its encryptionphase, which uses either AH (authentication header) or ESP (Encapsulating SecurityPayload) encryption.

◆ IPSec can be used with any type of TCP/IP transmission. However, it most commonlyruns on routers or other connectivity devices to support VPNs requiring strictencryption and authentication.

◆ A VPN is a WAN that is logically defined over a public transmission system such asthe Internet. VPN traffic is isolated from other traffic using the same public lines bya process known as tunneling, in which special VPN protocols encapsulate higher-layer protocols.

◆ VPN software is sometimes included with operating systems, such as RRAS withWindows Server 2003 and BorderManager with NetWare. On UNIX-type networks,VPN is most commonly configured to use special protocols on the routers or fire-walls that connect each VPN site.

◆ PPTP and L2TP are VPN tunneling protocols that operate at the Data Link layer andencapsulate Network layer packets, such as IP, IPX, or NetBEUI. L2TP is an olderremote access protocol that supports encryption and can encapsulate multiple Net-work layer protocols.


If you work on VPNs, you should understand how to install, maintain, and troubleshoot thetype of encryption your network requires. IPSec is the latest type ofVPN encryption, and itis more sophisticated than L2TP.

34384_CPEG_02 2/15/2005 9:45:27 Page 154

O B J E C T I V E S



1. Which packets does a VPN tunneling protocol encapsulate?a. Physical layer packetsb. Data Link layer packetsc. Network layer packetsd. Transport layer packets

2. Which of the following environments would be best suited to L2TP?a. a small, nonprofit organization that uses the Internet to solicit contributionsb. a regional insurance company whose salespeople dial in to the corporate LAN each night

from their homes to upload sales figuresc. an ISP that needs to ensure connectivity between multiple data centers and telecommunica-

tions carriersd. an architectural firm that sends drawings to and receives drawings from various clients across

the nation

3. At which layer of the OSI Model does IPSec operate?a. Physicalb. Data Linkc. Networkd. Transport

4. How does IPSec achieve encryption?a. by scrambling the payload of packets between the source and destinationb. by inserting false CRC fields into each packetc. by appending security information to the header of each packetd. by breaking packets into multiple, smaller packets and scrambling the payload of each smaller

packet

5. In the term “L2TP,” what does the “2” represent?a. Layer 2 of the OSI Modelb. the use of two encapsulation techniquesc. a maximum of two channels within a tunneld. the second generation of this type of encryption

6. What technique is used to establish a VPN over the public Internet?a. Companies lease a private WAN line for their VPN.b. Companies will use alternative WAN carriers to help confuse potential network intruders.c. Companies will transmit their network traffic during off-peak hours to make it less susceptible

to interception.d. Companies will make use of special software with tunneling protocols to encapsulate sensitive

data for Internet transport.

7. What type of device applies IPSec encryption to data?a. routerb. modemc. multiplexerd. laser

34384_CPEG_02 2/15/2005 9:45:27 Page 155


2.17 Identify the following security protocols and describe their purpose andfunction (continued):

SSL (SECURE SOCKETS LAYER)


SSL (Secure Sockets Layer) is an alternative to interpreting Web-based information viaHTTP. In SSL, data exchanged between the client and the Web server is encrypted to protectits privacy.

WHAT YOU REALLY NEED TO KNOW◆ SSL is a method of encrypting TCP/IP transmissions, including Web pages and data

entered into Web forms en route between the client and server using public keyencryption technology. It is popular in part because it is widely accepted. All mod-ern Web browsers include SSL client support.

◆ Web page URLs that begin with the prefix HTTPS require that data be transferredfrom server to client and vice versa using SSL encryption. HTTPS uses the TCP portnumber 443, rather than port 80.

◆ Each time a client and server establish an SSL connection, they also establish aunique SSL session, or an association between the client and server defined by anagreement on a specific set of encryption techniques.

◆ An SSL session allows the client and server to continue to exchange data securelyas long as the client is still connected to the server.

◆ SSL was originally developed by Netscape. Since that time, the IETF (Internet Engi-neering Task Force) has standardized SSL in a replacement protocol called TLS(Transport Layer Security).

