OCR of the Document

View the Document >>

Naval Information Operations Center, Maryland, NIOC Maryland Advanced Computer Network Operations Course, April 2012. Top Secret//SI // Rel to USA, AUS, CAN, GRB, NZL.

NIOC MARYLAND ADVANCED COMPUTER NETWORK OPERATIONS COURSE Coordinated by NAVIOCOM Maryland Center of Excellence for Non-Kinetic Options — Title - Content NA WOCOM Maryland TO USA US CAN GBR NZL Center 015 Excellence for Non-Kinetic Options SECRET REL TO USA AUS CAN GBR NZL WHY ARE WE TEACHING THIS 5 Pillars of IO - OPSEC - MILDEC - MISO - EW - CNO The next major conflict will start in cyberspace - Whether we recognize the signs is another matter - Recent conflicts have already shown the importance of CNO - Think China will make a move on Taiwan without bringing down their networks Russia Georgia communications As IW officers or IDC - we are expected to know and understand CNO and communicate with decision makers Recently announced plans from Command in Chief and Pentagon officials emphasize cyber space operations Basic 1810 IDC quals are a good foundation but CO XO want you to know more about CNO NAVIOCOM Maryland Center of Excellence for Non-Kinetic Options — SECRET REL TO USA AUS CAN GBR NZL 53 SECRET REL TO USA AUS CAN GBR NZL Course Overview Wednesday April Location 0PS2B 2B4118-1 11th Time 0730-0900 0900-1000 Topic Briefer LTU •M CTNl CTNl CNO Intro TAO Overview CTN2 Analysis CTN1 B CTNl 1000-1100 EAO 1100-1200 Lunch 1200-1300 lOD Scanning 1300-1400 DNT 1430-1500 TAO Brief Tour NAVIOCOM Maryland Center of Excellence for Non-Kinetic Options — SECRET REL TO USA AUS CAN GBR NZL 53 SECRET REL TO USA AUS CAN GBR NZL Course Overview Thursday April 12th Location 0PS2B 2B41183 Time Topic Briefer LTJG Z LTJG S 0800-0900 CND Intro Threat Brief CTN2 5 m CTN2 0900-1000 Red Team • U Brief LCDR s m 1000-1030 Blue Team Brief CTRl 1030-1100 JCMA Brown CTR1 S Brief ÇT7V2 1100-1130 Hunt 1130-1300 Lunch Brief CTN2 WAWOmM 1400-1530 Maryland Tutelage Dn'ef Center of Excellence GBR NZL • U S H ions — SECRET REL TO USA AUS CAN GBR NZL Course Overview Friday April 13 th Location OPS2B 2B4118-3 Time Briefer Topic 0800-0900 POD 0900-1000 OCO CTN2Ì ¿ T H M V 1000-1100 Legal Authorities 1100-1200 Lunch 1200-1400 PKC PKI Asymmetric 1400-1430 Debrief Discussion NAVIOCOM Maryland Encryption LT LT I Center of Excellence for Non-Kinetic Options — SECRET REL TO USA AUS CAN GBR NZL 53 USCYBERCOM LOO's CND CNA CNE Class I •Automated r r i Class II I •Interactive Human-enabled -Proximal Access -Physical Interdiction •Multi-Staged FLTCYBERCOM C1 OF U S FLEET CYBER COMMAND U S TENTH FLEET DoD Global Information Grid Operations D DGO operations consist of aspects of NetOps directing operation ofthe GIG I I I ' Goal support efforts to build configure secure operate maintain and sustain DoD networks Desired end-state enable pillars of Information Assurance Achieved via Proactive Network Operations PNO I I 1 1 DISA operates the GIG but USCYBERCQM ensures operation and availability Pillars of Information Assurance Confidentiality Responsible Organizations USCYBERCQM r Integrity IAD MTOC JWICS DIA navy mi Availability Non-Repudiation Authentication Navy Cyber Defense Operations Command CTF 1020 NAVNETWARCOM CIP 1010 FLTCYBERCOM C10F U S FLEET CYBER COMMAND U S TENTH FLEET Defensive Cyberspace Operations Direct and synchronize actions to detect analyze counter and mitigate cyber threats and