◆ TLS is supported by most Web browsers. It uses slightly different encryption algo-rithms than SSL but is not compatible with SSL. Many financial institutions andcredit card companies have embraced TLS for secure Internet transmissions.


If you are the administrator for an e-commerce Web site, you will most likely use SSL or TLSto transmit customer order and payment information. Before specializing in SSL or TLS, becertain to understand the concepts behind public key cryptography.

34384_CPEG_02 2/15/2005 9:45:27 Page 156

O B J E C T I V E S



1. What port does HTTPS use?a. 8b. 80c. 43d. 443

2. What type of cryptography does SSL use?a. private keyb. public keyc. pretty good privacyd. PHP

3. What company developed SSL?a. Microsoftb. Symantecc. Netscaped. Cisco

4. How can a user tell whether her Web transmissions are using SSL?a. Her browser address box displays a URL beginning with “https.”b. Her browser displays a window indicating that SSL is in use before displaying the SSL-based

screen.c. The title bar on her browser displays an “SSL” prefix.d. There is no sure way to tell.

5. Which of the following Web sites would probably use SSL?a. a portal site that allows users to obtain stock quotes for freeb. a family genealogy site that allows users to view pictures of relativesc. an art museum site that allows users to view current exhibitionsd. a travel agency site that allows users to book flight reservations online

6. On which Transport layer protocol does HTTPS rely?a. TCPb. IPc. UDPd. ICMP

7. Which of the following software programs interprets HTTPS data?a. Microsoft Excelb. Lotus Notesc. Netscape browserd. Apple QuickTime

34384_CPEG_02 2/17/2005 16:47:40 Page 157


2.17 Identify the following security protocols and describe their purpose andfunction (continued):

WEP (WIRED EQUIVALENT PRIVACY), WPA (WI-FI PROTECTED ACCESS),AND 802.1X


WEP (Wired Equivalent Privacy), WPA (Wi-Fi Protected Access), and 802.1X aresecurity-based protocols and standards that provide protection forWLAN transmissions usingthe 802.11x group of standards.Wireless security generally features encrypted data privacy andauthenticated access control.

WHAT YOU REALLY NEED TO KNOW◆ WEP is a key encryption technique that uses keys to authenticate network clients

and to encrypt data in transit. When an access point is set up, a character string,known as the network key, is defined. Clients must provide this key to gain accessto the network.

◆ Early WEP versions used low-security, 64-bit encryption. WEP now uses 128-bitencryption. However, because the same key is used for authentication and for dataexchange, the chance for compromise remains high. Also, WEP operates at thePhysical and Data Link layers and, therefore, does not offer end-to-end transmis-sion security.

◆ WPA is an enhanced standard for wireless security sponsored by the internationalWi-Fi Alliance. WPA, which is based on a subset of the IEEE 802.11i security stan-dard, is intended to replace WEP. All new Wi-Fi product certifications require theWPA security standard.

◆ IEEE 802.1X is a standard for wireless authentication, authorization, and keymanagement. It defines a port-based network access control mechanism used toprovide authenticated network access. It leverages the use of EAP (which was origi-nally defined for dial-up authentication using PPP) over LANs.

◆ In the initial 802.1X exchange between a wireless client and an AP, the client sendsa start message to which the AP responds, asking for identity. The client sends anidentity packet to the AP, which then forwards it to the network authenticationserver. The server’s acceptance packet is returned to the AP, which then places theclient port in authorized state and traffic is allowed to proceed.

◆ The Wi-Fi Alliance offered a formula (WPA = 802.1X + EAP + TKIP + MIC) toexplain the WPA specification. IEEE 802.1X and EAP (Extensible AuthenticationProtocol) work together as a user authentication mechanism. TKIP (Temporal KeyIntegrity Protocol) dynamically encrypts and regenerates keys. MIC (Message Integ-rity Check) implements integrity checking to ensure that keys have not been cap-tured and manipulated during transit. Together, these enhancements provide thedynamic key encryption and authentication for clients that WEP lacks.


Understanding the standards to which wireless LAN equipment has been certified can becritical to establishing and maintaining a secure wireless network.

34384_CPEG_02 2/15/2005 9:45:27 Page 158

O B J E C T I V E S



1. Which security standard was the first to be implemented for wireless LANs?a. 802.11ib. 802.1Xc. WEPd. WPA

2. Which of the following security features is implemented with the latest version of WEP?a. 64-bit key encryptionb. 128-bit key encryptionc. user authenticationd. key integrity

3. Which of the following security features is implemented with WPA? (Choose all that apply.)a. 64-bit key encryptionb. 128-bit key encryptionc. user authenticationd. key integrity

4. How does key encryption differ between WEP and WPA?a. WPA offers dynamic key encryption, whereas WEP does not.b. WPA offers 128-bit key encryption, whereas WEP does not.c. WPA offers key encryption, whereas WEP does not.d. none of the above

5. Which organization is the sponsor of WPA?a. IEEEb. OSIc. Wi-Fi Allianced. ANSI

6. What is the role of the 802.1X standard in the definition of WPA?a. It defines the key encryption method.b. It defines the mechanism for user authentication.c. It defines a method for encapsulating IP packets.d. It defines the procedure for determining the physical location of an access point.

7. Which network device establishes user authentication on a WPA-enabled wireless LAN?a. the access point handling the user’s signalb. the user’s computerc. the network gateway or routerd. the network authentication server

34384_CPEG_02 2/15/2005 9:45:27 Page 159


2.18 Identify authentication protocols (for example, CHAP (Challenge HandshakeAuthentication Protocol), MS-CHAP (Microsoft Challenge HandshakeAuthentication Protocol), PAP (Password Authentication Protocol), RADIUS(Remote Authentication Dial-in User Service), Kerberos, and EAP (ExtensibleAuthentication Protocol)):

PAP (PASSWORD AUTHENTICATION PROTOCOL), CHAP (CHALLENGE HANDSHAKEAUTHENTICATION PROTOCOL), AND MS-CHAP (MICROSOFT CHALLENGE

HANDSHAKE AUTHENTICATION PROTOCOL)UNDERSTANDING THE OBJECTIVE

PAP (Password Authentication Protocol) and CHAP (Challenge HandshakeAuthentication Protocol) are protocols used for client authentication with a PPP serialinterface. MS-CHAP is the Microsoft implementation of CHAP.

WHAT YOU REALLY NEED TO KNOW◆ The PPP protocol suite, which provides Layer 2 communication connectivity, such as

a dial-up connections, is designed to offer optional authentication for links inwhich authentication is considered important. Two protocols that PPP calls upon toprovide authentication are PAP and CHAP.

◆ PAP is an authentication process used with PPP to authenticate a user after a con-nection has been established. The initiating device repeatedly sends out a requestfor authentication that contains a user name and password until authentication isacknowledged or the connection is terminated. User names and passwords are sentover the connection in plain text, although passwords can be encrypted. Thereceiving device checks the password against passwords stored in a table that istypically encrypted. It then replies to the initiating device, indicating a successful orfailed authentication.

◆ PAP is not very robust or secure. Thus, it is not usually used by applications requir-ing some degree of communication security.

◆ CHAP is a more secure authentication scheme used with PPP. CHAP does not trans-mit passwords across the communication link. After a link has been established, theauthenticating device takes charge and begins a three-way handshake procedureby sending a challenge frame containing a randomly generated simple text mes-sage to the initiator. The initiator uses its password (or some other shared secret)to encrypt the challenge text message and return it back to the authenticator (thepassword is not sent). The authenticator performs the same encryption on the chal-lenge message and compares the two encrypted messages for authentication. Asuccess or failure message is returned to the initiator to complete the three-wayhandshake.

◆ CHAP has three advantages over PAP: Passwords are not transmitted, the challengeresponse is encrypted, and the authenticator controls the process from start tofinish.

◆ MS-CHAP is the Microsoft proprietary implementation of CHAP, which extends theuser authentication functionality provided by Windows networks to remote Win-dows workstations. MS-CHAP incorporates several extensions of the original CHAPauthentication scheme.

OBJECTIVES ON THE JOBFor any application implementing the PPP protocol, you are certain to encounter authenti-cation protocols that may need configuration. It is important to recognize the protocols usedby applications on your network and the types of support they will need.