vulnerabilities Protect critical missions enable freedom of action in cyberspace Flexible response incorporating Title 10 and Title 50 authorities to defend the GIG Responsible Organizations USCYBERCOM mil NCDOC navy mil DHS NTOC usesSIGINT HAWKEYE EINSTEIN •gov - FLTCYBERCOM C10F U S FLEET CYBER COMMAND U S TENTH FLEET Offensive Cyberspace Operatio Enabling and attack effects in cyberspace Support national and CCDRs' objectives via cyber actions Remote Operations Center civilians and military personnel Enables active defense against cyber actors adversaries ROC Relationships Remote Operations Center USCYBERCOM tasks Navy's Role Force Provider NSA CSS controls FLTCYBERCOM C10F U S FLEET CYBER COMMAND U S TENTH FLEET 10 Department NIOC Maryland Computer Network Operations mission infrastructure TECH NOLOGIES — NAVIOCOM Maryland Center of Excellence for Non-Kinetic Options — 11 TAO Overview - Mission Aligned Cells MAC Manning Placement Department Operations - Summary - Examples Russia Lebanon - Joint Cyber Attack Team - NCAT Vision - Afloat CNO Discussion Topics _ Directorate ilTD ™ TAO Organization Requiremen ts Targeting Manage ops requirements Perform target development Remote Operations Center Conduct On-net ops exploit collect geolocate Data Network Technologie Develop operational concepts and software implants to exploit computer networks Telecommuni cations Network Technologies Access Technologie s Operations Mission Infrastructu re Technologie Develop operational concepts and software implants to exploit phone switches Develop network warfare Conduct physical access off-net operations Conduct expeditionary CNO Develop Design development and delivery of the end-to end infrastructure that supports GENIE Network shaping f rm far upcl ctLtUf lb mpjantf-to açc çi pj ' or corn i f n yyofks A FVEY Jg Jg _ B Directorate LTD Mission Aligned Cells M Concept • TAO recently completed a major effort to align resources from R T ROC DNT and MIT into mission focused teams • Mission Aligned Cells - • Teams composed of operators analysts and developers working together to focus on a specific target set Allows TAO to efficiently resources on high-priority projects and targets Current MAC's • China North Korea NSAW NSAH • Iran NSAW NSAG • Russia NSAW NSAH • Cyber Counterintelligence CCI NSAW NSAG NSAT NSAH • Counterterrorism CT NSAW NSAG • Target Service Provider TSP NSAW NSAT • Regional Targets RT NSAW NSAT TOP SECRET SI REL TO USAr AUS CAN GBR NZL Directora J ¡Jt' „ iMtiÍMw innrminH OittctotUt TAO- Front Leadership Positions Requirements Remote Data Network Targeting Operations Technologies Center Telecommunications Network Technologies Access Mission Technologies Infrastructure Operations Technologies r d m l M • Deputy Chief TAO CAPT M S32 Staff 2 2 0 Billet Description BA COB Deployed • TAO Cyber Operations Integrated Lead COIL • Principle advisor to TAO leadership for operational cyber issues NZL Leadership Positions LCDR Requirements Remote Data Network Targeting Operations Technologies Center Telecommunications Access Mis sion Network Technologies Infrastructure Technologies Operations Technologies S327 R T Influence 8 6 0 Endpoint Exploitation 57 35 0 Billet Description BA COB Depioyed D Chief CT Afghanistan LCDR In training - slated for Hard Targets Division DPRK Branch LTl CNO Coordinator - China DPRK Branch _ fimfiumntjM«« Ä Directorate ITD Remote Operations Center S