34384_CPEG_02 2/15/2005 9:45:27 Page 160

O B J E C T I V E S



1. Which protocol calls upon either PAP, CHAP, or MS-CHAP to provide user authentication?a. FTPb. PPPc. TCPd. IP

2. Which of the following statements is true?a. PAP authentications are very secure.b. By default, PAP transmits encrypted passwords.c. PAP uses a more basic authentication scheme than CHAP.d. The PAP authenticator is in control of the authentication process.

3. Which of the following statements is true?a. CHAP authentications are less secure than those of PAP.b. CHAP does not transmit passwords.c. CHAP uses a more basic authentication scheme than PAP.d. The CHAP initiator is in control of the authentication process.

4. In the second step of the CHAP authentication process, what information is transmitted?a. The initiator sends an encrypted password to the authenticator.b. The authenticator sends an encrypted password to the initiator.c. The initiator sends a plain text user name and password to the authenticator.d. The authenticator sends a randomly generated text message to the initiator.

5. In the third step of the CHAP authentication process, what information is transmitted?a. The initiator sends an encrypted password to the authenticator.b. The authenticator sends an encrypted password to the initiator.c. The initiator sends an encryption of a text message to the authenticator.d. The authenticator sends a randomly generated text message to the initiator.

6. What is the difference between a PAP authentication and a CHAP authentication? (Choose all thatapply.)

a. PAP uses a two-way handshake, whereas CHAP uses a three-way handshake.b. PAP has an initiator and an authenticator, whereas CHAP has no authenticator.c. PAP sends plain text passwords by default, whereas CHAP sends encrypted passwords.d. PAP transmits passwords, whereas CHAP does not transmit passwords.

7. What is the current version of MS-CHAP?a. version 1b. version 2c. version 3d. version XP

34384_CPEG_02 2/17/2005 16:48:27 Page 161


2.18 Identify authentication protocols (for example, CHAP (Challenge HandshakeAuthentication Protocol), MS-CHAP (Microsoft Challenge HandshakeAuthentication Protocol), PAP (Password Authentication Protocol), RADIUS(Remote Authentication Dial-in User Service), Kerberos, and EAP (ExtensibleAuthentication Protocol)) (continued):

RADIUS (REMOTE AUTHENTICATION DIAL-IN USER SERVICE)


RADIUS (Remote Authentication Dial-in User Service) is a data communicationprotocol designed to provide security management and statistics collection in remote com-puting environments, especially for distributed networks with dial-in users.

WHAT YOU REALLY NEED TO KNOW◆ The RADIUS protocol is an access server authentication and accounting protocol

that operates on the client/server model for distributed networks.◆ A RADIUS server maintains a central database with network security data and

transmission accounting statistics useful in measuring the resources consumed byeach user. The central storage of data makes network security more manageableand more scalable than scattering information throughout network devices.

◆ The RADIUS client is a RAS. The RAS serves as the initial network contact point forremote users, but relies on the RADIUS server to perform all necessary authentica-tion tasks. A single RADIUS server may service many network access servers and insome cases, the RADIUS server can itself be remotely located on a WAN.

◆ RADIUS provides three essential network services. Authentication with user namesand passwords provides a defense against unwanted or malicious intruders. Autho-rization establishes which network resources any legitimate user is entitled toconsume. Accounting provides a collection and reporting mechanism.

◆ The RADIUS authentication procedure begins with a user dialing in to the RAS. PAPor CHAP services are then established for the duration of the transmission. The RAS(now the RADIUS client) then forwards an authentication request packet contain-ing user information to the network’s RADIUS server. The RADIUS server uses itscentral database to validate the user and sends an acknowledgment to the RASserver that either denies service or indicates the network services and privileges towhich the user is entitled. The RADIUS server also sends the client an authentica-tion key to assure the client that the acknowledgment is actually coming from theRADIUS server and not from some malicious source.

◆ RADIUS authentication is used by many ISPs and companies, such as VeriSign Inc.,that are involved in secure Internet transactions. RADIUS authentication is thebackbone of the 802.11i wireless security specification.


Having 15 or 20 remote users connecting regularly to a network via dial-up, broadband, andwireless over a range of public and private networks can make connection managementproblematic.The RADIUS protocol was designed to simplify this situation through central-ized access control.