Leadership Positions C A P T H Deputy Chief ROC LCDR Remoe t Operations Center Data Network Technologies Telecomnunication« Network Technologies • D-Chief STO Chief Iran MAC IMAC' S321 ROC Influence 9 9 0 Lead 3 3 0 Interactive Operator 49 26 0 Production Operator 25 14 0 Billet Description BA COB Deployed CTNCS • ROC SER LCDR • Chief Cyber Operations Branch L T J G B • Tech Lead Cyber Operations Branch Leadership Positions LT TAO ements « I etilici Remote Data Network Operations Technologies Center LTl Telecommunications Network Technologies S323 Development Officer 2 2 0 Development Enlisted 16 6 0 Billet Description BA COB Deployed Chief Cyber Technologies Branch Chief Engineering Services Division Leadership Positions L T M Requirements Remote Data Network Targeting Operations Technologies Telecommunications Access Technologies Center Operations S328 ATO Officer 4 4 0 ATO Enlisted 23 15 1 Billet Description BA COB Deployed LT Chief Operations Branch D-Chief EAO S325 - Mission Infrastructure Technologies Infrastructure Enlisted 7 1 0 S352 - Global Access Operations Global Access Officer 0 1 0 Global Access Enlisted 1 1 1 10 Dept Summary Officers • 28 BA 26 COB 93% Enlisted 2 9 CS P-coded officer billets filled need M S Computer Science personnel • 182 BA 101 COB 55% Billet Description BA COB Deployed mM» I firtClOfJlt _ Directorate ITD Operations Sumr Weekly Interactive operations CNE All CIV NAVY AF ARMY USMC USCG ALL Operators 208 100 00% 70 33 65% 25 00% 52 44 21 15% 29 13 94% 11 5 29% 2 0 96% Ops Conducted 2588 100 00% 1059 40 92% 674 26 04% 343 13 25% 376 14 53% 108 4 17% 28 1 08% NAVY NIOC-M NIOC-T NIOC-G NIOC-H NAVY Operators 52 100 00% 53 85% 28 10 19 23% 8 15 38% 6 11 54% Ops Conducted 674 100 00% 43 32% 292 133 19 73% 107 15 88% 142 21 07% TOP SECRET SI REL Target Sets - R T Analysts China Russia Iran Afghanistan Pakistan India Iraq Counterterrorism Cyber Counterintelligence CCI Supporting Roles ROC Senior Watch Officers Development TO USA r AUS CAN GBR NZL 1 nAm - MAC Mission Aligned Cell - puts analysts and operators together to increase target familiarity and efficiency of operations • Joint military and civilian entity Z IrtMtHJMuFhKArtdMUJ' _ Directo Target Example Current TAO Targets - Political leadership to include Ministry of Interior Parliament Members and Presidential Palace - Military • Former Commander of Force Common Border • Col IT Directorate • Gen Medical Commanc • • G e n a f f i l i a t i o n unknown Col Instructor Army Staff and Command College • Lt Defense Ministry Recent Reporting - Armed Forces Reviewed Personnel Issues Regarding Retirement Communications and Health Care SECRET COMINT REL TO USA AUS CAN GBR NZL I I l l U l IliciLI FLEET FOCUS JOINT FOCUS Framework and support for Navy requirements Provides structure develop holistic Navy support to joint priorities A Structure Navy Support five 5 Combined Task Elements capability Fl - CTE 1060 1 1 1 L CTE Manning r supports manning requirements levied on Navy to Unix and Windows Operators Exploiter Qualified Minimum Requirement Router and Firewall Operators M a y shift between C T E ' s depending on operator specialty and m i s s i o n requirement CTE 1060 1 1 2 - CTE 1060 1 1 3 CTE 1060 1 1 4 CTE Mission Commander v 1 CTE 1060 1 1 5 1 CND-RA 1020 6 1 N Mission Alignment NCAT Service-led JC AT JCAT Support ServiceCNE Support JCAT Concept of Operations • Assembled for Title 10 