34384_CPEG_02 2/15/2005 9:45:28 Page 162

O B J E C T I V E S



1. To which architecture model does RADIUS adhere?a. client/serverb. peer-to-peerc. sneakernetd. terminal/mainframe

2. Which of the following would be considered a RADIUS client?a. a user dialing in to a remote access serverb. a workstation behind the corporate firewallc. a corporate mail serverd. a remote access server

3. What is the difference between authentication and authorization?a. Authentication verifies passwords, whereas authorization does not.b. Authentication identifies network resources to which a user has access, whereas authorization

does not.c. Authentication applies to clients, whereas authorization applies to servers.d. Authentication is a network responsibility, whereas authorization is not.

4. What is the purpose of the RADIUS accounting function?a. to track costs for usersb. to maintain corporate financial statementsc. to provide client billing informationd. to collect dial-in user statistics

5. What role does PAP or CHAP play in the RADIUS authentication process?a. to perform initial authenticationb. to generate user passwordsc. to perform final authenticationd. It performs no role.

6. Why does the RADIUS server provide an authentication key to the RADIUS client?a. to prepare the client for the next transmissionb. to force the client to respond with its own keyc. to assure the client that the authentication information is coming from the legitimate serverd. to notify the client that the server is going offline for a while

7. Remote users dial in to a network RADIUS server. True or False?

34384_CPEG_02 2/15/2005 9:45:28 Page 163



KERBEROS


Kerberos is a private key encryption service that requires clients to verify their credentials foreach service they request from a server. Kerberos also encrypts information exchangedbetween client and server.

WHAT YOU REALLY NEED TO KNOW◆ Kerberos is a cross-platform authentication protocol that uses key encryption to

verify the identity of clients to servers (and vice versa) and to provide secure infor-mation exchange after a client logs on to a system.

◆ Kerberos is an example of private key encryption, a type of key encryption inwhich the sender and receiver have private keys that only they know.

◆ Kerberos provides significant security advantages over simple NOS authentication.During a typical client/server logon, the NOS assumes that the client is using arightfully assigned user name and only verifies the user’s name against the pass-word in the NOS database. By contrast, Kerberos does not automatically trust theclient. Instead, it requires the client to prove its identity through a third party. Inaddition, it requires the server to provide its identity to the client.

◆ In addition to checking the validity of clients and servers, Kerberos communicationsare encrypted and unlikely to be deciphered by any device on the network otherthan the client.

◆ In Kerberos terminology, the server that issues keys to clients during initial clientauthentication is known as the KDC (Key Distribution Center). To authenticate aclient, the KDC runs an AS (authentication service). An AS issues a ticket, which is atemporary set of credentials that a client uses to prove that its identity has beenvalidated (note that a ticket is not the same as a key, which is used to initially vali-date its identity). A Kerberos client, or user, is known as a principal.

◆ Kerberos, which is named after the three-headed dog in Greek mythology whoguarded the gates of Hades, was designed at MIT (Massachusetts Institute ofTechnology). MIT still provides free copies of the Kerberos code. In addition, manysoftware vendors have developed their own versions of Kerberos.


Kerberos may be found on large private networks on which security is a prime concern. Forexample, a government agency may use Kerberos to ensure that users accessing its researchdatabases are authorized to view the information.

34384_CPEG_02 2/15/2005 9:45:28 Page 164

O B J E C T I V E S



1. What type of cryptography does Kerberos use?a. private keyb. public keyc. pretty good privacyd. PHP

2. With which of the following NOSs could Kerberos be used? (Choose all that apply.)a. NetWareb. Windowsc. UNIXd. MS-DOS

3. What does Kerberos use to verify the validity of a client?a. L2TPb. IPSecc. SSLd. tickets

4. With what type of client software could Kerberos be used? (Choose all that apply.)a. Novell NetWareb. Novell Client 32c. Microsoft Windows 98d. Apple Macintosh

5. Which of the following environments is most likely to use Kerberos?a. an online retailerb. a local animal shelter with six permanent employees and 18 volunteersc. a research university with 30,000 students and 2300 facultyd. a home network

6. What characteristic do all key encryption schemes share?a. The more steps required to encrypt data using the key, the easier the key is to discover.b. The longer the key, the more difficult the encryption will be to crack.c. The more routers a key-encrypted packet must traverse, the more difficult the encryption will

be to crack.d. The shorter the key, the more difficult the encryption will be to crack.