execution support • Mission Commanders and Operators provide fulltime support to CNE operations outside of JCAT Current Navy • Mission • Participation Commanders LTJG Qualification based on JQS administered by the Cyber Operations Branch Five 5 additional 1 Mission • 2 CNA • TASKORD • 3 Mission • ID ri IA training Working to certify all qualified Interactive Operators for JCAT Requires Training LOAC ROE Briefing Commander Operators 11-0335 Commanders D n n n f n r c TOP SECRET SI REL in Operators Requirements • CAUI Support • officers TO USA r AUS CAN GBR NZL and Tool MfWYHIUM »CIMMeftK Oa t tor Jilt Information Technology »float TD ranons AUTEC testing with USS Annapolis 18 NOV 2011 Interactive Operations - Connection via NEPTUNETHUNDER BLINDOA TE HA PP YHO UR - Successful exploits at 4 6 and 8 NM with 4 watt Access Point AP - Predict max connection distance to standard 100 mwAP to be 4 NM • Man On the Side Operations - Inject using BLINDDA TE NITES TA ND - Successful inject at 4 NM to 100 mw client computer Directorate ITD CYPHER TEXT ACTIVÉ SEGMENT WIRELESS ADAPTOR GIV NETMASK YLAB ENCRYPTED NETWCffiK UNENCRYPTED NETWORK REGËIVÈONLr TRANSMIT AND RECEIVE NOCE sdcnil TITLE NAVV B L I N D I A T E SYSTEM TOP SECRET SI REL TO USA r AUS CAN GBR NZL Questions NAVIOCOM Maryland TOP SECRET SI REL Center of Excellence for Non-Kinetic Options — TO USA AUS CAN GBR NZL 28 SECRET REL TO USA AUS CAN GBR NZL Network Operations - Overview Overall classification of this brief is Derived From NSA CSSM 1 52 Derived F r o A J DeclassifP td2ê99ëQê$ B SECRET REL TO USA AUS CAN GBR NZL 1 r a 1 « SECRET REL TO USA AUS CAN GBR NZL Networking Fundamentals Describe the following network - Proxy Server • - A server dedicated to the hosting and sharing of files Perimeter Network • - A layer 3 device used to route traffic between networks File Server • - An intermediary computer that completes application network requests on behalf of a host Router • - component terms The network segment located between LAN and Internet used to place Internet facing services like Web and Mail Servers Internet • The aggregate of publicly connected networks implementing the IP addresses NAVIOCOM Maryland Center of Excellence for Non-Kinetic Options — SECRET REL TO USA AUS CAN GBR NZL 53 SECRET REL TO USA AUS CAN GBR NZL Networking Fundamentals Describe the following network - Intranet • - Network traffic analyzer that uses patterns to detect malicious activity TAC ACS Terminal Access Controller Access Control System • - A mechanism to filter network traffic using rules based on attributes like source destination packet type port and session status IDS Intrusion Detection System • - A private network not normally accessible through the internet Firewall • - component terms Provides authentication authorization and accounting control to network devices via central server RADIUS Remote Authentication Dial In User Service • Authentication protocol for remote users to access network resources via network access methods like Dial-in VPN DSL and WAP NAVIOCOM Maryland Center of Excellence for Non-Kinetic Options — SECRET REL TO USA AUS CAN GBR NZL 53 SECRET REL TO USA AUS CAN GBR NZL Networking Fundamentals Define the following cross domain solutions - High Assurance • - Interoperability Connection of Secret Security Domain to Security Domains of lesser levels TSABI Top Secret and Below • - Connects networks operating