7. At which layer of the OSI Model does Kerberos primarily operate?a. Physicalb. Data Linkc. Transportd. Presentation

34384_CPEG_02 2/15/2005 9:45:28 Page 165



EAP (EXTENSIBLE AUTHENTICATION PROTOCOL)

UNDERSTANDING THE OBJECTIVEEAP (Extensible Authentication Protocol) is a general standard that provides support tomultiple PPP authentication mechanisms, but is not itself an authentication protocol.

WHAT YOU REALLY NEED TO KNOW◆ EAP is a mechanism that defines message exchange between a client, an authenti-

cator, and an authentication server. It is used as a base technology to allowauthentication of both wire-bound and wireless network client devices. EAP adds agreat deal of flexibility to network authentication communication.

◆ EAP enhances PPP’s authentication mechanism by providing a general frameworkfor accepting multiple authentication methods. It smoothes the authentication pro-cess regardless of the method being used. EAP does not select a specific authenti-cation mechanism when a remote communication link is established. Rather, itwaits until the authentication phase of the hook-up to allow the network authen-ticator to determine the authentication method. This allows for the use of a back-end authentication server if one is present on the network.

◆ When EAP is used with a dial-in PPP remote connection, the network remote accessserver (authenticator) supporting EAP doesn’t require detailed knowledge of theauthentication system. Instead, the authenticator may step aside as an intermediateplayer, package the EAP packets, and send them to the network’s authenticationserver (RADIUS), which then handles authentication, authorization, and accounting.

◆ The EAP protocol does not require the IP protocol to communicate with clientsbecause it operates at the Data Link Layer. Therefore, the EAP client does notrequire an IP address. This is helpful on networks that rely on DHCP to assign IPaddresses. Clients that are going through the network authentication process willnot be able to get an IP address from the DHCP server until the process iscomplete.

◆ The IEEE 802.1X standard, which is designed to enhance security on LANs, specifiesan authentication framework based on the EAP protocol. According to this stan-dard, the client is not allowed to transmit normal traffic until the authenticationprocess has been successfully completed.

◆ The use of EAP widens the authentication spectrum for the use of a range of newauthentication protocols, such as token cards, one-time passwords, smart cards, andbiometric techniques.

OBJECTIVES ON THE JOBFor any network that supports clients requiring remote connectivity, PPP with its EAPextension will play a major role in client authentication. Network administrators need toknow how the authentication protocols work to secure network communications.

34384_CPEG_02 2/15/2005 9:45:28 Page 166

O B J E C T I V E S



1. EAP is an extension of which protocol?a. CHAPb. PAPc. IPSecd. PPP

2. What is the role of EAP in remote network communications?a. EAP provides an encryption service.b. EAP provides a framework to support multiple authentication protocols.c. EAP functions as an authentication protocol.d. EAP has no role in remote network communications.

3. What does the acronym EAP stand for?a. Enabled Access Protocolb. Extensive Authority Protocolc. Establish Access Priorityd. Extensible Authentication Protocol

4. At which layer of the OSI Model does EAP function?a. Physical layerb. Data Link layerc. Network Layerd. Transport layer

5. Which IEEE standard specifies an authentication mechanism based on the EAP protocol?a. 802.1Xb. 802.11bc. 802.11gd. 802.11i

6. What mechanism does EAP define?a. data encryptionb. message exchangec. IP addressingd. network access

7. What is the significance of a remote client, who needs to authenticate, accessing a network thatuses a DHCP server to assign network IP addresses?

a. The remote client will never be able to connect to the network.b. The DHCP server will send an IP address to the client before the authentication process

begins.c. An IP address will be e-mailed to the client so that the client can be configured prior to

authentication.d. During the authentication process, the client will not require an IP address because communi-

cation is handled at the Data Link layer.

34384_CPEG_02 2/15/2005 9:45:29 Page 167


Documents

OBJECTIVES 2.1 Identify a MAC (Media Access Control