within different security domains Filters traffic like a firewall but operates on all levels of the TCP IP stack SABI Secret and Below • - Guards classification Interoperability Connection of Top Secret Security Domain to domains of lesser classification levels Bastion Host • A host on an internal network that is also publicly exposed to the Internet or another public network Usually used for service hosting web email etc or as part of a firewall solution NAVIOCOM Maryland Center of Excellence for Non-Kinetic Options — SECRET REL TO USA AUS CAN GBR NZL 53 SECRET REL TO USA AUS CAN GBR NZL Networking Fundamentals Describe the location of the following components in a simple networked environment a Proxy Server DM2 Segment b Router c Firewall d Workstation e DMZ f Switch NAVIOCOM Maryland Center of Excellence for Non-Kinetic Options — SECRET REL TO USA AUS CAN GBR NZL 53 SECRET REL TO USA AUS CAN GBR NZL Wireless Networking Define wireless networking to include the following aspects - Wireless Access Point • Wired to Wireless bridging 802 11 Protocols • The set of layer 1 2 protocols defining the RF physical layer and media access control STANDARD Frequency Range Modulation Method Bit Rate - 802 11a 5 0 GHz OFDM 54 Mbps - 802 11b 2 4 GHz DSSS 11 Mbps - 802 11g 2 4 GHz OFDM 54 Mbps - 802 Un 2 4 or 5 GHz SDM 600 Mbps Other wireless technologies in the 2 4 GHz range include Bluetooth 802 15 cordless phones microwaves baby monitors etc MAC Filtering • Only defined hardware addresses can connect to network NAVIOCOM Maryland Center of Excellence for Non-Kinetic Options — SECRET REL TO USA AUS CAN GBR NZL 53 SECRET REL TO USA AUS CAN GBR NZL Networking Fundamentals Define the following application protocols services and identify their port numbers - Telnet TCP 23 - NTP Network Time Protocol - NetBEUI NetBIOS Extended User Interface Non routable transport protocol used in preWinXP LAN's - Net BIOS Network Basic Input Output System - FTP File Transfer Protocol - POP3 Post Office Protocol 3 TCP 110 - RPC Remote Procedure Call - • SUN UNIX • WIN TCP UDP 135 TCP UDP123 TCP UDP 139 TCP 21 TCP 111 32771 HTTP Hypertext Transfer Protocol NAVIOCOM Maryland TCP 80 Center of Excellence for Non-Kinetic Options — SECRET REL TO USA AUS CAN GBR NZL 53 SECRET REL TO USA AUS CAN GBR NZL Networking Fundamentals Define the following application protocols services and identify their port numbers continued - SMTP Simple Mail Transfer Protocol TCP 25 - DNS Domain Name System - SNMP Simple Network Management Protocol - SSL Secure Socket Layer Presentation Layer protocol for use by applications to secure communications - SSH Secure Shell TCP 22 - TFTP Trivial FTP UDP 69 - HTTPS HTTP Secure - FTPS - DHCP Dynamic Host Configuration Protocol TCP UDP 53 UDP161 TCP 443 NAVIOCOM Maryland UDP 67 Center of Excellence for Non-Kinetic Options — SECRET REL TO USA AUS CAN GBR NZL 53 SECRET REL TO USA AUS CAN GBR NZL Network Layer Protocols Define the following network layer protocols to include their relationship to TCP IP - IP • - TCP • - communication Layer 2 Link used for Mapping IP addresses to MAC Addresses RARP • - Layer 4 Transport used for application ARP • - Layer 4 Transport used for application session and reliable delivery UDP • - Layer 3 Network used for network addressing and routing Layer 2 Link used for Mapping MAC addressees to IP Addresses ICMP • Layer 3 Network used for Network NAVIOCOM Maryland Diagnostics Center of Excellence for Non-Kinetic Options — SECRET REL TO USA AUS CAN GBR NZL 53 SECRET REL TO USA AUS CAN GBR NZL OSI Model List and describe the 7 layers of the OSI Model Laver H»me í-aver N Application laygr 7 Function EKamplea telnet UEer kittrfacs HTTP JPEG ASCIF7 Layer fi Eni r nMf n ind QLhnr ProçosKinq rj Frvcapsutetion TCP Headtr •AU 1 1 IP Harter Chrtü LLC Header Cabling MAÇ Header Data FC5 M nm-yns ML±IEIpl-I Layer 4 Prr YÍd Rel bl D ÖP0 Un re lo ÍLII ivijiv iiiij 1 i r LI r Gfltr I 1 • • 11 Lay f 3 7 Providea Logicai AddresEinn UàQtì by P II-III - Layer 2 Daca FCS Phyakal OS fi-i r-iMÌi Fli i-L Laynr 5 A ipi-iicalInhi Arcgsi E ncpoinii yvi r A'Jdrtiifi L T Ö I D u C ü C J Í ü ' 1 1 A Da-Encapsulation TCP UHI1 IF I P X C c i r f c t U O I I Layer 1 Sputili™ Vohior WJf u 5 iwd rtfid Pih-O'jt Cal iei tlMIQlffl 1U1 u r¿f HDLC ElA Ttf 33 V 35 IIHIQIDmiO NAVIOCOM Maryland Center of Excellence for Non-Kinetic Options — SECRET REL TO USA AUS CAN GBR NZL 53 SECRET REL TO USA AUS CAN GBR NZL TCP IP Model List and describe the 4 layers of the TCP IP Model to include how they relate to the OSI Model TCP IP - The TCP IP model combines the Session and Presentation layers with the Application layer It is assumed if a program has need of layer 5 or 6 functionality then the program will have to provide it NAVIOCOM Maryland OSI Application Layer APPLICATIONS Presen tat ton Layer Session Layer Transport Layar TCP and UDP Transport Layer 4 Network Layer IP Network Layer 3 Data Link Layer Data Link Layer 2 Physical Layer Physical Layer Center of Excellence for Non-Kinetic Options — SECRET REL TO USA AUS CAN GBR NZL 53 SECRET REL TO USA AUS CAN GBR NZL TCP 3- Way Handshake • Define and illustrate the TCP 3-Way Handshake - The 3-Way handshake is the method that all TCP sessions use to initialize connections and session parameters It follows the sequence SYN SYN-ACK ACK Application data can begin sending with the final ACK packet Computer A sends 5 synchronize message to B conteirHFiçi a ¿é-quHEKtì ilurïibËT ' Computer E acknowledges that it received Ihii by incremHniiny ihi segi rKe n u m b e r called an ACK i It also Computer A receives the £ck ¡t expects and i h e connection is n o w esta ishBd sends its o w n seqLmntBj sck 1D1 svn 3D0 All cbairnun I cation win nnw send incremented syns arid ackf to ensure a Good -connection NAVIOCOM Maryland Center of Excellence for Non-Kinetic Options — SECRET REL TO USA AUS CAN GBR NZL 53 SECRET REL TO USA AUS CAN GBR NZL TCP Flags Define and briefly describe the use of the following TCP flags - SYN Used to initialize the TCP by setting the packet sequence number - ACK Used to acknowledge receipt of all package sequences up the number indicated - PSH Indicates that that all data already received should be given to the application as soon as possible Flushes the buffer - URG Urgent Data Commonly used for interrupts - FIN Indicates there is no more data to send from that end of the connection closes after both ends acknowledge FINs - RST Immediate termination of connection service NAVIOCOM Maryland Commonly used to indicate Session unavailable Center of Excellence for Non-Kinetic Options — SECRET REL TO USA AUS CAN GBR NZL 53 SECRET REL TO USA AUS CAN GBR NZL Protocol Headers Define and describe the structure of the following protocol headers IP o Î1 15 16 4-tlt verston 1-bit huiler ledili 16-bi t • Hiit type of service TOS utenti 8-bit time lu Live TTL 6-bil iniaL length in bytee fitiLtinn 13-bit irajjjnent oJfjçt II - fi-bit prtMutul 2J0byies 1-6'bit bea Jer checksum 1 32-bdt soufte PaddtfK 32-bit destination TP add ws i data NAVIOCOM Maryland Center of Excellence for Non-Kinetic Options — SECRET REL TO USA AUS CAN GBR NZL 53 SECRET REL TO USA AUS CAN GBR NZL Protocol Headers Define and describe the structure of the foliowing protocol headers - TCP 31 15 1ÎS 16-bit source- port number lfr-bit döstiriEitinn pttrt number 32'frit st uenec number 32-bft ckno«kilglcfiöi1 number hndtf k nj h re screed 6 bits U A i1 R S K S 5 Y GK H T N 1-6-bil TCP chocteum 1 6-bit window sâae Ifrblt iirponi fioinlor options if Any I ¿Obvie 1 NAVIOCOM Maryland Center of Excellence for Non-Kinetic Options — SECRET REL TO USA AUS CAN GBR NZL 53 SECRET REL TO USA AUS CAN GBR NZL Protocol Headers • Define and describe the structure of the following protocol headers - UDP 0 15 16 31 U r b i l source port number 16-bil destination port number bytes Ifr-bilLOP length 2 l-6-b-Lb JDP ctottkiurtl d m if iiny NAVIOCOM Maryland 1 1 Center of Excellence for Non-Kinetic Options — SECRET REL TO USA AUS CAN GBR NZL 53 SECRET REL TO USA AUS CAN GBR NZL MAC Addressing • Discuss the following as it pertains to MAC Addressing - LENGTH OF MAC ADDRESS IN BITS 48 - DISPLA Y OF MAC ADDRESS Hexadecimal - LOCATION OF MAC ADDRESS First 48 bits in - MANUFACTURER - HOST SPECIFIC BITS Last 3 Octets Format 00 8e f0 59 31 ae message SPECIFIC BITS First 3 Octets OLII r i s i octet 1011111 1 — 2nd oc let 01110101 •ir I OC l i I iiooin 4 ih octet Jil octet 6th oitel 01011111 Q1Ö03101 0111101ft r l tyrnip lnclirirtinl hJ y n global local bit NAVIOCOM Maryland Center of Excellence for Non-Kinetic Options — SECRET REL TO USA AUS CAN GBR NZL 53 SECRET REL TO USA AUS CAN GBR NZL ARP Discuss the following as it pertains to ARP - ADDRESS RESOLUTION ARP Address Resolution Protocol facilitates the mapping between hardware addresses MAC Address and logical network addresses IP Addresses This mapping can be stored in a file or can determined through ARP broadcast requests on a local network NAVIOCOM Maryland Center of Excellence for Non-Kinetic Options — SECRET REL TO USA AUS CAN GBR NZL 53 ICMP Discuss the following as it pertains to ICMP - ICMP is a protocol that defines a collection of message types commonly used for network diagnostics • Layer of the OSI model ICMP usually consists of Layer 3 Network transported by IP • Ping Message Type 8 request and 0 reply Used to determine if a device is active on the network • Traceroute Uses a combination of the IP time-to-live TTL field and the ICMP messages 11 time exceeded and 3 3 port unreachable to determine the route a packet takes through the network NAVIOCOM Maryland messages Center of Excellence for Non-Kinetic Options — SECRET REL TO USA AUS CAN GBR NZL 47 SECRET REL TO USA AUS CAN GBR NZL Routing Table Discuss the routing table as it pertains to the router - The Routing Table Stores what networks are reachable through each interface along with metadata about that route 10 2 0 0 10 1 0 0 E0 so — Z SO B S1 10 3 0 0 - z so — 10 4 0 0 c W EO Routing Tabfe Routing Table Routing Table 10 1 0 0 EO 0 10 2 0 0 SO 0 10 3 0 0 SO 0 10 2 0 0 SO 0 10 3 0 0 S1 0 10 4 0 0 EO 0 10 3 0 0 SO 1 10 4 0 0 S1 1 10 2 0 0 SO 1 10 4 0 0 SO 2 10 1 0 0 SO 1 10 1 0 0 so 2 NAVIOCOM Maryland Center of Excellence for Non-Kinetic Options — SECRET REL TO USA AUS CAN GBR NZL 53 SECRET REL TO USA AUS CAN GBR NZL IP Addressing Discuss the following as it pertains to ranges of IP addressing Classful networks were the original method of distributing address groups to organizations Class A First 8 bits for Network ID and the last 24 bits for Host ID 126 Networks 16 277 214 Hosts net Class B First 16 bits for Network ID and the last 16 bits for Host ID 16 384 Networks 65 534 Hosts net Class C First 24 bits for Network ID and the last 8 bits for the Host ID 2 097 152 Networks 254 Hosts net NAVIOCOM Maryland Center of Excellence for Non-Kinetic Options — SECRET REL TO USA AUS CAN GBR NZL 53 SECRET REL TO USA AUS CAN GBR NZL TCP IP Discuss the following as it pertains to TCP IP - Number of bits in an IP address - Number of octets contained in an IP address 0 0 16 1 22 2 i Homo 2-3 Slil M i 2 to 4 „L _L_ hJfrtworfc II 1 0 32 Mtmorl ID bill 3 is U -4 Ctasi A Address Hail lb Itthil Ntfwwtf IP d kt 241 IS bit WjriOUSl GlO jp VlilfHI 2fl bil BqMrllWftd ¿ddrttt ID IbHs 5 lo SECRET REL TO USA AUS CAN GBR Cb B Add CFCJSJ C Address Cln5i D A d d r i CEqes E A d d r e s s NZL SECRET REL TO USA AUS CAN GBR NZL Networking Fundamentals Discuss the following as it pertains to the following protocols - TCP - UDP NAVIOCOM Maryland Center of Excellence for Non-Kinetic Options — SECRET REL TO USA AUS CAN GBR NZL 53 SECRET REL TO USA AUS CAN GBR NZL IP Subnets • Discuss the following as it pertains to IP Subnets - Number of bits used in a subnet mask How the subnet mask identifies the network portion of the of the IP address Borrowing bits from the host portion of the address Benefits of subnetting a o 3 2QO E3 0 10 0 0 0 0 0 1 255 2A I 6 255 9-d 0 0 00 0 0 m0 255 32 Clow ZOO HW1 ¡D B bifi Ci 0 Ö 0 0 O 0 o o 255 255 NAVIOCOM Maryland 255 tzä O Subii tri 3b bil 6 H o a l I » Hill I ijutmol 2h4 Hodi E000 10 0 0 00 0 0 1 1 00 0 0 0 0 E11 0 0 J O - Q O O - O O O j C I l i l l h n n-l l b E C t 7 H n i l i n Rili 1 r Uwwrtv HfriflR L o c h Center of Excellence for Non-Kinetic Options — SECRET REL TO USA AUS CAN GBR NZL 53 SECRET REL TO USA AUS CAN GBR NZL TELNET Discuss the following as it pertains to TELNET - Use Create a Network Virtual Terminal session on - Type of connection - Default port number TELNET uses TCP as the 23 NAVIOCOM Maryland Center of Excellence for Non-Kinetic Options — SECRET REL TO USA AUS CAN GBR NZL 53 SECRET REL TO USA AUS CAN GBR NZL References 1 Authorized Self-Study Guide Interconnecting Cisco Network Devices Part 2 ICND2 CCNA Exam 640-802 and ICND Exam 640-816 by Steve McQuerry Publisher Cisco Press Pub Date February 13 2008 Print ISBN-10 1-58705-463-9 2 Cisco Networking Simplified Second Edition by Publisher Cisco Press Pub Date December 18 2007 Print ISBN-10 1-58720-199-2 3 TCP IP Guide 1st Edition by Publisher No Starch Press Pub Date October 4 2005 Print ISBN-13 978-1-593-27047-6 4 TCP IP Illustrated Volume 1 The Protocols by Publisher Addison-Wesley Professional Pub Date December 31 1993 Print ISBN-10 0-201-63346-9 5 Buildir by y Publisher O'Reilly Media Inc Pub Date 2000 06 26 6 Intelipedia Articles 7 NSA Wiki Articles NAVIOCOM Maryland Center of Excellence for Non-Kinetic Options — SECRET REL TO USA AUS CAN GBR NZL 53 SECRET REL TO USA AUS CAN GBR NZL Questions Questions NAVIOCOM Maryland Center of Excellence for Non-Kinetic Options — SECRET REL TO USA AUS CAN GBR NZL 53